Apktool 2026: Android APK Reverse Engineering & Modding (24k+ Stars)

Name: Apktool
Availability: OnlineOnly

Apktool is a free, open-source reverse engineering tool that decodes Android APK resources to near-original form, disassembles DEX bytecode to smali, and rebuilds modified APKs. With over 24,100 GitHub stars, it is the most widely used tool for APK modification and repackaging.

Originally created by Brut.all in 2010 and maintained by iBotPeaches since 2012, Apktool occupies a unique position in the Android mobile security toolkit: while tools like Jadx decompile to readable Java, Apktool works at the resource and smali level. This makes it the go-to choice when you need to actually modify and repackage an APK — something no other mainstream tool can do.

GitHub: iBotPeaches/Apktool | Stars: 24k+ | Latest Release: v3.0.1 (February 2026) | License: Apache 2.0

The tool decodes Android resources (layouts, strings, drawables) back to near-original XML form and disassembles DEX bytecode into smali — a human-readable assembly language for the Dalvik virtual machine. After making changes, Apktool reassembles everything into a working APK that can be signed and installed. This decode-modify-rebuild cycle is Apktool’s core workflow and the primary reason security researchers, pentesters, and developers rely on it.

Feature	Details
Core function	Decode, modify, and rebuild Android APK files
Resource decoding	Binary XML to near-original readable XML (layouts, strings, styles, drawables)
Bytecode handling	DEX disassembly to smali, reassembly back to DEX
Resource compiler	aapt2 (v3.0+), replacing deprecated aapt1
API detection	Automatic baksmali API version detection (v3.0+)
Manifest handling	Full AndroidManifest.xml decoding with permissions, components, intent filters
Framework support	Install and manage device framework APKs for system app decoding
Platforms	Windows, macOS, Linux (pre-installed on Kali Linux)
Requirements	Java 8+ (JRE or JDK)
License	Apache 2.0 (fully open source, no restrictions)

Overview

Apktool reverse engineers APK files into their constituent parts. When you run apktool d app.apk, it extracts and decodes the AndroidManifest.xml, resource files, assets, and DEX bytecode into a project directory. Resources come out as readable XML rather than the binary format stored in the APK, and DEX files are disassembled into smali code.

The main difference between Apktool and decompilers like Jadx is the round-trip capability. After modifying decoded resources or smali code, apktool b reassembles everything into a valid APK. Jadx produces Java source for reading, not for rebuilding — making Apktool the only mainstream tool that supports full APK decode-modify-rebuild workflows.

Apktool v3.0.1 dropped in February 2026 with some notable changes. The project switched from aapt1 to aapt2 for resource handling, since aapt1 is now deprecated in AOSP. It also added automatic API version detection for baksmali, which fixes a common headache where mismatched API versions caused build failures.

Resource Decoding

Decodes binary XML resources (layouts, strings, styles) back to near-original readable XML format

Smali Disassembly

Converts DEX bytecode to smali — a human-readable assembly language for Dalvik VM

APK Rebuilding

Reassembles modified resources and smali code into a valid, installable APK file

Manifest Analysis

Decodes AndroidManifest.xml to reveal permissions, components, and intent filters

Framework Management

Handles Android framework resources for proper decoding of system-dependent apps

aapt2 Integration

Uses modern aapt2 tooling for accurate resource compilation in rebuilt APKs

Key Features

Resource Decoding

Resource decoding is where Apktool really shines. Android apps store resources in a compiled binary format (resources.arsc) that is not human-readable. Apktool reverses this compilation, producing XML files that closely match the original source.

This includes layouts, string tables, color definitions, dimension values, styles, and drawable references. Version 3.0 improved resource representation — color values now reflect their original format from the APK, hex integers use compact notation (0x20 instead of 0x00000020), and resource types are properly aligned with their correct XML element types.

For security researchers, decoded resources reveal hardcoded API keys, server URLs, debug flags, and configuration parameters that developers sometimes leave in production builds.

v3.0 Resource Improvements

Version 3.0 improved resource fidelity: color values now reflect their original format from the APK, hex integers use compact notation (0x20 instead of 0x00000020), and resource types align with their correct XML element types. If you are still on v2.x, the upgrade is worth it for resource accuracy alone.

Smali Disassembly and Reassembly

Smali is to Dalvik what assembly is to x86 — a low-level, human-readable representation of the bytecode. Apktool disassembles DEX files into .smali files that can be read and modified.

Smali is harder to read than the Java output from Jadx, but it has one major advantage: you can reassemble modified smali back into working DEX bytecode. That means you can patch specific behaviors without the original source. Disable certificate pinning, bypass root detection, strip license checks, inject logging into method calls — all doable through smali edits.

Apktool v3.0.1 changed DEX handling — by default, only main DEX classes are disassembled. Use the -a / --all-src flag to include all DEX files, which is useful for multidex apps that split code across multiple DEX files.

APK Modification and Repackaging

The complete workflow for modifying an APK with Apktool follows a predictable pattern:

Decode: apktool d target.apk -o decoded/
Modify resources or smali code in the decoded directory
Rebuild: apktool b decoded/ -o modified.apk
Sign: Use apksigner or jarsigner to sign the rebuilt APK
Install: adb install modified.apk

Pentesters modify apps to bypass client-side security controls. Malware analysts patch out anti-analysis techniques to dig deeper into how a sample works.

Framework Resource Handling

System apps and apps that depend on manufacturer-specific frameworks require the corresponding framework files to decode properly. Apktool manages these through a framework directory, allowing you to install framework APKs from the target device:

apktool if framework-res.apk

This ensures that resources referencing system themes, styles, and attributes decode correctly rather than producing placeholder values.

Use Cases

Security Research

I use Apktool primarily for Android security assessments where modification is needed. Decode an APK, patch out certificate pinning in smali, rebuild, and then intercept traffic with mitmproxy. Or disable root detection to run the app alongside Frida on a rooted test device.

Apktool reveals the full AndroidManifest.xml, showing exported components, intent filters, and permissions — information that tools like Drozer can then use for interactive exploitation of exposed attack surfaces.

Malware Analysis

Malware analysts decode suspicious APKs to examine their resources, permissions, and code structure. Decoded resources often reveal hidden configurations, C2 server addresses in string tables, and payload delivery mechanisms tucked into assets.

For deeper code analysis, researchers typically use Apktool alongside Jadx — Apktool for resource inspection and potential modification, Jadx for reading the Java logic.

App Localization and Accessibility

Beyond security, Apktool enables translation of apps that lack multi-language support. Decode the APK, add translated string resources, rebuild, and distribute. The Android modding community on XDA Developers has used Apktool for this purpose for over a decade.

Pricing

Apktool is completely free and open source under the Apache License 2.0. There are no paid tiers, commercial licenses, or usage restrictions.

Strengths & Limitations

Strengths:

Only mainstream tool that supports full decode-modify-rebuild cycle for APKs
Resource decoding accuracy is the best available for Android
Active development — v3.0.1 released February 2026 with modern aapt2 support
Pre-installed in Kali Linux and other security-focused distributions
Massive community with 24,100+ GitHub stars and extensive documentation
Cross-platform (Windows, macOS, Linux) with simple Java-based installation
Pairs naturally with every other Android security tool in a testing workflow
XDA Developers community with 300+ pages of discussion and troubleshooting

Limitations:

Smali is harder to read than Java — use Jadx for code comprehension
Cannot decompile native libraries (.so files) — use Ghidra for GUI-based decompilation or radare2 for CLI-based binary analysis
Rebuilt APKs require re-signing, which breaks Google Play integrity checks
Some heavily protected apps use custom packers that resist decoding
No GUI — command-line only (though third-party tools like APK Easy Tool wrap it)
Large APKs with many resources can be slow to decode and rebuild

Best for

Apktool is the right tool when you need to modify an Android APK — whether that means patching smali code to bypass security controls, editing resources, or analyzing the full AndroidManifest.xml. For reading Java code without modification, use Jadx instead.

Getting Started

Install Apktool — Download the latest release from apktool.org or install via your package manager. On macOS: brew install apktool. On Kali Linux, it comes pre-installed. Requires Java 8+.

Decode an APK — Run apktool d target.apk -o decoded/ to decode the APK into a project directory. Browse the decoded output — AndroidManifest.xml, res/ for resources, and smali/ for disassembled bytecode.

Modify and rebuild — Edit resources in res/ or patch smali code in smali/. Then run apktool b decoded/ -o modified.apk to rebuild the APK. Use the -f flag to force rebuild if you encounter caching issues.

Sign and install — Sign the rebuilt APK with apksigner sign --ks my-key.jks modified.apk (create a debug keystore if needed). Install with adb install modified.apk. Note that the app’s signature will differ from the original, which may trigger integrity checks.

Companion Tools

Apktool is a single-purpose tool that fits into a broader Android security workflow. These are the tools it pairs with most often:

Android Security Toolkit

Jadx

Frida

MobSF

Drozer

Ghidra

radare2

For a full Android security testing setup, combine Apktool with Jadx for Java code reading, Frida for runtime instrumentation, MobSF for automated scanning, and Drozer for interactive attack surface testing.

Frequently Asked Questions

What is Apktool?

Apktool is an open-source tool for reverse engineering Android APK files. It decodes resources (layouts, strings, images) to near-original form and disassembles DEX bytecode to smali. Unlike decompilers that produce Java code, Apktool works at a lower level, enabling modification and repackaging of APKs.

What is the difference between Apktool and Jadx?

Apktool and Jadx serve different purposes. Jadx decompiles DEX bytecode to readable Java source code for analysis. Apktool decodes resources and disassembles to smali bytecode, and critically, it can rebuild modified APKs. If you need to read Java code, use Jadx. If you need to modify and repackage an APK, use Apktool.

Can Apktool recompile modified APKs?

Yes, Apktool can rebuild APKs from decoded sources using the ‘apktool b’ command. After rebuilding, you need to sign the APK with a signing key before installing it. This decode-modify-rebuild cycle is Apktool’s primary workflow for APK patching and modding.

Is Apktool free to use?

Yes, Apktool is completely free and open source under the Apache License 2.0. You can use it for security research, app analysis, and development purposes without restrictions.

What changed in Apktool v3.0?

Apktool v3.0.1 (February 2026) was a major release. Key changes include switching from aapt1 to aapt2 for resource handling, dropping 32-bit OS support, automatic API version detection for baksmali, compact hex value representation, and single-character flag chaining (e.g., -vfo for -v -f -o).