Installing and retrieving your android application APK

Using Android Studio IDE, you can create two virtual devices.

Create the first virtual device using a system image labeled with Google APIs to access the Google Play services (this device will be used to download the app on the Android Play Store and to test the application on a non rooted device).

Create the second device using the Android Open Source Project (AOSP) system images that don't include Google apps or services. Then you can use the adb root and adb unroot commands to switch between normal and elevated privileges.

Install the Android application from the Android Play Store on the first virtual device like a regular user.

Use the following adb commands to find and dump the .apk from the non-rooted device.

$adb shell pm list packages | grep -i com.foo.bar
package:com.foo.bar
$adb shell pm dump com.foo.bar | grep path
overlay paths:
legacy overlay paths:
path: /data/app/~~DB-SGZPpvW28CMfE0rGncw==/com.foo.bar-eL-ex-Vr6hrA393b72g9Wg==/base.apk
$adb shell ls /data/app/~~DB-SGZPpvW28CMfE0rGncw==/com.foo.bar-eL-ex-Vr6hrA393b72g9Wg==/
app.metadata
base.apk
base.digests
base.dm
lib
split_config.arm64_v8a.apk
split_config.en.apk
split_config.xxhdpi.apk

As you can see the Android application has multiple .apk files. This is feature on Google Play that allows developers to publish different APKs for their application that are each targeted to different device configurations. For static analysis, the base.apk file is sufficient but in some cases you might require all the .apk files to install the app on another devices.

Dump all the .apk files from the device.

$adb pull /data/app/[RANDOM]/com.com.foo.bar-eL-ex-Vr6hrA393b72g9Wg==/base.apk
/data/app/[RANDOM]//com.com.foo.bar-eL-ex-Vr6hrA393b72g9Wg==/base.apk: 1 file pulled, 0 skipped. 271.7 MB/s (69286274 bytes in 0.243s)
$adb pull /data/app/[RANDOM]/com.foo.bar-eL-ex-Vr6hrA393b72g9Wg==/split_config.arm64_v8a.apk
/data/app/~~DB-SGZPpvW28CMfE0rGncw==/com.foo.bar-eL-ex-Vr6hrA393b72g9Wg==/split_config.arm64_v8a.apk: 1 file pulled, 0 skipped. 148.6 MB/s (22332564 bytes in 0.143s)
$adb pull /data/app/[RANDOM]//com.foo.bar-eL-ex-Vr6hrA393b72g9Wg==/split_config.en.apk
/data/app/[RANDOM]/com.foo.bar-eL-ex-Vr6hrA393b72g9Wg==/split_config.en.apk: 1 file pulled, 0 skipped. 58.1 MB/s (643481 bytes in 0.011s)
$adb pull /data/app/[RANDOM]/com.foo.bar-eL-ex-Vr6hrA393b72g9Wg==/split_config.xxhdpi.apk
/data/app/[RANDOM]/com.foo.bar-eL-ex-Vr6hrA393b72g9Wg==/split_config.xxhdpi.apk: 1 file pulled, 0 skipped. 60.1 MB/s (575114 bytes in 0.009s)
$ll
base.apk
split_config.arm64_v8a.apk
split_config.en.apk
split_config.xxhdpi.apk

Now that you have all the .apk files, launch the rooted virtual device and install the application.

$adb install-multiple *.apk
Success

PreviousAndroid Security NextProxy traffic on a rooted virtual android device using Burpsuite

Last updated 3 months ago