Each android application is a zip archive with .apk extension. You can open it with application like Winrar or 7zip. The official announcement for apk file type is application/vnd.android.package-archive. You can unzip apk file with this command:
unzip app.apk
Download and Installing APK from Play Store.
Get the APK path of installed app with this command:
adb shell pm path <Package Name>
Pull the APK file.
adb pull <APK PATH>
Example:
<aside> 💡 This process does not require root privilege.
</aside>
<aside> 💡 Package name in android apps is a unique name that use as an identifier for app.
</aside>
pm list packages # Print all installed packages
pm list packages -3 # Print third-party installed packages
pm list packages -s # Print systemize installed packages
This directory contains external resource like pictures, fonts, sounds, certificate file and etc. It’s a important directory during reverse engineering process. We always look at this directory. For example if you want to bypass certificate pinning, it’s good to look at here for finding certificate file.
Files in the assets directory are not compiled by Android and behave like a file system. You can access the files in assets from Java as well, but they are not indexed, which means they may be slower to access than resources.