Reverse engineering Android applications is sometimes necessary when analyzing application behavior, debugging integrations, or reviewing implementation details during technical investigations.

During a recent internal analysis task, it became necessary to inspect how an Android application implements its Google payment flow. Since Android apps are distributed as compiled APK (Android Package) files, their internal logic is not directly visible.

To inspect the structure and logic of the application, Jadx was used. Jadx is a widely used open-source tool that converts Android bytecode into readable Java-like source code.

This article documents the full process of:

• Installing Jadx on Ubuntu

• Setting up the environment

• Decompiling an APK file

• Exploring the generated output

The goal is to provide a practical reference for developers or security researchers who need to analyze Android APK files.

Understanding APK Decompilation

An APK (Android Package) is the compiled and packaged format used to distribute Android applications.

During the Android build process:

• Java/Kotlin source code is compiled

• The compiled code is converted into DEX (Dalvik Executable) bytecode

• Resources and configuration files are bundled into a single APK file

Because the code is compiled, it cannot be read directly. Decompilation tools attempt to reconstruct the application into a readable format.

Decompilation allows inspection of:

• Application structure

• Configuration files

• Permissions

• Resource files

• Business logic in reconstructed Java code

This technique is commonly used in:

• Security analysis

• Debugging third-party integrations

• Application behavior inspection

• Educational research

Jadx Overview

Jadx is an open-source tool designed to convert Android DEX bytecode into Java-like source code.

Key features include:

• Decompilation of APK, DEX, and AAB files

• Graphical interface for browsing code

• Command line interface for automated extraction

• Source code navigation and search

• Resource and manifest inspection

Jadx provides two main components:

jadx
Command-line tool for extracting decompiled code.

jadx-gui
Graphical interface for exploring APK contents interactively.

Environment

The following environment was used in this guide:

• Ubuntu Linux

• OpenJDK

• Jadx

• Android APK file

All commands are executed in the Linux terminal.

Installing Jadx on Ubuntu

Before installing Jadx, Java must be installed because Jadx runs on the Java runtime environment.

Step 1 — Install Java

Update the package list and install OpenJDK:

Verify the installation:

The output should display the installed Java version.

Step 2 — Download Jadx

Download the latest Jadx release from GitHub:

Step 3 — Extract the Archive

If unzip is not available, install it first:

Extract the downloaded archive:

After extraction, a directory named jadx-1.5.5 will be created.

Step 4 — Move Jadx to a System Directory

For better organization, move the extracted folder to /opt:

Step 5 — Add Jadx to PATH

To run Jadx from anywhere in the terminal, add it to the system PATH.

Open the shell configuration file:

Add the following line:

Reload the configuration:

Step 6 — Fix Permission Issues (If Required)

If a permission error occurs while running Jadx, ensure the binaries are executable:

Step 7 — Verify Installation

Run the following command to confirm the installation:

If installed successfully, the Jadx version will be displayed.

Decompiling an APK File

After installation, APK files can be decompiled using either the graphical interface or the command line.

Method 1 — Using Jadx GUI

The graphical interface is the easiest way to explore application structure.

Run the following command:

This will open the Jadx interface, where the APK contents can be explored.

The GUI allows:

• Browsing the package hierarchy

• Viewing reconstructed Java source code

• Inspecting AndroidManifest.xml

• Searching across the project

• Exploring application resources

Method 2 — Using Command Line

If the goal is to extract the entire project structure into a folder, the CLI version can be used.

After execution, Jadx will generate an output directory containing the decompiled project.

Example structure:

Explanation:

sources/
Contains reconstructed Java source files.

resources/
Includes layouts, images, and configuration files.

AndroidManifest.xml
Defines permissions, activities, services, and application configuration.

Inspecting Decompiled Code

After decompilation, several files are useful for understanding the application behavior.

AndroidManifest.xml

This file contains important information such as:

• Application permissions

• Activity definitions

• Service configuration

• Application metadata

Source Code

The sources directory contains reconstructed Java code that represents the core application logic.

Resources

The resources directory includes:

• Layout files

• Image assets

• Configuration data

These files help understand the user interface and configuration of the application.

Common Issues and Fixes

Command Not Found

If the terminal shows:

Verify that the PATH includes the Jadx directory:

Ensure /opt/jadx/bin is present.

Permission Denied

If the following error appears:

Run:

Android APK decompilation is a useful technique for inspecting application behavior and internal implementation details.

Tools like Jadx simplify this process by converting Android bytecode into readable source code and providing a convenient interface for exploration.

With minimal setup, Jadx enables developers and researchers to quickly analyze APK files, inspect resources, and better understand how Android applications are structured.