AndroidManifest.xml

Contains essential information for app execution.

• Permissions

• Intents exposed

• Start classes

However, with an XML extension, it is encoded and compressed.

• Can be obtained with apktool, appt and many others.

Access to AndroidManifest.xml "is an issue" as it exposes public interfaces and data sources.

• Can be explored by simple observation/sniffing/injection and no further RE.

• But there is nothing to do about it. It's always available.

META/MANIFEST.MF

classes.dex

Contains all Dalvik bytecode.

• Reverse engineering from APKs is always easier.

  • A copy of the APK exists on the phone but is only accessible to root.

• It is possible to recover most Java code.

Includes both application code and some Java libraries.

• Some Android/google optional frameworks.

• Additional frameworks the developers required for development.

• May include unused frameworks.

• Doesn't include base framework classes.

Reversing DEX may follow two approaches.

• Convert to smali, more difficult to understand, but always possible.

• Convert to Java sources, easier to understand but not exact.