Static analysis · No execution
Deep static analysis for Android APKs
Upload an .apk and get a forensic-grade report: permissions, components, certificates, trackers, network indicators, and a 0–100 risk score. No execution. APK auto-deletes after 24 hours.
Drop your APK here
or click to browse — up to 100 MB
Permissions & components
Decodes AndroidManifest.xml, classifies dangerous permissions, and flags exported components.
Signing certificate
Parses the v1 signing block to extract subject, validity, and SHA-1 / SHA-256 fingerprints.
DEX string scan
Pulls URLs, IPs, tracker SDK class paths, dynamic-loading patterns, and obfuscation signals.
APKs are processed in-memory on the server. The binary is stored privately for up to 24 hours to allow re-analysis, then deleted. Reports are retained for 30 days under a per-browser session ID.