I’m not gonna bore you with the usual “Android is an open-source OS developed by Google, bla bla bla.” Forget the boring details — let’s dive right into the essentials you’ll need if you want to break… I mean, secure Android apps. 😏Let’s start with the first thing.

Android OS

Basically, if you’re just a regular user, you probably know Android as “the operating system on phones that aren’t iPhones” — and it usually comes with a bunch of preinstalled Google services (except, of course, on Huawei). But that’s nothing special — even a kid could tell you that. If my son were two years old, he’d still be able to tell the difference.

Anyway, let’s move on. Here it is “basic” knowledge you need to know about Android

As you can see, we have many thing here, if you see direct to this image, I believe that you will give up because its too complex to newbie

But I will break it to easy understand (if you still miss-understading, I give up too :d)

In the image we can break it to 6 parts are

• System Apps: I will called it Applications because I think not only system apps but also other apps on the store, from some guys send you apk and you installed on your device too!

• Java API Framework: the soul of every application here

• Native C/C++ Framework: Too hard to understand here :d

• Android Runtime: You can skip it, when you search this keyword, I think you have knowledge to understand it

• Hardware Abstraction Layer (HAL): Skip it if you only reverse application too, you can care about it if you make a hardware, if not, imagine its like device driver on Windows

• Kernel: If a few years ago, I can recommend you ignore it but at the moment its very trendy because have many ways to hide root, bypass protection app on this layer

Now get started

Applications

Surely everyone knows that an application is something that is installed on the device and you can open it by clicking on the screen. However, have you ever been afraid to switch to a new operating system? What are you most concerned about when switching to a new operating system? Many of guys when I told them they were switching to MacOS from Windows, they all told me the following:

• I don't know how to use => means I don't know how to install the application

• I'm not sure if there are any apps I use often on the device

• …

All problems are not in the operating system (of course you can learn how to turn the device on and off) it is in the application. Based on the use and function, I will divide Android applications into 2 types":

• Normal Application: Install from many sources, apk-apks from Internet, Play Store, etc.

• System Application: Included OS Application (based on Android), Manufacture Application.

We can ignore system applications because most of them cannot be deleted, and we don't need to work with them :d

The regular application is what we will be working with there are many sources where the application can be downloaded and installed. We have 2 common ways to install applications:

• ADB: Use adb install

• Package Manager: :/ here too weird but it exactly you copy/download apk into your device and install with your phone

Forget JADX, here is structure of APK if you convert “.apk” to “.zip”

Obviously, “apk” (Android Package) exactly “zip” contains:

• META-INF: Here included certificate of Android (I will have another article discuss more about this)

• res + resources.arsc: Included assets (mean image, logo), layout. If you never make Android App before, you need to know below is how make interface on Android. Its only drag-and-drop, result is XML file contains style of screen (Android called layout), same ways how to render HTML+CSS but difference syntax :d (res folder will have raw image save as .png, .jpeg, etc.)

  

• AndroidManifest.xml: Metadata, Pesmission, Components, etc. We can know many things here like when click on Application on screen, what happends? What screen will call first

• classes.dex: Included Java complied code => Logic of application

We only focus on “dex” file here because dex included Java logic. How from Java we can generate dex, that how is work

While you still in university, I make sure that you learnt OOP and teacher taught many times how Java can work. That right, “.java” to “.class” and “.class” called “bytes code”, it will run on a special environment called “JVM”. But why Android need “.dex”?

Back when Android first launched, Android devices were too weak compared to computers to run Google, so Android designed a virtual machine called Dalvik. They have similar functionality to JVM just more efficient like reducing instructions, etc. (You can understand more on Google). But yes, you need to convert “.class” to “.dex”. It is mean you need to convert bytes code to another bytes code form. So what about revert?

In Android, you go as you go, you come back as you go. Easy to understand, right? But what if you want to change it (for example I want to check a with 2 instead of 1)? We have another thing here called “Smali”. So what is “smali”

On Google said that, Smali is the assembly language used to represent Android's DEX bytecode

Lmao, it is also bytecode, at least easy understand on below :D

That right, Smali exactly human-readable (also writable too) so we can easy modify, read and do something else. It will modify dex also. Remember “WE NEVER CAN REVERSE FULLY FROM APK TO JAVA”, only “APK → DEX → Smali”, Java just only to reference

I think that all for this article, in next, I will show how to create application (With some coding skill) and more than.