Android is a most popular mobile platform. Many organizations are using their own applications for android. Similar to web applications android applications also requires penetration testing.

Forward Engineering in the android is the process of converting source code to a machine code.

Source code -> Javac -> classes.dex

Reverse Engineering in the android is the process of converting machine code to a source code.

Classes.dex -> jar -> source code

Advantages:

After Reverse Engineering an apk file we can do the following

Reading source code and androidmanifest.xml file.
Libraries and images used in that application.
How that application is constructed.
Reverse Engineering Tools:

Apktool, dex2jar and jd-gui

Manual Approach for Reverse Engineering:

Android is a most popular mobile platform. Many organizations are using their own applications for android. Similar to web applications android applications also requires penetration testing.

Forward Engineering in the android is the process of converting source code to a machine code.

Source code -> Javac -> classes.dex

Reverse Engineering in the android is the process of converting machine code to a source code.

Classes.dex -> jar -> source code

Advantages:

After Reverse Engineering an apk file we can do the following

Reading source code and androidmanifest.xml file.
Libraries and images used in that application.
How that application is constructed.
Reverse Engineering Tools:

Apktool, dex2jar and jd-gui

Manual Approach for Reverse Engineering:

1. Download the tools using the links.
Apktool: http://code.google.com/p/android-apktool/downloads/list
dex2jar: http://code.google.com/p/dex2jar/downloads/list
jd-gui : http://code.google.com/p/innlab/downloads/detail?name=jd-gui-0.3.3.windows.zip&can=2&q=
2. Get the apk file and copy it to the new location.
3. Rename to the file .apk to .zip. And extract the files to a specific folder.

4. You will find the classes.dex. Copy it into the dex2jar tool.

5. Open the command prompt to the dex2jar path and type the dex2jar.bat classes.dex. It will create jar file.

6. Open the jd-gui tool. Drag and drop the jar file to the jd-gui tool.

7. You will get all java files in the jd-gui tool.
8. To read the androidmanifest.xml file you need to use apktool

9. Copy the apk file in to the apktool folder and type the apktool d firstprogram.apk in the command prompt.

10. Now, you can read the androidmanifest.xml file.