APKLeaks vs JADX
GitHub Stats
About APKLeaks
APKLeaks is a Python tool for scanning Android APK files to extract URLs, API endpoints, and hardcoded secrets from decompiled source code. It uses JADX for decompilation and applies a comprehensive set of regex patterns to identify API keys, OAuth tokens, AWS credentials, Firebase URLs, database connection strings, and other sensitive data that developers accidentally leave in production builds. APKLeaks is particularly useful during mobile app security assessments where you need a quick initial triage of what backend services an app communicates with and whether any credentials are exposed. The tool outputs findings in JSON format and supports custom regex pattern files for organization-specific secret formats. With over 6,000 GitHub stars, APKLeaks has become a standard first step in Android application security testing, often used alongside MobSF for comprehensive static analysis.
About JADX
JADX is a DEX to Java decompiler that produces readable Java source code from Android APK and DEX files. It is particularly useful for reverse engineering Android applications, allowing security researchers and developers to analyze app behavior by converting compiled code back into a human-readable form. The tool supports both command-line and GUI interfaces, making it versatile for diverse use cases. Its ability to handle large applications efficiently makes it a popular choice in the mobile security domain.
Platform Support
Tags
Shared
APKLeaks only
JADX only