Android security insights in full spectrum.
Features • Detection • Installation • Usage • Reports
Featured at Black Hat MEA 2023 and Black Hat ASIA 2024
APKDeepLens is a Python-based static analysis tool for Android APK files. It decompiles APKs using JADX and runs a deep multi-layer security scan covering the OWASP Mobile Top 10 (2024). Every finding is tagged with a severity level (CRITICAL / HIGH / MEDIUM / LOW / INFO) and an OWASP category, and results are exported in JSON, HTML, PDF, or TXT format.
| Category | Checks | Severity Range | OWASP |
|---|---|---|---|
| Manifest Security | 10 | CRITICAL → MEDIUM | M3–M9 |
| Cryptography | 7 | CRITICAL → MEDIUM | M1, M10 |
| WebView Security | 6 | CRITICAL → HIGH | M4, M5, M7, M9 |
| SSL / TLS | 5 | CRITICAL → MEDIUM | M5 |
| Dynamic Code Execution | 4 | HIGH → MEDIUM | M4, M7 |
| Insecure Data Storage | 6 | HIGH → LOW | M4, M6, M9 |
| Logs / Privacy | 3 | MEDIUM → LOW | M6 |
| Intent Security | 2 | HIGH → MEDIUM | M4 |
| Zip Path Traversal | 1 | HIGH | M4 |
| Hardcoded Secrets | 16+ | — | M1 |
| Insecure Communications | — | — | M5 |
For full check IDs, regex patterns, and evidence examples see DETECTION.md.
Requirements: Python 3.10+, Java / OpenJDK
git clone https://github.com/d78ui98/APKDeepLens.git
cd APKDeepLens
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
python APKDeepLens.py --help
git clone https://github.com/d78ui98/APKDeepLens.git
cd APKDeepLens
python3 -m venv venv
.\venv\Scripts\activate
pip install -r requirements.txt
python APKDeepLens.py --help
docker build -t apkdeeplens .
docker run --rm -v /path/to/apk/files:/apk apkdeeplens -apk /apk/file.apk
# Basic scan — outputs JSON report
python APKDeepLens.py -apk app.apk
# Skip decompilation when source is already extracted
python APKDeepLens.py -apk app.apk -source_code_path /path/to/source
# Generate HTML report
python APKDeepLens.py -apk app.apk -report html
# Generate PDF report
python APKDeepLens.py -apk app.apk -report pdf
# Generate plain-text report
python APKDeepLens.py -apk app.apk -report txt
# Specify output directory
python APKDeepLens.py -apk app.apk -report json -o /path/to/output/
# Skip virtualenv check (CI/CD)
python APKDeepLens.py -apk app.apk --ignore_virtualenv
All reports are saved to a reports/ subdirectory of the output path.
| Format | Description |
|---|---|
| JSON (default) | Machine-readable. All findings include id, severity, owasp, description, and evidence. Ideal for pipeline integration. |
| HTML / PDF | Colour-coded severity tables — CRITICAL in red, HIGH in orange, MEDIUM in amber. |
| TXT | Human-readable, severity-sorted findings with file locations and descriptions. |
See DETECTION.md for the full JSON output schema.
APKDeepLens/
├── APKDeepLens.py # Main entry point
├── report_gen.py # Report generation (JSON, HTML, PDF, TXT)
├── report_template.html # HTML report template
├── requirements.txt
└── static_tools/
├── code_scanner.py # Deep code-pattern security scanner (40+ checks)
├── scan_android_manifest.py # Manifest parser + security checker
├── sensitive_info_extractor.py # Hardcoded secret + insecure URL scanner
├── known_false_positives.txt # Curated false-positive filter list
└── utility/
└── utility_class.py # Shared constants (DANGEROUS_PERMISSIONS, util)
Feature requests, bug reports, and pull requests are welcome at github.com/d78ui98/APKDeepLens/issues.
$ claude mcp add APKDeepLens \
-- python -m otcore.mcp_server <graph>