- Home
- MCP servers
- Apktool
Apktool
- python
27
GitHub Stars
python
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"secfathy-apktool-mcp": {
"command": "python3",
"args": [
"/absolute/path/to/apktool_server.py"
],
"env": {
"APKTOOL_WORK_DIR": "/path/to/workspace"
}
}
}
}You can run a dedicated MCP server that exposes Apktool functionality for Android APK analysis and reverse engineering. This server lets you decompile, inspect, and recompile APKs, while integrating AI-powered workflows for security, privacy auditing, and guided reverse engineering through natural language commands.
How to use
You connect an MCP client (such as Gemini CLI) to the Apktool MCP Server to perform practical APK analysis tasks. Start the MCP client, then issue natural language commands to drive decompilation, permission checks, secret detection, and step-by-step reverse engineering guidance. You can also run specific tools directly to decompile APKs, analyze manifests, extract strings, and rebuild APKs after changes.
Practical usage patterns include: decompiling an APK to inspect resources and smali code, analyzing requested permissions, extracting string resources with locale support, searching decompiled code for patterns, and rebuilding a modified APK. You can also request AI-powered security audits and privacy compliance assessments for a given APK.
How to install
Prerequisites you need before starting are Java JDK 8 or newer, Apktool, and Python 3.10 or newer.
Install Java JDK 8+ and verify with:
# Ubuntu/Debian
sudo apt update && sudo apt install default-jdk
# macOS (Homebrew)
brew install openjdk
# Verify installation
java -version
Install Apktool and verify:
# Ubuntu/Debian
sudo apt install apktool
# macOS
brew install apktool
# Verify installation
apktool --version
Install Python 3.10 or newer and verify:
python3 --version # Should be 3.10 or higher
Set up the server codebase and dependencies by following these steps:
git clone https://github.com/SecFathy/APktool-MCP.git
cd APktool-MCP
python3 -m venv venv
source venv/bin/activate # Linux/macOS
# or
venv\\Scripts\activate # Windows
pip install -r requirements.txt
Test the installation by starting the server:
python3 apktool_server.py
Configuration
Gemini CLI Integration provides the MCP server connection details in a configuration file. This enables the client to communicate with the Apktool MCP Server using a local stdio process.
Place the following in your Gemini CLI config under mcpServers to run the Apktool MCP Server as a local process. The server is started with Python and the absolute path to the server script. An environment variable sets the working directory for Apktool tasks.
{
"mcpServers": {
"apktool": {
"command": "python3",
"args": ["/absolute/path/to/apktool_server.py"],
"env": {
"APKTOOL_WORK_DIR": "/path/to/workspace"
}
}
}
}
Security considerations
When analyzing APKs, ensure you only process APKs you own or have explicit permission to analyze. Unknown APKs may contain malicious code, so use isolated environments. Decompiled data can include sensitive user information, so restrict access to the workspace and monitor resource usage.
Best practices include using a dedicated, isolated workspace, setting strict file permissions, monitoring CPU/memory, and cleaning up workspace data after each analysis.
Tools overview
The server exposes eight core tools that you can invoke through the MCP client to perform analysis, extraction, and modification tasks.
Testing and troubleshooting
Run unit tests and manual checks to ensure the server starts correctly and can process example APKs. Use isolated sample APKs for safe testing and verify that the server responds to typical analysis requests.
Available tools
decode_apk
Decompile APK files to extract resources, manifest, and smali code.
build_apk
Recompile APK from modified source directory.
install_framework
Install system frameworks for system app analysis.
analyze_manifest
Parse AndroidManifest.xml for permissions and components.
extract_strings
Extract string resources with locale support.
list_permissions
Enumerate all requested permissions.
find_smali_references
Search for patterns in decompiled smali code.
get_apk_info
Get basic APK metadata and information.