Awesome Open Source
Awesome Open Source



Software License Go Report Card follow on Twitter

apkingo is a tool written in Go to get detailed information about an apk file. apkingo will explore the given file to get details on the apk, such as package name, target SDK, permissions, metadata, certificate serial and issuer. The tool will also retrieve information about the specified apk from the Play Store, and (if valid API keys are provided) from Koodous and VirusTotal.


You can can download apkingo from the Releases section or compile it from the source by downloading the repository, navigating into the apkingo directory and building the project with make apkingo. This will create a build folder, containing the resulting executable.


You can run apkingo with the following flags:

  • -apk to specify the path to the apk file (required)
  • -json to specify the path of the json file where the results will be exported
  • -vt to specify VirusTotal API key (required for VirusTotal analysis)
  • -k to specify Koodous API key (required for Koodous analysis)

Example: apkingo -apk snapseed.apk -json snapseed_analysis.json


apkingo analyzing snapseed:


apkingo analyzing F-Droid:


apkingo analyzing an Android malware (I had to cut the screenshot on the permissions section):

apkingo apkingo


Here is the full list of information which apkingo can retrieve:

  • General information: app name, package name, app version, MainActivity, minimum and target SDK
  • Hashes: md5, sha1 and sha256
  • Permissions
  • Metadata
  • Certificate information: serial, sha1, subject, issuer, validity date and expiration date
  • Play Store information: Play Store url, version, summary, release date, number of installations, score, developer name, developer ID, developer mail and developer website
  • Koodous info (API key required): Koodous url, Koodous ID, app name, package name, company, version, Koodous link to the app icon, size, Koodous tags, trusted (boolean), installed on devices (boolean), Koodous rating, detected (boolean), corrupted (boolean), statically analyzed (boolean), dynamically analyzed (boolean) and date when the app was submitted to Koodous for the first time
  • VirusTotal info (API key required): VirusTotal url, apk names, first submission date, number of submissions, last analysis date and results, reputation, community votes (harmless and malicious), md5 and dhash of icon, providers, receivers, services, interesting string and permissions that are considered dangerous.

3rd party libraries used

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Go (167,684
Apk (5,007
Mobile Security (110
Apk Analysis (8
Apk Analyzer (4
Scanning Apk (3