BetaPrivate beta. Join the waitlist

Turn an Android APK into a structured report

Upload an APK and AppMD parses the manifest, resources, and bytecode, detects frameworks and dependencies, and runs static analysis. An optional AI layer explains the findings in plain language.

Static + AI hybrid analysis · Built for developers and security researchers

/analyze
Ready

Drop your .apk

or paste a Play Store link · max 512 MB

fintech-app-v4.2.apk· 48.2 MB

Detects every major Android stack

KotlinAndroidFlutterDartFirebaseTypeScriptJavaScriptUnityKotlinAndroidFlutterDartFirebaseTypeScriptJavaScriptUnity
Capabilities

What AppMD extracts from an APK

One upload runs a full pipeline of specialized analyzers. Each panel is grounded in the actual binary, no guesses, no hallucinated source.

Understand any APK

An AI summary that reads the binary end to end, entry points, modules, and how the pieces fit.

ComposeHiltKtorRoomCoil

Extract design systems

Recover the color palette, typography, spacing, and components as usable tokens.

AaDisplay / 32 · 600
AaBody / 16 · 400

Generate implementation prompts

Turn any screen or flow into a precise prompt for your coding agent.

# implementation prompt
Build a Compose onboarding with 6 steps,
biometric gate, and a Ktor client.
→ copy · open in editor

Chat with your app

Ask questions in plain language and get answers grounded in the analysis.

How does login handle 2FA?
It calls AuthRepo, then routes to a TOTP screen backed by biometrics.

Architecture analysis

See layers, dependencies, and data flow at a glance.

UIVMRepoAPIDB

Security overview

Surface manifest risks, exported surfaces, and weak configs.

Exported componentspass
Cleartext trafficpass
Debuggable flagreview

Detect frameworks & libraries

Fingerprint Compose, Flutter, React Native, and common SDKs by signature.

ComposeFlutterRNOkHttpFirebaseGlide

Asset explorer

Browse every icon, image, font, and raw resource, searchable and exportable.

How it works

How AppMD analyzes an APK

The same deterministic pipeline runs on every upload. Static analysis does the work; the AI layer is optional and only explains what was found.

  1. Upload APK

    01

    Drop an APK you own or are authorized to inspect. Files are processed in an isolated sandbox.

    app-release.apk
  2. Extract metadata and resources

    02

    Parse the manifest, unpack resources.arsc, and read the DEX bytecode.

    manifest · resources · dex
  3. Run static analysis

    03

    Detect frameworks and dependencies, map screens, and check the manifest for common risks.

    frameworks · dependencies · findings
  4. Generate structured report

    04

    Assemble the results into a structured, searchable report grounded in the artifact.

    structured · searchable
  5. Optional AI explanation

    05

    An optional layer summarizes the findings in plain language. You can turn it off.

    optional
The workspace

A report you can actually work in

Not a static PDF. Every analysis opens as an interactive workspace, navigate it, search it, and hand pieces straight to your build.

fintech-app-v4.2.apk
complete

AI summary

Northwind Pay is a Jetpack Compose fintech client structured by feature module. It uses Hilt for dependency injection, a Ktor networking layer with certificate pinning, and Room for offline ledgers. Authentication combines password login with a TOTP second factor gated by biometrics. The onboarding spans six screens; the main experience is a bottom-nav shell with four destinations.

Package
com.northwind.pay
Version
4.2.0 (4200)
Min SDK
26 · Android 8.0
Size
48.2 MB
ComposeHiltKtorRoomCoilBiometricTOTP
Why AppMD

Not another decompiler

Traditional APK analyzers hand you a pile of artifacts and leave the understanding to you. AppMD does the understanding, and shows its work.

Reasoning, not just extraction

Legacy tools dump strings and smali. AppMD reasons over those facts to explain what the app does and why.

Minutes, not weeks

What used to take a senior engineer days of manual decompiling now returns as a structured report in about 90 seconds.

Authorized & private by design

Analysis runs in isolated sandboxes on apps you own. We never expose or reconstruct proprietary source.

Built for your workflow

Export prompts, wire it into CI, or query the API. AppMD fits where your team already works.

CapabilityLegacyAppMD
Reads the binary end to end
Explains architecture in plain language
Recovers the design system as tokens
Maps screens into user flows
Generates implementation prompts
Ask follow-up questions in plain language
Grounded results, no hallucinated source
What to expect

Honest about what it can and can't do

AppMD runs real static analysis, so the output depends on the input. Here is what that means in practice.

Limitations

  • Analysis quality depends on how the APK was built and structured.
  • Obfuscated or heavily minified apps may produce partial results.
  • Large apps take longer to process and may be queued at peak times.
  • Some deeper inspections are only available on paid plans.

Requirements

  • Works best with debug or unobfuscated release builds.
  • Requires an internet connection; analysis runs server-side.
  • Reports combine static analysis with an optional AI layer.
  • Only analyze apps you own or are authorized to inspect.
For developers

Fits your pipeline, not the other way around

AppMD is API-first. Everything you see in the workspace is available programmatically, so you can automate analysis wherever your team already works.

CLI

Analyze a build from your terminal and pipe the JSON anywhere.

CI pipelines

Gate releases on security grade or diff a build against the last.

REST + SDKs

Fetch summaries, screens, and findings programmatically.

Webhooks

Get notified the moment an analysis completes.

appmd
$ appmd analyze ./app-release.apk --json
↑ uploading · 48.2 MB ········· done
⠿ analyzing · 24 screens · 18 libs
{"framework": "compose",
"screens": 24,
"security_grade": "A-"
}
$
Pricing

Simple pricing that scales with you

Start free. Upgrade when AppMD becomes part of how your team ships.

Free

For trying it on a single app.

$0/mo

free forever

Start free
  • 1 APK analysis / month
  • AI summary & screen detection
  • Color palette & typography
  • Community support

Pro

Popular

For individual engineers and designers.

$7/mo

billed annually

Start Pro trial
  • 50 analyses / month
  • Full design-system extraction
  • Architecture & security insights
  • Implementation prompts
  • Chat with your app
  • Email support

Team

For engineering teams shipping together.

$20/mo

billed annually

Start Team trial
  • Unlimited analyses
  • Shared workspaces & history
  • CI integration & webhooks
  • REST API & SDKs
  • SSO & role-based access
  • Priority support

Enterprise

For security and platform organizations.

Custom

Contact sales
  • Self-hosted or VPC deployment
  • SAML SSO & audit logs
  • Custom analyzers & retention
  • SLA & dedicated support
  • Security review & DPA
FAQ

Answers before you ask

Still curious? Reach the team at hello@appmd.dev.

From APK to structured report

Be first to understand any Android app

AppMD is launching soon. Join the waitlist and we’ll email you the moment it’s ready.