Here are some tools to help you with reversing Android apps.
First take the release build from Android studio, or alternatively use adb shell to list all available apps
adb shell pm list packages | grep YourAppName
Android Asset Packaging Tools can be used to dump the Android Manifest file
aapt dump xmltree /appFolder/app-release.apk AndroidManifest.xml
as well as resource and asset files included in the APK
aapt l -a /appFolder/app-release.apk
First, you can unzip an apk easily like this
Next, you can use AXMLPrinter2 to parse Android binary XML formats directly. For example, to look at the Android Manifest file
java -jar AXMLPrinter2.jar AndroidManifest.xml
Drozer allows you to assume the role of an Android app and interact with other apps. One of the modules in drozer, app.package.maifest will parse the manifest file and display it on screen.
run app.package.maifest com.company.appName
smali/baksmali is an assembler and disassembler for the DEX format that is used by Dalvik. Baksmali will disassemble the APK file into the Jasmin syntax but one thing about this tool is that it can take the ProGaurded obfuscated names and unravel them so you can see the names of the methods. This means it is a good idea to still name sensitive methods with something more innocent.
java -jar baksmali-2.1.2.jar app-release.apk
Files are outputed to a /out folder. You can then use Smali to take the outputed files and convert them into a DEX file.
java -jar smali-2.1.2.jar -o classes.dex /out/
Dex2Jar. Dex files created from the above method can then be translated back to something that resembles the original source code. You can convert the DEX file to a standard Java CLASS file.
d2j-dex2jar.sh /app-release.apk -o /AppName.jar
Once you have your jar file from the above method, you can open it to get all the class names and most source code by opening the jar folder in JD-GUI.
You can dissassemble and debug Dalvik code since IDA Pro v6.1. IDA is good because of its support for scripting and it has a graph-view which can unwind the flow of the app. There’s also lots of scripts people write for it to assist in unwinding obfuscated code.
*Dextra supports ART and OAT.
*ApkTool will reverse-engineer the entire Android backage back to a workable form, including all resources and origional source code.
*Jadx. This will let you browse decompiled DEX code. It also decompiles most of the entire project.
*JAD. This will convert Java Class files back to source files.