Is there a way of obtaining a list of 3rd party libraries being used by an Android APK file, without access to the source code?
I’m thinking of 2 options:
1. Using a tool such as LibRadar to detect. However, as far as I know, it uses signature based detection, and hence is not comprehensive.
2. Use jadx to decompile the APK file, and manually traverse through all source folders that aren’t the app package name.
For example, if my app is com.myapp, I’ll traverse through all source folders that are outside of com/myapp.
As far as I can tell, there are 2 problems with this:
a. Obfuscated libraries will have obfuscated names, so I will have a
bunch of libraries detected as a.a.a , a.a.b, etc
b. I won’t know where to stop. For example, a library’s package name may be
com.somelibrary, but may have multiple sub folders under the main
folder, e.g. com/somelibrary/a, com/somelibrary/b, etc. I have no
way of knowing what the root folder of the library is.
Is there a consistent, accurate way of listing 3rd party libraries without the above limitations?