Android App Structure

    Every app that we download and install from the Play Store or any other source has the extension .apk (short for Android Application Package). These APK files are compressed archive files, which contain other files and folders. This is typically what an end user or a penetration tester would get and install them by accepting the required permissions and then use them. Since an Android app is an archive file, we can uncompress it using any traditional extraction tool.

    The following diagram shows the folder structure of an uncompressed APK file. Universally, this is the same with any APK with some minor differences such as having an extra lib folder when there are additional libraries included in the app:


    Let's see what each of these files/folders contain:

    • AndroidManifest.xml: This file holds most of the configuration details about the app. It also includes the package name, details about the app components that are used in the app, security settings for each app component, permissions that are requested by the application, and so on.

    • classes.dex: This file contains the Dalvik Bytecode generated from the source code written by developers. This DEX file is what is executed on the device when the app runs.

    • resources.arsc: This file holds the compiled resources.

    • res: This folder consists of raw resources that are required by the
      application. Examples would be images such as app icons.

    • assets: This folder allows a developer to place the files of his interest such as music, video, preinstalled databases, and so on. These files will be bundled with the app.

    • META-INF: This folder contains the application certificate along with the SHA1 digests of all the files used in the application.

    Tegan Tang

    Read more posts by this author.

    Kuala Lumpur, Malaysia