Android-Disassembler
Android-Disassembler is a mobile app for reverse-engineering binaries on Android devices, supporting ELF, PE, DEX, and other formats. It uses Capstone for disassembly and includes symbol table viewing, export options, and hex analysis.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | yhs0602/Android-Disassembler |
| Owner | yhs0602 |
| Primary language | Kotlin |
| License | MIT — OSI-approved |
| Stars | 702 |
| Forks | 109 |
| Open issues | 39 |
| Latest release | v2.1.5 (2021-08-06) |
| Last updated | 2026-03-22 |
| Source | https://github.com/yhs0602/Android-Disassembler |
What Android-Disassembler is
Kotlin-based Android application that wraps Capstone, ELFIO, PECOFF4J, and Smali to disassemble ARM, x86, x64, MIPS, and PowerPC binaries. Supports multi-file projects, syntax highlighting, bytewise entropy analysis, and direct file browser integration via SAF.
Get the Android-Disassembler source
Clone the repository and explore it locally.
git clone https://github.com/yhs0602/Android-Disassembler.gitcd Android-Disassembler# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Git submodules must be initialized before building; requires Android SDK/NDK configuration.
- App uses SAF (Storage Access Framework) for file access on modern Android; power-user features (root, raw filesystem) are opt-in and separate from default flow.
- Latest formal release (v2.1.5) is from Aug 2021, but last code push was Mar 2026 (suggests active development branch). Verify stability before production adoption.
- Capstone-based disassembly is accurate for instruction-level analysis but does not generate high-level IR or decompiled pseudocode.
- Symbol resolution and IAT/EAT parsing depend on PE/ELF header integrity; malformed or stripped binaries may require manual setup.
When to avoid it — and what to weigh
- Need production-grade static analysis — App is a UI wrapper around existing libraries; lacks advanced features (CFG generation, data-flow analysis, decompilation). Not suitable as primary security platform.
- Require commercial support or SLAs — Community-maintained project in 'recovery and modernization' phase. No vendor support, no formal maintenance guarantees, and 39 open issues indicate backlog.
- Must integrate into automated pipelines — Desktop GUI app designed for interactive use only. No CLI, API, or batch processing; difficult to integrate into CI/CD or server-side workflows.
- Strict data isolation required — README discloses crash reports may attach analyzed files to GitHub issues. Unsuitable for highly sensitive or confidential binary analysis.
License & commercial use
MIT License. Permits commercial use, modification, and distribution with attribution. Includes dependency on Capstone (ACME License), ELFIO (LGPL), PECOFF4J (Apache 2.0), Smali (Apache 2.0), and other Apache-licensed libraries. Review all transitive dependencies for license compliance.
MIT license allows commercial deployment without royalties. However, transitive dependencies include Apache 2.0 (Java-binutils, PECOFF4J, commons-*, Smali) and LGPL (ELFIO). Ensure your legal team reviews all bundled libraries. No commercial support or SLAs available from the maintainer.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Needs review |
| Deployment complexity | Moderate |
| DEV.co fit | Good |
| Assessment confidence | High |
App is a security analysis tool, not a hardened platform. No formal security audit documented. Crash reports may attach analyzed binaries to public GitHub repositories, creating confidentiality risk for sensitive reverse-engineering. Root/raw-filesystem features require elevated permissions; review threat model for untrusted APKs. Capstone library is mature and well-maintained, but app-specific logic may contain bugs—test with non-critical binaries first.
Alternatives to consider
Ghidra (desktop, free, NSA-maintained)
Full-featured decompiler with CFG, data-flow analysis, and scripting. Requires desktop workstation but dramatically superior analysis depth.
IDA Pro (desktop, commercial, Hex-Rays)
Industry standard; supports more architectures and file formats. Expensive but offers commercial support and proven stability.
Radare2 (CLI/desktop, free, open-source)
Scriptable, portable binary analysis framework with plugin ecosystem. Steeper learning curve but better suited for automation and batch workflows.
Build on Android-Disassembler with DEV.co software developers
Download from Play Store or GitHub, test with non-critical binaries, and review the privacy policy before analyzing sensitive code. For enterprise analysis pipelines, compare against Ghidra or Radare2.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
Android-Disassembler FAQ
Can I use this in a security scanning SaaS platform?
Does it support Windows PE analysis on Android?
What happens if I analyze a confidential binary?
Is the app available for iOS?
Software development & web development with DEV.co
DEV.co helps companies turn open-source tools like Android-Disassembler into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source security stack.
Ready to evaluate for your reverse-engineering workflow?
Download from Play Store or GitHub, test with non-critical binaries, and review the privacy policy before analyzing sensitive code. For enterprise analysis pipelines, compare against Ghidra or Radare2.