Keywords: Android | ADB | APK extraction | Non-rooted device | Batch script
Abstract: This article provides a detailed guide on extracting APK files from non-rooted Android devices using ADB tools. It covers core steps such as package name identification, APK path retrieval, and file extraction, along with batch processing scripts and solutions for permission issues, suitable for developers and tech enthusiasts for app backup and analysis.
Introduction
In Android development and reverse engineering, extracting APK files from installed applications is a common requirement. Whether for backup, analysis, or sharing, mastering the method to retrieve APKs from devices is essential. Based on validated effective approaches, this article details how to extract APK files from non-rooted devices using ADB (Android Debug Bridge), addressing file path variations due to different system versions.
Preparation
Before extracting APKs, ensure the development environment is properly configured. First, install the Android SDK and verify that the ADB tool is available. Connect the Android device via USB and enable USB debugging in the Developer Options. Use the adb devices command to confirm the device is recognized. If the device is not authorized, approve the debugging permission on the device.
Core Extraction Steps
The core process for extracting APK files involves three main steps: identifying the application package name, obtaining the APK file path, and pulling the file from the device. Below is a detailed explanation of each step, including operations and considerations.
Identifying the Package Name
First, determine the package name of the target application. Use the command adb shell pm list packages to list all installed application package names on the device. The output typically appears in the format package:com.example.app. Note that the package name may be unrelated to the app name; for example, WeChat's package name is com.tencent.mm. If the app cannot be identified from the list, check the app's details page on the Google Play Store website, as the URL contains the package name.
Obtaining the APK File Path
After identifying the package name, use the command adb shell pm path <package-name> to get the full path of the APK file. In newer Android versions (e.g., Oreo and Pie), the system appends random strings to the path, such as package:/data/app/com.example.someapp-nfFSVxn_CTafgra3Fr_rXQ==/base.apk. This design makes paths unpredictable, rendering traditional methods ineffective. Thus, accurately retrieving the path via this command is crucial.
Pulling the APK File
Use the adb pull command to copy the APK file from the device to the local system. The basic syntax is adb pull <apk-path> <destination>, where <apk-path> is the path obtained in the previous step (remove the package: prefix), and <destination> is the local save directory. For example: adb pull /data/app/com.example.someapp-2.apk ./downloads/. If the path includes random strings, ensure the entire path is copied to avoid errors.
Batch Processing Script
For scenarios requiring extraction of multiple APK files, manual operations are inefficient. The following script automates the process by iterating through all installed applications, extracting their APK files, and renaming them to handle path randomization:
for i in $(adb shell pm list packages | awk -F':' '{print $2}'); do
adb pull "$(adb shell pm path $i | awk -F':' '{print $2}')"
mv base.apk $i.apk &> /dev/null
doneScript explanation: First, adb shell pm list packages retrieves all package names, and awk extracts the package name field. Then, it loops through each package name, uses adb shell pm path to get the corresponding APK path, and pulls the file with adb pull. Since APKs in newer Android versions are often named base.apk, the script renames them to the package name with a .apk extension using the mv command. Error output is redirected to /dev/null to keep the output clean.
Permission Issues and Solutions
On non-rooted devices, you may encounter permission errors such as "adb: error: failed to stat remote object." This indicates that the current user lacks access to the APK directory. Solutions include ensuring an authorized ADB connection, granting relevant permissions on the device, or using alternative tools like APK extractor apps. Testing shows this method works on most non-rooted devices (e.g., Moto Z2), but system apps (e.g., YouTube) may not be extractable due to higher permission restrictions.
Practical Applications and Considerations
This method is suitable for app backup, reverse engineering, and development debugging. For instance, developers can extract their app's APK for version comparison or analyze third-party app structures. Considerations include extracting only legally owned apps, complying with relevant laws, and accounting for variations across Android versions; testing commands on actual devices is recommended. If the script fails, check the ADB version and device compatibility, or execute commands step by step to identify issues.
Conclusion
Extracting APK files from non-rooted Android devices using ADB is an efficient and reliable method. Key aspects include accurately obtaining package names and file paths, and using scripts for batch tasks. The steps and code provided in this article, validated through practice, effectively address challenges from system path randomization, offering practical guidance for developers and technical users.