Apktool v2.10.0 has been released! This release is feature packed including parallelization, reproducible builds, retiring Proguard and an upgrade to baksmali/smali. If you aren't interested and just want the changes and download - head on the bottom or the doc site.

Parallel Execution

Lets start with the introduction of parallel jobs to speed up Apktool's execution. Contributed via Gregrant this now automatically detects the amount of core available (or respects the --jobs n parameter) and can be seen in Apktool's output.

➜ apktool-2.10.0.jar d facebook.apk -f
I: Using Apktool 2.10.0 on facebook.apk with 8 thread(s).
// 23.72 seconds

For those interested in the technical details - we don't yet parallelize the actual resource tasks - those are treated as one job, but simply off-load each baksmali/smali task to its own thread.

➜ apktool-2.10.0.jar d facebook.apk -f -j 1
I: Using Apktool 2.10.0 on facebook.apk with 1 thread(s).
// 80.56 seconds

Take for example the Facebook application that went from 81 seconds to 24 seconds for a full disassembly. This is slicing more than half of the execution time!

Reproducible Builds

In today's age its becoming increasingly valuable to audit open source software so you the reader can confirm the archive I distribute is equal to what is living in source control. Prior to Apktool 2.10.0 a generation of an archive would not often create a release with the same hash as the prior.

Research and execution was put to follow reproducible build's guide

The greatest win was ensuring the packed jar did not touch each file with the day/time that the archive was created. This plus a few other changes helped Apktool have a reproducible build. The next release will take this further as we explore attestation and moving the release process into GitHub Actions for a fully automated solution.

Retiring Proguard, Hello R8

While on the journey to reproducible builds I learned Proguard was part of the reason I could not have a reproducible build. I started with an issue report, but I knew that it was time to retire away from Proguard. Google had been working on R8 for years at that point and open source Proguard was starting to age so Apktool transitioned to R8.

v2.11.x will be the next large feature release, but a branch v2.10.x exists for security/urgent fixes. We will try and support the last release or two until it doesn't seem worthwhile.

Sponsors

I launched GitHub Sponsors to help provide another alternative for folks showing appreciation. I want to remind folks of two companies that continue to hold a monthly donation for the project.

• Emerge Tools came online to sponsor the tool.
• Sourcetoad (self employer) additionally joined to sponsor (as well as a few other projects).

This release had 144 commits by 11 people & 1 robot.

• 99 commits - Connor Tumbleson
• 34 commits - Dependabot (Robot)
• 2 commits - tutacat
• 1 commit - Al Sutton
• 1 commit - Aleksey
• 1 commit - Alex Popov
• 1 commit - Arjuna Kumar Mohanta
• 1 commit - Matvei
• 1 commit - Pavel
• 1 commit - codebymikey
• 1 commit - luk1337
• 1 commit - topminipie

Changes since 2.9.3

• [#3476] Add parallelization to decode|build command. (Thanks Cregrant)
• [#3559] Add reproducible builds (drop Proguard for R8).
• [#3683] Add automatic selection of latest apktool to helper scripts. (Thanks codebymikey)
• [#3681] Add support for final API 34 (Vanilla Ice Cream)
• [#3602] Fix stripping of META-INF files for xmlpull.
• [#3512] Fix disassembly of Facebook.
• [#3536] Fix treating stamp-cert-sha256 as unknown file.
• [#3578] Fix treating non-main class dex files as compressed.
• [#3583] Fix misalignment on namespace restriction from serializer.
• [#3618] Fix resource leak on unclosed ZipFile on framework install.
• [#3634] Fix resource leak on unclosed streams on manifest disassemble. (Thanks azotzot)
• [#3657] Fix sort order of files on tmpfs filesystems. (Thanks luk1337)
• [#3676] Fix tabs/spaces in linux helper script. (Thanks alexpopov)
• [#3519, #3601, #3690] Upgrade baksmali/smali to 3.0.8.
• [#3459, #3595] Upgrade Gradle to 8.7. (Thanks ArjunaKumarMohanta)
• [#3509] Upgrade proguard-gradle to 7.4.2.
• [#3671] Upgrade r8 to 8.5.35.
• [#3577, #3607, #3672] Upgrade commons-cli to 1.9.0.
• [#3560, #3570] Upgrade commons-io to 2.16.1.
• [#3670] Upgrade guava to 33.3.0.
• [#3576] Upgrade commons-text to 1.12.0.
• [#3646, #3663, #3680] Upgrade commons-lang3 to 3.17.0.
• [#3585] Upgrade xmlunit-legacy to 2.10.0.
• [#3510, #3515, #3550, #3572] Upgrade wrapper-validation-action to 3.3.0.
• [#3470, #3479, #3500, #3511, #3522, #3566, #3571, #3575, #3586, #3624, #3628, #3648, #3662, #3679, #3692] Upgrade gradle/actions to 4.1.0.
• [#3471] Upgrade github/codeql-action to 3.
• [#3528] Upgrade actions/upload-artifact to 4.

Notes

• The v2.9.x releases have moved to aapt2 being the default. If you'd like to return to the previous behavior, please use --use-aapt1 during build stage.

Download

• Apktool 2.10.0
  • 5505ce560213730c7366589389469a1b (md5)
  • c0350abbab5314248dfe2ee0c907def4edd14f6faef1f5d372d3d4abd28f0431 (sha256)
  • Rename to apktool.jar and follow the Instruction Guide if you need help.
• 2.10.0 Doc Site Post

Links

• Project Site
• GitHub
• Bug Tracker
• XDA Thread
• GitHub Sponsors
• Buy me a Coffee Beer