Some time ago I had a virus on my phone and I wanted to see its source code. This is how I learned how to disassemble Android apps. Here is a memo of all the tools and techniques. This can be useful for cybersecurity enthusiasts.
This can be easily done with adb, or you can already have it if you didn't download from the Play Store. First find the app package name: adb shell pm list packages -3 Then, get the apk: adb shell pm path <package name> adb pull <path>
apktool d base.apk This gives you the app's xml ressources as well as the smali code. Smali is the assembler/machine code for Android.
Jar is a zipped .class file, which is java bytecode. First, unzip the apk file. You now get the dex files. Dex files are Dalvik Executable bytecode. They can also be loaded at runtime in a program. You also get the ressources.arsc which apktool unpacks. Dex to jar (works on Linux and Windows) d2j-dex2jar.bat classes.dex
Open jd-gui. Import the jar file, than click save all sources. Unzip and voila! Note that this method cannot restore the exact java code. Obfuscation among other things can mean you have to read the smali code to understand what's going on.