APK Manifest Inspector
Drop an APK or AAB to read its package, permissions, and SDK levels. It runs 100% in your browser. Nothing is uploaded, and the file never leaves your device.
- On-device
- No uploads
- Works offline
APK inspector
About this tool
This inspector opens an Android APK or AAB, finds the AndroidManifest.xml inside, and decodes its compiled binary form into readable values: package name, version, the permissions the app requests, the features it needs, and its min, target, and compile SDK levels.
It all happens locally. The archive is unzipped in memory and parsed by JavaScript in this page, so your file is never uploaded.
What is binary XML?
The manifest you write in plain text gets compiled into Android binary XML (AXML) when the app is built. AXML stores all strings once in a pool and references them by index, which is why opening the file in a text editor shows garbled bytes.
This tool walks the AXML chunks (string pool, start tags, attributes) and reconstructs the values, the same way the Android tooling does.
Tips
- Both
.apkand.aabwork; the manifest lives inside either archive. - Permissions flagged with a danger badge are runtime permissions that touch private data or hardware.
- If a value shows as not declared, the manifest simply did not set it.
- Large files take a moment to unzip, but they still stay on your device.
About the APK Manifest Inspector
Every Android app ships a manifest that declares who it is and what it can do. Once an app is built, that manifest is no longer readable text, so you cannot just open an APK and skim it. This tool does the decoding for you, entirely in your browser, with no install and no upload.
What you can read from a manifest
The manifest holds the package name, the version name and code, and the SDK levels that decide which Android versions the app supports. It also lists every permission the app requests and the hardware or software features it requires. Reading these is the quickest way to sanity-check an app before you sideload it.
Why permissions matter
Android splits permissions into normal and dangerous (runtime) groups. Dangerous ones, such as camera, location, contacts, and SMS access, touch private data, so the app has to ask for them while it runs. This tool flags those with a badge so a long permission list is easy to scan.
Everything stays local
The file you pick is unzipped in memory and parsed by code running on this page. Nothing is sent to a server, which means it works offline and your app file never leaves your device.
Frequently asked questions
Is my APK uploaded anywhere?
No. The archive is unzipped and the manifest decoded right in your browser, so the file never leaves your device. The tool even works offline.
Why can't I just open AndroidManifest.xml in a text editor?
It is compiled into Android binary XML when the app is built. The strings live in a pool and tags reference them by index, so a text editor shows raw bytes. This tool decodes that format back into readable values.
What makes a permission "dangerous"?
Android marks permissions that touch private data or hardware (camera, location, contacts, SMS, phone, sensors) as runtime or dangerous. Apps must request them while running, and this tool flags them with a badge.
Does it work with AAB files too?
Yes. An Android App Bundle is also a zip archive, and this tool finds the AndroidManifest.xml inside it and decodes it the same way.