How to decompile an APK

Prerequisites: I've assumed that you have Docker installed and are using PowerShell Core 7. It's not too hard to translate the command to bash if that's more comfortable.

Start by finding the PlayStore URL, in our case we'll be confirming that the published version of Keepass2Android matches the source-code offering on Github, so the PlayStore URL is https://play.google.com/store/apps/details?id=keepass2android.keepass2android.

Then, using a site such as https://apkpure.com/, give them the URL (or just the name) and it'll let you download the APK.

Move the APK into it's own directory, then run the following commands:

Move-Item *.apk target_apk.apk
$location = (Get-Location).Path
docker run --rm -v ${location}:/app theanam/apktool d target_apk.apk
Make the APK's name consistent, get the location, then run apk tool against it.

You should see some output like the following:

There will now be a directory called target_apk which if you go into will have the internal breakdown of the APK. I would recommend using a tool such as VS Code to go through it's parts.

There are serious limits to what apktool can and can't decompile, but it should be enough to give you a foothold on confirming what the App intends to do and the technologies it claims to use.