Five Minutes and 88 Kopecks: AI Neural Networks Can Now Disassemble, Modify and Reassemble Android Apps at Minimal Cost
Researchers at Positive Technologies have demonstrated that modern large language models can disassemble, modify, reassemble, and maintain the functionality of Android applications in as little as five minutes for a cost of only 88 kopecks. The findings reveal how dramatically artificial intelligence has lowered the barriers for creating altered copies of mobile apps that could be used for malicious purposes.
The experiment was conducted in an isolated laboratory environment using a sample of 90 Android applications from various categories. Specialists avoided adding any malicious functions, working with real users, or accessing user data. Instead, they introduced neutral code changes and verified whether the applications would still launch successfully after repackaging. This methodology allowed the team to measure how easily neural networks can automate the creation of modified application copies.
Performance of Different AI Models
Closed commercial models successfully completed the task in an average of 84 percent of attempts. Models with open weights achieved a lower but still significant success rate of 61 percent. On average, the process required 14 interaction steps with the model for each application. Depending on the chosen model, the entire workflow took between 5 minutes 38 seconds and 9 minutes 9 seconds. The cost of a successful modification ranged from 88 kopecks to 40 rubles 89 kopecks. Researchers estimate that a budget of just several thousand rubles would be sufficient to attempt modifications on approximately one hundred popular Android applications.
Altered APK files can be distributed under the guise of legitimate programs through unofficial app stores, websites, messengers, and catalogs of third-party builds. These modified versions are frequently advertised as improved applications that remove restrictions or add extra features. Services that are unavailable in official stores are especially vulnerable, as users often search for installation files on alternative platforms and risk downloading visually identical but tampered builds.
Implications and Recommendations
Large language models have not created entirely new attack methods; however, they have significantly reduced the cost and complexity of preparing counterfeit applications. Previously, disassembling and repackaging APK files required advanced reverse-engineering skills and manual effort. Today, a substantial portion of these operations can be performed automatically by neural networks.
Developers are advised to protect client-side code against analysis and modification, regularly test applications for resilience to reverse engineering, and monitor the appearance of unofficial APK files. Users should be warned about the risks of installing applications from unverified sources, and protective mechanisms should be integrated during the development phase itself.