Droidective / For security testers
For security & pentestThe Android assessment pipeline, in one window
Droidective is an Android security testing tool for macOS. Inspect, decompile, and re-sign an APK, set up Frida, browse an app's on-device data, and route its traffic through Burp — the static-analysis, instrumentation, and interception loop without gluing five tools together.
Free & open source · Apple Developer ID-signed & notarized · macOS 14+ · assess only what you're authorized to
Recon to interception, without the glue code
APK Studio
Inspect the manifest, permissions, exported components, and signing certs; decompile with jadx or apktool with an in-app source viewer and search; recompile and re-sign a patched build.
Frida setup
Match the device ABI to the right frida-server or gadget, push it, and run it — the setup that usually eats the first hour, in a click.
On-device data
Browse and pull an app's private data on debuggable builds with the sandbox browser, or the whole filesystem — with read-write remount — on a rooted device.
Traffic interception
Point the device's global proxy at Burp or mitmproxy in one click, and clear it just as fast — no digging through Android's Wi-Fi settings.
Runtime observation
Tail logcat and catch crashes to watch what an app leaks at runtime and the stack traces your hooks trigger.
Auditable by design
Fully open source, and every action is logged with the exact command it ran — so your assessment notes can cite precisely what touched the device.