You can either do a fresh install of Androguard or use it out of the box via Android Reverse Engineering (ARE) distro available here.
For a fresh install in a Linux system download Androguard from Mercurial source code management system, begin with installing Mercurial and then running:
hg clone https://androguard.googlecode.com/hg/ androguard
You really have to follow the instructions mentioned here if its a fresh install on a Linux system. Once everything is done execute androlyze from androguard as:
Now we need to specify the apk that we will work with and the decompiler that needs to be used:
a,d,dx = AnalyzeAPK("path_to_apk", decompiler="dad")
Now you can start firing away commands to gather useful data about the apk. There is a huge list of commands and functionalities that can be applied to Androguard but I will list a few that I normally use. I will keep adding information to this list as and when I find something new, so keep checking !
APK specific elements can be accessed by the apk class, we referred it via a in the command above so that is how we will call it. Detailed information about the different options that can be used is available in the APK specific documentation but I will list some of the commands that I use frequently:
The general approach towards Static Android Malware Analysis involves decompiling the apk via Dex2Jar and vieweing the decompiled code. But sometimes the code is not decompiled completely, as a result we see an Error in the middle of the code. To view such code I use the following command from Androguard: