Add apkeep tool and XAPK conversion technique (#3697)

* Initial plan

* Add apkeep tool page (MASTG-TOOL-0148) and xapk conversion technique (MASTG-TECH-0145)

Co-authored-by: cpholguera <[email protected]>

* Refactor apkeep tool and usage

---------

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: cpholguera <[email protected]>
Co-authored-by: Carlos Holguera <[email protected]>

Author: Copilot

techniques/android/MASTG-TECH-0003.md

@@ -14,7 +14,10 @@ One of the easiest options is to download the APK from websites that mirror publ
 
 Beware that you do not have control over these sites, and you cannot guarantee what they will do in the future. Only use them if it's your only option left.
 
-## Using gplaycli
+!!! note
+    Some alternative app stores may provide apps in XAPK format instead of standard APK files. XAPK files are ZIP archives that bundle the APK with additional data files. See @MASTG-TECH-0145 for instructions on how to extract and work with XAPK files.
+
+## Using @MASTG-TOOL-0016
 
 You can use @MASTG-TOOL-0016 to download (`-d`) the selected APK by specifying its AppID (add `-p` to show a progress bar and `-v` for verbosity):
 
@@ -34,6 +37,28 @@ The `com.google.android.keep.apk` file will be in your current directory. As you
 
 > You may use your own Google Play credentials or token. By default, gplaycli will use [an internally provided token](https://github.com/matlink/gplaycli/blob/3.26/gplaycli/gplaycli.py#L106 "gplaycli Fallback Token").
 
+## Using @MASTG-TOOL-0148
+
+You can use @MASTG-TOOL-0148 to download APKs from Google Play Store. To download the latest version of an app by specifying its package name:
+
+```bash
+apkeep -a com.google.android.keep .
+```
+
+The APK will be downloaded to the current directory. apkeep can also download specific versions and handle split APKs:
+
+```bash
+apkeep -a [email protected] .
+```
+
+To download all split APKs for an app bundle:
+
+```bash
+apkeep -a com.google.android.keep -d .
+```
+
+apkeep is particularly useful for automation and doesn't require authentication for downloading free apps.
+
 ## Extracting the App Package from the Device
 
 Obtaining app packages from the device is the recommended method, as we can guarantee the app hasn't been modified by a third party. To obtain applications from a rooted or non-rooted device, you can use the following methods:

techniques/android/MASTG-TECH-0145.md

@@ -0,0 +1,72 @@
+---
+title: Working with XAPK Files
+platform: android
+---
+
+When downloading apps from alternative stores such as APKPure or APKMirror, you may receive XAPK files instead of a single APK. XAPK is not an Android standard format. It is simply a ZIP archive used by third-party stores to bundle one or more APKs together with optional additional data.
+
+## What an XAPK Contains
+
+An XAPK file is a regular ZIP archive that typically includes:
+
+- A base APK
+- Optional split APKs generated from an Android App Bundle
+- Optional OBB data files
+- A manifest.json file describing the package contents
+
+## Extracting an XAPK
+
+Because XAPK is just a ZIP file, it can be extracted using standard tools.
+
+```bash
+unzip app.xapk -d app_extracted
+```
+
+After extraction you may see a single APK or multiple APK files. For example:
+
+```sh
+ls -1 app_extracted
+base.apk
+config.ar.apk
+config.arm64_v8a.apk
+...
+config.xxxhdpi.apk
+icon.png
+manifest.json
+```
+
+## Installing Apps from an XAPK
+
+### Single APK Case
+
+If the extracted directory contains only one APK, it can be installed normally.
+
+```bash
+adb install app_extracted/*.apk
+```
+
+### Split APK Case
+
+If multiple APKs are present, the app was built as an Android App Bundle. There is no reliable or supported way to convert these splits into one universal APK. The correct approach is to install the base APK together with the splits that match the target device.
+
+```bash
+adb install-multiple -r app_extracted/*.apk
+```
+
+### OBB Data
+
+If the XAPK contains OBB files, install the APKs first, then push the OBB directory to the device.
+
+```bash
+adb push app_extracted/Android/obb/<package.name> /sdcard/Android/obb/
+```
+
+## Reverse Engineering
+
+For reverse engineering and static analysis, you can open the base APK and all relevant split APKs together using @MASTG-TOOL-0018 like this:
+
+```bash
+jadx app_extracted/*.apk
+```
+
+See @MASTG-TECH-0017 for more details on decompiling Android apps.

tools/android/MASTG-TOOL-0148.md

@@ -0,0 +1,15 @@
+---
+title: apkeep
+platform: android
+source: https://github.com/EFForg/apkeep
+hosts: [windows, linux, macOS]
+---
+
+[apkeep](https://github.com/EFForg/apkeep) is a command-line tool written in Rust for downloading APK files from various sources including Google Play Store. It's designed to make downloading and archiving Android APKs simple and reliable.
+
+- Supports downloading specific versions of apps
+- Can download split APKs and bundle them
+- Provides CSV output for automation
+- No authentication required for free apps
+
+See the [GitHub repository](https://github.com/EFForg/apkeep) for more information and installation instructions.