Trusted by over 1.6 million members since 2014 — why not join them?
Snailsoft
∞ and beyond!
Staff Member
Moderator
SB Mod Squad ⭐
✔ Approved Releaser
Active User
Member for 2 years
index.android.bundle
File index.android.bundle is a file used in React Native development. It contains the compiled and bundled JavaScript code for your app. This file is used when you want to install the application via Android Studio without running the metro bundler.
You can generate this bundle file using the following command in your terminal:
Its command line will create index.android.bundle file in android/app/src/main/assets/ directory of your RN project. This bundle needs to be created every time before a release build. It helps your app running more quickly and reduces your app size by minifying your code.
In general, it’s a good practice to add index.android.bundle to your .gitignore file. This is because the index.android.bundle file is generated and it can be different for each developer depending on their local setup.
Including it in the repository could lead to unnecessary merge conflicts. Instead, each developer should generate their own index.android.bundle file locally when needed.
These files are the output of the build process and can be quite large. Storing them in your repository is not only unnecessary but can also bloat your repository size and slow down cloning and pulling operations for other team members.
Here’s an example of how you might set up your .gitignore file for an Android project:
Remember, entries in a .gitignore file have no effect on files that are already tracked.
The index.android.bundle is a critical part of React Native development for Android. However, it should never be committed to your version control repository due to reasons, such as repository size, and version challenges like merge conflicts, becauseindex.android.bundle file can be different for each developer depending on their local setup.
Based on a StackOverflow post, it appears that the index.android.bundle file started to go missing from the APK after upgrading to React Native 0.681. The issue was due to a discrepancy in the Gradle version.
Reference:
React native - Make sure your bundle is packaged correctly or you're running a packager server release mode
Q: Is the index.android.bundle necessary for android build release?
A: When using ./gradlew assembleRelease this will already do it before finishing the build as stated in the log: Task :app:bundleReleaseJsAndAssets.
I've also confirmed that and that the bundle is not written to the official RN doc here.
To go deeper, index.android.bundle is only used if you want to install the app through android studio without having the metro bundler running.
I am using React Native and integrated library react-native-obfuscating-transformer to obfuscate my code. Now after decompiling my APK, I believe my whole js code is under assets/index.android.bundle.
Q: How can I debundle it and see my code whether obfuscation worked or not.
A: On older versions, 0.62 down, after installing apktool, unzip the APK file by running this command in the terminal like this:
After that, you will get the index.android.bundle file at pathOfApkFile/assets/index.android.bundle.
Then you can use react-native-decompiler to decompile the index.android.bundle file.
Note: The official repository has not been updated since 2021.
A forked repository was updated in 2024 GitHub - Lunascaped/react-native-decompiler: Decompile React Native Android/IOS Bundle.
Note: that you must have the key to reverse the obfuscation stored on your computer.
If you do not the the key, or you are attempting to Reverse Engineer someone else's app, then it is more difficult and not straight forward.
JS Code Decompile
React Native is already uglifying JS code.
And react-native-obfuscating-transformer also makes the code more complex by uglifying it.
It is something like a proprietary MD5 and SHA256 encryption, and there is no tool available right now to use machine learning or brute force to give us the estimated code.
If you want to verify whether react-native-obfuscating-transformer is implemented or not, then you can edit index.android.bundle, save the code, implement react-native-obfuscating-transformer, and edit and compare both files.
You can make more uglified code by adding a flag in build.gradle called bundleInRelease: true and adding Hermes, which turns the JS bundle into bytecode for efficiency.
REF
Note: There is no way to fully decompile index.android.bundle because this file contains uglified code, which has many possible reverses for one line.
Java Code Decompile
You can use DEX2JAR to convert the APK to Java code, and you can view that code using JD-GUI.
This however will only give you a readable output. Although you can recompile the Java code, you can't put it back into the index.android.bundle
For Android apps, there are a few different common formats. A pretty common way is apps coded in Java, where compiling is turning that source code into Java bytecode. After this, the Java code along with the resources it needs is converted into a Dalvik Executable (DEX) file. You can see this DEX format as the machine code, and another language called Smali is basically assembly: the human-readable version of machine code while staying pretty low level.
Reading Smali code is like reading raw assembly, but often this is not what the app was written in, so there is another process to actually decompile an APK into a JAR file. This tool for this is named dex2jar, and we will use it on the .apk file:
When we have a JAR file, the next step is to unpack and decompile that into .java source files. A simple tool that does this for all files in a JAR is procyon. Simply run it on the .jar file created earlier and specify an output directory:
Sometimes the decompiled Java code simply does not make any sense, or you see lots of references to "React". When this is the case, it could be that the application was not written in Java, but in a JavaScript framework like React Native. Luckily, there are also tools for decompiling the bundle this creates into semi-readable JavaScript code.
To check if you are dealing with React Native, check for a assets/index.android.bundle file in your unzipped APK. If that exists, you can use react-native-decompiler to decompile it into multiple JavaScript files.
Because this bundle is heavily packed, there is a lot of code that serves no use to us, and names are mostly lost. But the best bet is to simply take a quick glance at all the files to see if you recognize anything. Searching for strings is also very useful if you know some strings when you start the app in an emulator.
Tip: You might see a lot of require('./[number]') code, this simply means it imports a module from the file named [number].js.
C# with .NET
Another possibility is C# with .NET as the language the app was written in. You can detect this by finding an assemblies/ folder in the unzipped APK. This folder will contain many .dll files, but these files are compressed and not easily readable yet. To decompress the assemblies and allow other tools to work with them use xamarin-decompress:
$ xamarin-decompress.py app.zip/assemblies
This will turn .dll files into .decompressed.dll files in the same directory, which can be easily Reverse Engineered using tools like dnSpy. For more information on reversing from here on out see Reversing C# - .NET / Unity. It can decompile these files to almost perfect C# source code.
Jorian Woltjer is a Python coder who has written some useful tools to help identify the types of APK's and decompiles/RE's them using automated scripts. This is done from Windows and using apktools.
His Github is GitHub - JorianWoltjer/default: Do tedious things quickly, only asking the minimal arguments. Easily customizable with modules to make your own commands
In addition, I have archived and uploaded the tools to Sbenny in the event that Woltjer's tools are removed.
SBUpload - The next-gen File Hosting
The updated React Native Decompiler scripts have also been archived at Sbenny.
sbupload.com
2025
File index.android.bundle is a file used in React Native development. It contains the compiled and bundled JavaScript code for your app. This file is used when you want to install the application via Android Studio without running the metro bundler.
You can generate this bundle file using the following command in your terminal:
Code:
react-native bundle --platform android --dev false --entry-file index.js --bundle-output android/app/src/main/assets/index.android.bundle --assets-dest android/app/src/main/resIn general, it’s a good practice to add index.android.bundle to your .gitignore file. This is because the index.android.bundle file is generated and it can be different for each developer depending on their local setup.
Including it in the repository could lead to unnecessary merge conflicts. Instead, each developer should generate their own index.android.bundle file locally when needed.
These files are the output of the build process and can be quite large. Storing them in your repository is not only unnecessary but can also bloat your repository size and slow down cloning and pulling operations for other team members.
Here’s an example of how you might set up your .gitignore file for an Android project:
Code:
# built application files
*.apk
*.ap_
# files for the dex VM
*.dex
# Java class files
*.class
# generated files
bin/
gen/
# Local configuration file (sdk path, etc)
local.properties
# Windows thumbnail db
Thumbs.db
# OSX files
.DS_Store
# Android Studio
*.iml
.idea
.gradle
build/
captures/
.externalNativeBuild
# bundle file
/**/index.android.bundleThe index.android.bundle is a critical part of React Native development for Android. However, it should never be committed to your version control repository due to reasons, such as repository size, and version challenges like merge conflicts, becauseindex.android.bundle file can be different for each developer depending on their local setup.
Based on a StackOverflow post, it appears that the index.android.bundle file started to go missing from the APK after upgrading to React Native 0.681. The issue was due to a discrepancy in the Gradle version.
Reference:
React native - Make sure your bundle is packaged correctly or you're running a packager server release mode
Q: Is the index.android.bundle necessary for android build release?
A: When using ./gradlew assembleRelease this will already do it before finishing the build as stated in the log: Task :app:bundleReleaseJsAndAssets.
I've also confirmed that and that the bundle is not written to the official RN doc here.
To go deeper, index.android.bundle is only used if you want to install the app through android studio without having the metro bundler running.
I am using React Native and integrated library react-native-obfuscating-transformer to obfuscate my code. Now after decompiling my APK, I believe my whole js code is under assets/index.android.bundle.
Q: How can I debundle it and see my code whether obfuscation worked or not.
A: On older versions, 0.62 down, after installing apktool, unzip the APK file by running this command in the terminal like this:
Code:
apktool d /pathOfApkFile.apkThen you can use react-native-decompiler to decompile the index.android.bundle file.
Note: The official repository has not been updated since 2021.
A forked repository was updated in 2024 GitHub - Lunascaped/react-native-decompiler: Decompile React Native Android/IOS Bundle.
Note: that you must have the key to reverse the obfuscation stored on your computer.
If you do not the the key, or you are attempting to Reverse Engineer someone else's app, then it is more difficult and not straight forward.
JS Code Decompile
React Native is already uglifying JS code.
And react-native-obfuscating-transformer also makes the code more complex by uglifying it.
It is something like a proprietary MD5 and SHA256 encryption, and there is no tool available right now to use machine learning or brute force to give us the estimated code.
If you want to verify whether react-native-obfuscating-transformer is implemented or not, then you can edit index.android.bundle, save the code, implement react-native-obfuscating-transformer, and edit and compare both files.
You can make more uglified code by adding a flag in build.gradle called bundleInRelease: true and adding Hermes, which turns the JS bundle into bytecode for efficiency.
REF
Note: There is no way to fully decompile index.android.bundle because this file contains uglified code, which has many possible reverses for one line.
Java Code Decompile
You can use DEX2JAR to convert the APK to Java code, and you can view that code using JD-GUI.
This however will only give you a readable output. Although you can recompile the Java code, you can't put it back into the index.android.bundle
For Android apps, there are a few different common formats. A pretty common way is apps coded in Java, where compiling is turning that source code into Java bytecode. After this, the Java code along with the resources it needs is converted into a Dalvik Executable (DEX) file. You can see this DEX format as the machine code, and another language called Smali is basically assembly: the human-readable version of machine code while staying pretty low level.
Reading Smali code is like reading raw assembly, but often this is not what the app was written in, so there is another process to actually decompile an APK into a JAR file. This tool for this is named dex2jar, and we will use it on the .apk file:
Code:
$ d2j-dex2jar.sh -f app.apk -o app.jar # Extract JAR from APK
dex2jar app.apk -> app.jar
Code:
$ procyon app.jar -o app.java/ # Decompile JAR into .java filesTo check if you are dealing with React Native, check for a assets/index.android.bundle file in your unzipped APK. If that exists, you can use react-native-decompiler to decompile it into multiple JavaScript files.
Code:
$ npx react-native-decompiler -i app.zip/assets/index.android.bundle -o app.js/Tip: You might see a lot of require('./[number]') code, this simply means it imports a module from the file named [number].js.
C# with .NET
Another possibility is C# with .NET as the language the app was written in. You can detect this by finding an assemblies/ folder in the unzipped APK. This folder will contain many .dll files, but these files are compressed and not easily readable yet. To decompress the assemblies and allow other tools to work with them use xamarin-decompress:
$ xamarin-decompress.py app.zip/assemblies
This will turn .dll files into .decompressed.dll files in the same directory, which can be easily Reverse Engineered using tools like dnSpy. For more information on reversing from here on out see Reversing C# - .NET / Unity. It can decompile these files to almost perfect C# source code.
Jorian Woltjer is a Python coder who has written some useful tools to help identify the types of APK's and decompiles/RE's them using automated scripts. This is done from Windows and using apktools.
His Github is GitHub - JorianWoltjer/default: Do tedious things quickly, only asking the minimal arguments. Easily customizable with modules to make your own commands
In addition, I have archived and uploaded the tools to Sbenny in the event that Woltjer's tools are removed.
SBUpload - The next-gen File Hosting
The updated React Native Decompiler scripts have also been archived at Sbenny.
SBUpload - The next-gen File Hosting
Download now react-native-decompiler-master.zip (115.52 KB)
sbupload.com
2025
