← All posts

Why I Built APKless

If you've ever needed to see what an Android app is doing over the network, you know the pain.

The Setup From Hell

Every time I wanted to inspect HTTPS traffic from an Android app, the process looked something like this:

  1. Find a device (or set up an emulator)
  2. Root it
  3. Install a custom CA certificate into the system store
  4. Set up mitmproxy or Charles Proxy on my laptop
  5. Configure the device to route traffic through the proxy
  6. Realize the app uses certificate pinning
  7. Set up Frida to bypass pinning
  8. Discover the app detects Frida and crashes
  9. Try a different bypass script
  10. Finally get it working... until the app updates

This whole process takes hours. And you have to redo it every time you switch devices, switch apps, or the app pushes an update that breaks your setup.

The Frustration

I'm a developer who frequently needs to understand how apps communicate with their backends. Whether it's debugging my own app's API calls, researching a competitor's API, or doing security audits — I need to see the actual HTTPS requests and responses.

But the toolchain is stuck in 2015. You still need physical hardware or a flaky emulator. You still need root. You still need to manually fight certificate pinning for every single app.

I've wasted entire afternoons just on setup, before I could even start the actual work I needed to do.

What If It Just Worked?

I kept thinking: what if I could just type one command and get a working Android phone with all HTTPS traffic visible? No root. No proxy config. No certificate games. No pinning bypass scripts.

So I built APKless.

You create a cloud phone, install any APK, open the app, and every HTTPS request appears in a web inspector — fully decrypted, with headers and body. The whole process takes about 2 minutes. You get full ADB access, and you can spin up as many phones as you need — there's no device limit.

APKless sandbox showing decrypted HTTPS traffic

Who Is This For?

  • App developers debugging their own API calls in production
  • Security researchers auditing app behavior
  • QA engineers verifying API contracts across unlimited parallel devices
  • Reverse engineers understanding undocumented APIs
  • Anyone who's ever thought "I just want to see what this app is sending"

What It Looks Like

The web sandbox gives you a screen mirror on the right and a full traffic inspector on the left:

APKless web sandbox

The dashboard lets you manage cloud phones across 17 regions. Spin up 1 phone or 100 — no limits:

APKless dashboard

Or use the CLI if you prefer the terminal:

APKless CLI

APKless CLI help

Try It

curl -fsSL https://raw.githubusercontent.com/apkless-com/apkless-cli/main/install.sh | sh
apkless create

No device needed. No setup. No limits. Just answers.

Feedback