| Start Event: APK received | |
| Task: Verify APK integrity | |
| Task: Extract manifest and bytecode using Androguard | |
| Task: Disassemble APK with Apktool | |
| Task: Analyze manifest | |
| Task: Check exported activities | |
| Task: Check exported services | |
| Task: Extract declared permissions | |
| Task: Check sensitive configurations (debuggable, allowBackup, cleartextTrafficPermitted) | |
| Task: Evaluate risks based on findings | |
| Decision: Are there critical issues? | |
| Yes -> Task: Flag APK as high risk | |
| No -> Task: Mark APK as safe | |
| Task: Store analysis results in SQLite database | |
| End Event: Analysis complete | |