If you have an apk, there are several tools for reverse engineering it.
A first options is apktool, which transforms the apk in a directory structure. The resources are there, so one can examine them, and also change some and recompile. The .class files are substituted by smali files (see project smali), which are human-readable and understandable, even though is not the original java code.
The second option is more conventional, and goes back all the way to the java code (which however might have been obfuscated). It’s based on two tools:
- dex2jar, which converts Android’s Dalvik executables into a Java jar files.
- JD-GUI, which decompiles jar files into java source files (any jar, not just android stuff).
Ken Kinder describes the step by step the two options in an interesting post (His link to JD-GUI seems broken, the one provided above works fine).
A third possibility is to use the Dexter is an on-line static android application analysis tool. You need to create an account, then you create a project, upload the apk, and it will give you interesting statistics and class diagrams.