Free Case Study · APK Reverse Engineering

CamScanner APK Analysis

How we decompiled CamScanner (com.intsig.camscanner) to map architecture, detect ad networks and SDKs, and extract API endpoints — the same depth you get for any Google Play competitor via AppXray.

Version7.16.5 (71651)

Size306 MB XAPK, 27 splits

ArchitectureNative + Flutter (FlutterBoost)

DEX files12 (85.5 MB bytecode)

Download Full PDF Analyze Your Competitor — $29

Key findings at a glance

6 ad networks running together — AdMob, Pangle, Facebook AN, PubMatic, Vungle, Google Ad Manager — with header bidding + waterfall hybrid mediation.
Facebook Audience Network loaded as a separate 5 MB DEX from assets at runtime (cold-start optimization).
6 staging/sandbox API endpoints hardcoded in the production build — security oversight.
Hybrid Flutter + native via Alibaba FlutterBoost; AI chat and doc features in Flutter, core scanning native.
Server-controlled ad config via cs8.intsig.net/ad and remote ScannerRewardRatio.xml.
369 Activities, 26 Services, 34 third-party SDKs detected.

Architecture overview

CamScanner is a large-scale hybrid Android app: CameraX and ML Kit OCR on native layers; newer AI chat and document UI in Flutter. Multi-DEX (12 files), ProGuard enabled, 27 language/ABI split APKs.

Module	Technology
Document scanning	Native — CameraX, ML Kit OCR, Room DB
AI chat & doc AI	Flutter + `ai-us.camscanner.com`
Cloud sync	`cs8.intsig.net/sync`, WorkManager
Auth	Google, Facebook, Microsoft, Dropbox, VK, WeChat, China Mobile
Monetization	Play Billing + 6 ad networks

Ad networks & monetization (SDK detection)

This is what detect AdMob in APK and android monetization analysis look like in practice — full ad format matrix and mediation strategy documented in the report.

Network	Role
Google AdMob	Primary SDK; banner, interstitial, rewarded, native, app open
Pangle (ByteDance)	High fill in Asian traffic; 14 Activity classes
Facebook Audience Network	Runtime-loaded `audience_network.dex` (5 MB)
PubMatic OpenBid	Header bidding via OpenRTB 2.5
Vungle	Video; mediation adapter present
Google Ad Manager	DoubleClick / premium inventory

Mediation: AdMob waterfall + PubMatic parallel bidding. Remote ad ratio config fetched from Intsig servers — placements can change without an app update.

API endpoints extracted from APK

Example of extract API endpoints from an Android app — first-party gateway, regional split (US vs China), and third-party ad URLs.

Endpoint	Purpose
`api-center.intsig.net/apis`	Central API gateway (international)
`api-cs.intsig.net/user/cs`	User auth & account
`cs8.intsig.net/ad`	Server-side ad configuration
`ai-us.camscanner.com/aichat`	AI chat (US)
`api-algo.camscanner.com`	OCR / image algorithms
`api-cs-sandbox.intsig.net`	Staging (exposed in production)

Full report lists 18+ endpoints plus 6 sandbox URLs and third-party ad/analytics domains.

SDK list (sample)

34 third-party SDKs categorized in the full report — ads, analytics, auth, cloud, UI. Highlights:

Firebase (Analytics, Crashlytics, Messaging)
Google Play Billing
Adjust / AppsFlyer-class attribution patterns
FlutterBoost, PAG animations
Google UMP (consent)
Microsoft MSAL, Dropbox, Evernote SDKs

Same depth for your competitor

Get a CamScanner-level report for any app

Send a Google Play link. Full APK decompilation, SDK detection, ad analysis, and API extraction — PDF + Markdown in 2 hours. From $29 per app.

Order AppXray Report ← Back to AppXray