In the course of a digital forensic or an incident response investigation concerning an Android device, a standard ADB backup is like a common denominator: it is a safe and standard method of acquiring device data without risks of making the device non-functional and invalidating obtained evidence due to the use of exploits.

The drawback of using ADB backup is that it contains a limited amount of information compared to a so-called ‘full file system image’ of a device. This becomes even worse as newer versions of applications stop saving their data into the backup. The method described in this article is useful for obtaining data from applications with new versions which do not send their data into the backup, while older ones did.

The Android APK downgrade method allows a user to downgrade applications on an Android device, meaning that an older version of an app is temporarily copied onto the device. This simple trick provides extraction of data from applications that have removed the possibility of backing up their data. Examples of such applications include Facebook Messenger, WhatsApp, Signal, Telegram, and others.

Once the acquisition process completes, it is important to restore the original version of an app on the device.

In this article, we will show this approach on the example of Belkasoft X, a digital forensic and incident investigation tool from Belkasoft. Belkasoft X supports downgrading and obtaining data from a few dozen of the world's most popular Android applications.

WARNING: While APK downgrade is a relatively safe method and is unlikely to brick your device, under certain circumstances it may affect the state of your device, which could result in the loss of some data, app icons, login state, and the original APK file. It is crucial to attempt other acquisition methods before proceeding with this one.

How to use APK downgrade method in Belkasoft X

1. Run Belkasoft X and choose to acquire an Android data source

Please see Belkasoft tutorials to learn how to add a data source to your case.

2. Select ‘APK Downgrade’ acquisition method:

Figure 1: Selecting APK Downgrade acquisition type

3. Connect the Android device to the computer via USB:

Figure 2: Connected Android device

Requirements for this method are the same as for starting the standard ADB backup:

  • The device must be powered on
  • The device must be unlocked
  • The developer mode should be enabled
  • The USB Debugging mode should be enabled

No rooting is required.

4. Select one or more applications to acquire, using check boxes

Figure 3: Selecting applications to acquire

Only apps installed on a particular device and supported by this method are shown.

Once you start the acquisition process, Belkasoft X will do the following:

  • Back up the current versions of the applications
  • Install the old versions of the applications. The user data is preserved
  • Reboot the device (it is required for Android 6.0 or newer)
  • Make an ADB backup
  • Restore the original app versions

If anything goes wrong, the next APK downgrade (or Advanced ADB) attempt will fix the problem by recovering original app versions, safely stored in a temporary location. If subsequent attempt does not work either, you can manually recover original versions from /data/local/tmp folder on the device.

5. Review the acquired data in Belkasoft X:

Figure 4: Extracted data is analyzed and shown under Artifacts window of Belkasoft X


Android APK downgrade method is an effective and safe enough way to get data from various applications even if their current versions do not allow data to get included in an ADB backup. Belkasoft X helps an investigator to automate this process without employing manual routine. The product will robustly handle numerous potential problem situations and rollback original versions of apps upon the acquisition is completed.

Did you like the article?

See also