Suspicious .apk (or .ipa for iOS) application files can be examined by sandbox services online for easy automated analysis. Files should be exported from the smartphone dump to a well-marked folder. Once exported, these files can be submitted to one or more online sandbox sites for static and/or dynamic analysis. File hashes can also be submitted, and results are returned if an identical application has been analyzed previously. Numerous free sites exist for inspecting .apk files to determine what their functions are, such as:

VirusTotal:       https://www.virustotal.com/gui/

JoeSandbox       https://www.joesandbox.com

These websites provide detailed information about submitted files that help you to determine if an .apk file is malicious and what that file is designed to do. A list of available automated application testing resources is also maintained by FOR610 Reverse-Engineering Malware course developer, Lenny Zeltser.

https://zeltser.com/automated-malware-analysis/

In addition to free tools, there are a number of paid resources that will provide a very detailed report of mobile applications available for iOS and Android devices. NowSecure, a mobile device security research firm, has a very comprehensive tool for identifying security risks in both Android and iOS applications. The company sponsors and maintains the open-source software (OSS) toolkit, FRIDA, developed by NowSecure Security Researcher Ole André Vadla Ravnås, which is used by developers, reverse engineers, and security researchers worldwide.