The attack surface of an Android application captures the set of ways in which attackers can penetrate and compromise the application. Determining the attack surface serves multiple purposes, including assessing the security of the application, identifying weak points, and prioritizing mitigation efforts. In practice, determining the attack surface of an application is still a manual effort, and can be time-consuming and error-prone. This paper introduces AndrAS, a tool for automatically extracting the attack surface of an Android app by using static analysis to identify the entry and exit points associated with five different Android artifact types. To illustrate a potential usage scenario, this study shows how an automated threat modeling technique can be driven by the obtained attack surface to generate a threat model for an Android application. The performance of AndrAS is evaluated on 390 popular apps, and its accuracy and effectiveness using two benchmarks and a real-world case study.