Debuggable Release

Context

Implementation

Affects

Security

Problem

The attribute android:debuggable in the AndroidManifest.xml is set at development time to debug the app. But it is left in release time. This is a severe security issue.

Refactorings

Remove Debuggable Attribute

Resolves

Security

Affects

Solution

Remove the android:debuggable attribute or set it to false explicitly.

Links

• Security and Privacy in Android Apps
• What would happen if Android app is released with debuggable on?

Related

• Public data
• Tracking Hardware Id
• Unnecessary permission

by Martin Brylski 2013