Skip to content

Android Manifest File

Jump to bottom
Paradis Perdu edited this page Feb 27, 2019 · 2 revisions

This is one of the first files to check on a pentest. Things to review:

  • What components does the app contain (activities, services, broadcast receivers, content providers etc.)?

  • What permissions does the app need ?

  • What permissions does the application declare?

  • What version of Android does the app target?

  • What is the minimum version of Android the app can install on?

  • Is the app debuggable?

  • Can you take a backup of the application?

https://developer.android.com/guide/topics/manifest/manifest-intro

Viewing The AndroidManifest.xml File

Manual

  • Decompile the application
  • Load AndroidManifest.xml within a file editor

Drozer

run app.package.manifest com.app.name

Important AndroidManifest.xml Items

<uses-permission />

  • Requests a permission that the application must be granted in order for it to operate.
  • Before API 23 all permissions are granted at install time
  • After API 23 the user must approve permission requests at execution

<uses-permission android:name="string" />

Clone this wiki locally