-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathDebuggableAttributeEnabled.qhelp
More file actions
39 lines (28 loc) · 1.06 KB
/
DebuggableAttributeEnabled.qhelp
File metadata and controls
39 lines (28 loc) · 1.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>When a debugger is enabled it could allow for entry points in the application or reveal sensitive information.</p>
</overview>
<recommendation>
<p>In Android applications either set the <code>android:debuggable</code> attribute to <code>false</code>
or do not include it in the manifest. The default value when not included is <code>false</code>.</p>
</recommendation>
<example>
<p>In the example below, the <code>android:debuggable</code> attribute is set to <code>true</code>.</p>
<sample src="DebuggableTrue.xml" />
<p>The corrected version sets the <code>android:debuggable</code> attribute to <code>false</code>.</p>
<sample src="DebuggableFalse.xml" />
</example>
<references>
<li>
Android Developers:
<a href="https://developer.android.com/guide/topics/manifest/application-element#debug">The android:debuggable attribute</a>.
</li>
<li>
Android Developers:
<a href="https://developer.android.com/studio/debug#enable-debug">Enable debugging</a>.
</li>
</references>
</qhelp>