In the application manifest element of an android application, setting debuggable property to true could
introduce a security risk.
It's more easy to perform reverse engineering and inject arbitrary code in the context of a debuggable application.
debuggable property is set to true debuggable property is set to true
You are at risk if you answered yes to any of those questions.
It is not recommended to release debuggable application. Avoid hardcoding the debug mode in the manifest because the build tool will add the property automatically and assign the correct value depending on the build type.
In AndroidManifest.xml the android debuggable property is set to true:
<application android:icon="@mipmap/ic_launcher" android:label="@string/app_name" android:roundIcon="@mipmap/ic_launcher_round" android:supportsRtl="true" android:debuggable="true" android:theme="@style/AppTheme"> </application> <!-- Sensitive -->
In AndroidManifest.xml the android debuggable property is set to false:
<application android:icon="@mipmap/ic_launcher" android:label="@string/app_name" android:roundIcon="@mipmap/ic_launcher_round" android:supportsRtl="true" android:debuggable="false" android:theme="@style/AppTheme"> </application> <!-- Compliant -->