What would happen if Android app is released with debuggable on?

The golden rule is to set debuggable option to off prior to releasing your Android application to the public.

What would happen if I leave (forget to turn off) this option on? I mean, how would it manifest to a user?

I tested and saw no difference.


how would it manifest to a user?

A normal user won't notice the difference.

By the way:

Support for a true debug build. Developers no longer need to add the android:debuggable attribute to the tag in the manifest — the build tools add the attribute automatically. In Eclipse/ADT, all incremental builds are assumed to be debug builds, so the tools insert android:debuggable="true". When exporting a signed release build, the tools do not add the attribute. In Ant, a ant debug command automatically inserts the android:debuggable="true" attribute, while ant release does not. If android:debuggable="true" is manually set, then ant release will actually do a debug build, rather than a release build.


On a standard phone with USB debugging disabled, it will allow any application to debug the App. This will effectively allow any malicious application to gain full access to the App.

See https://labs.mwrinfosecurity.com/blog/2011/07/07/debuggable-apps-in-android-market/ for a detailed description of this problem.


It's possible that it could slow down their mobile device, especially if you have a lot of debug statements in your application. It's also possible that a malicious user could learn more about the inner-workings of your app then you'd like them to.

Regarding the golden rule, you're absolutely right. It's a good idea to turn that off, just to be safe.


It's also possible that a malicious user could learn more about the inner-workings of your app then you'd like them to.

One good practice is to link debugging mode specifically to your unique device id.


@askmo: you can use some tools in the SDK to check if an APK has the debug value. Check the following link:

http://lulachronicles.blogspot.com/2011/04/how-to-check-if-apk-has-flag.html

BR,

Ignacio