What would happen if Android app is released with debuggable on?

android debugging

The golden rule is to set debuggable option to off prior to releasing your Android application to the public.

What would happen if I leave (forget to turn off) this option on? I mean, how would it manifest to a user?

I tested and saw no difference.


how would it manifest to a user?

A normal user won't notice the difference.

By the way:

Support for a true debug build. Developers no longer need to add the android:debuggable attribute to the tag in the manifest — the build tools add the attribute automatically. In Eclipse/ADT, all incremental builds are assumed to be debug builds, so the tools insert android:debuggable="true". When exporting a signed release build, the tools do not add the attribute. In Ant, a ant debug command automatically inserts the android:debuggable="true" attribute, while ant release does not. If android:debuggable="true" is manually set, then ant release will actually do a debug build, rather than a release build.


On a standard phone with USB debugging disabled, it will allow any application to debug the App. This will effectively allow any malicious application to gain full access to the App.

See https://labs.mwrinfosecurity.com/blog/2011/07/07/debuggable-apps-in-android-market/ for a detailed description of this problem.


It's possible that it could slow down their mobile device, especially if you have a lot of debug statements in your application. It's also possible that a malicious user could learn more about the inner-workings of your app then you'd like them to.

Regarding the golden rule, you're absolutely right. It's a good idea to turn that off, just to be safe.


It's also possible that a malicious user could learn more about the inner-workings of your app then you'd like them to.

One good practice is to link debugging mode specifically to your unique device id.


@askmo: you can use some tools in the SDK to check if an APK has the debug value. Check the following link:

http://lulachronicles.blogspot.com/2011/04/how-to-check-if-apk-has-flag.html

BR,

Ignacio

Related

Click the poster image the HTML5 video plays?
How can I detect a double tap on a certain cell in UITableView?
C# thread pool limiting threads
Does an Application Load Balancer support WebSockets?
Get Name of Current VBA Function
Using layouts in HAML files independently of Rails
Calculate FPS in Canvas using requestAnimationFrame
Adding click event for a button created dynamically using jQuery [duplicate]
How to generate random password with PHP?
Downloadable font on firefox: bad URI or cross-site access not allowed
How to remove duplicate entries from a mysql db?
How to update / upgrade from Angular 4 to Angular 5+