
ANDROID PENTESTING SERIES PART 5 : AndroidManifest file
Every APK file contains an AndroidMenifest.xml file. The manifest contains key information elements about the application, Some of them are :
- Application’s package name.
- All the application’s components, such as activities, resources.
- What permissions this application requires to run, and the permissions required to access this application’s information by other apps.
- Compatibility features (eg: minimum android version and supported devices).
Full list can be obtained from here : https://developer.android.com/guide/topics/manifest/manifest-intro
Below are some common attributes that can identify in AndroidManifest file.
- manifest : Contains android installation mode, package name, build versions.
- Permissions : Custom permission and protection level.
- uses-permission : requests a permission that must be granted in order for it to operate.
- uses-feature : Declare a single hardware or software feature that is used by the application.
- application : The declaration of the application. Will contains all the activity.
- activity : Declares an activity that implements part of the application visual user interface.
- intent-filter : Specifies the types of intents that an activity, service or broadcast receiver can respond to.
- service : Declare a service as one of the application components.
- Receiver : Broadcast receiver enable applications to receive intents that are broadcast by the system ir by the applications, even when other components of the application are not running.
- provider : Declares a content provider component. A content provider is a subclass of ContentProvider that supplies structured access to data managed by the application.