ANDROID PENTESTING SERIES PART 5 : AndroidManifest file

Every APK file contains an AndroidMenifest.xml file. The manifest contains key information elements about the application, Some of them are :

  • Application’s package name.
  • All the application’s components, such as activities, resources.
  • What permissions this application requires to run, and the permissions required to access this application’s information by other apps.
  • Compatibility features (eg: minimum android version and supported devices).

Full list can be obtained from here : https://developer.android.com/guide/topics/manifest/manifest-intro

Below are some common attributes that can identify in AndroidManifest file.

  • manifest : Contains android installation mode, package name, build versions.
  • Permissions : Custom permission and protection level.
  • uses-permission : requests a permission that must be granted in order for it to operate.
  • permission-group : Does the same as above for a set of components.
  • permission-tree : Refers one specific name of the component which is the owner or parent of the set of component.
  • instrumentation : Enables to know interaction between android system and application.
  • supports-screen, compatible-screens : Both these deals with screen configuration mode and size of the screen etc.
  • supports-gl-texture : Specifies texture based on which the application is filtered.
  • uses-feature : Specifies single hardware or software requirement and their related entity.
  • application : The declaration of the application. Will contains all the activity.
    • activity : Declares an activity that implements part of the application visual user interface.
    • intent-filter : Specifies the types of intents that an activity, service or broadcast receiver can respond to.
    • service : Declare a service as one of the application components.
    • Receiver : Broadcast receiver enable applications to receive intents that are broadcasted by the system or by the applications, even when other components of the application are not running.
    • provider : Declares a content provider component. A content provider is a subclass of ContentProvider that supplies structured access to data managed by the application. It basically provides some structure to access application data.
    • Activity-Alias : Specifies target activities.
    • uses-library : It specifies set of library files need to run to application.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.