
ANDROID PENTESTING SERIES PART 5 : AndroidManifest file
Every APK file contains an AndroidMenifest.xml file. The manifest contains key information elements about the application, Some of them are :
- Application’s package name.
- All the application’s components, such as activities, resources.
- What permissions this application requires to run, and the permissions required to access this application’s information by other apps.
- Compatibility features (eg: minimum android version and supported devices).
Full list can be obtained from here : https://developer.android.com/guide/topics/manifest/manifest-intro
Below are some common attributes that can identify in AndroidManifest file.
- manifest : Contains android installation mode, package name, build versions.
- Permissions : Custom permission and protection level.
- uses-permission : requests a permission that must be granted in order for it to operate.
- permission-group : Does the same as above for a set of components.
- permission-tree : Refers one specific name of the component which is the owner or parent of the set of component.
- instrumentation : Enables to know interaction between android system and application.
- supports-screen, compatible-screens : Both these deals with screen configuration mode and size of the screen etc.
- supports-gl-texture : Specifies texture based on which the application is filtered.
- uses-feature : Specifies single hardware or software requirement and their related entity.
- application : The declaration of the application. Will contains all the activity.
- activity : Declares an activity that implements part of the application visual user interface.
- intent-filter : Specifies the types of intents that an activity, service or broadcast receiver can respond to.
- service : Declare a service as one of the application components.
- Receiver : Broadcast receiver enable applications to receive intents that are broadcasted by the system or by the applications, even when other components of the application are not running.
- provider : Declares a content provider component. A content provider is a subclass of
ContentProvider
that supplies structured access to data managed by the application. It basically provides some structure to access application data. - Activity-Alias : Specifies target activities.
- uses-library : It specifies set of library files need to run to application.