MASTG-BEST-0007: Debuggable Flag Disabled in the AndroidManifest
Content in BETA
This content is in beta and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).
Ensure the debuggable flag in the AndroidManifest.xml is set to false for all release builds.
Note: Disabling debugging via the debuggable flag is an important first step but does not fully protect the app from advanced attacks. Skilled attackers can enable debugging through various means, such as binary patching (see Patching) to allow attachment of a debugger or the use of binary instrumentation tools like Frida for Android to achieve similar capabilities. For apps requiring a higher level of security, consider implementing anti-debugging techniques as an additional layer of defense. Refer to Debugger Detection Not Implemented for detailed guidance.
Tests¶
MASTG-TEST-0226: Debuggable Flag Enabled in the AndroidManifest