Exploiting debuggable applications

Applications can be marked as debuggable to make functionality testing and error tracking a lot easier by allowing you to set breakpoints during app execution. To do this, view the VM stack and suspend and resume threads while the app is running on the device.

Unfortunately, some applications on the Google Play store are still flagged as debuggable. This may not always be the end of the world, but if the app hopes to protect any authentication data, passwords addresses, or any values stored in the applications memory, having it marked as debuggable means that attackers will be able to gain access to this data very easily.

This recipe discusses how to leak variable values from a debuggable application. Attackers ...

Get Android Security Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.