Manifest Explorer
Every android application has a policy file by the name AndroidManifest.xml policy file, which Manifest Explorer helps the user find and view.The file is of great interesting when analyzing system security because it defines the permissions the system and applications enforce and many of the particular protections being enforced.
Google has defined the following functions of a manifest file
It names the Java package for the application. The package name serves as a unique identifier for the application.
-
It describes the components of the application — the activities, services, broadcast receivers, and content providers that the application is composed of. It names the classes that implement each of the components and publishes their capabilities (for example, which Intent messages they can handle). These declarations let the Android system know what the components are and under what conditions they can be launched.
-
It determines which processes will host application components.
-
It declares which permissions the application must have in order to access protected parts of the API and interact with other applications.
-
It also declares the permissions that others are required to have in order to interact with the application’s components.
-
It lists the Instrumentation classes that provide profiling and other information as the application is running. These declarations are present in the manifest only while the application is being developed and tested; they’re removed before the application is published.
-
It declares the minimum level of the Android API that the application requires.
-
It lists the libraries that the application must be linked against.
Android packages are .apk file. For the test purpose you can download any android application and extract it and you will see the AndroidManifest.xml file which would be difficult to open. (See Figure1.0)
Below is the step by step methodology to open and review it.
1. Click and download the following tools
· apktool-install-windows-file
2. Unpack both to your Windows directory.
3. Now copy the APK file also in that directory and run the following command in your command prompt (See Figure 1.1):
apktool d app.apk ./app_decrypted
Here app.apk is your Android APK file
4. This will create a folder “app_decrypted” in your current directory. Inside it you can find the AndroidManifest.xml file in decrypted form and you can also find other XML files inside the “app_decrypted/res/layout” directory. (See Figure 1.2)
The manifest contains juicy information like permissions, intent filters, and lots more. A typical manifest file is shown below (See Figure 1.3):