AndroidManifest.xml file

The AndroidManifest.xml file is a critical configuration file in an Android application. It's located in the root directory of the app's source code and contains essential information about the app's structure, components, permissions, and metadata. This file is required for every Android app, and it serves as a blueprint that the Android operating system uses to understand and manage the app.

<?xml version="1.0" encoding="utf-8" standalone="no"?><manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.mwr.example.sieve">
    <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
    <uses-permission android:name="android.permission.INTERNET"/>
    
    <permission android:label="Allows reading of the Key in Sieve" android:name="com.mwr.example.sieve.READ_KEYS" android:protectionLevel="dangerous"/>
    <permission android:label="Allows editing of the Key in Sieve" android:name="com.mwr.example.sieve.WRITE_KEYS" android:protectionLevel="dangerous"/>
    <application android:allowBackup="true" android:debuggable="true" android:icon="@drawable/ic_launcher" android:label="@string/app_name" android:theme="@style/AppTheme">

        <activity android:clearTaskOnLaunch="true" android:excludeFromRecents="true" android:exported="true" android:finishOnTaskLaunch="true" android:label="@string/title_activity_file_select" android:name=".FileSelectActivity"/>

        <activity android:excludeFromRecents="true" android:label="@string/app_name" android:launchMode="singleTask" android:name=".MainLoginActivity" android:windowSoftInputMode="adjustResize|stateVisible">
            <intent-filter>
                <action android:name="android.intent.action.MAIN"/>
                <category android:name="android.intent.category.LAUNCHER"/>
            </intent-filter>
        </activity>

        <activity android:clearTaskOnLaunch="true" android:excludeFromRecents="true" android:exported="true" android:finishOnTaskLaunch="true" android:label="@string/title_activity_pwlist" android:name=".PWList"/>

        <activity android:clearTaskOnLaunch="true" android:excludeFromRecents="true" android:finishOnTaskLaunch="true" android:label="@string/title_activity_settings" android:name=".SettingsActivity"/>
        <activity android:clearTaskOnLaunch="true" android:excludeFromRecents="true" android:finishOnTaskLaunch="true" android:label="@string/title_activity_add_entry" android:name=".AddEntryActivity"/>
        <activity android:clearTaskOnLaunch="true" android:excludeFromRecents="true" android:finishOnTaskLaunch="true" android:label="@string/title_activity_short_login" android:name=".ShortLoginActivity"/>
        <activity android:clearTaskOnLaunch="true" android:excludeFromRecents="true" android:finishOnTaskLaunch="true" android:label="@string/title_activity_welcome" android:name=".WelcomeActivity"/>
        <activity android:clearTaskOnLaunch="true" android:excludeFromRecents="true" android:finishOnTaskLaunch="true" android:label="@string/title_activity_pin" android:name=".PINActivity"/>
        <service android:exported="true" android:name=".AuthService" android:process=":remote"/>
        <service android:exported="true" android:name=".CryptoService" android:process=":remote"/>
        <provider android:authorities="com.mwr.example.sieve.DBContentProvider" android:exported="true" android:multiprocess="true" android:name=".DBContentProvider">
            <path-permission android:path="/Keys" android:readPermission="com.mwr.example.sieve.READ_KEYS" android:writePermission="com.mwr.example.sieve.WRITE_KEYS"/>
        </provider>
        <provider android:authorities="com.mwr.example.sieve.FileBackupProvider" android:exported="true" android:multiprocess="true" android:name=".FileBackupProvider"/>
    </application>
</manifest>

📌 Let's discuss the file one by one

1. The package attribute in the Android manifest file specifies the unique identifier for the Android application. The package name is used to uniquely identify the app on the device and in the Google Play Store which is here “com.mwr.example.sieve”.

   <manifest xmlns:android="http://schemas.android.com/apk/res/android" android:versionCode="1" 
   android:versionName="1.0" package="com.mwr.example.sieve">

   • As part of mobile pentesting, this package identifier helps us target a specific application on the device (e.g., addressing this application in our scripts, tools, or even within the ADB shell).

2. These lines declare permissions required by the app. The app requests permission to read and write external storage and access the internet. For pentesting, you’d want to review these permissions to ensure they are necessary and not overly permissive.

   <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
   <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
   <uses-permission android:name="android.permission.INTERNET"/>

3. These lines define custom permissions for the app. These custom permissions are related to reading and writing keys and are marked with a protection level of “dangerous.” As part of mobile pentesting, you should evaluate how these custom permissions are used in the app and if they are correctly protected and justified, custom permissions are related to the context of the app.

   <permission android:label="Allows reading of the Key in Sieve" android:name="com.mwr.example.sieve.READ_KEYS" android:protectionLevel="dangerous"/>
   <permission android:label="Allows editing of the Key in Sieve" android:name="com.mwr.example.sieve.WRITE_KEYS" android:protectionLevel="dangerous"/>

<uses-sdk android:minSdkVersion="8" android:targetSdkVersion="17"/>

• android:minSdkVersion: This attribute specifies the minimum Android version (API level) that your app can run on. In this case, it's API level 8 (Android 2.2 Froyo), meaning the app will only run on devices with Android 2.2 or higher.

• android:targetSdkVersion: This attribute specifies the target Android version for which your app is designed. Here, it’s API level 17 (Android 4.2 Jelly Bean). This doesn't prevent the app from running on newer versions; it simply indicates that the app has been tested and optimized for this version.

Interestingly, if the targetSDK version is <= 17, the app may be vulnerable to RCE via CVE-2012–6636.

1. Activity elements are the lines that define the various activities (screens) within the Android app. They contain information about the app’s user interfaces and their configurations.

<activity android:clearTaskOnLaunch="true" android:excludeFromRecents="true" android:finishOnTaskLaunch="true" android:label="@string/title_activity_settings" android:name=".SettingsActivity"/>

1. We have the services that the app needs to run properly, services are related to the context of the app.

<service android:exported="true" android:name=".AuthService" android:process=":remote"/>

1. We have content providers that manage data sharing with other apps.

<provider android:authorities="com.mwr.example.sieve.FileBackupProvider" android:exported="true" android:multiprocess="true" android:name=".FileBackupProvider"/>

• Each provider has attributes like android:authorities (unique identifier) and android:multiprocess (allows multiple processes to access it).

• <path-permission> specifies permissions required for accessing specific paths provided by the content provider.

---