Set Android app to debuggable after compiling

Question

This might be a complete "no-no," but I was wondering if it is at all possible to make an application debuggable after it has been signed and compiled into apk.

I'd like to be able to generate a random key on my server and then use this key to put an application I've published into a debuggable state.

//Build a hidden back door to request the randomly generated key on my server
//Input this key into an edittext box of some sort.
//Check this key against the server
//If key validates, put application in debuggable state.

I realize the potential security risks in doing this, but I was just wondering if it is at all possible.

Chris Stratton · Accepted Answer

It's fairly straightforward to generate a debuggable APK from a non-debuggable one if you are willing to re-sign and re-install, but you cannot do so to the already installed instance.

Anything in your actual code which behaves differently based on debuggable/non-debuggable status could also look at something else as Brent suggests, but that's of limited use as most of the debug functionality is built into Android, rather than part of the application code.

You may be able to provide flag-contingent alternatives to debug functionality though. For example, you can provide something to copy private files out to public storage. If you really wanted to, you could bake in a server that would provide a shell running as the application UID. But getting an actual JDWP debugger going may require extreme, android-build-dependent hackery as you'd likely have to provide your own version of a lot of system code.

At the simple end, having your program change its behavior by logging a lot of usually suppressed internal detail would be quite simple.

Do spend some time thinking about the security implications for your users.

Set Android app to debuggable after compiling

Answers (2)

Related Questions