AndroidManifest.xml is a file that describes essential information about your app to the Android build tools, the Android operating system, and Google Play. It contains information such as the app's package name, components, permissions, features, and compatibility. Every app project must have an AndroidManifest.xml file at the root of the project source set.
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="<http://schemas.android.com/apk/res/android>" android:versionCode="1" android:versionName="1.0" android:compileSdkVersion="30" android:compileSdkVersionCodename="11" package="com.apphacking.privacy" platformBuildVersionCode="30" platformBuildVersionName="11">
<uses-sdk android:minSdkVersion="23" android:targetSdkVersion="30"/>
<uses-permission android:name="android.permission.READ_CONTACTS"/>
<uses-permission android:name="android.permission.INTERNET"/>
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
<permission android:label="Allows reading user infroatmion" android:name="com.apphacking.privacy.USER_INFO" android:protectionLevel="dangerous"/>
<queries>
<package android:name="com.mwr.example.sieve"/>
</queries>
<application android:theme="@style/Theme.Privacy" android:label="@string/app_name" android:icon="@mipmap/ic_launcher" android:debuggable="true" android:allowBackup="true" android:supportsRtl="true" android:extractNativeLibs="false" android:networkSecurityConfig="@xml/network_security_config" android:roundIcon="@mipmap/ic_launcher_round" android:appComponentFactory="androidx.core.app.CoreComponentFactory">
<provider android:name="com.apphacking.privacy.UserDatabase" android:enabled="true" android:exported="true" android:authorities="user">
<path-permission android:readPermission="com.apphacking.privacy.USER_INFO" android:path="/User"/>
</provider>
<receiver android:name="com.apphacking.privacy.WeatherNotification" android:enabled="true" android:exported="true"/>
<service android:name="com.apphacking.privacy.MyService" android:enabled="true" android:exported="true"/>
<activity android:name="com.apphacking.privacy.Profile"/>
<activity android:name="com.apphacking.privacy.MainActivity">
<intent-filter>
<action android:name="android.intent.action.MAIN"/>
<category android:name="android.intent.category.LAUNCHER"/>
</intent-filter>
</activity>
</application>
</manifest>
android:compileSdkVersion="30" and android:compileSdkVersionCodename="11" . The first one specified the API level which the app was developed with it. The second one is specified the android version which the app was developed for it.
Why android:compileSdkVersionCodename is important?
Because every security feature before android 11 is implemented here. For example in android version 7 we had a big change in trust relationship of certificates. In this version the device storage wasn’t a trustable source anymore by default.
This is an unique identifier for each app installed in android OS. This is important to know that you can’t install two APK with same package name. For example if you install a malware with com.whatsapp then you can’t install the original whatsapp app even if you install it by Google Play Store.
<aside> 💡 Android developers permit to choose they desire package name. Therefore Google Play Store check the package name to prevent duplicate package names.
</aside>
platformBuildVersionCode="30" and platformBuildVersionName="11" . This parameter specified that the developer test the application with android version 11 to work correctly.
This part specified if the user grant these permissions the application permit to use theme and doing or accessing some features or data.
Example:
<uses-permission android:name="android.permission.READ_CONTACTS"/>
This part is very important for reverse engineering and malware analysis.
<aside> 💡 This permissions must be defined in AndroidManifest.xml file before compiling and can’t be added in the feature.
</aside>
One of important permission is <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/> which grant the application to access /sdcard path. By default each application in android have an protected directory to store and working with it self files. It’s located on /data/data/<Package Name> . Protect mean the other application doesn’t access to this directory(Root or System users have). When the application use External Storage permissions it want access to /sdcard path which is user files storage. For example when the user download a file or taking a picture the files will store there.
<aside>
💡 /sdcard path didn’t relevant to SD card. Even when the device didn’t have any SD card, this path still exists based on the EMMC(Embedded Multimedia Card).
</aside>