Is it possible to debug a signed release of one's application on a commercial Android device that cannot be modified? One which does not have with debuggable = "true".
Yes it is possible. However, the application must have android:debuggable="true" in its manifest file.
Here is a similar question that gives you more detail.
If you can connect to the device with the debugger, than once the application is running it doesn't matter if it was from a signed apk, you can try to attach the debugger to the application process.
Related
I have an application that I built in Android Studio. It used to run just fine and has been released to the store in the past, but for some reason the Release APK won't run when installed. The debug runs fine run via phone or emulator. The debug and release builds both use the same keystore file.
Release mode, the APK crashes immediately on open. I suspect it is a keystore issue, but can't be positive??? Does debug bypass using my keystore even though I have it set?
Anything else that I could possibly try?
NOTE: I have another flavor that uses a different keystore and that one works fine.
As requested here as answer :)
Connect the phone to the pc via USB, have android studio open, go to Android Monitor, select your device and look at logcat. I am pretty sure, the exception is there, just waiting for someone to read it. Android Studio logcat logs even store apk's. so publish the release to your phone and just connect it
Thank you, #Adam
Have you used proguard?
If yes I am dam sure its your proguard issue. I would suggest you please read proguard guideline before using it.
It's not proguard. I spent almost two months with this issue of debug build working while release build doesn't work and messed with the proguard files countless times. The problem was instant run. After removing all references to instant run, it finally worked.
You may be able to get additional information by enabling the debugger during release mode. Take a look at this SO thread: Enable LogCat on Release Build in Android Studio. That way you'll be able to see a traceback of the error that's being thrown.
In my case, while opening the release APK the app was crashing. The best way is to see the logcat for knowing the cause of Error. If you have not written any Proguard rules then just goto your build.gradle and change your "minifyEnabled false". This is because ProGuard is obfuscating your APK to make it harder for hackers to reverse-engineering your APK. If you think obfuscation is not needed, change this in your Gradle configuration.just look here.
What are some notable differences that a developer should take note?
The first one is debuggable and the second one isn't.
That means that the first one will output all your Log.d's and the production version won't.
Also, by default, debug versions are compiled without ProGuard while production builds are compiled using the default ProGuard rules
you may take a look at those posts
Android Studio: Build type release /debug - what relevance does this have?
also the officiel documentation is clear and hepful
http://developer.android.com/tools/publishing/app-signing.html
hint
debug when you are working on the project
release when you are about to publish the app
good luck !
One of the most important differences is that debug version of app is not prguarded so it can be reverse engineered. The reason why it's not proguarded is because you can track your logcat outputs easily without need to check mapping files.
In debug mode, you sign your app with a debug certificate generated by the Android SDK tools. This certificate has a private key with a known password, so you can run and debug your app without typing the password every time you make a change to your project.
So I know to debug an app you must build a debug version and set debug-able to true. what if I want to debug another developer app is that possible?
You can debug .apk without actual source code using apktool.
You can find tutorial here.
You cannot DEBUG with the APK only. You must have the source code to build debug. (You may try decompile it, for research reason only)
After downloading my app from the Play Store I tried to run it from Android Studio
but got this error..
Is there a simple way to keep both apps?
What is the problem
There is conflict between your production APK and your debug APK.
The debug APK (installed by Android Studio) is signed using the debug.keystore (keystore).
The production APK is signed using one you created, with a passphrase only known by you.
So the device refuses to replace an application by another one claiming to be the same (same packageName) but that has a different signature (eg: has not been signed using your passphrase, so potentially not by you -- the author).
How to solve it
You now have two choices:
You want to have both applications side by side, then use another packageName for debug. This is easily done using Gradle:
android {
// ...
buildTypes {
debug {
applicationIdSuffix '.debug'
// ...
}
release {
// applicationIdSuffix
// ...
}
}
}
You want to keep only one application at a time: you just need to remove the old application to install the new one (with another signature).
just change the package name of application until you finish your editing
Reason why you are getting this error
Anytime you try to install an application with the same package name of any application installed in your device, you get this error.
Solution
Try to modify your package name of application in your current Android Studio
Another option is to modify android studio to sign your apk with the release keystore in debug as well, although thats generally not recommended.
That way when you install either apk you will keep your data.
Only problem is that both apks must be at the same versions to be interchangeable (you will not be able to install a lower version apk, at least not easily).
The golden rule is to set debuggable option to off prior to releasing your Android application to the public.
What would happen if I leave (forget to turn off) this option on? I mean, how would it manifest to a user?
I tested and saw no difference.
how would it manifest to a user?
A normal user won't notice the difference.
By the way:
Support for a true debug build. Developers no longer need to add the android:debuggable attribute to the tag in the manifest — the build tools add the attribute automatically. In Eclipse/ADT, all incremental builds are assumed to be debug builds, so the tools insert android:debuggable="true". When exporting a signed release build, the tools do not add the attribute. In Ant, a ant debug command automatically inserts the android:debuggable="true" attribute, while ant release does not. If android:debuggable="true" is manually set, then ant release will actually do a debug build, rather than a release build.
On a standard phone with USB debugging disabled, it will allow any application to debug the App. This will effectively allow any malicious application to gain full access to the App.
See https://labs.mwrinfosecurity.com/blog/2011/07/07/debuggable-apps-in-android-market/ for a detailed description of this problem.
It's possible that it could slow down their mobile device, especially if you have a lot of debug statements in your application. It's also possible that a malicious user could learn more about the inner-workings of your app then you'd like them to.
Regarding the golden rule, you're absolutely right. It's a good idea to turn that off, just to be safe.
It's also possible that a malicious user could learn more about the inner-workings of your app then you'd like them to.
One good practice is to link debugging mode specifically to your unique device id.
#askmo: you can use some tools in the SDK to check if an APK has the debug value. Check the following link:
http://lulachronicles.blogspot.com/2011/04/how-to-check-if-apk-has-flag.html
BR,
Ignacio