Debuggable Flag Detection Implemented

Debuggable Flag Detection Implemented

Risk: secure

Description

The application detected that the android:debuggable flag was enabled and responded by terminating or displaying a security warning.

This indicates the app performs a runtime check against the FLAG_DEBUGGABLE application flag, preventing debugger attachment and runtime manipulation on patched builds.

Recommendation

The implementation is secure, no recommendation apply.

Links

• OWASP MASTG - Testing whether the App is Debuggable (MASTG-TEST-0039)
• OWASP MASVS - MASVS-RESILIENCE-2

Standards

• OWASP_MASVS_RESILIENCE:
  • MSTG_RESILIENCE_2
• OWASP_MASVS_v2_1:
  • MASVS_RESILIENCE_2
• PCI_STANDARDS:
  • REQ_6_2
  • REQ_6_3
• SOC2_CONTROLS:
  • CC_7_1
  • CC_7_2
• HIPAA_CONTROLS:
  • SECURITY212
  • SECURITY213
• OWASP_MOBILE_TOP_10:
  • M8_2024