Issue warnings for debuggable apks

diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index a7c71ac067fd4ad363516073063312821fa08817..d10d304cd1613d416fab9d481cd69ae06bbe93d1 100644 (file)
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -2180,3 +2180,19 @@ class KnownApks:
         lst.reverse()
         return lst
 
+def isApkDebuggable(apkfile):
+    """Returns True if the given apk file is debuggable"""
+
+    p = subprocess.Popen([os.path.join(sdk_path, 'platform-tools', 'aapt'),
+                 'dump', 'xmltree', apkfile, 'AndroidManifest.xml'],
+                stdout=subprocess.PIPE)
+    output = p.communicate()[0]
+    if p.returncode != 0:
+        print "ERROR: Failed to get apk manifest information"
+        sys.exit(1)
+    for line in output.splitlines():
+        if line.find('android:debuggable') != -1 and not line.endswith('0x0'):
+            return True
+    return False
+
+

diff --git a/fdroidserver/update.py b/fdroidserver/update.py
index bc2d9ac2bed1f06dc12dbbf9aba6536d71832b46..28619168fbfa38da47210ee173edd84a6b6f75d7 100644 (file)
--- a/fdroidserver/update.py
+++ b/fdroidserver/update.py
@@ -329,6 +329,10 @@ def main():
                 print "  WARNING: no SDK version information found"
                 thisinfo['sdkversion'] = 0
 
+            # Check for debuggable apks...
+            if common.isApkDebuggable(apkfile):
+                print "WARNING: {0} is debuggable... {1}".format(apkfile, line)
+
             # Calculate the md5 and sha256...
             m = hashlib.md5()
             sha = hashlib.sha256()