During a mobile security assessment you have physical access to a non-rooted Android 12 device with USB debugging enabled. You attempt to list an application's private database by issuing the command adb shell run-as com.acme.bank ls /data/data/com.acme.bank/databases, but the tool responds with "run-as: package not debuggable". Which AndroidManifest.xml attribute must be set so that the run-as command will succeed and drop you into the application's sandbox?
The manifest must enable android:usesCleartextTraffic="true"
The application's tag must include android:debuggable="true"
At least one exported component must declare android:exported="true"
The application must have android:allowBackup="true" defined
The adb run-as command only works when the target application is flagged as debuggable. The attribute android:debuggable="true" in the <application> tag tells the operating system to allow the app's UID to be entered by the run-as utility, giving an assessor shell access to the app's private /data/data/<package>/ directory. Other attributes such as allowBackup, exported, or usesCleartextTraffic influence backup behavior, component exposure, or network security policies, but none of them permit run-as to switch the process UID. Without the debuggable flag present (or when it is set to false), a non-rooted tester cannot leverage run-as to view or pull the internal database.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of the android:debuggable attribute?
Open an interactive chat with Bash
Why can’t the run-as command access non-debuggable apps?
Open an interactive chat with Bash
How is USB Debugging related to adb commands like run-as?
Open an interactive chat with Bash
What is adb and how does it work on Android devices?
Open an interactive chat with Bash
What is the android:debuggable attribute and why is it important?
Open an interactive chat with Bash
What does the command `adb shell run-as` do, and what are its limitations?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Mobile Platform, IoT, and OT Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .