High Debug mode enabled

Description

The application is compiled with debug mode allowing attackers to attach a debugger to access sensitive data or perform malicious actions.Attacker can debug the application without access to source code and leverage it to perform malicious actions on behalf ot the user, modify the application behavior or access sensitive data like credentials and session cookies.

Recommendation

Disable debug mode by setting the attribute android:debuggeable to false in the application tag.


    <application android:icon="@drawable/icon" android:debuggable="false">

Technical details
<?xml version="1.0" ?>
<manifest android:compileSdkVersion="28" android:compileSdkVersionCodename="9" android:versionCode="67" android:versionName="1.7.0.1" package="dev.jci.mwp.qa" platformBuildVersionCode="67" platformBuildVersionName="1.7.0.1" xmlns:android="http://schemas.android.com/apk/res/android">
	

	<uses-sdk android:minSdkVersion="23" android:targetSdkVersion="28">
</uses-sdk>
	

	<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION">
</uses-permission>
	

	<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION">
</uses-permission>
	

	<uses-permission android:name="android.permission.GET_ACCOUNTS">
</uses-permission>
	

	<uses-permission android:name="android.permission.READ_PROFILE">
</uses-permission>
	

	<uses-permission android:name="android.permission.READ_CONTACTS">
</uses-permission>
	

	<uses-permission android:name="android.permission.READ_PHONE_STATE">
</uses-permission>
	

	<uses-permission android:name="android.permission.CALL_PHONE">
</uses-permission>
	

	<uses-permission android:name="android.permission.CHANGE_NETWORK_STATE">
</uses-permission>
	

	<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE">
</uses-permission>
	

	<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE">
</uses-permission>
	

	<uses-permission android:name="android.permission.INTERNET">
</uses-permission>
	

	<uses-permission android:name="android.permission.NFC">
</uses-permission>
	

	<uses-feature android:name="android.hardware.nfc" android:required="true">
</uses-feature>
	

	<uses-permission android:name="android.permission.WAKE_LOCK">
</uses-permission>
	

	<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE">
</uses-permission>
	

	<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED">
</uses-permission>
	

	<permission android:name="android.permission.INTERACT_ACROSS_USERS_FULL" android:protectionLevel="0x00000002">
</permission>
	

	<permission android:name="android.permission.INTERACT_ACROSS_USERS" android:protectionLevel="0x00000002">
</permission>
	

	<uses-permission android:name="android.permission.CAMERA">
</uses-permission>
	

	<uses-feature android:name="android.hardware.camera" android:required="false">
</uses-feature>
	

	<uses-feature android:name="android.hardware.camera.front" android:required="false">
</uses-feature>
	

	<uses-feature android:name="android.hardware.camera.autofocus" android:required="false">
</uses-feature>
	

	<uses-feature android:name="android.hardware.camera.flash" android:required="false">
</uses-feature>
	

	<uses-feature android:name="android.hardware.screen.landscape" android:required="false">
</uses-feature>
	

	<uses-feature android:name="android.hardware.wifi" android:required="false">
</uses-feature>
	

	<uses-feature android:glEsVersion="0x00020000" android:required="true">
</uses-feature>
	

	<application android:allowBackup="false" android:appComponentFactory="@7F100045" android:debuggable="true" android:icon="@7F0E0000" android:label="@7F100045" android:largeHeap="true" android:name="dev.jci.mwp.activities.MWPApplication" android:roundIcon="@7F0E0000" android:screenOrientation="1" android:supportsRtl="true" android:theme="@7F110008" android:usesCleartextTraffic="true">
		

		<uses-library android:name="org.apache.http.legacy" android:required="false">
</uses-library>
		

		<meta-data android:name="io.fabric.ApiKey" android:value="b0033de6c7331227adbab7f983da5471be4ee5fb">
</meta-data>
		

		<meta-data android:name="com.google.android.geo.API_KEY" android:value="@7F1000D8">
</meta-data>
		

		<activity android:name="dev.jci.mwp.activities.SplashActivity" android:screenOrientation="1" android:theme="@7F1100F6">
			

			<intent-filter>
				

				<action android:name="android.intent.action.MAIN">
</action>
				

				<category android:name="android.intent.category.LAUNCHER">
</category>
				

			</intent-filter>
			

		</activity>
		

		<activity android:label="@7F100045" android:launchMode="2" android:name="dev.jci.mwp.activities.DashboardActivity" android:screenOrientation="1" android:theme="@7F11000A">
</activity>
		

		<activity android:name="dev.jci.mwp.activities.AppointmentActivityNew" android:screenOrientation="1" android:theme="@7F11000A" android:windowSoftInputMode="0x00000002">
</activity>
		

		<activity android:label="@7F100045" android:name="dev.jci.mwp.activities.MyDeskActivity" android:screenOrientation="1" android:theme="@7F11000A">
</activity>
		

		<activity android:label="@7F100045" android:name="dev.jci.mwp.activities.MeetingRoomLightingActivity" android:screenOrientation="1" android:theme="@7F11000A">
</activity>
		

		<activity android:label="@7F100045" android:name="dev.jci.mwp.activities.AnnoucementsActivity" android:screenOrientation="1" android:theme="@7F11000A">
</activity>
		

		<activity android:label="@7F100045" android:name="dev.jci.mwp.activities.AnnouncementDisplayDetails" android:screenOrientation="1" android:theme="@7F11000A">
</activity>
		

		<activity android:label="@7F100045" android:name="dev.jci.mwp.activities.FeedbackActivity" android:screenOrientation="1" android:theme="@7F11000A">
</activity>
		

		<activity android:label="@7F100045" android:name="dev.jci.mwp.activities.ContactActivity" android:screenOrientation="1" android:theme="@7F11000A" android:windowSoftInputMode="0x00000002">
</activity>
		

		<activity android:label="@7F100045" android:name="dev.jci.mwp.activities.MyProfileActivity" android:screenOrientation="1" android:theme="@7F11000A" android:windowSoftInputMode="0x00000013">
</activity>
		

		<activity android:name="dev.jci.mwp.activities.BaseActivity" android:screenOrientation="1" android:theme="@7F1100F6">
</activity>
		

		<activity android:name="dev.jci.mwp.activities.CustomizeDashboardActivity" android:screenOrientation="1" android:theme="@7F11000A">
</activity>
		

		<activity android:name="dev.jci.mwp.activities.SettingsActivity" android:screenOrientation="1" android:theme="@7F11000A">
</activity>
		

		<activity android:label="@7F1001B5" android:name="dev.jci.mwp.activities.FloorMapActivity" android:parentActivityName="dev.jci.mwp.activities.DashboardActivity" android:theme="@android:01030011">
			

			<meta-data android:name="android.support.PARENT_ACTIVITY" android:value="dev.jci.mwp.activities.DashboardActivity">
</meta-data>
			

		</activity>
		

		<activity android:label="@7F100045" android:name="dev.jci.mwp.activities.SelectRoomActivityNew" android:screenOrientation="1" android:theme="@7F11000A" android:windowSoftInputMode="0x00000002">
</activity>
		

		<activity android:label="@7F100045" android:launchMode="1" android:name="dev.jci.mwp.activities.mycalendar.views.activities.MyCalendarActivity" android:parentActivityName="dev.jci.mwp.activities.DashboardActivity" android:screenOrientation="1" android:theme="@7F11000A" android:windowSoftInputMode="0x00000002">
			

			<meta-data android:name="android.support.PARENT_ACTIVITY" android:value=".activities.DashboardActivity">
</meta-data>
			

		</activity>
		

		<activity android:label="@7F100045" android:name="dev.jci.mwp.activities.InviteAttendeesActivity" android:screenOrientation="1" android:theme="@7F11000A" android:windowSoftInputMode="0x00000002">
</activity>
		

		<activity android:label="@7F100045" android:name="dev.jci.mwp.activities.StaticScreen" android:screenOrientation="1" android:theme="@7F11000A" android:windowSoftInputMode="0x00000002">
</activity>
		

		<activity android:label="@7F100045" android:name="dev.jci.mwp.activities.StaticScreenDetails" android:screenOrientation="1" android:theme="@7F11000A" android:windowSoftInputMode="0x00000002">
</activity>
		

		<service android:exported="false" android:name="dev.jci.mwp.services.ProfPicDownloadService">
</service>
		

		<service android:exported="false" android:name="dev.jci.mwp.services.UserLocationService">
</service>
		

		<activity android:label="@7F100045" android:name="dev.jci.mwp.activities.TermsAndConditionActivity" android:screenOrientation="1" android:theme="@7F11000A" android:windowSoftInputMode="0x00000002">
</activity>
		

		<activity android:label="@7F100045" android:name="dev.jci.mwp.activities.HelpAndSupport" android:screenOrientation="1" android:theme="@7F11000A" android:windowSoftInputMode="0x00000002">
</activity>
		

		<activity android:label="@7F100045" android:name="dev.jci.mwp.activities.AboutActivity" android:screenOrientation="1" android:theme="@7F11000A" android:windowSoftInputMode="0x00000002">
</activity>
		

		<service android:exported="true" android:name="dev.jci.mwp.utils.NetworkSchedulerService" android:permission="android.permission.BIND_JOB_SERVICE">
</service>
		

		<activity android:label="@7F100045" android:name="dev.jci.mwp.activities.ViewAppointmentActivity" android:screenOrientation="1" android:theme="@7F11000A" android:windowSoftInputMode="0x00000002">
</activity>
		

		<activity android:label="" android:launchMode="1" android:name="dev.jci.mwp.activities.HotDeskActivity" android:parentActivityName="dev.jci.mwp.activities.DashboardActivity" android:screenOrientation="1" android:theme="@7F11000A" android:windowSoftInputMode="0x00000020">
			

			<meta-data android:name="android.support.PARENT_ACTIVITY" android:value=".activities.DashboardActivity">
</meta-data>
			

		</activity>
		

		<activity android:name="dev.jci.mwp.activities.LoginActivity" android:screenOrientation="1" android:theme="@7F1100F6">
</activity>
		

		<activity android:label="" android:name="dev.jci.mwp.activities.InstantMeetingActivity" android:screenOrientation="1" android:theme="@7F11000A" android:windowSoftInputMode="0x00000020">
</activity>
		

		<activity android:label="Details Of Notification" android:name="dev.jci.mwp.activities.NotificationViewActivity">
</activity>
		

		<activity android:label="" android:name="dev.jci.mwp.wayfinding.navigation.NavigationActivity" android:screenOrientation="1" android:theme="@7F11000A" android:windowSoftInputMode="0x00000020">
			

			<intent-filter>
				

				<action android:name="android.nfc.action.NDEF_DISCOVERED">
</action>
				

				<category android:name="android.intent.category.INFO">
</category>
				

				<data android:mimeType="text/plain">
</data>
				

			</intent-filter>
			

		</activity>
		

		<activity android:clearTaskOnLaunch="true" android:name="com.journeyapps.barcodescanner.CaptureActivity" android:screenOrientation="1" android:stateNotNeeded="true" android:theme="@7F11020D" android:windowSoftInputMode="0x00000003">
</activity>
		

		<activity android:name="dev.jci.mwp.videos.views.activities.VideoTutorialActivity" android:screenOrientation="1" android:theme="@7F1100F6">
</activity>
		

		<activity android:name="dev.jci.mwp.videos.views.activities.VideoPlayActivity" android:theme="@7F11000A">
</activity>
		

		<activity android:exported="false" android:name="com.google.android.gms.common.api.GoogleApiActivity" android:theme="@android:01030010">
</activity>
		

		<meta-data android:name="com.google.android.gms.version" android:value="@7F0B0008">
</meta-data>
		

		<activity android:name="com.microsoft.aad.adal.AuthenticationActivity">
</activity>
		

		<provider android:authorities="dev.jci.mwp.qa.crashlyticsinitprovider" android:exported="false" android:initOrder="100" android:name="com.crashlytics.android.CrashlyticsInitProvider">
</provider>
		

	</application>
	

</manifest>