I've just come upon several
.apk files hosted with Github projects which are "compiled for debug" (i.e. having
application-debuggable set, which one can e.g. check using
aapt dump badging /path/to/apk | grep debuggable. Not being an Android dev, I only have vague ideas what that is for (extended debugging via ADB) xe2x80x93 but that's not the question here.
My question is from a pure end-user perspective: What are the (security) implications of installing/using such an app? What are the risks one must be aware of?
Of course I searched the web for hints on this, but again only got vague hints like "thou shalt not", and "for a release this should be switched off" xe2x80x93 no reasons, no background. For that one could think "obviously no big deal" xe2x80x93 but notes like Do spend some time thinking about the security implications for your users in this context (see this answer at SO) suggest differently.
Can anyone here provide some insights?