1. Debug Mode
    1. defines whether the application can be debugged or not
  2. BackUp Flag
    1. defines whether application data can be backed up and restored by a user who has enabled usb debugging
    2. Information could be retrieved such as card details, passwords etc.
  3. Intents
    1. Intents can be used to launch an activity, to send it to any interested broadcast receiver components, and to communicate with a background service.
    2. Intents messages should be reviewed to ensure that they doesn’t contain any sensitive information that could be intercepted.
    3. An intent is to perform an action on the screen. It is mostly used to start activity, send broadcast receiver,start services and send message between two activities.
    4. Implicit Intent doesn't specifiy the component. In such case, intent provides information of available components provided by the system that is to be invoked
    5. Explicit Intent specifies the component. In such case, intent provides the external class to be invoked.
  4. External Storage
    1. Applications that have the permission to copy data to external storage should be reviewed to ensure that no sensitive information is stored.
  5. Application Components
    1. Depending of the functionality an application can launch a service, perform an activity, receive content from another source or receive intents by the phone or by other applications
    2. components
      1. Activities
      2. Services
      3. Content Providers
      4. Broadcast Receivers
    3. Activities, Services, Content Providers and Broadcast Receivers can all be exported. Therefore all of them they should be reviewed that they don’t perform any sensitive action and that they are protected by appropriate permissions as otherwise information could be exposed to malicious third partie
  6. Permissions
    1. defines the procedure that the system should follow before grants the permission to the application that has requested it
    2. values
      1. normal
      2. dangerous
      3. signature
      4. signatureOrSystem
    3. All the permissions that the application requests should be reviewed to ensure that they don’t introduce a security risk.