Applications can be marked as debuggable to make functionality testing and error tracking a lot easier by allowing you to set breakpoints during app execution. To do this, view the VM stack and suspend and resume threads while the app is running on the device.
Unfortunately, some applications on the Google Play store are still flagged as debuggable. This may not always be the end of the world, but if the app hopes to protect any authentication data, passwords addresses, or any values stored in the applications memory, having it marked as debuggable means that attackers will be able to gain access to this data very easily.
This recipe discusses how to leak variable values from a debuggable application. Attackers may also be able to trigger remote-code execution via the app and run some code within the applications context.
The example being used here is the Android Wall Street Journal app and at the time of writing, it was one of the applications on the Google...