Exported Component Checker
Find activities, services, and receivers exported in your manifest without protection, a common security gap.
About Exported Component Checker
Find activities, services, and receivers exported in your manifest without protection, a common security gap.
Exported Component Checker is part of APKLint’s manifest & configuration toolkit — Audit your AndroidManifest and security config. It’s free to use and needs no account.
Your privacy is the default: what you submit is processed on our servers over an encrypted connection for that request only — it isn’t written to file or object storage, and never shared.
What Exported Component Checker checks
- Activities, services, and receivers marked exported
- Components with intent filters but no android:exported
- Providers and their exposure
- Where access could be restricted with permissions
Good to know: Flags exposure from the manifest. A launcher activity is intentionally exported — review each against intended use.
When to use Exported Component Checker
- Best for
- Finding activities, services, and receivers exported without protection in a pasted manifest, a common Android 12+ pitfall.
- Not the right tool for
- Not a general manifest review or a code-level access check.
- What you get back
- Exported components lacking a permission guard, with the Android 12 explicit-export context.
- How it differs from related APKLint tools
- It focuses purely on the exported-surface risk; Manifest Checker surfaces it alongside everything else.
- Limitations
- It reasons from the manifest; intent-filter nuances and runtime checks are out of scope.
How to use Exported Component Checker
- Paste your file — Paste your AndroidManifest.xml.
- Send for analysis — APKLint checks it on our servers over an encrypted connection.
- Review the findings — Work through each result with a short explanation of why it matters.
- Nothing is stored — Your pasted text is processed for this request only — it isn't written to file or object storage, logged for analytics, or shared.
Why use APKLint
Every tool is free with no login and no paywall. Reasonable file and input limits keep the free service stable.
A clean, focused interface with no third-party ad banners cluttering your results.
What you submit is processed for the request only — it isn't written to file or object storage, and never shared.
Parses the XML or text you paste with a hardened parser (defusedxml).
Start immediately — no account, login, or email required.
Runs in any modern browser, on desktop or mobile.
Frequently asked questions
What does Exported Component Checker do?
Find activities, services, and receivers exported in your manifest without protection, a common security gap.
Is an exported component always bad?
No. Launchers and intended entry points must be exported. The risk is unintentionally exported components without permission protection.
Is it free to use?
Yes. Every tool on APKLint is completely free, with no sign-up and no account.
How is my data handled?
What you submit is sent to our backend over an encrypted connection only to produce your result. It isn't written to file storage, used for analytics, or shared.
What should I paste in?
Paste your AndroidManifest.xml.