Android Manifest Checker
Paste your AndroidManifest and get an instant audit of permissions, components, flags, and SDK levels.
About Android Manifest Checker
Paste your AndroidManifest and get an instant audit of permissions, components, flags, and SDK levels.
Android Manifest Checker is part of APKLint’s manifest & configuration toolkit — Audit your AndroidManifest and security config. It’s free to use and needs no account.
Your privacy is the default: what you submit is processed on our servers over an encrypted connection for that request only — it isn’t written to file or object storage, and never shared.
What Android Manifest Checker checks
- All declared permissions, with dangerous ones flagged
- android:debuggable, allowBackup, and cleartext flags
- Exported components and missing android:exported
- min/target SDK against APKLint's date-stamped Play target-API rule plus manifest hygiene checks
Good to know: Reads the manifest you paste — it doesn't see code or resources, so runtime behavior isn't covered.
When to use Android Manifest Checker
- Best for
- An instant audit of a pasted AndroidManifest, permissions, components, flags, and the min/target SDK against the date-stamped Play target-API rule.
- Not the right tool for
- Not for binary APKs (it reads pasted XML) and not a full security report.
- What you get back
- A manifest health read: permission notes, exported/debuggable/backup flags, and SDK-level checks.
- How it differs from related APKLint tools
- It is the broad manifest audit; narrower tools (Dangerous Permissions, Exported Components, Debuggable) each zoom into one manifest concern.
- Limitations
- It checks the manifest text you paste, not the compiled app around it.
How to use Android Manifest Checker
- Paste your file — Paste your AndroidManifest.xml.
- Send for analysis — APKLint checks it on our servers over an encrypted connection.
- Review the findings — Work through each result with a short explanation of why it matters.
- Nothing is stored — Your pasted text is processed for this request only — it isn't written to file or object storage, logged for analytics, or shared.
Why use APKLint
Every tool is free with no login and no paywall. Reasonable file and input limits keep the free service stable.
A clean, focused interface with no third-party ad banners cluttering your results.
What you submit is processed for the request only — it isn't written to file or object storage, and never shared.
Parses the XML or text you paste with a hardened parser (defusedxml).
Start immediately — no account, login, or email required.
Runs in any modern browser, on desktop or mobile.
Frequently asked questions
What does Android Manifest Checker do?
Paste your AndroidManifest and get an instant audit of permissions, components, flags, and SDK levels.
Where do I get my manifest?
From your project (app/src/main/AndroidManifest.xml) or by decoding an APK with apktool, which rebuilds the real manifest.
Is it free to use?
Yes. Every tool on APKLint is completely free, with no sign-up and no account.
How is my data handled?
What you submit is sent to our backend over an encrypted connection only to produce your result. It isn't written to file storage, used for analytics, or shared.
What should I paste in?
Paste your AndroidManifest.xml.