In this chapter, we have discussed various client-side attacks possible in Android applications. We have seen how valuable insights can be gained from AndroidManifest.xml, source code analysis and how the QARK tool can be used to automate this process. The backup techniques allowed us to perform the same techniques as on a rooted device with only few extra steps, even on non-rooted devices. This is where developers need to take utmost care while releasing their apps into the production environment if they use these app components. It is always suggested to cross check the AndroidManifest.xml file to make sure that no components are exported by mistake.