This is one of the first files to check on a pentest. Things to review:

• What components does the app contain (activities, services, broadcast receivers, content providers etc.)?

• What permissions does the app need ?

• What permissions does the application declare?

• What version of Android does the app target?

• What is the minimum version of Android the app can install on?

• Is the app debuggable?

• Can you take a backup of the application?

https://developer.android.com/guide/topics/manifest/manifest-intro

Viewing The AndroidManifest.xml File

Manual

• Decompile the application
• Load AndroidManifest.xml within a file editor

Drozer

run app.package.manifest com.app.name