diff --git a/fdroidserver/btlog.py b/fdroidserver/btlog.py
index de357039..43ea2313 100755
--- a/fdroidserver/btlog.py
+++ b/fdroidserver/btlog.py
@@ -28,6 +28,7 @@
 
 
 import collections
+import defusedxml.minidom
 import git
 import glob
 import os
@@ -36,7 +37,6 @@ import logging
 import requests
 import shutil
 import tempfile
-import xml.dom.minidom
 import zipfile
 from argparse import ArgumentParser
 
@@ -94,7 +94,7 @@ For more info on this idea:
                 continue
             dest = os.path.join(cpdir, f)
             if f.endswith('.xml'):
-                doc = xml.dom.minidom.parse(repof)
+                doc = defusedxml.minidom.parse(repof)
                 output = doc.toprettyxml(encoding='utf-8')
                 with open(dest, 'wb') as f:
                     f.write(output)
diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index 0126a7e7..fb344b87 100644
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -39,7 +39,7 @@ import base64
 import zipfile
 import tempfile
 import json
-import xml.etree.ElementTree as XMLElementTree
+import defusedxml.ElementTree as XMLElementTree
 
 from binascii import hexlify
 from datetime import datetime, timedelta
@@ -74,7 +74,6 @@ STANDARD_FILE_NAME_REGEX = re.compile(r'^(\w[\w.]*)_(-?[0-9]+)\.\w+')
 MAX_VERSION_CODE = 0x7fffffff  # Java's Integer.MAX_VALUE (2147483647)
 
 XMLNS_ANDROID = '{http://schemas.android.com/apk/res/android}'
-XMLElementTree.register_namespace('android', 'http://schemas.android.com/apk/res/android')
 
 config = None
 options = None
diff --git a/setup.py b/setup.py
index 4774d9d1..7a40a4d9 100755
--- a/setup.py
+++ b/setup.py
@@ -69,6 +69,7 @@ setup(name='fdroidserver',
       install_requires=[
           'androguard >= 3.1.0rc2',
           'clint',
+          'defusedxml',
           'GitPython',
           'mwclient',
           'paramiko',
diff --git a/tests/common.TestCase b/tests/common.TestCase
index db06f3b5..1c75a411 100755
--- a/tests/common.TestCase
+++ b/tests/common.TestCase
@@ -681,6 +681,12 @@ class CommonTest(unittest.TestCase):
         sig = fdroidserver.common.metadata_find_developer_signature('org.smssecure.smssecure')
         self.assertEqual('b30bb971af0d134866e158ec748fcd553df97c150f58b0a963190bbafbeb0868', sig)
 
+    def test_parse_xml(self):
+        manifest = os.path.join('source-files', 'fdroid', 'fdroidclient', 'AndroidManifest.xml')
+        parsed = fdroidserver.common.parse_xml(manifest)
+        self.assertIsNotNone(parsed)
+        self.assertEqual(str(type(parsed)), "<class 'xml.etree.ElementTree.Element'>")
+
     def test_parse_androidmanifests(self):
         app = fdroidserver.metadata.App()
         app.id = 'org.fdroid.fdroid'