diff --git a/fdroidserver/build.py b/fdroidserver/build.py
index 0a4c3e6a..307b650a 100644
--- a/fdroidserver/build.py
+++ b/fdroidserver/build.py
@@ -390,6 +390,10 @@ def build_local(app, thisbuild, vcs, build_dir, output_dir, extlib_dir, tmp_dir,
             re.S|re.M).group(1)
         src = os.path.join(bindir, src)
 
+    # Make sure it's not debuggable...
+    if not install and common.isApkDebuggable(src, sdk_path):
+        raise BuildException("APK is debuggable")
+
     # By way of a sanity check, make sure the version and version
     # code in our new apk match what we expect...
     print "Checking " + src
diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index f327da97..7d54471f 100644
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -416,6 +416,10 @@ def parse_metadata(metafile, **kw):
         thisbuild['origlines'] = lines
         thisbuild['version'] = parts[0]
         thisbuild['vercode'] = parts[1]
+        try:
+            testvercode = int(thisbuild['vercode'])
+        except:
+            raise MetaDataException("Invalid version code for build in " + metafile.name)
         thisbuild['commit'] = parts[2]
         for p in parts[3:]:
             pk, pv = p.split('=', 1)
@@ -2186,3 +2190,22 @@ class KnownApks:
         lst.reverse()
         return lst
 
+def isApkDebuggable(apkfile, sdk_path):
+    """Returns True if the given apk file is debuggable
+
+    :param apkfile: full path to the apk to check
+    :param sdk_path: path to android sdk"""
+
+    p = subprocess.Popen([os.path.join(sdk_path, 'platform-tools', 'aapt'),
+		  'dump', 'xmltree', apkfile, 'AndroidManifest.xml'],
+		 stdout=subprocess.PIPE)
+    output = p.communicate()[0]
+    if p.returncode != 0:
+        print "ERROR: Failed to get apk manifest information"
+        sys.exit(1)
+    for line in output.splitlines():
+        if line.find('android:debuggable') != -1 and not line.endswith('0x0'):
+            return True
+    return False
+
+
diff --git a/fdroidserver/update.py b/fdroidserver/update.py
index bc2d9ac2..21cd4add 100644
--- a/fdroidserver/update.py
+++ b/fdroidserver/update.py
@@ -329,6 +329,10 @@ def main():
                 print "  WARNING: no SDK version information found"
                 thisinfo['sdkversion'] = 0
 
+            # Check for debuggable apks...
+            if common.isApkDebuggable(apkfile, sdk_path):
+                print "WARNING: {0} is debuggable... {1}".format(apkfile, line)
+
             # Calculate the md5 and sha256...
             m = hashlib.md5()
             sha = hashlib.sha256()
diff --git a/wp-fdroid/wp-fdroid.php b/wp-fdroid/wp-fdroid.php
index 9624c8a0..319e67e1 100644
--- a/wp-fdroid/wp-fdroid.php
+++ b/wp-fdroid/wp-fdroid.php
@@ -292,13 +292,14 @@ class FDroid
 				$out.='}';
 				$out.='</script>';
 
+				$out.="<h3>Packages</h3>";
+
 				$out.="<p><b>NOTE:</b> Although APK downloads are available below to give ";
 				$out.="you the choice, you should be aware that by installing that way you ";
 				$out.="will not receive update notifications, and it's a less secure way ";
 				$out.="to download, especially if you are not currently using HTTPS. ";
 				$out.="We recommend that you install the F-Droid client and use that.</p>";
 
-				$out.="<h3>Packages</h3>";
 				$i=0;
 				foreach($apks as $apk) {
 					$first = $i+1==count($apks);