0/61

Threat

com.motorola.easyprefix

Easy Prefix

Analyzed on 2022-06-18T16:51:02.532998

7

permissions

2

activities

3

services

4

receivers

0

domains

File sums

MD5 89444b04e4d7781532fded9729615fae
SHA1 5a115ad7f6353c54b918ead0a544fd1d429d470b
SHA256 0403a0608f8073fe3d6f3f3ca80eaadead625b3d0c0dff97a93c96c81eecdab5
Size 0.75MB

APKiD

Information computed with APKiD.

/tmp/tmp8323soi5!classes.dex
yara_issue
  • yara issue - dex file recognized by apkid but not yara module
compiler
  • unknown (please file detection issue!)

SSdeep

Information computed with ssdeep.

APK file 6144:El2bn0t9lhe9DIhJcG+Z4Lp9NSs9jHT/zrKOStRd996mU0QTT/vaB+cNWSjYlG/2:2nhJcuNSs5fzStNjQjcUSjYlmQQdcY8
Manifest 192:zTvwmiMSB1/dRBtcp++oDb3r4eZTMT2hmNSHDbF6Xa4ZOHk70Z:zTvwmiMSB1/dRB…
classes.dex 6144:Vl2bn0t9lhe9DIhJcG+Z4Lp9NSs9jHT/zrKOStRd996mU0QTw:rnhJcuNSs5fzSt…

Dexofuzzy

Information computed with Dexofuzzy.

classes.dex None

APK details

Information computed with AndroGuard and Pithus.

Package com.motorola.easyprefix
App name Easy Prefix
Version name 01.04.138
Version code 104138
SDK 31 - 31
UAID f928c44706d665a32e83d210152299412720b372
Signature Signature V1 Signature V2 Signature V3
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0xf05368c0: Unknown
  • 0x42726577: Verity padding

Certificate details

Information computed with AndroGuard.

MD5 1661f9d1dff3af20273db2e7d8e45a36
SHA1 d670d099a3a6e657ba839dce0746fe1a31f4547e
SHA256 c463fa2a0351086dd6328d9daf6218146ee1651521c1cb6b4c538f85eeec7a3c
Issuer Common Name: Common MotoBLUR 2-1, Organizational Unit: MMI, Organization: Motorola, Locality: Libertyville, State/Province: Illinois, Country: US
Not before 2011-03-15T22:44:05+00:00
Not after 2036-03-15T22:44:05+00:00

Manifest analysis

Information computed with MobSF.

High Activity (com.motorola.easyprefix.SettingsActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.motorola.easyprefix.SingleSimSettingsActivity) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.motorola.easyprefix.AliasSimCardsSettings) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.motorola.easyprefix.AliasCallSettings) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.motorola.easyprefix.WizardActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
Low Broadcast Receiver (com.motorola.easyprefix.receiver.DualSimWizardReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.motorola.permission.easyprefix.write
protectionLevel: signatureOrSystem [android:exported=true]
A Broadcast Receiver is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
High Broadcast Receiver (com.motorola.easyprefix.receiver.SimApplicationStateChangedReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.motorola.easyprefix.receiver.BootCompletedReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.motorola.easyprefix.receiver.InitializeReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Content Provider (com.motorola.easyprefix.provider.EasyPrefixProvider) is not Protected. [android:exported=true]
A Content Provider is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.motorola.easyprefix.service.EasyPrefixCallRedirectionService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_CALL_REDIRECTION_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
Medium High Intent Priority (1000)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.

Activities

Information computed with AndroGuard.

com.motorola.easyprefix.SettingsActivity
com.motorola.easyprefix.WizardActivity

Receivers

Information computed with AndroGuard.

com.motorola.easyprefix.receiver.DualSimWizardReceiver
com.motorola.easyprefix.receiver.SimApplicationStateChangedReceiver
com.motorola.easyprefix.receiver.BootCompletedReceiver
com.motorola.easyprefix.receiver.InitializeReceiver

Services

Information computed with AndroGuard.

com.motorola.easyprefix.service.EasyPrefixIntentService
com.motorola.easyprefix.service.EasyPrefixCallRedirectionService
com.motorola.easyprefix.service.VerifyConfigurationService

Sample timeline

Oldest file found in APK Jan. 1, 2009, midnight
Latest file found in APK Jan. 1, 2009, midnight
Certificate valid not before March 15, 2011, 10:44 p.m.
First submission on VT April 12, 2022, 8:02 p.m.
Last submission on VT April 12, 2022, 8:02 p.m.
Upload on Pithus June 18, 2022, 4:51 p.m.
Certificate valid not after March 15, 2036, 10:44 p.m.

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to no hardware resources.
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to ['address book'].
Access to Platform Resources
FDP_NET_EXT.1.1 The application has no network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product.
Protection of Data in Transit

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 b/c/d/j.java
b/c/d/l/c.java
b/c/d/k.java
b/e/a/a.java
b/c/d/i.java
com/motorola/easyprefix/z/c.java
Medium
CVSS:5.9
App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
M7: Client Code Quality
Files:
 com/motorola/easyprefix/y/a.java

Permissions analysis

Information computed with MobSF.

High android.permission.READ_CONTACTS read contact data
Allows an application to read all of the contact (address) data stored on your phone. Malicious applications can use this to send your data to other people.
Low android.permission.FOREGROUND_SERVICE Allows a regular application to use Service.startForeground.
Low android.permission.RECEIVE_BOOT_COMPLETED automatically start at boot
Allows an application to start itself as soon as the system has finished booting. This can make it take longer to start the phone and allow the application to slow down the overall phone by always running.
android.permission.READ_PRIVILEGED_PHONE_STATE Unknown permission
Unknown permission from android reference
android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND Unknown permission
Unknown permission from android reference
com.motorola.permission.easyprefix.read Unknown permission
Unknown permission from android reference
com.motorola.permission.easyprefix.write Unknown permission
Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Find a method from given class name, usually for reflection
Confidence:
100%
Method reflection
Confidence:
100%
Read sensitive data(SMS, CALLLOG, etc)
Confidence:
100%
Implicit intent(view a web page, make a phone call, etc.) via setData
Confidence:
100%
Send notification
Confidence:
100%
Monitor the broadcast action events (BOOT_COMPLETED)
Confidence:
100%
Query the IMSI number
Confidence:
100%
Method reflection
Confidence:
100%
Hide the current app's icon
Confidence:
100%
Query data from URI (SMS, CALLLOGS)
Confidence:
80%
Query the SIM card status
Confidence:
80%
Get the country code of the SIM card provider

Behavior analysis

Information computed with MobSF.

Android notifications
       com/motorola/easyprefix/service/VerifyConfigurationService.java
Content provider
       com/motorola/easyprefix/provider/EasyPrefixProvider.java
Get sim operator name
       com/motorola/easyprefix/a0/d.java
Get sim provider details
       com/motorola/easyprefix/a0/d.java
Get subscriber id
       com/motorola/easyprefix/a0/d.java
Get system service
       com/motorola/easyprefix/x/b.java
com/motorola/easyprefix/z/d.java
com/motorola/easyprefix/service/VerifyConfigurationService.java
com/motorola/easyprefix/a0/d.java
com/motorola/easyprefix/a0/c.java
b/c/d/i.java
com/motorola/easyprefix/r.java
Inter process communication
       com/motorola/easyprefix/x/b.java
com/motorola/easyprefix/WizardActivity.java
com/motorola/easyprefix/service/VerifyConfigurationService.java
com/motorola/easyprefix/SettingsActivity.java
com/motorola/easyprefix/s.java
com/motorola/easyprefix/v/a.java
b/e/a/a.java
com/motorola/easyprefix/receiver/InitializeReceiver.java
com/motorola/easyprefix/service/EasyPrefixIntentService.java
com/motorola/easyprefix/z/d.java
com/motorola/easyprefix/receiver/DualSimWizardReceiver.java
a/a/a/a/a.java
com/motorola/easyprefix/receiver/SimApplicationStateChangedReceiver.java
com/motorola/easyprefix/receiver/BootCompletedReceiver.java
com/motorola/easyprefix/r.java
Java reflection
       b/c/d/j.java
com/motorola/easyprefix/z/h.java
b/c/d/i.java
Local file i/o operations
       com/motorola/easyprefix/z/f.java
Starting activity
       com/motorola/easyprefix/s.java