0/59

Threat

com.android.shell

Shell

Analyzed on 2022-05-24T03:09:20.169920

120

permissions

1

activities

1

services

2

receivers

0

domains

File sums

MD5 8e5f8ebe6e13f23f409864b684f57320
SHA1 62e412e09027953cefcd39ca360de8e3d89025a2
SHA256 0da092cffe5c8d222d2a9afae8719cbc6f03b8ca063e7762fae0c966d03512dd
Size 0.04MB

APKiD

Information computed with APKiD.

SSdeep

Information computed with ssdeep.

APK file 768:rTXpABzVvmRuV3RTK3RVnImORf6tlnWHceKvJpIeF:rj/qRfelnumvJ6eF
Manifest 384:mngSvHhkF+Q25gEkzOQOp9/f2tZIX63O5mY3AbIRHfod1V5QjCIdRaLV+36kq+LO:…

Dexofuzzy

Information computed with Dexofuzzy.

APK details

Information computed with AndroGuard and Pithus.

Package com.android.shell
App name Shell
Version name 9
Version code 28
SDK 28 - 28
UAID 60ab74efa2119c9f259964a535600d0139d2cacd
Signature Signature V1 Signature V2
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown

Certificate details

Information computed with AndroGuard.

MD5 d087e72912fba064cafa78dc34aea839
SHA1 9ca5170f381919dfe0446fcdab18b19a143b3163
SHA256 34df0e7a9f1cf1892e45c056b4973cd81ccf148a4050d11aea4ac5a65f900a42
Issuer Email Address: android.os@samsung.com, Common Name: Samsung Cert, Organizational Unit: DMC, Organization: Samsung Corporation, Locality: Suwon City, State/Province: South Korea, Country: KR
Not before 2011-06-22T12:25:12+00:00
Not after 2038-11-07T12:25:12+00:00

File Analysis

Information computed with MobSF.

Findings Files
Certificate/Key files hardcoded inside the app. SEC-INF/buildConfirm.crt

Manifest analysis

Information computed with MobSF.

Low App is direct-boot aware [android:directBootAware=true]
This app can run before the user unlocks the device. If you're using a custom subclass of Application, and if any component inside your application is direct - boot aware, then your entire custom application is considered to be direct - boot aware.During Direct Boot, your application can only access the data that is stored in device protected storage.
Medium Application Data can be Backed up[android:allowBackup] flag is missing.
The flag [android:allowBackup] should be set to false. By default it is set to true and allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
High Content Provider (.BugreportStorageProvider) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.MANAGE_DOCUMENTS [android:exported=true]
A Content Provider is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (.BugreportReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.DUMP [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (.RemoteBugreportReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.DUMP [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.

Activities

Information computed with AndroGuard.

com.android.shell.BugreportWarningActivity

Receivers

Information computed with AndroGuard.

com.android.shell.BugreportReceiver
com.android.shell.RemoteBugreportReceiver

Services

Information computed with AndroGuard.

com.android.shell.BugreportProgressService

Sample timeline

Oldest file found in APK Jan. 1, 2009, midnight
Latest file found in APK Jan. 1, 2009, midnight
Certificate valid not before June 22, 2011, 12:25 p.m.
First submission on VT April 27, 2021, 3:59 a.m.
Last submission on VT April 27, 2021, 3:59 a.m.
Upload on Pithus May 24, 2022, 3:09 a.m.
Certificate valid not after Nov. 7, 2038, 12:25 p.m.

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['microphone', 'location', 'camera', 'bluetooth', 'network connectivity'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to ['address book', 'calendar'].
Access to Platform Resources
FDP_NET_EXT.1.1 The application has no network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FTP_DIT_EXT.1.1 The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product.
Protection of Data in Transit

Permissions analysis

Information computed with MobSF.

High android.permission.SEND_SMS send SMS messages
Allows application to send SMS messages. Malicious applications may cost you money by sending messages without your confirmation.
High android.permission.CALL_PHONE directly call phone numbers
Allows the application to call phone numbers without your intervention. Malicious applications may cause unexpected calls on your phone bill. Note that this does not allow the application to call emergency numbers.
High android.permission.READ_PHONE_STATE read phone state and identity
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on.
High android.permission.READ_CONTACTS read contact data
Allows an application to read all of the contact (address) data stored on your phone. Malicious applications can use this to send your data to other people.
High android.permission.WRITE_CONTACTS write contact data
Allows an application to modify the contact (address) data stored on your phone. Malicious applications can use this to erase or modify your contact data.
High android.permission.READ_CALENDAR read calendar events
Allows an application to read all of the calendar events stored on your phone. Malicious applications can use this to send your calendar events to other people.
High android.permission.WRITE_CALENDAR add or modify calendar events and send emails to guests
Allows an application to add or change the events on your calendar, which may send emails to guests. Malicious applications can use this to erase or modify your calendar events or to send emails to guests.
High android.permission.READ_USER_DICTIONARY read user-defined dictionary
Allows an application to read any private words, names and phrases that the user may have stored in the user dictionary.
High android.permission.ACCESS_FINE_LOCATION fine (GPS) location
Access fine location sources, such as the Global Positioning System on the phone, where available. Malicious applications can use this to determine where you are and may consume additional battery power.
High android.permission.ACCESS_COARSE_LOCATION coarse (network-based) location
Access coarse location sources, such as the mobile network database, to determine an approximate phone location, where available. Malicious applications can use this to determine approximately where you are.
High android.permission.SET_ANIMATION_SCALE modify global animation speed
Allows an application to change the global animation speed (faster or slower animations) at any time.
High android.permission.WRITE_SETTINGS modify global system settings
Allows an application to modify the system's settings data. Malicious applications can corrupt your system's configuration.
High android.permission.SET_DEBUG_APP enable application debugging
Allows an application to turn on debugging for another application. Malicious applications can use this to kill other applications.
High android.permission.SET_PROCESS_LIMIT limit number of running processes
Allows an application to control the maximum number of processes that will run. Never needed for common applications.
High android.permission.SET_ALWAYS_FINISH make all background applications close
Allows an application to control whether activities are always finished as soon as they go to the background. Never needed for common applications.
High android.permission.SIGNAL_PERSISTENT_PROCESSES send Linux signals to applications
Allows application to request that the supplied signal be sent to all persistent processes.
High android.permission.READ_EXTERNAL_STORAGE read external storage contents
Allows an application to read from external storage.
High android.permission.WRITE_EXTERNAL_STORAGE read/modify/delete external storage contents
Allows an application to write to external storage.
High android.permission.GET_ACCOUNTS list accounts
Allows access to the list of accounts in the Accounts Service.
High android.permission.MOUNT_UNMOUNT_FILESYSTEMS mount and unmount file systems
Allows the application to mount and unmount file systems for removable storage.
High android.permission.MOUNT_FORMAT_FILESYSTEMS format external storage
Allows the application to format removable storage.
High android.permission.RECORD_AUDIO record audio
Allows application to access the audio record path.
High android.permission.CAMERA take pictures and videos
Allows application to take pictures and videos with the camera. This allows the application to collect images that the camera is seeing at any time.
High android.permission.BODY_SENSORS Allows an application to access data from sensors that the user uses to measure what is happening inside his/her body, such as heart rate.
Low android.permission.WRITE_USER_DICTIONARY write to user-defined dictionary
Allows an application to write new words into the user dictionary.
Low android.permission.ACCESS_LOCATION_EXTRA_COMMANDS access extra location provider commands
Access extra location provider commands. Malicious applications could use this to interfere with the operation of the GPS or other location sources.
Low android.permission.ACCESS_NETWORK_STATE view network status
Allows an application to view the status of all networks.
Low android.permission.ACCESS_WIFI_STATE view Wi-Fi status
Allows an application to view the information about the status of Wi-Fi.
Low android.permission.BLUETOOTH create Bluetooth connections
Allows applications to connect to paired bluetooth devices.
Low android.permission.EXPAND_STATUS_BAR expand/collapse status bar
Allows application to expand or collapse the status bar.
Low android.permission.DISABLE_KEYGUARD Allows applications to disable the keyguard if it is not secure.
Low android.permission.FOREGROUND_SERVICE Allows a regular application to use Service.startForeground.
Low android.permission.REORDER_TASKS reorder applications running
Allows an application to move tasks to the foreground and background. Malicious applications can force themselves to the front without your control.
Low android.permission.BROADCAST_STICKY send sticky broadcast
Allows an application to send sticky broadcasts, which remain after the broadcast ends. Malicious applications can make the phone slow or unstable by causing it to use too much memory.
Low android.permission.KILL_BACKGROUND_PROCESSES kill background processes
Allows an application to kill background processes of other applications, even if memory is not low.
Low android.permission.VIBRATE control vibrator
Allows the application to control the vibrator.
Low android.permission.CHANGE_WIFI_STATE change Wi-Fi status
Allows an application to connect to and disconnect from Wi-Fi access points and to make changes to configured Wi-Fi networks.
Low android.permission.WAKE_LOCK prevent phone from sleeping
Allows an application to prevent the phone from going to sleep.
Medium android.permission.SET_PREFERRED_APPLICATIONS set preferred applications
Allows an application to modify your preferred applications. This can allow malicious applications to silently change the applications that are run, spoofing your existing applications to collect private data from you.
Medium android.permission.FORCE_BACK force application to close
Allows an application to force any activity that is in the foreground to close and go back. Should never be needed for common applications.
Medium android.permission.BATTERY_STATS modify battery statistics
Allows the modification of collected battery statistics. Not for use by common applications.
Medium android.permission.PACKAGE_USAGE_STATS update component usage statistics
Allows the modification of collected component usage statistics. Not for use by common applications.
Medium android.permission.INTERNAL_SYSTEM_WINDOW display unauthorised windows
Allows the creation of windows that are intended to be used by the internal system user interface. Not for use by common applications.
Medium android.permission.INJECT_EVENTS press keys and control buttons
Allows an application to deliver its own input events (key presses, etc.) to other applications. Malicious applications can use this to take over the phone.
Medium android.permission.SET_ACTIVITY_WATCHER monitor and control all application launching
Allows an application to monitor and control how the system launches activities. Malicious applications may compromise the system completely. This permission is needed only for development, never for common phone usage.
Medium android.permission.READ_INPUT_STATE record what you type and actions that you take
Allows applications to watch the keys that you press even when interacting with another application (such as entering a password). Should never be needed for common applications.
Medium android.permission.SET_ORIENTATION change screen orientation
Allows an application to change the rotation of the screen at any time. Should never be needed for common applications.
Medium android.permission.CLEAR_APP_USER_DATA delete other applications' data
Allows an application to clear user data.
Medium android.permission.ACCESS_SURFACE_FLINGER access SurfaceFlinger
Allows application to use SurfaceFlinger low-level features.
Medium android.permission.READ_FRAME_BUFFER read frame buffer
Allows application to read the content of the frame buffer.
Medium android.permission.DEVICE_POWER turn phone on or off
Allows the application to turn the phone on or off.
Medium android.permission.FORCE_STOP_PACKAGES force-stop other applications
Allows an application to stop other applications forcibly.
Medium android.permission.STOP_APP_SWITCHES prevent app switches
Prevents the user from switching to another application.
Medium android.permission.CHANGE_CONFIGURATION change your UI settings
Allows an application to change the current configuration, such as the locale or overall font size.
Medium android.permission.WRITE_SECURE_SETTINGS modify secure system settings
Allows an application to modify the system's secure settings data. Not for use by common applications.
Medium android.permission.DUMP retrieve system internal status
Allows application to retrieve internal status of the system. Malicious applications may retrieve a wide variety of private and secure information that they should never commonly need.
Medium android.permission.INSTALL_PACKAGES directly install applications
Allows an application to install new or updated Android packages. Malicious applications can use this to add new applications with arbitrarily powerful permissions.
Medium android.permission.MOVE_PACKAGE Move application resources
Allows an application to move application resources from internal to external media and vice versa.
Medium android.permission.CLEAR_APP_CACHE delete all application cache data
Allows an application to free phone storage by deleting files in application cache directory. Access is usually very restricted to system process.
Medium android.permission.DELETE_CACHE_FILES delete other applications' caches
Allows an application to delete cache files.
Medium android.permission.DELETE_PACKAGES delete applications
Allows an application to delete Android packages. Malicious applications can use this to delete important applications.
Medium android.permission.INSTALL_LOCATION_PROVIDER permission to install a location provider
Create mock location sources for testing. Malicious applications can use this to override the location and/or status returned by real-location sources such as GPS or Network providers, or monitor and report your location to an external source.
Medium android.permission.BACKUP control system back up and restore
Allows the application to control the system's back-up and restore mechanism. Not for use by common applications.
Medium android.permission.BIND_APPWIDGET choose widgets
Allows the application to tell the system which widgets can be used by which application. With this permission, applications can give access to personal data to other applications. Not for use by common applications.
Medium android.permission.MODIFY_PHONE_STATE modify phone status
Allows the application to control the phone features of the device. An application with this permission can switch networks, turn the phone radio on and off and the like, without ever notifying you.
Medium android.permission.CHANGE_COMPONENT_ENABLED_STATE enable or disable application components
Allows an application to change whether or not a component of another application is enabled. Malicious applications can use this to disable important phone capabilities. It is important to be careful with permission, as it is possible to bring application components into an unusable, inconsistent or unstable state.
Medium android.permission.SET_TIME set time
Allows an application to change the phone's clock time.
Medium android.permission.SET_TIME_ZONE set time zone
Allows an application to change the phone's time zone.
android.permission.LOCAL_MAC_ADDRESS Unknown permission
Unknown permission from android reference
android.permission.MANAGE_NETWORK_POLICY Unknown permission
Unknown permission from android reference
android.permission.MANAGE_USB Unknown permission
Unknown permission from android reference
android.permission.USE_RESERVED_DISK Unknown permission
Unknown permission from android reference
android.permission.REAL_GET_TASKS Unknown permission
Unknown permission from android reference
android.permission.RETRIEVE_WINDOW_CONTENT Unknown permission
Unknown permission from android reference
android.permission.ACCESS_CONTENT_PROVIDERS_EXTERNALLY Unknown permission
Unknown permission from android reference
android.permission.GRANT_RUNTIME_PERMISSIONS Unknown permission
Unknown permission from android reference
android.permission.REVOKE_RUNTIME_PERMISSIONS Unknown permission
Unknown permission from android reference
android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS Unknown permission
Unknown permission from android reference
android.permission.SET_KEYBOARD_LAYOUT Unknown permission
Unknown permission from android reference
android.permission.GET_DETAILED_TASKS Unknown permission
Unknown permission from android reference
android.permission.SET_SCREEN_COMPATIBILITY Unknown permission
Unknown permission from android reference
android.permission.WRITE_MEDIA_STORAGE Unknown permission
Unknown permission from android reference
android.permission.INTERACT_ACROSS_USERS Unknown permission
Unknown permission from android reference
android.permission.INTERACT_ACROSS_USERS_FULL Unknown permission
Unknown permission from android reference
android.permission.CREATE_USERS Unknown permission
Unknown permission from android reference
android.permission.MANAGE_DEVICE_ADMINS Unknown permission
Unknown permission from android reference
android.permission.ACCESS_LOWPAN_STATE Unknown permission
Unknown permission from android reference
android.permission.CHANGE_LOWPAN_STATE Unknown permission
Unknown permission from android reference
android.permission.READ_LOWPAN_CREDENTIAL Unknown permission
Unknown permission from android reference
android.permission.BLUETOOTH_STACK Unknown permission
Unknown permission from android reference
android.permission.RETRIEVE_WINDOW_TOKEN Unknown permission
Unknown permission from android reference
android.permission.FRAME_STATS Unknown permission
Unknown permission from android reference
android.permission.UPDATE_APP_OPS_STATS Unknown permission
Unknown permission from android reference
android.permission.MODIFY_APPWIDGET_BIND_PERMISSIONS Unknown permission
Unknown permission from android reference
android.permission.CHANGE_APP_IDLE_STATE Unknown permission
Unknown permission from android reference
android.permission.CHANGE_DEVICE_IDLE_TEMP_WHITELIST Unknown permission
Unknown permission from android reference
android.permission.REGISTER_CALL_PROVIDER Unknown permission
Unknown permission from android reference
android.permission.REGISTER_CONNECTION_MANAGER Unknown permission
Unknown permission from android reference
android.permission.REGISTER_SIM_SUBSCRIPTION Unknown permission
Unknown permission from android reference
android.permission.GET_APP_OPS_STATS Unknown permission
Unknown permission from android reference
android.permission.MANAGE_APP_OPS_MODES Unknown permission
Unknown permission from android reference
android.permission.MANAGE_ACTIVITY_STACKS Unknown permission
Unknown permission from android reference
android.permission.START_TASKS_FROM_RECENTS Unknown permission
Unknown permission from android reference
android.permission.ACTIVITY_EMBEDDING Unknown permission
Unknown permission from android reference
android.permission.CONNECTIVITY_INTERNAL Unknown permission
Unknown permission from android reference
android.permission.MANAGE_AUTO_FILL Unknown permission
Unknown permission from android reference
android.permission.NETWORK_SETTINGS Unknown permission
Unknown permission from android reference
android.permission.DISABLE_HIDDEN_API_CHECKS Unknown permission
Unknown permission from android reference
android.permission.SUBSTITUTE_NOTIFICATION_APP_NAME Unknown permission
Unknown permission from android reference
android.permission.CHANGE_OVERLAY_PACKAGES Unknown permission
Unknown permission from android reference
android.permission.RESTRICTED_VR_ACCESS Unknown permission
Unknown permission from android reference
android.permission.MANAGE_BIND_INSTANT_SERVICE Unknown permission
Unknown permission from android reference
android.permission.SET_HARMFUL_APP_WARNINGS Unknown permission
Unknown permission from android reference
android.permission.MANAGE_SENSORS Unknown permission
Unknown permission from android reference
android.permission.MANAGE_AUDIO_POLICY Unknown permission
Unknown permission from android reference
android.permission.MANAGE_CAMERA Unknown permission
Unknown permission from android reference
android.permission.MANAGE_BLUETOOTH_WHEN_PERMISSION_REVIEW_REQUIRED Unknown permission
Unknown permission from android reference
android.permission.MANAGE_WIFI_WHEN_PERMISSION_REVIEW_REQUIRED Unknown permission
Unknown permission from android reference
android.permission.WATCH_APPOPS Unknown permission
Unknown permission from android reference
android.permission.CONTROL_KEYGUARD Unknown permission
Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Control flow graphs analysis

Information computed by Pithus.