0/63

Threat

com.sec.android.RilServiceModeApp

Service mode RIL

Analyzed on 2022-01-21T13:46:08.562684

22

permissions

15

activities

0

services

2

receivers

0

domains

File sums

MD5 c8e2be290988cf3b5fce4d28ecfba851
SHA1 44792ef240bad6e9f460564c6c12ee5752c3d1d0
SHA256 138ff1f00da42db2daf934fb4ba7b9f5b7edefba4f48012675e1cab0f3fa8bc4
Size 0.12MB

APKiD

Information computed with APKiD.

/tmp/tmpcrh5r1q1!classes.dex
yara_issue
  • yara issue - dex file recognized by apkid but not yara module
compiler
  • unknown (please file detection issue!)

SSdeep

Information computed with ssdeep.

APK file 3072:SoFtGl3hU80N+H9297fhsG40fYs6JPFeI:VHeuv8WhVfYsGFeI
Manifest 384:MQogSJbbzn3iJISzhcknsX0Bs5i3UAFVnfUCfSV5gxgu0xgikoMVqe3:MPgSJbbzn…
classes.dex 1536:CxaC2EkMjk+43X4gVM7Y+24k//NynC/1iifF0LYJPlB2ZD6qgRJ5+FzP2OiCwyKI…

Dexofuzzy

Information computed with Dexofuzzy.

classes.dex None

APK details

Information computed with AndroGuard and Pithus.

Package com.sec.android.RilServiceModeApp
App name Service mode RIL
Version name 9
Version code 28
SDK 11 - 28
UAID 217b20afdba5482b8eeeccc37b80f6cdfcc416f4
Signature Signature V1 Signature V2
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown

Certificate details

Information computed with AndroGuard.

MD5 d087e72912fba064cafa78dc34aea839
SHA1 9ca5170f381919dfe0446fcdab18b19a143b3163
SHA256 34df0e7a9f1cf1892e45c056b4973cd81ccf148a4050d11aea4ac5a65f900a42
Issuer Email Address: android.os@samsung.com, Common Name: Samsung Cert, Organizational Unit: DMC, Organization: Samsung Corporation, Locality: Suwon City, State/Province: South Korea, Country: KR
Not before 2011-06-22T12:25:12+00:00
Not after 2038-11-07T12:25:12+00:00

File Analysis

Information computed with MobSF.

Findings Files
Certificate/Key files hardcoded inside the app. SEC-INF/buildConfirm.crt

Manifest analysis

Information computed with MobSF.

Medium Application Data can be Backed up[android:allowBackup] flag is missing.
The flag [android:allowBackup] should be set to false. By default it is set to true and allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
High Launch Mode of Activity (.ServiceModeApp) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
Low Broadcast Receiver (SecKeyStringBroadcastReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.sec.android.app.servicemodeapp.permission.KEYSTRING
protectionLevel: signatureOrSystem [android:exported=true]
A Broadcast Receiver is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
Low Broadcast Receiver (CallDropBroadcastReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.sec.android.app.servicemodeapp.permission.KEYSTRING
protectionLevel: signatureOrSystem [android:exported=true]
A Broadcast Receiver is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
High Dailer Code: 2683662 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: \ 197328640 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: \ 27663368378 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: \ 276633683782 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 2684 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 0011 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 00112 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 123456 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 22553767 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 32489 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 2580 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 9090 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 4238378 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 745 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 66336 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 746 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 2263 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 22632 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 1575 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 6984125* Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 2886 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 2767*2878 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 147852 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 5337632 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 369852 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 1478963 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 73876766 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: \ 738767633 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: \ 7387678378 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: \ 7387677763 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: \ 4387264636 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 03 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: TESTMODE Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 1111 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 2222 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 8888 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 301279 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 279301 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 3214789 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: \ 827828868378 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 3698741 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: CP_RAMDUMP Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 58366 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 37375625 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 36764 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: \ 758353266223 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: \ 1234567890 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 119 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 33725327 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 73 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 548378 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
High Dailer Code: 622 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.

Activities

Information computed with AndroGuard. 

com.sec.android.RilServiceModeApp.ServiceModeApp
com.sec.android.RilServiceModeApp.Sec_Ril_Dump
com.sec.android.RilServiceModeApp.TerminalMode
com.sec.android.RilServiceModeApp.Svc_Dbg_Dump
com.sec.android.RilServiceModeApp.ViewRilLog
com.sec.android.RilServiceModeApp.TestApnSettings
com.sec.android.RilServiceModeApp.NandFlashHeaderRead
com.sec.android.RilServiceModeApp.GcfModeSettings
com.sec.android.RilServiceModeApp.SetupWizardSkip
com.sec.android.RilServiceModeApp.CallDropLogView
com.sec.android.RilServiceModeApp.CallDropLogAlertDialog
com.sec.android.RilServiceModeApp.ViewApnInfo
com.marvell.logtools.logSettings.LogToolsMain
com.sec.android.RilServiceModeApp.ClatConfiguration
com.sec.android.RilServiceModeApp.MptcpSimulatorActivity

Receivers

Information computed with AndroGuard. 

com.sec.android.RilServiceModeApp.SecKeyStringBroadcastReceiver
com.sec.android.RilServiceModeApp.CallDropBroadcastReceiver

Sample timeline

Oldest file found in APK Jan. 1, 2009, midnight
Latest file found in APK Jan. 1, 2009, midnight
Certificate valid not before June 22, 2011, 12:25 p.m.
First submission on VT April 27, 2021, 3:59 a.m.
Last submission on VT April 27, 2021, 3:59 a.m.
Upload on Pithus Jan. 21, 2022, 1:46 p.m.
Certificate valid not after Nov. 7, 2038, 12:25 p.m.

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['network connectivity'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to ['system logs'].
Access to Platform Resources
FDP_NET_EXT.1.1 The application has no network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product.
Protection of Data in Transit

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files: 
 com/sec/android/RilServiceModeApp/CallDropBroadcastReceiver.java
 com/sec/android/RilServiceModeApp/CallDropLogView.java
 com/sec/android/RilServiceModeApp/Sec_Ril_Dump.java
 com/sec/android/RilServiceModeApp/TerminalMode.java
 com/sec/android/RilServiceModeApp/ViewRilLog.java
 com/sec/android/RilServiceModeApp/SecKeyStringBroadcastReceiver.java
 com/sec/android/RilServiceModeApp/MptcpSimulatorActivity.java
 com/sec/android/RilServiceModeApp/ClatConfiguration.java
 com/sec/android/RilServiceModeApp/ViewApnInfo.java
 com/sec/android/RilServiceModeApp/CallDropLogAlertDialog.java
 com/sec/android/RilServiceModeApp/Svc_Dbg_Dump.java
 com/sec/android/RilServiceModeApp/ServiceModeApp.java
 com/sec/android/RilServiceModeApp/NandFlashHeaderRead.java
 com/sec/android/RilServiceModeApp/TestApnSettings.java
 com/sec/android/RilServiceModeApp/SetupWizardSkip.java
Medium
CVSS:4.3
IP Address disclosure
MASVS: MSTG-CODE-2
CWE-200 Information Exposure
Files: 
 com/sec/android/RilServiceModeApp/ServiceModeApp.java
 com/sec/android/RilServiceModeApp/MptcpSimulatorActivity.java
High
CVSS:7.4
Files may contain hardcoded sensitive informations like usernames, passwords, keys etc.
MASVS: MSTG-STORAGE-14
CWE-312 Cleartext Storage of Sensitive Information
M9: Reverse Engineering
Files: 
 com/sec/android/RilServiceModeApp/ServiceModeApp.java

Permissions analysis

Information computed with MobSF.

High android.permission.WRITE_SETTINGS modify global system settings
Allows an application to modify the system's settings data. Malicious applications can corrupt your system's configuration.
High android.permission.MOUNT_UNMOUNT_FILESYSTEMS mount and unmount file systems
Allows the application to mount and unmount file systems for removable storage.
High android.permission.CALL_PHONE directly call phone numbers
Allows the application to call phone numbers without your intervention. Malicious applications may cause unexpected calls on your phone bill. Note that this does not allow the application to call emergency numbers.
High android.permission.READ_PHONE_STATE read phone state and identity
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on.
High android.permission.WRITE_APN_SETTINGS write Access Point Name settings
Allows an application to modify the APN settings, such as Proxy and Port of any APN.
High android.permission.READ_LOGS read sensitive log data
Allows an application to read from the system's various log files. This allows it to discover general information about what you are doing with the phone, potentially including personal or private information.
High android.permission.WRITE_EXTERNAL_STORAGE read/modify/delete external storage contents
Allows an application to write to external storage.
Low android.permission.WAKE_LOCK prevent phone from sleeping
Allows an application to prevent the phone from going to sleep.
Low android.permission.ACCESS_NETWORK_STATE view network status
Allows an application to view the status of all networks.
Low android.permission.CHANGE_NETWORK_STATE change network connectivity
Allows applications to change network connectivity state.
Medium android.permission.CLEAR_APP_USER_DATA delete other applications' data
Allows an application to clear user data.
Medium android.permission.DEVICE_POWER turn phone on or off
Allows the application to turn the phone on or off.
Medium android.permission.CHANGE_CONFIGURATION change your UI settings
Allows an application to change the current configuration, such as the locale or overall font size.
Medium android.permission.MODIFY_PHONE_STATE modify phone status
Allows the application to control the phone features of the device. An application with this permission can switch networks, turn the phone radio on and off and the like, without ever notifying you.
Medium android.permission.ACCESS_CHECKIN_PROPERTIES access check-in properties
Allows read/write access to properties uploaded by the check-in service. Not for use by common applications.
Medium android.permission.WRITE_SECURE_SETTINGS modify secure system settings
Allows an application to modify the system's secure settings data. Not for use by common applications.
Medium android.permission.DUMP retrieve system internal status
Allows application to retrieve internal status of the system. Malicious applications may retrieve a wide variety of private and secure information that they should never commonly need.
com.sec.android.app.servicemodeapp.permission.KEYSTRING Unknown permission
Unknown permission from android reference
com.sec.phone.permission.SEC_FACTORY_PHONE Unknown permission
Unknown permission from android reference
com.sec.android.app.hiddenmenu.permission.KEYSTRING Unknown permission
Unknown permission from android reference
com.sec.epdgtestapp.permission.SERVICE Unknown permission
Unknown permission from android reference
samsung.permission.MPTCP_PERMISSION Unknown permission
Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Read sensitive data(SMS, CALLLOG, etc)
Confidence:
100%
Monitor the broadcast action events (BOOT_COMPLETED)
Confidence:
100%
Get calendar information
Confidence:
80%
Read file and put it into a stream
Confidence:
80%
Executes the specified string Linux command

Behavior analysis

Information computed with MobSF.

Execute os command 
       com/sec/android/RilServiceModeApp/CallDropBroadcastReceiver.java
       com/sec/android/RilServiceModeApp/Svc_Dbg_Dump.java
Get system service 
       com/sec/android/RilServiceModeApp/ClatConfiguration.java
       com/sec/android/RilServiceModeApp/TerminalMode.java
       com/sec/android/RilServiceModeApp/ServiceModeApp.java
Inter process communication 
       com/sec/android/RilServiceModeApp/CallDropBroadcastReceiver.java
       com/sec/android/RilServiceModeApp/GcfModeSettings.java
       com/sec/android/RilServiceModeApp/Sec_Ril_Dump.java
       com/sec/android/RilServiceModeApp/CallDropLogAlertDialog.java
       com/sec/android/RilServiceModeApp/TerminalMode.java
       com/sec/android/RilServiceModeApp/ViewRilLog.java
       com/sec/android/RilServiceModeApp/SecKeyStringBroadcastReceiver.java
       com/sec/android/RilServiceModeApp/Svc_Dbg_Dump.java
       com/sec/android/RilServiceModeApp/ServiceModeApp.java
       com/sec/android/RilServiceModeApp/NandFlashHeaderRead.java
       com/sec/android/RilServiceModeApp/MptcpSimulatorActivity.java
       com/sec/android/RilServiceModeApp/TestApnSettings.java
Local file i/o operations 
       com/sec/android/RilServiceModeApp/Sec_Ril_Dump.java
       com/sec/android/RilServiceModeApp/MptcpSimulatorActivity.java
       com/sec/android/RilServiceModeApp/SetupWizardSkip.java
Sending broadcast 
       com/sec/android/RilServiceModeApp/GcfModeSettings.java
       com/sec/android/RilServiceModeApp/Sec_Ril_Dump.java
       com/sec/android/RilServiceModeApp/ServiceModeApp.java
       com/sec/android/RilServiceModeApp/MptcpSimulatorActivity.java
Starting activity 
       com/sec/android/RilServiceModeApp/CallDropBroadcastReceiver.java
       com/sec/android/RilServiceModeApp/Sec_Ril_Dump.java
       com/sec/android/RilServiceModeApp/SecKeyStringBroadcastReceiver.java
       com/sec/android/RilServiceModeApp/ServiceModeApp.java
Starting service 
       com/sec/android/RilServiceModeApp/Sec_Ril_Dump.java
       com/sec/android/RilServiceModeApp/TerminalMode.java
       com/sec/android/RilServiceModeApp/Svc_Dbg_Dump.java
       com/sec/android/RilServiceModeApp/ServiceModeApp.java