Moderate Risk

Threat level

com.samsundot.report

销量上报

Analyzed on 2021-10-23T07:08:45.796045

25

permissions

9

activities

1

services

0

receivers

4

domains

File sums

MD5 30362f885543f6bc1374b03ecb7843fb
SHA1 00852936126d7736d6824a23f41ebcf746f7ef64
SHA256 31495b92b9dd46b6ec2035510564867e30817a7f2c27a3f4ec07aed2d2e235b3
Size 1.36MB

APKiD

Information computed with APKiD.

/tmp/tmpzl4elwt1!classes.dex
anti_vm
  • subscriber ID check
compiler
  • r8

SSdeep

Information computed with ssdeep.

APK file 24576:7rP4IunLWeGodvADeDYiyiNAHNKOvt9c1XuVtgyrb1IR63fVu6:wIQieTmeVyL99wutrBIR6vVu6
Manifest 192:H7iF6emKsD99D9Ow/p3q38iDXu3yNMAYQuvQpcKH3FSL4Sh7dAVoJ:2F6xKsD99D9…
classes.dex 49152:l0B9IYl1wncaGKlK7DCsvsGK62bDQBazVWZB:l0BFkUSGK62sB

Dexofuzzy

Information computed with Dexofuzzy.

APK file 1536:GverIaxQpxenk5YHMMGcuwqtdPOn0I7vXgRycYzKa/E550uQ0ewCDIS+vY0T:eeJ…
classes.dex 1536:GverIaxQpxenk5YHMMGcuwqtdPOn0I7vXgRycYzKa/E550uQ0ewCDIS+vY0T:eeJ…

APK details

Information computed with AndroGuard and Pithus.

Package com.samsundot.report
App name 销量上报
Version name 2.0.5
Version code 10
SDK 24 - 26
UAID 907e6a07763046e5b3c6088ea82572f27d018c24
Signature Signature V1 Signature V2
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0x42726577: Verity padding

Certificate details

Information computed with AndroGuard.

MD5 1bca9395a12bc7bc7e4943ed7cb92971
SHA1 96fb67450345a16046f244cd914502c1a9de242f
SHA256 89b82272589ecdfdf445cc62c6def1b970f4eb7092bd920f2f4d4ffd301911a2
Issuer Common Name: Lenovo MBG, Organizational Unit: Sales, Locality: BJ, State/Province: BEIJING, Country: CN
Not before 2017-11-28T02:41:32+00:00
Not after 2042-11-22T02:41:32+00:00

Manifest analysis

Information computed with MobSF.

Medium Application Data can be Backed up[android:allowBackup=true]
This flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
High Service (com.baidu.location.f) is not Protected.An intent-filter exists.
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Service is explicitly exported.

Main Activity

Information computed with AndroGuard.

com.samsundot.report.activity.LoginActivity

Activities

Information computed with AndroGuard.

com.samsundot.report.activity.LoginActivity
com.samsundot.report.activity.MainActivity
com.zijunlin.Zxing.Demo.CaptureActivity
com.samsundot.report.activity.ForgetPasswordActivity
com.samsundot.report.activity.ManualReportActivity
com.samsundot.report.activity.ReportInfoActivity
com.samsundot.report.activity.ReportInfoActivity2
com.samsundot.report.activity.SaleQueryDetailActivity
com.samsundot.report.activity.ResetPasswordActivity

Services

Information computed with AndroGuard.

com.baidu.location.f

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application use no DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['location', 'network connectivity', 'microphone', 'camera'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to ['system logs'].
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application implement functionality to encrypt sensitive data in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit
FCS_COP.1.1(2) The application perform cryptographic hashing services not in accordance with FCS_COP.1.1(2) and uses the cryptographic algorithm RC2/RC4/MD4/MD5.
Cryptographic Operation - Hashing
FCS_HTTPS_EXT.1.1 The application implement the HTTPS protocol that complies with RFC 2818.
HTTPS Protocol
FCS_HTTPS_EXT.1.2 The application implement HTTPS using TLS.
HTTPS Protocol
FCS_HTTPS_EXT.1.3 The application notify the user and not establish the connection or request application authorization to establish the connection if the peer certificate is deemed invalid.
HTTPS Protocol
FIA_X509_EXT.1.1 The application invoked platform-provided functionality to validate certificates in accordance with the following rules: ['The certificate path must terminate with a trusted CA certificate'].
X.509 Certificate Validation
FIA_X509_EXT.2.1 The application use X.509v3 certificates as defined by RFC 5280 to support authentication for HTTPS , TLS.
X.509 Certificate Authentication

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 com/zijunlin/Zxing/Demo/camera/AutoFocusCallback.java
net/tsz/afinal/bitmap/core/DiskCache.java
net/tsz/afinal/core/AsyncTask.java
com/zijunlin/Zxing/Demo/camera/PreviewCallback.java
com/samsundot/report/utils/SIMCardInfo.java
com/baidu/location/LocationClient.java
net/tsz/afinal/utils/Utils.java
com/baidu/location/b/a/b.java
com/samsundot/report/network/NetworkDataService.java
com/samsundot/report/activity/LoginActivity.java
com/zijunlin/Zxing/Demo/camera/CameraConfigurationManager.java
com/zijunlin/Zxing/Demo/camera/CameraManager.java
com/samsundot/report/network/ServerAsyncRequester.java
net/tsz/afinal/bitmap/download/SimpleDownloader.java
com/samsundot/report/network/ServerInterface.java
org/jsoup/examples/ListLinks.java
com/baidu/location/c.java
org/jsoup/examples/HtmlToPlainText.java
com/baidu/location/aj.java
net/tsz/afinal/exception/ViewException.java
com/baidu/location/t.java
com/zijunlin/Zxing/Demo/decoding/DecodeHandler.java
com/lidroid/xutils/util/LogUtils.java
com/baidu/location/k.java
net/tsz/afinal/FinalDb.java
com/samsundot/report/network/NetworkHelper.java
com/baidu/location/ad.java
com/zijunlin/Zxing/Demo/camera/FlashlightManager.java
com/samsundot/report/net/HttpClientUtil.java
com/zijunlin/Zxing/Demo/decoding/CaptureActivityHandler.java
High
CVSS:7.5
The App uses an insecure Random Number Generator.
MASVS: MSTG-CRYPTO-6
CWE-330 Use of Insufficiently Random Values
M5: Insufficient Cryptography
Files:
 com/alibaba/fastjson/JSONArray.java
com/lidroid/xutils/http/client/multipart/MultipartEntity.java
net/tsz/afinal/core/Arrays.java
com/baidu/location/au.java
net/tsz/afinal/http/MultipartEntity.java
High
CVSS:7.4
Files may contain hardcoded sensitive informations like usernames, passwords, keys etc.
MASVS: MSTG-STORAGE-14
CWE-312 Cleartext Storage of Sensitive Information
M9: Reverse Engineering
Files:
 com/samsundot/report/network/RequestParams.java
com/alibaba/fastjson/JSON.java
org/jsoup/nodes/XmlDeclaration.java
org/jsoup/nodes/DataNode.java
com/zijunlin/Zxing/Demo/decoding/Intents.java
org/jsoup/nodes/Comment.java
org/jsoup/nodes/TextNode.java
High
CVSS:7.4
Insecure Implementation of SSL. Trusting all the certificates or accepting self signed certificates is a critical Security Hole. This application is vulnerable to MITM attacks
MASVS: MSTG-NETWORK-3
CWE-295 Improper Certificate Validation
M3: Insecure Communication
Files:
 com/lidroid/xutils/http/client/DefaultSSLSocketFactory.java
com/baidu/location/t.java
com/lidroid/xutils/util/OtherUtils.java
High
CVSS:5.5
App can read/write to External Storage. Any App can read data written to External Storage.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 com/baidu/location/b/a/b.java
com/samsundot/report/network/IOUtils.java
com/lidroid/xutils/util/OtherUtils.java
com/baidu/location/c.java
com/baidu/location/ac.java
com/baidu/location/a0.java
com/baidu/location/ap.java
net/tsz/afinal/utils/Utils.java
High
CVSS:7.4
MD5 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 com/baidu/location/b/a/c.java
net/tsz/afinal/core/FileNameGenerator.java
com/lidroid/xutils/cache/MD5FileNameGenerator.java
High
CVSS:5.9
App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
M7: Client Code Quality
Files:
 com/baidu/location/ax.java
com/baidu/location/m.java
com/baidu/location/a1.java
net/tsz/afinal/FinalDb.java
com/baidu/location/a3.java
com/lidroid/xutils/DbUtils.java
High
CVSS:5.9
SHA-1 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 com/baidu/location/w.java
Medium
CVSS:4.3
IP Address disclosure
MASVS: MSTG-CODE-2
CWE-200 Information Exposure
Files:
 com/baidu/location/t.java
com/samsundot/report/ConstantValue.java
com/samsundot/report/global/SamConstants.java
Info
CVSS:0
This App uses SSL certificate pinning to detect or prevent MITM attacks in secure communication channel.
MASVS: MSTG-NETWORK-4
Files:
 com/baidu/location/t.java
com/samsundot/report/network/NetworkHelper.java
Pygal Hong Kong: 100 United States: 200

Map computed by Pithus.

Domains analysis

Information computed with MobSF.

US api.skyhookwireless.com 52.8.77.94
HK loc.map.baidu.com 103.235.47.89
lba.baidu.com
US skyhookwireless.com 96.45.82.232

URL analysis

Information computed with MobSF.

http://loc.map.baidu.com/fence
Defined in com/baidu/location/ax.java
http://loc.map.baidu.com/sdk_ep.php
http://loc.map.baidu.com/sdk.php
http://loc.map.baidu.com/oqur.php
https://api.skyhookwireless.com/wps2/location
http://loc.map.baidu.com/tcu.php
http://loc.map.baidu.com/user_err.php
Defined in com/baidu/location/c.java
http://loc.map.baidu.com/sdk_ep.php
http://loc.map.baidu.com/sdk.php
http://loc.map.baidu.com/oqur.php
https://api.skyhookwireless.com/wps2/location
http://loc.map.baidu.com/tcu.php
http://loc.map.baidu.com/user_err.php
Defined in com/baidu/location/c.java
http://loc.map.baidu.com/sdk_ep.php
http://loc.map.baidu.com/sdk.php
http://loc.map.baidu.com/oqur.php
https://api.skyhookwireless.com/wps2/location
http://loc.map.baidu.com/tcu.php
http://loc.map.baidu.com/user_err.php
Defined in com/baidu/location/c.java
http://loc.map.baidu.com/sdk_ep.php
http://loc.map.baidu.com/sdk.php
http://loc.map.baidu.com/oqur.php
https://api.skyhookwireless.com/wps2/location
http://loc.map.baidu.com/tcu.php
http://loc.map.baidu.com/user_err.php
Defined in com/baidu/location/c.java
http://loc.map.baidu.com/sdk_ep.php
http://loc.map.baidu.com/sdk.php
http://loc.map.baidu.com/oqur.php
https://api.skyhookwireless.com/wps2/location
http://loc.map.baidu.com/tcu.php
http://loc.map.baidu.com/user_err.php
Defined in com/baidu/location/c.java
http://loc.map.baidu.com/sdk_ep.php
http://loc.map.baidu.com/sdk.php
http://loc.map.baidu.com/oqur.php
https://api.skyhookwireless.com/wps2/location
http://loc.map.baidu.com/tcu.php
http://loc.map.baidu.com/user_err.php
Defined in com/baidu/location/c.java
http://loc.map.baidu.com/fence
Defined in com/baidu/location/a3.java
http://skyhookwireless.com/wps/2005
Defined in com/baidu/location/s.java
http://lba.baidu.com/
Defined in com/baidu/location/BDLocation.java

Permissions analysis

Information computed with MobSF.

High android.permission.READ_PHONE_STATE read phone state and identity
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on.
High android.permission.WRITE_SETTINGS modify global system settings
Allows an application to modify the system's settings data. Malicious applications can corrupt your system's configuration.
High android.permission.WRITE_EXTERNAL_STORAGE read/modify/delete external storage contents
Allows an application to write to external storage.
High android.permission.ACCESS_COARSE_LOCATION coarse (network-based) location
Access coarse location sources, such as the mobile network database, to determine an approximate phone location, where available. Malicious applications can use this to determine approximately where you are.
High android.permission.RECORD_AUDIO record audio
Allows application to access the audio record path.
High android.permission.CALL_PHONE directly call phone numbers
Allows the application to call phone numbers without your intervention. Malicious applications may cause unexpected calls on your phone bill. Note that this does not allow the application to call emergency numbers.
High android.permission.CAMERA take pictures and videos
Allows application to take pictures and videos with the camera. This allows the application to collect images that the camera is seeing at any time.
High android.permission.MANAGE_ACCOUNTS manage the accounts list
Allows an application to perform operations like adding and removing accounts and deleting their password.
High android.permission.GET_ACCOUNTS list accounts
Allows access to the list of accounts in the Accounts Service.
High android.permission.ACCESS_FINE_LOCATION fine (GPS) location
Access fine location sources, such as the Global Positioning System on the phone, where available. Malicious applications can use this to determine where you are and may consume additional battery power.
High android.permission.MOUNT_UNMOUNT_FILESYSTEMS mount and unmount file systems
Allows the application to mount and unmount file systems for removable storage.
High android.permission.READ_LOGS read sensitive log data
Allows an application to read from the system's various log files. This allows it to discover general information about what you are doing with the phone, potentially including personal or private information.
Low android.permission.INTERNET full Internet access
Allows an application to create network sockets.
Low android.permission.ACCESS_NETWORK_STATE view network status
Allows an application to view the status of all networks.
Low android.permission.RECEIVE_BOOT_COMPLETED automatically start at boot
Allows an application to start itself as soon as the system has finished booting. This can make it take longer to start the phone and allow the application to slow down the overall phone by always running.
Low android.permission.VIBRATE control vibrator
Allows the application to control the vibrator.
Low android.permission.DISABLE_KEYGUARD Allows applications to disable the keyguard if it is not secure.
Low android.permission.ACCESS_WIFI_STATE view Wi-Fi status
Allows an application to view the information about the status of Wi-Fi.
Low android.permission.FLASHLIGHT control flashlight
Allows the application to control the flashlight.
Low android.permission.MODIFY_AUDIO_SETTINGS change your audio settings
Allows application to modify global audio settings, such as volume and routing.
Low android.permission.CHANGE_WIFI_STATE change Wi-Fi status
Allows an application to connect to and disconnect from Wi-Fi access points and to make changes to configured Wi-Fi networks.
Low android.permission.WAKE_LOCK prevent phone from sleeping
Allows an application to prevent the phone from going to sleep.
Medium android.permission.CHANGE_CONFIGURATION change your UI settings
Allows an application to change the current configuration, such as the locale or overall font size.
android.permission.ACCESS_DOWNLOAD_MANAGER Unknown permission
Unknown permission from android reference
android.permission.DOWNLOAD_WITHOUT_NOTIFICATION Unknown permission
Unknown permission from android reference

Tracking analysis

Information computed with Exodus-core.

Baidu Location https://reports.exodus-privacy.eu.org/fr/trackers/97

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Implicit intent(view a web page, make a phone call, etc.)
Confidence:
100%
Find a method from given class name, usually for reflection
Confidence:
100%
Connect to a URL and receive input stream from the server
Confidence:
100%
Method reflection
Confidence:
100%
Retrieve data from broadcast
Confidence:
100%
Read sensitive data(SMS, CALLLOG, etc)
Confidence:
100%
Connect to a URL and get the response code
Confidence:
100%
Query the SIM card status
Confidence:
100%
Monitor the broadcast action events (BOOT_COMPLETED)
Confidence:
100%
Query the IMSI number
Confidence:
100%
Get the current WIFI information
Confidence:
100%
Query the IMEI number
Confidence:
100%
Method reflection
Confidence:
100%
Connect to the remote server through the given URL
Confidence:
100%
Query WiFi information and WiFi Mac Address
Confidence:
100%
Query data from URI (SMS, CALLLOGS)
Confidence:
100%
Initialize class object dynamically
Confidence:
100%
Connect to a URL and set request method
Confidence:
80%
Write HTTP input stream into a file
Confidence:
80%
Query the current data network type
Confidence:
80%
Read data and put it into a buffer stream
Confidence:
80%
Connect to a URL and read data from it
Confidence:
80%
Read file and put it into a stream
Confidence:
80%
Load class from given class name
Confidence:
80%
Write the IMEI number into a file
Confidence:
80%
Return dynamic information about the current Wi-Fi connection
Confidence:
80%
Get calendar information
Confidence:
80%
Read the input stream from given URL
Confidence:
80%
Get the current WiFi MAC address
Confidence:
80%
Get specific method from other Dex files

Behavior analysis

Information computed with MobSF.

Certificate handling
       com/lidroid/xutils/http/client/DefaultSSLSocketFactory.java
com/baidu/location/t.java
com/lidroid/xutils/util/OtherUtils.java
net/tsz/afinal/FinalHttp.java
com/samsundot/report/network/NetworkHelper.java
com/lidroid/xutils/HttpUtils.java
Crypto
       com/baidu/location/b/b/a.java
Dynamic class and dexloading
       com/baidu/location/f.java
Gps location
       com/baidu/location/q.java
com/baidu/location/y.java
com/samsundot/report/activity/ReportInfoActivity2.java
com/baidu/location/ak.java
com/baidu/location/ab.java
com/baidu/location/a1.java
com/samsundot/report/fragment/ReportFragment.java
com/samsundot/report/activity/ReportInfoActivity.java
com/baidu/location/LocationClient.java
com/baidu/location/z.java
Get cell location
       com/baidu/location/u.java
Get phone number
       com/samsundot/report/utils/SIMCardInfo.java
Get sim serial number
       com/samsundot/report/activity/RPBaseActivity.java
com/samsundot/report/activity/RPBaseActivity2.java
Get subscriber id
       com/baidu/location/ax.java
com/baidu/location/u.java
com/samsundot/report/utils/SIMCardInfo.java
Get system service
       com/baidu/location/af.java
com/lidroid/xutils/bitmap/BitmapGlobalConfig.java
com/baidu/location/ax.java
com/samsundot/report/utils/SIMCardInfo.java
com/baidu/location/au.java
com/samsundot/report/net/NetworkUtil.java
com/baidu/location/b/a/b.java
com/samsundot/report/fragment/BarCodeScanFragment.java
com/baidu/location/a2.java
com/zijunlin/Zxing/Demo/camera/CameraConfigurationManager.java
com/samsundot/report/activity/RPBaseActivity.java
com/samsundot/report/fragment/QrCodeScanFragment.java
com/baidu/location/l.java
com/baidu/location/i.java
net/tsz/afinal/bitmap/core/BitmapCache.java
com/baidu/location/am.java
com/baidu/location/ab.java
com/baidu/location/ah.java
com/baidu/location/u.java
com/baidu/location/a3.java
com/baidu/location/z.java
com/baidu/location/t.java
com/samsundot/report/utils/NetWorkUtils.java
com/zijunlin/Zxing/Demo/CaptureActivity.java
com/samsundot/report/activity/RPBaseActivity2.java
Get wifi details
       com/baidu/location/au.java
Http connection
       com/lidroid/xutils/http/callback/DefaultHttpRedirectHandler.java
com/baidu/location/ac.java
com/lidroid/xutils/http/callback/HttpRedirectHandler.java
com/baidu/location/ax.java
org/jsoup/helper/HttpConnection.java
com/lidroid/xutils/http/SyncHttpHandler.java
com/baidu/location/t.java
net/tsz/afinal/http/RetryHandler.java
com/baidu/location/d.java
com/lidroid/xutils/http/HttpHandler.java
net/tsz/afinal/http/SyncRequestHandler.java
com/lidroid/xutils/util/OtherUtils.java
net/tsz/afinal/FinalHttp.java
com/lidroid/xutils/http/client/HttpRequest.java
net/tsz/afinal/bitmap/download/SimpleDownloader.java
com/lidroid/xutils/http/client/RetryHandler.java
net/tsz/afinal/http/HttpHandler.java
com/samsundot/report/network/NetworkHelper.java
com/lidroid/xutils/HttpUtils.java
Http requests, connections and sessions
       com/baidu/location/t.java
com/lidroid/xutils/http/HttpHandler.java
net/tsz/afinal/http/SyncRequestHandler.java
net/tsz/afinal/FinalHttp.java
net/tsz/afinal/http/HttpHandler.java
com/lidroid/xutils/http/SyncHttpHandler.java
com/samsundot/report/network/NetworkHelper.java
com/samsundot/report/net/HttpClientUtil.java
com/lidroid/xutils/HttpUtils.java
Https connection
       com/lidroid/xutils/util/OtherUtils.java
Inter process communication
       com/samsundot/report/activity/ReportInfoActivity.java
com/baidu/location/az.java
com/baidu/location/LocationClient.java
com/samsundot/report/fragment/SaleQueryFragment.java
com/baidu/location/au.java
com/samsundot/report/activity/LoginActivity.java
com/baidu/location/GeofenceClient.java
com/baidu/location/l.java
com/baidu/location/i.java
com/baidu/location/f.java
com/samsundot/report/activity/ReportInfoActivity2.java
com/samsundot/report/activity/ManualReportActivity.java
com/samsundot/report/activity/MainActivity.java
com/baidu/location/ab.java
com/zijunlin/Zxing/Demo/decoding/Intents.java
com/baidu/location/LLSInterface.java
com/baidu/location/a3.java
com/zijunlin/Zxing/Demo/decoding/DecodeFormatManager.java
com/zijunlin/Zxing/Demo/CaptureActivity.java
com/samsundot/report/fragment/ReportFragment.java
com/samsundot/report/activity/SaleQueryDetailActivity.java
com/samsundot/report/activity/ForgetPasswordActivity.java
com/baidu/location/ad.java
com/zijunlin/Zxing/Demo/camera/FlashlightManager.java
com/zijunlin/Zxing/Demo/decoding/CaptureActivityHandler.java
com/samsundot/report/fragment/SettingFragment.java
Java reflection
       com/alibaba/fastjson/JSONObject.java
com/lidroid/xutils/ViewUtils.java
com/lidroid/xutils/db/table/Id.java
net/tsz/afinal/annotation/view/EventListener.java
com/baidu/location/au.java
com/lidroid/xutils/view/EventListenerManager.java
com/alibaba/fastjson/serializer/FieldSerializer.java
com/alibaba/fastjson/parser/ParserConfig.java
com/alibaba/fastjson/parser/deserializer/ASMDeserializerFactory.java
com/alibaba/fastjson/serializer/SerializeConfig.java
net/tsz/afinal/db/table/TableInfo.java
com/lidroid/xutils/bitmap/BitmapCommonUtils.java
com/lidroid/xutils/db/table/Finder.java
com/alibaba/fastjson/util/ASMUtils.java
com/lidroid/xutils/db/table/Column.java
com/alibaba/fastjson/parser/deserializer/FieldDeserializer.java
com/baidu/location/u.java
net/tsz/afinal/utils/ClassUtils.java
com/alibaba/fastjson/serializer/JavaBeanSerializer.java
com/lidroid/xutils/db/table/ColumnUtils.java
com/lidroid/xutils/db/table/TableUtils.java
com/alibaba/fastjson/util/TypeUtils.java
com/lidroid/xutils/util/OtherUtils.java
com/lidroid/xutils/db/table/Foreign.java
net/tsz/afinal/utils/FieldUtils.java
com/lidroid/xutils/bitmap/callback/DefaultBitmapLoadCallBack.java
com/alibaba/fastjson/util/DeserializeBeanInfo.java
net/tsz/afinal/db/table/Property.java
com/alibaba/fastjson/util/FieldInfo.java
com/zijunlin/Zxing/Demo/camera/FlashlightManager.java
net/tsz/afinal/FinalActivity.java
com/alibaba/fastjson/serializer/ASMSerializerFactory.java
Loading native code (shared library)
       com/baidu/location/CommonEncrypt.java
com/baidu/location/Jni.java
Local file i/o operations
       net/tsz/afinal/http/PreferencesCookieStore.java
com/samsundot/report/utils/SharedPreferenceManager.java
com/samsundot/report/utils/LocationProvider.java
com/samsundot/report/network/IOUtils.java
com/lidroid/xutils/util/OtherUtils.java
com/baidu/location/c.java
com/baidu/location/a1.java
net/tsz/afinal/FinalDb.java
com/baidu/location/ap.java
com/lidroid/xutils/util/PreferencesCookieStore.java
net/tsz/afinal/utils/Utils.java
com/lidroid/xutils/DbUtils.java
Message digest
       com/baidu/location/w.java
com/baidu/location/b/a/c.java
net/tsz/afinal/core/FileNameGenerator.java
com/lidroid/xutils/cache/MD5FileNameGenerator.java
Sending broadcast
       com/baidu/location/a3.java
Starting activity
       com/samsundot/report/activity/LoginActivity.java
com/zijunlin/Zxing/Demo/CaptureActivity.java
com/samsundot/report/activity/ManualReportActivity.java
com/samsundot/report/activity/MainActivity.java
com/samsundot/report/fragment/ReportFragment.java
com/samsundot/report/activity/ForgetPasswordActivity.java
com/samsundot/report/fragment/SaleQueryFragment.java
com/zijunlin/Zxing/Demo/decoding/CaptureActivityHandler.java
com/samsundot/report/fragment/SettingFragment.java
Starting service
       com/baidu/location/GeofenceClient.java
com/baidu/location/LocationClient.java
Tcp socket
       com/lidroid/xutils/http/client/DefaultSSLSocketFactory.java
com/baidu/location/t.java
net/tsz/afinal/http/RetryHandler.java
com/lidroid/xutils/http/client/RetryHandler.java
com/samsundot/report/network/NetworkException.java
com/samsundot/report/network/NetworkHelper.java
Url connection to file/http/https/ftp/jar
       com/lidroid/xutils/bitmap/download/DefaultDownloader.java

Control flow graphs analysis

Information computed by Pithus.

The application probably gets different information regarding the telephony capabilities

The application probably gets the serial number of the SIM card

The application probably gets the subscriber ID associated to the SIM card/ Should never be collected

The application probably determines the location based on cell towers

The application probably gets the phone number associated to the SIM card

The application probably scans the Wi-Fi network

The application probably gets the Wi-Fi connection information

The application probably gets network interfaces addresses (IP and/or MAC)

The application probably sends data over HTTP/S

The application probably starts another application

The application probably listens accessibility events