0/60

Threat

com.application.zomato

Zomato

Analyzed on 2021-12-15T03:11:42.664643

24

permissions

264

activities

20

services

22

receivers

71

domains

File sums

MD5 7127a930cc866e924dcfa0b11d303c43
SHA1 8f8f3849f5a18e354cfe22ee898ef9303380c652
SHA256 3a6741656f379c0ff8244fcaf13a959ee83b915b3ccd84720e6a9c0e4705f9b7
Size 32.68MB

APKiD

Information computed with APKiD.

/tmp/tmpgiquy1g7!classes.dex
anti_vm
  • Build.FINGERPRINT check
  • Build.MODEL check
  • Build.MANUFACTURER check
  • Build.PRODUCT check
  • Build.HARDWARE check
  • Build.TAGS check
  • SIM operator check
  • network operator name check
  • possible VM check
anti_debug
  • Debug.isDebuggerConnected() check
compiler
  • r8
/tmp/tmpgiquy1g7!classes2.dex
anti_vm
  • Build.FINGERPRINT check
  • Build.MODEL check
  • Build.MANUFACTURER check
  • Build.PRODUCT check
  • Build.HARDWARE check
  • Build.BOARD check
  • possible Build.SERIAL check
  • Build.TAGS check
  • SIM operator check
  • network operator name check
  • subscriber ID check
  • ro.hardware check
  • ro.kernel.qemu check
obfuscator
  • unreadable field names
  • unreadable method names
anti_debug
  • Debug.isDebuggerConnected() check
compiler
  • r8 without marker (suspicious)
/tmp/tmpgiquy1g7!classes3.dex
compiler
  • r8 without marker (suspicious)
/tmp/tmpgiquy1g7!classes4.dex
anti_vm
  • Build.MANUFACTURER check
  • network operator name check
compiler
  • r8 without marker (suspicious)
/tmp/tmpgiquy1g7!classes5.dex
anti_vm
  • Build.MANUFACTURER check
compiler
  • r8 without marker (suspicious)
/tmp/tmpgiquy1g7!classes6.dex
anti_vm
  • Build.FINGERPRINT check
  • Build.MODEL check
  • Build.MANUFACTURER check
  • Build.BRAND check
  • Build.DEVICE check
  • Build.PRODUCT check
  • Build.HARDWARE check
  • Build.TAGS check
  • network operator name check
  • possible VM check
anti_debug
  • Debug.isDebuggerConnected() check
compiler
  • r8 without marker (suspicious)
/tmp/tmpgiquy1g7!classes7.dex
anti_vm
  • Build.MANUFACTURER check
compiler
  • r8 without marker (suspicious)

SSdeep

Information computed with ssdeep.

APK file 786432:4OV+rdGo/CejC0VOC1j3PY6yOfFrN9uWQCHS2NrlQB1kmQV9UK4:4OV+L1e0z1j3AUn9QCBNmkZ8
Manifest 768:kQ1zljPPlT6U07K3SEN2/RxcKE6JH/ic7/FSbqUQt+ITMaYo9OeZ/i3KJ3yn0GAA:…
classes.dex 98304:9iy9x3u4zEISGG0bB5yYqD83jPpCBSMR+0YiuckeOXB8b0:9isfbBEmoP9Oab0
classes2.dex 49152:/ywoGgeIoAhrfXWIin+VjmHZ9TOvZix5T9Jdu7E7yEWDEuCnRl/tgDwzvxD1uW3…
classes3.dex 49152:jiT8JgRtccoRE/kELd9wK56aOvfyOQuFbPSvtlEzVVUijhplH+Q5:uT827oRHKd…
classes4.dex 49152:IhE6LVpAma3YE91GKnui7fPV+019qa33MYVnm2m+XR:IXxa31zhj/qan3m2m+h
classes5.dex 49152:qVFjsyfvTDlMKhutBbnxweAMFt9+l6TeyI:qcyPjKBbn/7Ft9+l6TS
classes6.dex 49152:GhsNmjZzzUdiCi+TAUCgscnDfNUlS3kNP993Pe+YtZD5:GhbjZckiA6DfR0NPb2…
classes7.dex 24576:M6Fr5E1H/mQOV8Xx6BGCs/Ga63oVi0IWaENIhBqRazoDJ/g+FHVojvkexyTOqZD…

Dexofuzzy

Information computed with Dexofuzzy.

APK file 24576:Qtf99SgbNH08XrfqjpNO1V1Iv23mwlmFHdBrihPSD:QtfPQ63mNFH7
classes.dex 6144:9r9ICp1ER2QEOLfuY2A4MhZ9esjHPcG1/QyCsltNQdKZb+PhzOqqqqqqq6q5qqaM…
classes2.dex 6144:vdpRn9MpmOI3n8u75Sd1VxMOgoBoMHXqgHR0aGYM7m8m1D83mPu8EzFmB:zq08Xr…
classes3.dex 6144:XeJHgXS8x1qxEeDVqqqZqqbVeWqkdmxqqqqqqquqqbqqqqqqqGq+qlq0qrquqqns…
classes4.dex 3072:+TVz26ZRfSAeJFkZmrzSuFkB3fuUqqqRQqqqvmqqqFq6qiehZF:+526jeSQVCBPu…
classes5.dex 1536:OEBVZjOov8t9793flRZfCEXL0478iV1yZCw7pwpJfp/pVpWyIII7pmpYpvp0pipt…
classes6.dex 6144:+CHUbd44/4H/F44WAX7Rcjqmqqq9qPqXtGFvqoIAVp/gDKVqCr2Kn1:jHUbqHdBr…
classes7.dex 3072:TDUzV04w2YkjjoOE4+eb7lvUyG3OWnZQi1w2GGQQ6180BMqMqfqqqqqqqFqgqUqb…

APK details

Information computed with AndroGuard and Pithus.

Package com.application.zomato
App name Zomato
Version name 15.7.3
Version code 1710015730
SDK 21 - 30
UAID dd98f60bf786d66dbc38eab3ff49082b3e3d7d88
Signature Signature V1 Signature V2 Signature V3
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0xf05368c0: Unknown
  • 0x6dff800d: Source stamp V2 X509 cert
  • 0x42726577: Verity padding

Certificate details

Information computed with AndroGuard.

MD5 0949c2b6aee5c686c60affb6bd35e30f
SHA1 08b0e4fd1da1a2fd3084fa9b6ff4f9e6b389b371
SHA256 37722d88cc9f04f83ff7beca291858e5b0cea8d39250d12932b389ffa6313845
Issuer Common Name: Anuj Middha, Organizational Unit: Zomato, Organization: Zomato, Locality: Delhi, State/Province: New Delhi, Country: IN
Not before 2011-01-10T18:39:05+00:00
Not after 2060-12-28T18:39:05+00:00

File Analysis

Information computed with MobSF.

Findings Files
Certificate/Key files hardcoded inside the app. com/clevertap/android/sdk/certificates/DigiCertGlobalRootCA.crt
com/clevertap/android/sdk/certificates/DigiCertSHA2SecureServerCA.crt
okhttp3/internal/publicsuffix/NOTICE
stamp-cert-sha256

Manifest analysis

Information computed with MobSF.

Medium Application Data can be Backed up[android:allowBackup=true]
This flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
High Activity (com.application.zomato.routers.WeblinkRouter) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.application.zomato.routers.ShortlinkRouter) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.application.zomato.user.bookmarks.NitroBookmarksActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.application.zomato.routers.DeepLinkRouter) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Broadcast Receiver (com.appsflyer.SingleInstallBroadcastReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (net.openid.appauth.RedirectUriReceiverActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.library.zomato.ordering.listeners.IncomingSmsReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.facebook.CustomTabActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Content Provider (com.library.zomato.calleridprovider.CallerIdProvider) is not Protected. [android:exported=true]
A Content Provider is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.zomato.notifications.services.track.TrackNotificationJob) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (com.zomato.notifications.receivers.AppUpdateBroadcastReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Broadcast Receiver (com.zomato.notifications.receivers.LocaleChangeBroadcastReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Broadcast Receiver (com.akamai.android.sdk.internal.AnaBroadcastReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.google.android.c2dm.permission.SEND [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (androidx.work.impl.background.systemjob.SystemJobService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.google.android.c2dm.permission.SEND [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (com.google.android.gms.auth.api.signin.RevocationBoundService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (com.google.android.play.core.assetpacks.AssetPackExtractionService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.amazon.identity.auth.device.workflow.WorkflowActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (amazonpay.silentpay.RedirectUriReceiverActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
Medium High Intent Priority (999)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.
Medium High Intent Priority (999)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.

Browsable activities

Information computed with MobSF.

com.application.zomato.activities.Splash

Schemes: zomatobranchsdk://

com.application.zomato.routers.WeblinkRouter

Hosts: www.zomato.com accounts.zomato.com

Schemes: http:// https://

com.application.zomato.routers.ShortlinkRouter

Hosts: *.zoma.to *.z.tt zoma.to z.tt

Schemes: http:// https://

Mime types: image/*

com.application.zomato.routers.DeepLinkRouter

Schemes: zomato://

net.openid.appauth.RedirectUriReceiverActivity

Schemes: com.application.zomato:// com.googleusercontent.apps.442739719837-c6kjl3jbqg6r27724sjg5iatlpuqetrn://

com.facebook.CustomTabActivity

Hosts: cct.com.application.zomato

Schemes: @string/fb_login_protocol_scheme:// fbconnect://

com.amazon.identity.auth.device.workflow.WorkflowActivity

Hosts: com.application.zomato

Schemes: amzn://

amazonpay.silentpay.RedirectUriReceiverActivity

Hosts: amazonpay.amazon.in

Schemes: amzn://

Main Activity

Information computed with AndroGuard.

com.application.zomato.activities.Splash

Activities

Information computed with AndroGuard.

com.application.zomato.routers.webview.ZFallbackWebviewActivity
com.application.zomato.gold.membership.GoldManageMembershipActivity
com.application.zomato.activities.Splash
com.application.zomato.login.ZomatoActivity
com.application.zomato.red.nitro.goldRating.GoldRatingActivity
com.application.zomato.activities.ShowLeaderboard
com.application.zomato.feedingindia.cartPage.view.FeedingIndiaCartActivity
com.application.zomato.genericHeaderFragmentComponents.FeedingIndiaHomeActivity
com.application.zomato.user.notifications.NotificationActivity
com.library.zomato.ordering.home.quickLinks.QuickLinksActivity
com.application.zomato.notification.NotificationPrefActivity
com.application.zomato.settings.activities.SettingsActivity
com.application.zomato.settings.account.activities.ChangeEmailActivity
com.application.zomato.settings.account.activities.AccountSettingsActivity
com.application.zomato.settings.account.changePassword.activities.ChangePasswordActivity
com.application.zomato.settings.account.accountDeletion.activities.DeleteAccountActivity
com.application.zomato.activities.ReportError
com.application.zomato.user.EditProfileActivity
com.application.zomato.gallery.ZGallery
com.facebook.FacebookActivity
com.application.zomato.routers.WeblinkRouter
com.application.zomato.routers.ShortlinkRouter
com.application.zomato.activities.SearchUser
com.application.zomato.user.stats.UserStatsPage
com.application.zomato.feedback.FeedbackPage
com.application.zomato.gallery.ZPhotoTagging
com.application.zomato.gallery.ZPhotoCommentsLikes
com.application.zomato.user.bookmarks.NitroBookmarksActivity
com.application.zomato.collections.v14.views.CollectionDetailsActivity
com.application.zomato.red.RedWebView
com.application.zomato.gold.newgold.cart.views.GoldCartActivity
com.application.zomato.red.nitro.eventcart.BuyEventTicketsActivity
com.application.zomato.routers.DeepLinkRouter
com.application.zomato.activities.MigratorActivity
com.application.zomato.newRestaurant.view.TabbedRestaurantActivity
com.application.zomato.newRestaurant.view.AboutRestaurantActivity
com.application.zomato.user.expertDetail.view.ExpertStoryListActivity
com.application.zomato.review.drafts.view.ReviewDraftsActivity
com.application.zomato.newRestaurant.view.MerchantPostPage
com.application.zomato.newRestaurant.view.SinglePostPage
com.application.zomato.restaurant.MapsActivity
com.application.zomato.activities.brunchPage.BrunchAndBuffetDetailsActivity
com.application.zomato.activities.brandpage.BrandPageActivity
com.application.zomato.activities.addplace.AddPlaceActivity
com.application.zomato.activities.addedplaces.AddedPlacesActivity
com.application.zomato.user.profile.views.UserProfileActivity
com.application.zomato.nitro.findFriends.NitroFindFriendsActivity
com.application.zomato.activities.AboutUsActivity
com.application.zomato.user.UserFollowActivity
com.application.zomato.activities.dailytextmenu.DailyAndTextMenuActivity
com.application.zomato.chooserestaurant.ChooseRestaurantActivity
com.application.zomato.activities.searchplace.SearchPlaceActivity
com.application.zomato.collections.NitroCollectionActivity
com.application.zomato.red.nitro.unlockflow.phoneverification.GoldPersonalDetailsActivity
com.application.zomato.activities.recentRestaurants.RecentlyViewedRestaurantActivity
com.application.zomato.activities.recentRestaurants.SimilarRestaurantListActivity
com.application.zomato.newRestaurant.editorialReview.view.EditorialReviewActivity
com.library.zomato.ordering.fullScreenVideoType1.view.FullScreenVideoPlayer0Activity
com.application.zomato.newRestaurant.editorialReview.view.LocationVideosActivity
com.application.zomato.red.nitro.unlockflow.view.GoldUnlockActivity
com.application.zomato.deals.dealsListing.view.DealsPageActivity
com.application.zomato.tabbed.home.HomeActivity
com.application.zomato.location.search.ConsumerLocationSearchActivity
com.application.zomato.newRestaurant.view.MenuActivity
com.application.zomato.newRestaurant.view.MenuGallery
com.application.zomato.newRestaurant.view.MerchantAlbumPageActivity
com.application.zomato.search.SearchRestaurantListActivity
com.application.zomato.red.planpage.view.GoldPlanPageActivity
com.application.zomato.search.events.EventListActivity
com.application.zomato.user.cover.view.CoverPhotoActivity
com.application.zomato.user.FoodiesFollowActivity
com.application.zomato.newRestaurant.seeallfeature.SeeAllHelperActivity
com.library.zomato.ordering.postorder.PostOrderActivity
com.application.zomato.infinity.booking.views.InfinityBookingActivity
com.application.zomato.infinity.confirmation.views.InfinityConfirmationActivity
com.application.zomato.infinity.history.views.InfinityHistoryActivity
com.application.zomato.infinity.rating.views.InfinityRatingActivity
com.application.zomato.red.thankyoupage.GoldThankYouActivity
com.application.zomato.gold.newgold.history.GoldHistoryActivity
com.application.zomato.red.screens.faq.GoldFAQActivity
com.application.zomato.deals.dealsHistory.view.DealsHistoryActivity
com.application.zomato.review.display.view.ReviewDisplayActivity
com.application.zomato.review.display.view.ReviewsSearchActivity
com.application.zomato.zomatoPay.success.ZomatoPaySuccessActivity
com.application.zomato.zomaland.ZomalandCartActivity
com.application.zomato.zomatoPayV2.cartPage.view.ZomatoPayV2CartActivity
com.application.zomato.phoneverification.view.PhoneVerificationActivity
com.application.zomato.phoneverification.view.OTPVerificationActivity
com.application.zomato.npsreview.NpsReviewActivity
com.application.zomato.foodatwork.home.FoodAtWorkLinkingIntroActivity
com.application.zomato.red.screens.cancelmembership.GoldRefundMembershipActivity
com.application.zomato.red.screens.cancelmembership.GoldRefundSuccessActivity
com.application.zomato.red.screens.cancelmembership.RefundGoldFeedbackActivity
com.library.zomato.ordering.feed.ui.activity.FeedPeopleActivity
com.library.zomato.ordering.feed.ui.activity.FeedPostActivity
com.application.zomato.qrScanner.view.QrCaptureActivity
com.application.zomato.user.genericlisting.view.GenericListingActivity
com.application.zomato.pro.homepage.view.ProHomePageActivity
com.application.zomato.reviewv2.views.ReviewDetailActivity
net.openid.appauth.RedirectUriReceiverActivity
com.application.zomato.foodatwork.fawcontent.FwHomeActivity
com.library.zomato.ordering.referralScratchCard.ReferralScratchCardActivity
com.library.zomato.ordering.referralScratchCard.ReferralScratchCardDetailActivity
com.application.zomato.newRestaurant.view.KnowMoreRestaurantActivity
com.zomato.library.nutrition.pages.productAndResearch.product.NutritionProductActivity
com.zomato.library.nutrition.pages.productAndResearch.research.NutritionResearchActivity
com.zomato.library.nutrition.pages.history.GenericOrderHistoryActivity
com.zomato.library.nutrition.pages.summary.GenericOrderSummaryActivity
com.application.zomato.zomaland.ZLWebViewActivity
com.application.zomato.zomaland.viewcontroller.CartActivity
com.application.zomato.zomaland.viewcontroller.TicketsListActivity
com.application.zomato.zomaland.viewcontroller.TicketActivity
com.application.zomato.zomaland.viewcontroller.OrderSummaryActivity
com.application.zomato.zomaland.viewcontroller.ShowsActivity
com.application.zomato.zomaland.v2.ZomalandScheduleActivity
com.application.zomato.zomaland.v2.ZLTicketTimelinePageActivity
com.application.zomato.zomaland.v2.ZLTicketPageActivity
com.application.zomato.zomaland.v2.ZomalandHomeActivity
com.application.zomato.activities.HomeTestActivity
com.library.zomato.ordering.crystalrevolution.view.CrystalActivity
com.library.zomato.ordering.crystalrevolutionNew.view.CrystalActivityV2
com.library.zomato.ordering.order.ZFragmentContainerActivity
com.library.zomato.ordering.order.address.ui.UserAddressesActivity
com.library.zomato.ordering.nitro.cart.OrderCartActivity
com.library.zomato.ordering.nitro.cart.BMDCartActivity
com.library.zomato.ordering.newpromos.view.PromoActivity
com.zomato.library.payments.paymentmethods.view.SelectAllPaymentActivity
com.zomato.library.payments.paymentmethods.cards.RenameCardActivity
com.zomato.library.payments.paymentmethods.view.SelectSavedPaymentMethodsActivity
com.library.zomato.ordering.order.referral.ReferralActivity
com.library.zomato.ordering.personaldetails.PersonalDetailsActivity
com.library.zomato.ordering.orderForSomeOne.view.OrderForSomeOneActivity
com.library.zomato.ordering.gifting.GiftFSEActivity
com.library.zomato.ordering.instructions.view.DeliveryInstructionActivity
com.library.zomato.ordering.order.ordersummary.OrderSummaryActivity
com.library.zomato.ordering.order.menucustomization.MenuCustomizationActivity
com.library.zomato.ordering.nitro.menu.customisation.ComboCustomisationActivity
com.library.zomato.ordering.nitro.menu.customisation.ComboCartActivity
com.library.zomato.ordering.order.history.OrderHistoryActivity
com.zomato.ui.android.countrychooser.CountryChooserActivity
com.library.zomato.ordering.nitro.combo.ui.CombosActivity
com.library.zomato.ordering.webview.WebViewActivity
com.library.zomato.ordering.location.search.ui.LocationSearchActivity
com.library.zomato.ordering.zpl.ZPLWebViewActivity
com.library.zomato.ordering.menucart.views.MenuCartActivity
com.application.zomato.newRestaurant.view.ResMenuCartActivity
com.library.zomato.ordering.dine.tableReview.view.DineTableReviewActivity
com.library.zomato.ordering.dine.paymentStatus.view.DinePaymentStatusActivity
com.library.zomato.ordering.crystalrevolution.postorderpayment.PostOrderPaymentActivity
com.library.zomato.ordering.searchv14.AutoSuggestionV14Activity
com.library.zomato.ordering.searchv14.SearchV14Activity
com.library.zomato.ordering.watch.tvShowDetailPage.TvShowDetailActivity
com.library.zomato.ordering.watch.fullScreenVideoPlayer1.FullScreenVideoPlayer1Activity
com.library.zomato.ordering.watch.fullScreenVideoPlayer2.FullScreenVideoPlayer2Activity
com.library.zomato.ordering.dine.welcome.view.DineWelcomeActivity
com.library.zomato.ordering.dine.checkoutCart.view.DineCheckoutCartActivity
com.library.zomato.ordering.dine.history.timeline.view.DineTimelineActivity
com.library.zomato.ordering.dine.history.orderDetails.view.DineHistoryOrderActivity
com.library.zomato.ordering.zStories.ZStoriesActivity
com.library.zomato.ordering.feedback.FeedbackActivity
com.library.zomato.ordering.orderscheduling.OrderSchedulingActivity
com.zomato.library.mediakit.photos.photo.PhotosActivity
com.zomato.library.mediakit.photos.photo.MerchantPhotosActivity
com.zomato.library.mediakit.photos.photodetails.PhotoDetailsActivity
com.zomato.library.mediakit.photos.photos.view.SelectMediaActivity
com.zomato.library.mediakit.photos.photos.view.SelectAlbumActivity
com.zomato.library.mediakit.photos.photos.view.MediaPreviewActivity
com.zomato.library.mediakit.photos.photos.view.CameraActivity
com.zomato.library.mediakit.photos.photos.view.EditPhotoActivity
com.zomato.library.mediakit.reviews.writereview.WriteReviewActivity
com.zomato.android.book.checkavailability.activity.CheckAvailabilityActivity
com.zomato.android.book.activities.AddBookingDetails
com.zomato.android.book.nitro.summary.view.NitroBookingSummaryActivity
com.zomato.android.book.activities.BookingHistoryActivity
com.zomato.android.book.nitro.verification.NitroBookVerificationActivity
com.zomato.android.book.activities.FeedBackActivity
com.zomato.android.book.activities.PopupActivity
com.zomato.android.book.nitro.ratebooking.RateBookingActivity
com.zomato.android.book.nitro.seatedflow.SeatedFlowActivity
com.zomato.android.book.checkavailability.diningpref.DiningPrefActivity
com.library.tonguestun.faworderingsdk.menu.view.MenuActivity
com.library.tonguestun.faworderingsdk.pin.SetPinActivity
com.library.tonguestun.faworderingsdk.qrcode.activity.GenerateQRActivity
com.library.tonguestun.faworderingsdk.support.SupportActivity
com.library.tonguestun.faworderingsdk.support.intermediate.SupportIntermediateActivity
com.library.tonguestun.faworderingsdk.support.answer.FAQAnswerActivity
com.library.tonguestun.faworderingsdk.feedback.FeedbackActivity
com.library.tonguestun.faworderingsdk.qrcode.views.barcode.BarcodeCaptureActivity
com.library.tonguestun.faworderingsdk.otp.OTPVerificationActivity
com.library.tonguestun.faworderingsdk.orderstatus.OrderStatusActivity
com.library.tonguestun.faworderingsdk.location.activity.SelectCafeActivity
com.library.tonguestun.faworderingsdk.personalinfo.view.CapturePersonalInfoActivity
com.library.tonguestun.faworderingsdk.pendingInfo.FwVerificationInfoActivity
com.library.tonguestun.faworderingsdk.favourites.FwFavouritesItemActivity
com.library.tonguestun.faworderingsdk.refercompany.view.ReferCompanyActivity
com.library.tonguestun.faworderingsdk.myorders.FwOrderHistoryActivity
com.library.tonguestun.faworderingsdk.user.view.FwUserProfileActivity
com.library.tonguestun.faworderingsdk.fawpromo.view.FawPromoActivity
com.zomato.library.edition.onboarding.views.EditionOnboardingActivity
com.zomato.library.edition.address.views.EditionAddressActivity
com.zomato.library.edition.form.views.EditionFormActivity
com.zomato.library.edition.status.views.EditionStatusActivity
com.zomato.library.edition.kycwebview.EditionKYCWebViewActivity
com.zomato.library.edition.confirmaddress.EditionConfirmAddressActivity
com.zomato.library.edition.creditlimitpoller.views.EditionCreditLimitPollerActivity
com.zomato.library.edition.dashboard.views.EditionDashboardActivity
com.zomato.library.edition.cardsuccess.EditionCardSuccessActivity
com.zomato.library.edition.reward.EditionRewardActivity
com.zomato.library.edition.transactions.EditionTransactionsActivity
com.zomato.library.edition.paybill.EditionPayBillActivity
com.zomato.library.edition.waitlist.EditionWaitlistActivity
com.zomato.library.edition.cardsettings.EditionCardSettingsActivity
com.zomato.library.edition.cardactivation.EditionCardActivationActivity
com.zomato.library.edition.cardtracking.EditionCardTrackingActivity
com.library.zomato.chat.ZChatActivity
com.library.zomato.chat.ChatInitHelper
com.zomato.library.payments.upicollect.View.VPAVerificationActivity
com.zomato.library.payments.upicollect.View.AddVPAActivity
com.zomato.library.payments.nativeotp.view.NativeOTPActivity
com.zomato.library.payments.common.PaymentsFragmentContainerActivity
com.zomato.library.payments.wallets.activity.WalletActivity
com.zomato.library.payments.linkpaytm.LinkWalletActivity
com.zomato.library.payments.banks.BankSelectionActivity
com.zomato.library.payments.webview.PaymentWebviewActivity
com.zomato.library.payments.verification.view.UPIVerificationActivity
com.zomato.library.payments.verification.view.BankTransferVerificationActivity
com.zomato.library.payments.paymentmethods.bank.AddBankActivity
com.library.zomato.zcardkit.views.activities.ZomatoRenameCardActivity
com.library.zomato.zcardkit.views.activities.ZomatoAddCardActivity
payments.zomato.paymentkit.banksv2.BankOptionsActivity
payments.zomato.paymentkit.paymentmethodsv2.PaymentOptionsActivity
payments.zomato.paymentkit.topupwallet.view.TopUpWalletActivity
payments.zomato.paymentkit.upicollect.view.VPAVerificationActivity
payments.zomato.paymentkit.upicollect.view.AddVPAActivity
payments.zomato.paymentkit.nativeotp.view.NativeOTPActivity
payments.zomato.paymentkit.common.PaymentsFragmentContainerActivity
payments.zomato.paymentkit.wallets.activity.WalletActivity
payments.zomato.paymentkit.linkpaytm.LinkWalletActivity
payments.zomato.paymentkit.webview.PaymentWebviewActivity
payments.zomato.paymentkit.verification.view.UPIVerificationActivity
payments.zomato.paymentkit.verification.view.BankTransferVerificationActivity
payments.zomato.paymentkit.paymentszomato.view.PaymentsActivity
payments.zomato.paymentkit.cards.editcard.ZomatoRenameCardActivity
payments.zomato.paymentkit.cards.addcard.ZomatoAddCardActivity
payments.zomato.paymentkit.creditlinewallet.view.CreditLineWalletSignUpActivity
payments.zomato.paymentkit.promoforward.views.PromoPaymentMethodActivity
payments.zomato.paymentkit.retry.RetryActivity
payments.zomato.paymentkit.adcbtouchpoints.view.ADCBTouchPointsActivity
payments.zomato.paymentkit.visasingleclick.view.VSCPaymentProcessingActivity
com.facebook.CustomTabActivity
androidx.benchmark.IsolationActivity
net.openid.appauth.AuthorizationManagementActivity
com.clevertap.android.sdk.InAppNotificationActivity
com.clevertap.android.sdk.CTInboxActivity
com.facebook.CustomTabMainActivity
com.google.android.gms.auth.api.signin.internal.SignInHubActivity
com.google.android.gms.common.api.GoogleApiActivity
com.google.android.gms.ads.AdActivity
com.clevertap.pushtemplates.PTVideoActivity
com.google.android.play.core.missingsplits.PlayCoreMissingSplitsActivity
com.google.android.play.core.common.PlayCoreDialogWrapperActivity
com.amazon.identity.auth.device.workflow.WorkflowActivity
amazonpay.silentpay.APayActivity
amazonpay.silentpay.RedirectUriReceiverActivity

Receivers

Information computed with AndroGuard.

com.clevertap.pushtemplates.PushTemplateReceiver
com.appsflyer.SingleInstallBroadcastReceiver
com.application.zomato.upload.UploadBroadcastReciever
com.library.zomato.ordering.listeners.IncomingSmsReceiver
com.library.zomato.ordering.watch.VideoShareReceiver
com.zomato.notifications.receivers.AppUpdateBroadcastReceiver
com.zomato.notifications.receivers.LocaleChangeBroadcastReceiver
com.zomato.notifications.services.track.NotificationClickTrackBroadcastReceiver
com.zomato.notifications.services.track.NotificationActionClickTrackBroadcastReceiver
com.clevertap.android.sdk.pushnotification.CTPushNotificationReceiver
com.facebook.CurrentAccessTokenExpirationBroadcastReceiver
com.akamai.android.sdk.internal.AnaBroadcastReceiver
androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy
androidx.work.impl.background.systemalarm.RescheduleReceiver
androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver
com.google.firebase.iid.FirebaseInstanceIdReceiver
com.google.android.gms.measurement.AppMeasurementReceiver
com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver

Services

Information computed with AndroGuard.

com.application.zomato.upload.UploadService
com.zomato.notifications.services.ZomatoFirebaseMessagingService
com.zomato.notifications.services.track.TrackNotificationJob
com.clevertap.android.sdk.pushnotification.CTNotificationIntentService
com.google.firebase.components.ComponentDiscoveryService
com.clevertap.android.sdk.pushnotification.amp.CTBackgroundIntentService
com.clevertap.android.sdk.pushnotification.amp.CTBackgroundJobService
com.akamai.android.sdk.internal.AkaBackgroundService
com.akamai.android.components.ComponentDiscoveryService
androidx.work.impl.background.systemalarm.SystemAlarmService
androidx.work.impl.background.systemjob.SystemJobService
androidx.room.MultiInstanceInvalidationService
com.google.firebase.messaging.FirebaseMessagingService
com.google.android.datatransport.runtime.backends.TransportBackendDiscovery
com.google.android.gms.auth.api.signin.RevocationBoundService
com.google.android.gms.measurement.AppMeasurementService
com.google.android.gms.measurement.AppMeasurementJobService
com.google.android.play.core.assetpacks.AssetPackExtractionService
com.datavisor.vangogh.service.RDService
com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService

Sample timeline

Certificate valid not before Jan. 10, 2011, 6:39 p.m.
First submission on VT May 21, 2021, 9:53 p.m.
Last submission on VT Nov. 7, 2021, 12:48 p.m.
Upload on Pithus Dec. 15, 2021, 3:11 a.m.
Certificate valid not after Dec. 28, 2060, 6:39 p.m.

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application invoke platform-provided DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application implement asymmetric key generation.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['location', 'network connectivity', 'microphone', 'camera'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to ['address book'].
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application implement functionality to encrypt sensitive data in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit
FCS_RBG_EXT.2.1
FCS_RBG_EXT.2.2
The application perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using Hash_DRBG. The deterministic RBG is seeded by an entropy source that accumulates entropy from a platform-based DRBG and a software-based noise source, with a minimum of 256 bits of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate.
Random Bit Generation from Application
FCS_CKM.1.1(1) The application generate asymmetric cryptographic keys in accordance with a specified cryptographic key generation algorithm RSA schemes using cryptographic key sizes of 2048-bit or greater.
Cryptographic Asymmetric Key Generation
FCS_COP.1.1(1) The application perform encryption/decryption not in accordance with FCS_COP.1.1(1), AES-ECB mode is being used.
Cryptographic Operation - Encryption/Decryption
FCS_COP.1.1(2) The application perform cryptographic hashing services not in accordance with FCS_COP.1.1(2) and uses the cryptographic algorithm RC2/RC4/MD4/MD5.
Cryptographic Operation - Hashing
FCS_COP.1.1(3) The application perform cryptographic signature services (generation and verification) in accordance with a specified cryptographic algorithm RSA schemes using cryptographic key sizes of 2048-bit or greater.
Cryptographic Operation - Signing
FCS_COP.1.1(4) The application perform keyed-hash message authentication with cryptographic algorithm ['HMAC-SHA-256'] .
Cryptographic Operation - Keyed-Hash Message Authentication
FCS_HTTPS_EXT.1.1 The application implement the HTTPS protocol that complies with RFC 2818.
HTTPS Protocol
FCS_HTTPS_EXT.1.2 The application implement HTTPS using TLS.
HTTPS Protocol
FCS_HTTPS_EXT.1.3 The application notify the user and not establish the connection or request application authorization to establish the connection if the peer certificate is deemed invalid.
HTTPS Protocol
FIA_X509_EXT.1.1 The application invoked platform-provided functionality to validate certificates in accordance with the following rules: ['The certificate path must terminate with a trusted CA certificate', 'RFC 5280 certificate validation and certificate path validation'].
X.509 Certificate Validation
FIA_X509_EXT.2.1 The application use X.509v3 certificates as defined by RFC 5280 to support authentication for HTTPS , TLS.
X.509 Certificate Authentication
FIA_X509_EXT.2.2 When the application cannot establish a connection to determine the validity of a certificate, the application allow the administrator to choose whether to accept the certificate in these cases or accept the certificate ,or not accept the certificate.
X.509 Certificate Authentication
FPT_TUD_EXT.2.1 The application shall be distributed using the format of the platform-supported package manager.
Integrity for Installation and Update
FCS_CKM.1.1(2) The application shall generate symmetric cryptographic keys using a Random Bit Generator as specified in FCS_RBG_EXT.1 and specified cryptographic key sizes 128 bit or 256 bit.
Cryptographic Symmetric Key Generation

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 k7/u/z/a.java
f/j/d/s/w.java
k7/j/a/y.java
f/i/s/u/i.java
f/j/b/f/h/j/e.java
k7/u/h.java
f/j/d/x/h/a.java
f/j/b/f/h/o/n2.java
f/j/b/f/b/a/i/d/g.java
f/j/d/w/w.java
f/j/b/f/d/u.java
defpackage/l8.java
defpackage/w6.java
f/j/b/f/d/j.java
f/g/a/l/r/h/a.java
f/j/d/w/a.java
f/g/a/p/j/k.java
k7/o/a/n.java
f/g/a/l/p/j.java
defpackage/aj.java
f/j/d/n/e/s/i/a.java
f/j/d/l/h/y.java
f/j/b/g/a/h.java
defpackage/cr.java
f/j/b/f/h/a/kt1.java
defpackage/o7.java
f/j/b/f/r/e/a.java
f/b/f/a/g.java
k7/b/a/h.java
f/j/b/f/d/f.java
k7/l/a/a.java
f/j/d/w/s.java
f/j/d/n/e/k/r0.java
f/j/d/l/h/j.java
f/i/m0/o0/i/e.java
f/j/b/f/h/a/wv1.java
f/g/a/l/p/z/i.java
f/c/a/j/e.java
f/j/b/f/h/a/sv1.java
f/g/a/l/p/b0/a.java
f/i/f0/m/h.java
f/j/b/f/k/b/q3.java
f/g/a/j/d.java
f/i/s/x/a.java
f/i/i0/z/c.java
f/e/a/a/a/a/b/c.java
k7/x/g.java
defpackage/b8.java
f/j/b/f/h/o/j.java
f/j/b/f/d/b.java
f/g/a/l/o/p/b.java
f/g/a/l/p/y.java
f/j/b/f/h/g/j.java
com/library/tonguestun/faworderingsdk/qrcode/views/camera/CameraSourcePreview.java
f/j/b/f/d/m.java
com/bumptech/glide/manager/SupportRequestManagerFragment.java
com/zomato/mqtt/ZMqttClient.java
k7/b/f/d0.java
f/j/d/u/o/b.java
f/j/d/n/e/b.java
k7/b/f/u0.java
f/j/b/f/d/y.java
f/j/d/z/o/m.java
f/i/s/u/l/c.java
f/j/d/w/b0.java
f/j/d/u/f.java
f/j/b/f/h/o/u3.java
defpackage/e7.java
f/j/d/n/e/k/o.java
defpackage/n9.java
f/g/a/p/j/d.java
com/clevertap/android/sdk/product_config/DefaultXmlParser.java
k7/f0/f.java
k7/j/b/c/h.java
f/i/s/g.java
f/j/b/f/h/a/t22.java
k7/h/c/c.java
f/j/b/f/h/l/a0.java
f/j/d/w/t.java
f/j/d/n/e/k/o0.java
f/j/b/f/e/k.java
f/i/s/s.java
com/akamai/android/sdk/Logger.java
k7/j/h/b.java
f/j/b/f/h/a/nm0.java
k7/j/a/r.java
defpackage/e8.java
k7/b/f/f0.java
com/application/zomato/app/ZomatoApp.java
f/i/c0/c/e.java
f/j/d/n/e/q/b.java
f/j/b/f/h/o/l2.java
f/g/a/m/k.java
k7/b0/c.java
f/j/b/g/e/a.java
com/clevertap/android/sdk/Logger.java
f/j/b/f/h/a/bz1.java
f/j/b/f/h/s/a5.java
f/j/b/f/h/l/r4.java
f/j/b/f/d/t.java
f/j/b/b/h/d.java
k7/x/h.java
f/j/b/f/h/g/e.java
f/j/d/n/e/q/d/c.java
f/i/s/u/j.java
k7/b/a/p.java
f/g/a/l/q/s.java
f/j/d/l/h/m.java
k7/o/a/b.java
f/b/a/c/h/g/d/c.java
f/g/a/l/r/h/d.java
defpackage/l7.java
com/library/tonguestun/faworderingsdk/qrcode/views/barcode/BarcodeCaptureActivity.java
k7/j/i/b.java
com/bumptech/glide/load/engine/DecodeJob.java
k7/o/a/q.java
k7/j/i/z.java
f/j/b/f/d/g.java
f/j/d/s/x.java
f/g/a/j/e.java
f/e/a/a/b/a.java
k7/b/b/a/a.java
f/j/b/f/h/g/q4.java
k7/j/b/a.java
defpackage/z8.java
defpackage/c8.java
k7/b/f/n0.java
f/j/d/u/p/c.java
k7/j/a/v.java
f/j/b/f/h/a/ww1.java
defpackage/r7.java
s9/a/a/b.java
k7/b/f/h.java
defpackage/da.java
k7/b/f/h0.java
f/b/i/j.java
defpackage/g9.java
f/f/a/a/a.java
defpackage/z6.java
defpackage/m9.java
f/e/a/a/a/a/c/a.java
k7/u/e.java
com/akamai/android/sdk/internal/AkaJsonObject.java
f/j/b/f/h/s/l.java
defpackage/y6.java
f/j/b/f/h/a/g22.java
k7/o/a/s.java
f/g/a/l/r/d/q.java
defpackage/ea.java
f/j/b/f/h/g/l.java
f/g/a/l/r/d/z.java
f/g/a/l/p/a0/e.java
k7/h/c/b.java
f/g/a/l/q/d.java
k7/d/d.java
defpackage/u8.java
k7/b0/d0.java
defpackage/m7.java
f/j/d/c.java
f/i/s/d.java
k7/b0/a0.java
k7/b/f/m0.java
f/j/d/w/p.java
j7/a/b/b/g/k.java
io/sentry/android/core/AndroidLogger.java
f/j/b/f/p/a.java
u9/a/i/a/m/a.java
defpackage/ca.java
f/j/b/f/h/o/d2.java
f/j/b/f/h/a/ns1.java
defpackage/v8.java
com/zomato/ui/lib/atom/ZScratchViewV2.java
f/i/m0/k.java
f/j/b/f/h/g/b.java
f/j/d/n/e/k/i0.java
f/j/d/s/n.java
f/j/b/f/d/q.java
k7/j/i/u.java
f/j/d/n/e/k/m.java
f/i/q0/b.java
k7/c0/a/a/i.java
s9/a/a/a0.java
f/g/a/l/r/d/x.java
f/a/a/c/h.java
k7/b/f/y.java
k7/b0/c0.java
com/clevertap/android/sdk/displayunits/CTDisplayUnitType.java
k7/o/a/l.java
f/g/a/l/r/d/l.java
s9/c/a/a/a/a.java
defpackage/n7.java
f/j/b/f/h/a/lz1.java
f/j/b/f/h/a/x12.java
defpackage/x8.java
eightbitlab/com/blurview/BlurView.java
f/j/b/f/o/b/a.java
f/j/d/s/b.java
k7/j/c/d.java
f/j/b/f/h/a/gy1.java
f/g/a/l/r/d/c.java
f/g/a/l/q/t.java
f/j/b/f/h/a/na1.java
com/akamai/android/AkaLogger.java
defpackage/w8.java
f/g/a/l/p/h.java
f/c/a/e/o0/i/m.java
f/j/b/f/h/a/um.java
f/j/b/f/k/a/a.java
defpackage/i7.java
defpackage/ah.java
f/j/d/n/e/k/b0.java
k7/b/e/f.java
f/j/b/f/h/a/cz1.java
k7/j/c/c.java
com/zomato/sushilib/atoms/views/SushiIconActionProvider.java
f/j/d/n/b.java
k7/u/j.java
k7/b0/b0.java
f/j/b/f/h/a/nm1.java
f/j/b/f/h/a/dx1.java
f/g/a/f.java
k7/o/a/a.java
f/j/b/f/h/o/gc.java
com/bumptech/glide/load/engine/GlideException.java
defpackage/t9.java
f/j/d/n/e/k/n.java
com/akamai/android/components/ComponentDiscovery.java
o9/b/a/j/a.java
k7/t/a/a.java
k7/c0/a/a/d.java
k7/h/b/d.java
f/j/d/n/e/k/x0.java
f/i/s/x/j.java
f/g/a/r/k/a.java
f/i/q0/j.java
f/j/b/f/h/l/p.java
com/appsflyer/AFLogger.java
k7/j/i/a.java
f/j/b/f/h/o/o2.java
f/j/d/s/q.java
k7/j/c/g.java
f/g/a/l/p/z/j.java
f/j/d/n/e/s/c.java
f/i/m0/o0/c/a.java
k7/j/i/s.java
io/branch/referral/Branch.java
f/g/a/m/l.java
f/j/b/f/h/g/k.java
k7/j/c/f.java
defpackage/fa.java
com/bumptech/glide/request/SingleRequest.java
defpackage/e9.java
k7/n/a/a.java
f/i/f.java
f/j/b/f/h/a/g02.java
f/a/b/a/t/i/b/f/a.java
com/zomato/ui/lib/animation/ZLottieAnimationView.java
f/j/b/f/d/a.java
f/j/b/f/h/l/d0.java
f/j/b/f/h/a/tv1.java
defpackage/u7.java
f/j/b/f/h/o/m2.java
f/j/d/w/c.java
f/j/d/s/f.java
k7/o/a/t.java
f/i/r.java
k7/e/a/h.java
f/i/s/x/f.java
f/j/b/f/h/o/z1.java
defpackage/c9.java
k7/d/f.java
f/c/a/j/g.java
k7/j/a/e.java
f/g/a/l/q/f.java
f/j/d/z/a.java
defpackage/ak.java
f/j/b/f/h/s/h.java
f/j/b/h/a/e/z.java
f/g/a/l/o/j.java
f/j/b/f/h/l/b0.java
defpackage/g7.java
f/i/s/z/a.java
f/j/d/w/a0.java
f/j/b/f/h/a/t12.java
f/j/d/n/e/g.java
com/akamai/android/sdk/MapSdkInfo.java
f/g/a/m/e.java
f/j/b/b/i/s/j.java
f/j/d/n/e/k/n0.java
defpackage/v6.java
f/g/a/l/p/a0/i.java
f/j/b/f/h/o/q2.java
f/j/d/n/e/k/v.java
f9/a/a/x.java
k7/b/f/t0.java
f/g/a/c.java
f/j/b/f/h/a/jz1.java
h7/a/b.java
defpackage/f7.java
defpackage/w9.java
f/j/d/w/x.java
defpackage/bz.java
f/g/a/l/r/d/m.java
k7/z/a/f/c.java
defpackage/ag.java
k7/h/c/d.java
f/j/b/f/h/a/so.java
defpackage/a9.java
f/j/d/n/e/h.java
f/g/a/l/r/d/d.java
f/i/i0/p.java
f/i/m0/o0/i/d.java
com/zomato/ui/lib/atom/ZTicketBackground.java
k7/z/a/c.java
defpackage/n8.java
j7/a/b/b/b.java
f/g/a/l/o/l.java
f/g/a/k/a/b.java
f/j/b/f/d/r.java
f/g/a/g.java
f/a/a/e/h.java
defpackage/o8.java
k7/b/f/u.java
f/j/d/s/m.java
amazonpay/silentpay/d.java
f/j/b/f/h/a/w4.java
k7/u/t.java
f/g/a/l/r/d/k.java
f/j/d/s/v.java
f/j/d/u/b.java
defpackage/w7.java
k7/j/a/d.java
f/i/q0/a.java
f/j/d/w/q.java
f/b/b/b/d0/j/c.java
k7/d/c.java
io/sentry/SystemOutLogger.java
f/g/a/l/q/c.java
k7/f0/d.java
k7/j/e/f.java
f/g/a/l/o/b.java
f/j/d/s/d0.java
k7/x/l.java
k7/j/i/h.java
f/j/b/f/d/p.java
f/i/c.java
f/g/a/l/r/h/j.java
s9/a/a/o.java
f/j/b/f/k/b/l9.java
com/application/zomato/tabbed/widget/HomeViewPager.java
f/b/l/d/e/b.java
f/j/b/f/h/o/m4.java
k7/h/c/a.java
k7/j/c/e.java
f/j/d/n/e/l/e.java
k7/u/a.java
f/j/d/n/e/e.java
k7/u/m.java
k7/b/f/x0.java
defpackage/b7.java
amazonpay/silentpay/APayActivity.java
defpackage/m8.java
f/a/b/a/b0/c/b/a.java
f/g/a/l/r/a.java
f/j/b/f/h/l/j0.java
defpackage/a7.java
f/j/d/s/b0.java
f/j/b/f/h/l/t.java
com/bumptech/glide/GeneratedAppGlideModuleImpl.java
f/b/b/b/z0/a.java
f/j/b/f/h/g/h.java
com/bumptech/glide/load/resource/bitmap/DefaultImageHeaderParser.java
f/j/b/f/h/o/g.java
f/j/d/n/e/s/a.java
f/i/q0/c.java
k7/b/a/s.java
f/j/d/s/a0.java
f/d/a/d0/d.java
f/j/b/f/h/o/r2.java
f/j/b/f/c/a.java
f/j/b/h/a/e/e.java
k7/j/a/u.java
k7/j/c/l/d.java
f/j/b/f/h/m/r.java
f/j/d/x/c.java
f/j/b/f/h/a/u22.java
k7/b0/f.java
High
CVSS:7.4
Files may contain hardcoded sensitive informations like usernames, passwords, keys etc.
MASVS: MSTG-STORAGE-14
CWE-312 Cleartext Storage of Sensitive Information
M9: Reverse Engineering
Files:
 com/library/zomato/ordering/data/groupTemplateTypes/TemplateConfig.java
com/clevertap/android/sdk/product_config/DefaultXmlParser.java
com/clevertap/android/sdk/java_websocket/drafts/Draft_6455.java
com/appsflyer/CreateOneLinkHttpTask.java
com/clevertap/android/sdk/product_config/CTProductConfigConstants.java
com/datavisor/vangogh/face/DVKeyName.java
com/clevertap/android/sdk/ab_testing/CTABTestController.java
com/application/zomato/red/nitro/goldRating/GoldFeedbackConfig.java
com/library/zomato/ordering/instructions/data/InstructionRepoImpl.java
com/zomato/ui/lib/snippets/SnippetResponseData.java
com/library/zomato/ordering/menucart/rv/data/curator/MenuCustomizationDataCuratorImpl.java
com/zomato/zdatakit/restaurantModals/ZMerchantPost.java
f/g/a/l/p/o.java
com/akamai/android/sdk/internal/AkaManifestData.java
com/akamai/android/AkaOptions.java
com/zomato/ui/lib/organisms/snippets/accordion/type1/TimelineItem.java
com/zomato/ui/android/restaurantCarousel/Media.java
com/zomato/ui/lib/data/video/timeDependant/VideoSnippetResponseDataWrapper.java
com/akamai/android/sdk/internal/AkaConstants.java
com/appsflyer/internal/Exlytics.java
com/library/tonguestun/faworderingsdk/home/models/JsonGenericData.java
com/appsflyer/ServerParameters.java
f/a/b/a/d0/c/a.java
com/zomato/ui/lib/data/textfield/FormField.java
com/zomato/zdatakit/restaurantModals/ZMerchantPostHeavy.java
com/library/tonguestun/faworderingsdk/user/models/userprofile/UserProfileResponseContainer.java
com/library/zomato/ordering/data/Offer.java
com/application/zomato/appblocker/PageConfig.java
com/library/zomato/ordering/feedback/data/FeedbackRateItem.java
com/clevertap/android/sdk/Constants.java
com/library/zomato/ordering/postorder/data/PostOrderDeserializer.java
com/library/zomato/ordering/crystalrevolution/data/CrystalSnippetItemsData.java
com/zomato/ui/lib/data/media/Media.java
com/appsflyer/AppsFlyerProperties.java
com/akamai/android/sdk/internal/AkaSSLWrapper.java
com/appsflyer/internal/attribution/RequestErrorMessage.java
com/library/zomato/ordering/data/TabData.java
com/application/zomato/newRestaurant/models/data/v14/RestaurantSnippetResponseDataWrapper.java
com/akamai/android/sdk/internal/AnaNotificationData.java
defpackage/z8.java
com/library/zomato/ordering/zStories/data/ZStoryDeeplinkParams.java
com/library/zomato/ordering/menucart/models/PromoActivityIntentModel.java
Info
CVSS:0
This App uses SSL certificate pinning to detect or prevent MITM attacks in secure communication channel.
MASVS: MSTG-NETWORK-4
Files:
 com/akamai/android/sdk/net/AkaDefHttpURLConn.java
payments/zomato/vsckit/client/VSCClient$service$2.java
s9/c/a/b/a/r/p/a.java
com/clevertap/android/sdk/SSLContextBuilder.java
com/akamai/android/sdk/internal/AkaNetworkQualityHandler.java
com/akamai/android/sdk/internal/AppBatteryTestConnection.java
com/akamai/android/sdk/net/AkaURLConnection.java
com/akamai/android/sdk/internal/AnaResourceDownloadRunnable.java
f/b/f/h/i/d.java
High
CVSS:7.5
The App uses an insecure Random Number Generator.
MASVS: MSTG-CRYPTO-6
CWE-330 Use of Insufficiently Random Values
M5: Insufficient Cryptography
Files:
 f/j/b/f/h/l/w1.java
com/library/zomato/ordering/nitro/menu/MenuSingleton.java
f/j/d/n/e/m/v.java
f/j/f/a1.java
f/j/b/f/h/a/jo1.java
f/j/b/f/h/o/o5.java
f/j/b/f/h/o/d7.java
com/library/zomato/ordering/searchv14/renderers/AutoSuggestResRenderer.java
j9/x/e/a.java
f/j/f/t.java
f/j/b/f/h/g/h0.java
f/j/b/f/h/l/q1.java
f/j/b/f/h/o/x6.java
f/j/b/f/h/s/i2.java
f/j/b/f/h/s/q0.java
f/j/b/f/h/o/c4.java
f/j/b/f/h/o/w5.java
f/j/b/f/h/a/aq1.java
f/j/b/f/h/l/g3.java
f/j/b/f/h/a/vo1.java
f/j/b/f/h/o/p7.java
f/j/b/f/h/s/c2.java
f/j/b/f/h/o/f4.java
com/clevertap/android/sdk/CleverTapAPI.java
f/j/b/f/h/o/j5.java
f/j/f/f.java
kotlin/collections/EmptyList.java
j9/p/s0/a.java
f/j/d/z/o/k.java
f/j/b/f/h/s/o2.java
f/j/b/f/h/g/m1.java
com/clevertap/pushtemplates/PushTemplateReceiver.java
f/j/b/f/h/a/cn1.java
r9/p.java
f/j/b/f/h/l/b4.java
f/j/b/f/h/l/s0.java
f/j/f/v.java
f/j/f/d0.java
com/akamai/android/sdk/internal/SecurePreferenceWriteHandler.java
j9/p/v.java
f/j/b/f/h/s/w1.java
f/j/b/f/h/g/t0.java
f/j/b/f/h/a/ar1.java
f/j/b/f/h/a/zm1.java
com/appsflyer/internal/e.java
f/j/b/f/h/s/s0.java
f/a/a/a/a/o/q.java
f/j/f/c.java
f/j/b/f/h/s/p3.java
f/j/f/v0.java
f/j/b/f/h/g/a1.java
f/a/a/a/a/j/d/g.java
f/j/f/h1.java
f/j/b/f/h/g/w.java
f/j/b/f/h/s/e4.java
f/a/a/e/l.java
f/j/b/f/h/a/bp1.java
f/j/b/f/h/a/vn1.java
f/j/b/f/h/l/e2.java
f/j/b/f/h/g/w0.java
f/j/b/f/h/d/a.java
f/a/a/e/k.java
f/i/i0/a0/c/b.java
f/j/d/x/k/e.java
com/datavisor/vangogh/e/b.java
f/j/b/f/h/g/z1.java
j9/x/a.java
io/sentry/SentryClient.java
f/j/b/f/h/l/e1.java
j9/p/k0.java
f/j/b/f/h/g/g1.java
f/j/b/f/h/s/s1.java
com/datavisor/vangogh/g/i/b.java
f/j/f/l.java
com/clevertap/pushtemplates/TemplateRenderer.java
j9/x/b.java
com/akamai/android/sdk/internal/AkaNetworkQualityHandler.java
f/j/b/f/h/g/t.java
com/zomato/commons/helpers/Strings.java
s9/a/a/e0.java
f/j/b/f/k/b/u9.java
f/j/f/w.java
f/j/b/f/h/o/g.java
f/j/d/z/m.java
kotlin/random/KotlinRandom.java
f/j/b/f/h/a/q82.java
f/j/b/f/h/l/u0.java
f/b/f/h/i/b.java
f/j/b/f/h/o/t4.java
f/j/b/f/h/l/k2.java
f/j/b/f/h/g/d3.java
f/j/b/f/h/o/f5.java
f/j/f/a0.java
f/j/b/f/h/o/c6.java
j9/p/b.java
f/j/b/f/h/a/qo1.java
f/j/b/f/h/a/eo1.java
f/j/b/f/h/a/jq1.java
f/j/b/f/h/s/g1.java
f/j/b/f/h/a/v61.java
High
CVSS:5.9
App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
M7: Client Code Quality
Files:
 f/j/b/f/k/b/m3.java
f/j/b/f/h/a/fp0.java
f/j/b/b/i/v/i/t.java
f/j/b/f/k/b/ca.java
f/c/a/j/l.java
f/j/b/f/h/a/um.java
f/j/b/f/h/a/oo0.java
f/j/b/b/i/v/i/x.java
f/a/a/a/q/a.java
s9/c/a/a/a/c.java
com/akamai/android/sdk/db/AnaDatabaseAccess.java
f/h/a/c.java
f/a/a/a/q/j.java
f/j/b/f/k/b/l9.java
f/j/b/f/k/b/da.java
defpackage/l7.java
f/i/m0/i0/h/c.java
f/j/b/b/i/v/i/y.java
f/a/a/e/g.java
f/j/b/b/i/v/i/v.java
f/j/b/f/k/b/g.java
f/c/a/r/h.java
f/j/b/b/i/v/i/w.java
f/a/a/e/f.java
com/akamai/android/sdk/db/AnaDatabaseSchema.java
k7/x/g.java
f/j/b/b/i/v/i/z.java
High
CVSS:5.5
App can read/write to External Storage. Any App can read data written to External Storage.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 f/i/i0/t.java
f/b/a/c/h/g/b.java
com/datavisor/vangogh/storage/local/b.java
f/j/b/f/h/a/qc2.java
f/b/a/c/h/b/a.java
com/datavisor/vangogh/face/DVTokenClient.java
f/j/b/f/h/a/e.java
com/datavisor/vangogh/e/c.java
f/j/b/f/h/a/d62.java
f/j/b/h/a/b/q1.java
com/application/zomato/zomaland/v2/ZLTicketPageFragment.java
s9/c/a/a/a/i.java
com/datavisor/vangogh/storage/local/a.java
com/datavisor/vangogh/c/b.java
io/sentry/android/core/DefaultAndroidEventProcessor.java
com/akamai/android/sdk/util/AnaDiskUtils.java
Medium
CVSS:8.8
Insecure WebView Implementation. Execution of user controlled code in WebView is a critical Security Hole.
MASVS: MSTG-PLATFORM-7
CWE-749 Exposed Dangerous Method or Function
M1: Improper Platform Usage
Files:
 f/j/b/f/h/a/gt.java
payments/zomato/paymentkit/webview/PaymentWebview.java
com/datavisor/vangogh/face/DVTokenClient.java
com/clevertap/android/sdk/CTInAppBaseFullHtmlFragment.java
High
CVSS:5.4
Remote WebView debugging is enabled.
MASVS: MSTG-RESILIENCE-2
CWE-919 - Weaknesses in Mobile Applications
M1: Improper Platform Usage
Files:
 com/zomato/library/edition/kycwebview/EditionKYCWebViewActivity.java
High
CVSS:7.4
MD5 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 f/j/b/f/h/a/k42.java
f/j/b/f/k/b/u9.java
f/j/b/f/h/a/lp0.java
com/appsflyer/HashUtils.java
f/a/a/c/l/b.java
k7/b0/f.java
f/j/b/f/h/a/hm.java
High
CVSS:5.9
SHA-1 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 com/clevertap/android/sdk/java_websocket/drafts/Draft_6455.java
f/j/d/s/n.java
com/datavisor/vangogh/g/g/a.java
com/appsflyer/HashUtils.java
f/j/d/u/o/b.java
f/i/v/a/b.java
s9/c/a/b/a/r/q/d.java
com/clevertap/android/sdk/ImageCache.java
com/akamai/android/sdk/net/AkaCryptoHandler.java
k7/b0/f.java
Info
CVSS:0
This App may have root detection capabilities.
MASVS: MSTG-RESILIENCE-1
Files:
 f/j/b/h/a/e/q.java
io/sentry/android/core/util/RootChecker.java
f/j/b/f/h/l/b0.java
f/j/b/f/h/o/m2.java
k7/d/d.java
io/sentry/android/core/DefaultAndroidEventProcessor.java
High
CVSS:5.5
App creates temp file. Sensitive information should never be written into a temp file.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 k7/n/a/a.java
f/a/a/a/p0/c1.java
k7/x/l.java
k7/b0/f.java
High
CVSS:0
This App may request root (Super User) privileges.
MASVS: MSTG-RESILIENCE-1
CWE-250 Execution with Unnecessary Privileges
Files:
 io/sentry/android/core/util/RootChecker.java
Medium
CVSS:4.3
IP Address disclosure
MASVS: MSTG-CODE-2
CWE-200 Information Exposure
Files:
 com/datavisor/vangogh/e/b.java
com/clevertap/android/sdk/BuildConfig.java
com/datavisor/vangogh/c/a.java
com/akamai/android/sdk/internal/AkaNetworkQualityHandler.java
com/datavisor/vangogh/e/c.java
com/akamai/android/sdk/internal/AkaSessionHandler.java
com/akamai/android/sdk/internal/AkaConstants.java
com/nimbusds/jose/jwk/Curve.java
Low
CVSS:0
This App copies data to clipboard. Sensitive data should not be copied to clipboard as other applications can access it.
MASVS: MSTG-STORAGE-10
Files:
 defpackage/i5.java
f/b/m/h/a.java
f/a/a/a/g/n/g.java
com/library/zomato/ordering/webview/WebViewFragment.java
com/clevertap/android/sdk/CTInboxButtonClickListener.java
defpackage/j.java
com/application/zomato/red/nitro/unlockflow/view/GoldUnlockActivity.java
Pygal Germany: 1400 Ireland: 500 India: 100 Singapore: 100 United States: 3400

Map computed by Pithus.

Domains analysis

Information computed with MobSF.

US google.com 142.250.185.206
US googleads.g.doubleclick.net 142.250.186.162
api-sandbox.integ.amazon.com
US accounts.google.com 142.250.185.173
US googlemobileadssdk.page.link 142.250.185.174
DE www.zomato.com 104.109.82.145
DE accounts.zomato.com 2.16.30.245
US firebase.google.com 142.250.185.110
US developers.facebook.com 185.60.216.15
US firebase-settings.crashlytics.com 142.250.185.195
US www.example.com 93.184.216.34
US support.google.com 142.250.185.78
DE bnc.lt 143.204.209.86
api.integ.amazon.com
DE b.zmtcdn.com 104.75.89.139
DE foodatwork-api.e2z.co.in 104.126.37.179
US api2.branch.io 65.9.64.75
DE zpay.zomato.com 2.16.30.245
api.integ.amazon.co.jp
IN accounts.eks.zdev.net 35.154.150.70
IE api.sandbox.amazon.co.uk 54.239.33.202
US maps.googleapis.com 142.250.186.138
DE winecellar.zomato.com 2.16.186.154
api-preprod.amazon.co.jp
DE cdn.branch.io 143.204.98.52
SG zomato.com 54.251.207.230
US imasdk.googleapis.com 142.250.185.234
IE api.amazon.co.uk 54.239.33.207
US zomato-com-plenary-beach-838.firebaseio.com 35.201.97.85
US www.googleadservices.com 172.217.16.130
- shared-fe.pvoc-anaina.com 198.18.130.62
US facebook.com 185.60.216.35
US www.w3.org 128.30.52.100
US api.sandbox.amazon.com 54.239.28.194
DE api.zomato.com 104.109.82.145
.facebook.com
US goo.gl 172.217.16.142
US github.com 140.82.121.3
US apac.account.amazon.com 52.94.208.126
IE amazonpay.amazon.in 52.94.221.35
DE configuration-map.akamai.com 95.100.73.192
apac-account.integ.amazon.com
US api-preprod.amazon.com 54.239.22.20
US api.amazon.co.jp 54.240.251.149
DE manifest-map.akamai.com 95.100.73.192
US api-sandbox.amazon.co.jp 54.240.252.254
schemas.android.com
US www.world 52.10.254.154
US app-measurement.com 142.250.185.206
DE static.wizrocket.com 143.204.98.24
IE api-preprod.amazon.co.uk 54.239.35.44
DE fe-map-emea2.pvoc-anaina.com 23.45.109.126
US zoma.to 96.16.53.197
www.in
api-sandbox-jp.integ.amazon.com
US na.account.amazon.com 52.94.224.134
IE eu.account.amazon.com 52.94.220.9
na-account.integ.amazon.com
US xmlpull.org 74.50.62.60
reports.crashlytics.com
US www.style 44.229.82.45
US www.google.com 216.58.212.132
DE jumbo.zomato.com 104.109.82.145
api-sandbox.integ.amazon.co.uk
eu-account.integ.amazon.com
ns.adobe.com
US update.crashlytics.com