Moderate Risk

Threat level

com.facebook.lite

Lite

Analyzed on 2022-08-31T12:25:22.244801

53

permissions

16

activities

32

services

26

receivers

3

domains

File sums

MD5 a941b6c7e5db1e1f52b88109b080318d
SHA1 c6e3ca280f3526c9f61daa7d062c4e6e017c630b
SHA256 3d563083ec8a739c66b3aacf755cceea17e811d60826389d34b2572405c30c92
Size 2.0MB

APKiD

Information computed with APKiD.

/tmp/tmp3r3l7gvz!classes.dex
anti_vm
  • Build.FINGERPRINT check
compiler
  • unknown (please file detection issue!)

SSdeep

Information computed with ssdeep.

APK file 49152:hJ4EtCRCcZxqMHr9pEL5uw9C3d0ztoGKa3jSOBmOMup3:v49Pq0reuw9Id9zsjSOsO5p3
Manifest 768:U6rWM1AnK3SEUm2eOjxzBbic7/hHUQt+kpTYo9OdHfHN/p3c3KJITyNMA0A0iJg+:…
classes.dex 6144:7zxjN98SPOTXI/tSiGqQdZai1QBQetJBlg4alhIlFKMDNvRtau5ECEQ:fxeXIpQd…

Dexofuzzy

Information computed with Dexofuzzy.

APK file 384:d3V/2LxYdkZ1xYhxr/M5QVsjFVErivGxK46n8w1UdkjOcHxQ0fiJ+WWWWWALcTG:V…
classes.dex 384:d3V/2LxYdkZ1xYhxr/M5QVsjFVErivGxK46n8w1UdkjOcHxQ0fiJ+WWWWWALcTG:V…

APK details

Information computed with AndroGuard and Pithus.

Package com.facebook.lite
App name Lite
Version name 317.0.0.12.104
Version code 391859103
SDK 15 - 31
UAID 79cc550ee0002725d1108b4580200a40d6afa2fd
Signature Signature V1 Signature V2
Frosting Not frosted
Blocks found within V2 signature:
  • 0xff3b5998: Unknown
  • 0x7109871a: Unknown
  • 0x42726577: Verity padding

Certificate details

Information computed with AndroGuard.

MD5 3fad024f2dcbe3ee693c96f350f8e376
SHA1 8a3c4b262d721acd49a4bf97d5213199c86fa2b9
SHA256 e3f9e1e0cf99d0e56a055ba65e241b3399f7cea524326b0cdd6ec1327ed0fdc1
Issuer Common Name: Facebook Corporation, Organizational Unit: Facebook, Organization: Facebook Mobile, Locality: Palo Alto, State/Province: CA, Country: US
Not before 2009-08-31T21:52:16+00:00
Not after 2050-09-25T21:52:16+00:00

Manifest analysis

Information computed with MobSF.

Low App has a Network Security Configuration[android:networkSecurityConfig=@xml/fb_network_security_config]
The Network Security Configuration feature lets apps customize their network security settings in a safe, declarative configuration file without modifying app code. These settings can be configured for specific domains and for a specific app.
High Launch Mode of Activity (com.facebook.lite.MainActivity) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High Broadcast Receiver (com.facebook.lite.pretos.LiteAppComponentReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.facebook.lite.rtc.IncomingCallReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.facebook.lite.campaign.CampaignReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.facebook.lite.appManager.AppManagerReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.facebook.lite.deviceid.FbLitePhoneIdRequestReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.facebook.appupdate.DownloadCompleteReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Content Provider (com.facebook.lite.deviceid.FbLitePhoneIdProvider) is not Protected. [android:exported=true]
A Content Provider is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.facebook.lite.FbnsIntentService$CallbackReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.facebook.rti.push.service.MqttSystemBroadcastReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Content Provider (com.facebook.lite.photo.MediaContentProvider) is not Protected. [android:exported=true]
A Content Provider is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Content Provider (com.facebook.lite.diode.UserValuesProvider) is not Protected. [android:exported=true]
A Content Provider is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High TaskAffinity is set for Activity
(com.facebook.lite.ShortcutLauncherActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Launch Mode of Activity (com.facebook.lite.ShortcutLauncherActivity) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High Activity (com.facebook.lite.ShortcutLauncherActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High TaskAffinity is set for Activity
(com.facebook.lite.ShortcutActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Activity (com.facebook.lite.ShortcutActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High TaskAffinity is set for Activity
(com.facebook.lite.rtc.RTCActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Launch Mode of Activity (com.facebook.lite.rtc.RTCActivity) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High Launch Mode of Activity (com.facebook.lite.webviewrtc.RTCIncomingCallActivity) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High Launch Mode of Activity (com.facebook.lite.nativeRtc.NativeRtcCallActivity) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High Activity (com.facebook.lite.platform.LoginGDPDialogActivityV2) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.facebook.lite.deeplinking.activities.PermalinkPossiblePatternsActivityAlias) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.facebook.lite.deeplinking.activities.PermalinkAllLinksAlias) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.facebook.lite.deeplinking.activities.PermalinkRemoveRegTosLinksAlias) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.facebook.lite.deeplinking.activities.PermalinkFBLinksAlias) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.facebook.lite.deeplinking.UIQRE2EActivity) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.facebook.lite.deeplinking.activities.PermalinkLiteActivityAlias) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.facebook.lite.stories.activities.ShareToFbStoriesAlias) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.facebook.lite.stories.activities.ShareToFbMultiStoriesAlias) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.facebook.lite.composer.activities.ShareIntentMultiPhotoAlphabeticalAlias) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.facebook.lite.composer.activities.ShareIntentMultiPhotoGroupsAlias) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.facebook.lite.composer.activities.ShareIntentVideoGroupsAlias) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.facebook.lite.composer.activities.ShareIntentVideoAlphabeticalAlias) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.facebook.lite.composer.activities.ShareIntentMultiVideoAlphabeticalAlias) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.facebook.lite.deeplinking.activities.PermalinkWatchShortAlias) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.facebook.oxygen.preloads.sdk.firstparty.managedappcache.IsManagedAppReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.facebook.appmanager.ACCESS [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (com.facebook.secure.packagefinder.PackageFinderService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.google.android.gms.auth.api.signin.RevocationBoundService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.google.android.c2dm.permission.SEND [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
Medium High Intent Priority (999)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.

Browsable activities

Information computed with MobSF.

com.facebook.lite.MainActivity

Schemes: fblite://

Mime types: text/plain

com.facebook.lite.deeplinking.activities.PermalinkPossiblePatternsActivityAlias

Hosts: www.facebook.com m.facebook.com

Schemes: http:// https://

com.facebook.lite.deeplinking.activities.PermalinkAllLinksAlias

Hosts: www.facebook.com facebook.com m.facebook.com fb.com

Schemes: http:// https://

com.facebook.lite.deeplinking.activities.PermalinkRemoveRegTosLinksAlias

Hosts: www.facebook.com facebook.com m.facebook.com fb.com

Schemes: http:// https://

com.facebook.lite.deeplinking.activities.PermalinkFBLinksAlias

Schemes: fb://

com.facebook.lite.deeplinking.UIQRE2EActivity

Schemes: uiqr://

com.facebook.lite.deeplinking.activities.PermalinkLiteActivityAlias

Hosts: www.facebook.com m.facebook.com fb.com

Schemes: http:// https://

com.facebook.lite.deeplinking.activities.PermalinkWatchShortAlias

Hosts: fb.watch fbwat.ch

Schemes: http:// https://

Main Activity

Information computed with AndroGuard.

com.facebook.lite.MainActivity

Activities

Information computed with AndroGuard.

com.facebook.lite.MainActivity
com.facebook.lite.ShortcutLauncherActivity
com.facebook.lite.ShortcutActivity
com.facebook.lite.rtc.RTCActivity
com.facebook.lite.webviewrtc.RTCIncomingCallActivity
com.facebook.lite.nativeRtc.NativeRtcCallActivity
com.facebook.lite.media.AlbumGalleryActivity
com.facebook.lite.photo.PreviewActivity
com.facebook.lite.platform.LoginGDPDialogActivityV2
com.facebook.lite.storagemanager.ManageStorageActivity
com.facebook.lite.bugreporter.screencast.ScreencastActivity
com.facebook.lite.inappbrowser.common.BrowserLiteProxyActivity
com.facebook.browser.lite.BrowserLiteActivity
com.facebook.browser.lite.BrowserLiteInMainProcessActivity
com.facebook.lite.deeplinking.UIQRE2EActivity
com.google.android.gms.auth.api.signin.internal.SignInHubActivity

Receivers

Information computed with AndroGuard.

com.facebook.lite.pretos.LiteAppComponentReceiver
com.facebook.lite.rtc.IncomingCallReceiver
com.facebook.lite.campaign.CampaignReceiver
com.facebook.lite.appManager.AppManagerReceiver
com.facebook.lite.deviceid.FbLitePhoneIdRequestReceiver
com.facebook.appupdate.DownloadCompleteReceiver
com.facebook.lite.deviceid.FbLitePhoneIdUpdater$LocalBroadcastReceiver
com.facebook.lite.FbnsIntentService$CallbackReceiver
com.facebook.rti.push.service.MqttSystemBroadcastReceiver
com.facebook.lite.AppController$NetworkStateBroadcastReceiver
com.facebook.lite.notification.PushNotificationLogBroadcastReceiver
com.facebook.lite.shortcuts.ShortcutCreationReceiver
com.facebook.lite.notification.LocalNotificationLogBroadcastReceiver
com.facebook.lite.notification.widget.receiver.NotificationsWidgetProvider
com.facebook.lite.notification.NotificationsRemovalTimerReceiver
com.facebook.lite.browser.ChromeCustomTabsReceiver
com.facebook.lite.intent.IntentScheduler
com.facebook.lite.intent.WakefulIntentForwarder
com.facebook.lite.datausage.DataUsageBroadCastReceiver
com.facebook.lite.registration.EmptyAppNotifServiceReceiver
com.facebook.oxygen.preloads.sdk.firstparty.managedappcache.IsManagedAppFlag
com.facebook.oxygen.preloads.sdk.firstparty.managedappcache.IsManagedAppReceiver
com.facebook.oxygen.preloads.sdk.firstparty.settings.TosAcceptedFlag
com.facebook.lite.rtc.impl.receiver.NotificationActionReceiver
com.google.firebase.iid.FirebaseInstanceIdReceiver
com.facebook.analytics2.logger.HighPriUploadRetryReceiver

Services

Information computed with AndroGuard.

com.facebook.lite.ForegroundService
com.facebook.lite.webviewrtc.RTCService
com.facebook.lite.download.DownloadService
com.facebook.lite.FbnsIntentService
com.facebook.lite.FbnsForegroundService
com.facebook.analyticslite.memory.MemoryDumpUploadService
com.facebook.rti.push.service.FbnsService
com.facebook.lite.notification.LiteFirebaseMessagingService
com.facebook.lite.intent.WakefulIntentService
com.facebook.lite.service.SnoozeNotificationService
com.facebook.lite.service.NotificationLoggingService
com.facebook.lite.service.AppInitService
com.facebook.lite.service.TaskLifeDetectingService
com.facebook.lite.messagingapps.FirstPartyMessagingAppsDetectionService
com.facebook.lite.bugreporter.screencast.ScreencastService
com.facebook.lite.service.MediaUploadService
com.facebook.browser.lite.BrowserLiteIntentService
com.facebook.lite.browser.BrowserLiteCallbackService
com.facebook.appcomponentmanager.AppComponentManagerService
com.facebook.oxygen.preloads.sdk.firstparty.managedappcache.IsManagedAppCacheService
com.facebook.oxygen.preloads.sdk.firstparty.managedappcache.IsManagedAppCacheJobService
com.facebook.video.heroplayer.service.MainProcHeroService
com.facebook.video.heroplayer.service.HeroKeepAliveService
com.facebook.videolite.api.VideoUploadForegroundService
com.facebook.videolite.api.jobscheduler.UploadJobSchedulerService
com.facebook.secure.packagefinder.PackageFinderService
com.facebook.lite.rtc.impl.service.RtcService
com.google.firebase.messaging.FirebaseMessagingService
com.google.android.gms.auth.api.signin.RevocationBoundService
com.google.firebase.components.ComponentDiscoveryService
com.facebook.analytics2.logger.LollipopUploadService
com.facebook.analytics2.logger.AlarmBasedUploadService

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application invoke platform-provided DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['microphone', 'location', 'camera', 'network connectivity'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to ['address book', 'calendar'].
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit
FCS_RBG_EXT.2.1
FCS_RBG_EXT.2.2
The application perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using Hash_DRBG. The deterministic RBG is seeded by an entropy source that accumulates entropy from a platform-based DRBG and a software-based noise source, with a minimum of 256 bits of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate.
Random Bit Generation from Application
FCS_COP.1.1(2) The application perform cryptographic hashing services not in accordance with FCS_COP.1.1(2) and uses the cryptographic algorithm RC2/RC4/MD4/MD5.
Cryptographic Operation - Hashing
FCS_HTTPS_EXT.1.1 The application implement the HTTPS protocol that complies with RFC 2818.
HTTPS Protocol
FCS_HTTPS_EXT.1.2 The application implement HTTPS using TLS.
HTTPS Protocol
FCS_HTTPS_EXT.1.3 The application notify the user and not establish the connection or request application authorization to establish the connection if the peer certificate is deemed invalid.
HTTPS Protocol
FIA_X509_EXT.1.1 The application invoked platform-provided functionality to validate certificates in accordance with the following rules: ['The certificate path must terminate with a trusted CA certificate'].
X.509 Certificate Validation
FIA_X509_EXT.2.1 The application use X.509v3 certificates as defined by RFC 5280 to support authentication for HTTPS , TLS.
X.509 Certificate Authentication
FPT_TUD_EXT.2.1 The application shall be distributed using the format of the platform-supported package manager.
Integrity for Installation and Update

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 X/AnonymousClass07W.java
X/C014706h.java
X/AnonymousClass071.java
X/AnonymousClass07T.java
X/AnonymousClass01M.java
X/AnonymousClass090.java
X/AnonymousClass08W.java
X/AnonymousClass01C.java
X/C020408y.java
X/AnonymousClass07A.java
X/AnonymousClass04W.java
X/AnonymousClass04Z.java
X/C016006v.java
X/AnonymousClass02M.java
X/AnonymousClass00Q.java
X/AnonymousClass075.java
X/AnonymousClass04X.java
X/AnonymousClass07J.java
X/AnonymousClass070.java
X/AsyncTaskC007303c.java
Medium
CVSS:7.4
MD5 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 X/AnonymousClass08W.java
Medium
CVSS:7.5
The App uses an insecure Random Number Generator.
MASVS: MSTG-CRYPTO-6
CWE-330 Use of Insufficiently Random Values
M5: Insufficient Cryptography
Files:
 X/C016306z.java
X/AnonymousClass040.java
X/AnonymousClass02X.java
X/C017307q.java
High
CVSS:5.5
App can read/write to External Storage. Any App can read data written to External Storage.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 X/AnonymousClass01B.java
Medium
CVSS:5.9
SHA-1 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 X/AnonymousClass01N.java
Info
CVSS:0
This App uses SSL certificate pinning to detect or prevent MITM attacks in secure communication channel.
MASVS: MSTG-NETWORK-4
Files:
 X/AnonymousClass03J.java
X/AnonymousClass07Q.java
Medium
CVSS:4.3
IP Address disclosure
MASVS: MSTG-CODE-2
CWE-200 Information Exposure
Files:
 X/EnumC009003t.java
X/AnonymousClass07E.java
Pygal United States: 300

Map computed by Pithus.

Network analysis

Information computed with MobSF.

High Base config is insecurely configured to permit clear text traffic to all domains.
Scope: ['*']
Medium Base config is configured to trust system certificates.
Scope: ['*']
High Base config is configured to trust user installed certificates.
Scope: ['*']
High Base config is configured to bypass certificate pinning.
Scope: ['*']
Info Domain config is securely configured to disallow clear text traffic to these domains in scope.
Scope: ['facebook.com', 'fbcdn.net', 'fbsbx.com', 'facebookcorewwwi.onion', 'fbcdn23dssr3jqnq.onion', 'fbsbx2q4mvcl63pw.onion', 'instagram.com', 'cdninstagram.com', 'workplace.com', 'oculus.com', 'facebookvirtualassistant.com', 'discoverapp.com', 'freebasics.com', 'internet.org', 'viewpointsfromfacebook.com', 'h.facebook.com', 'l.facebook.com', 'l.alpha.facebook.com', 'lm.facebook.com', 'l.instagram.com']
Low Certificate pinning expires on 2023-07-1. After this date pinning will be disabled.[Pin: lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU= Digest: SHA-256,Pin: grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME= Digest: SHA-256,Pin: I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o= Digest: SHA-256,Pin: 8ca6Zwz8iOTfUpc8rkIPCgid1HQUT+WAbEIAZOFZEik= Digest: SHA-256,Pin: Fe7TOVlLME+M+Ee0dzcdjW/sYfTbKwGvWJ58U7Ncrkw= Digest: SHA-256,Pin: r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E= Digest: SHA-256,Pin: i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= Digest: SHA-256,Pin: uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc= Digest: SHA-256,Pin: PZXN3lRAy+8tBKk2Ox6F7jIlnzr2Yzmwqc3JnyfXoCw= Digest: SHA-256,Pin: WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18= Digest: SHA-256,Pin: Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw= Digest: SHA-256,Pin: K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q= Digest: SHA-256,Pin: iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0= Digest: SHA-256,Pin: cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A= Digest: SHA-256,Pin: q4PO2G2cbkZhZ82+JgmRUyGMoAeozA+BSXVXQWB8XWQ= Digest: SHA-256]
Scope: ['facebook.com', 'fbcdn.net', 'fbsbx.com', 'facebookcorewwwi.onion', 'fbcdn23dssr3jqnq.onion', 'fbsbx2q4mvcl63pw.onion', 'instagram.com', 'cdninstagram.com', 'workplace.com', 'oculus.com', 'facebookvirtualassistant.com', 'discoverapp.com', 'freebasics.com', 'internet.org', 'viewpointsfromfacebook.com', 'h.facebook.com', 'l.facebook.com', 'l.alpha.facebook.com', 'lm.facebook.com', 'l.instagram.com']
High Domain config is insecurely configured to permit clear text traffic to these domains in scope.
Scope: ['h.facebook.com', 'l.facebook.com', 'l.alpha.facebook.com', 'lm.facebook.com', 'l.instagram.com']
Info Certificate pinning does not have an expiry. Ensure that pins are updated before certificate expire.[]
Scope: ['h.facebook.com', 'l.facebook.com', 'l.alpha.facebook.com', 'lm.facebook.com', 'l.instagram.com']

Domains analysis

Information computed with MobSF.

US www.facebook.com 185.60.216.35
US m.facebook.com 185.60.216.35
US www.android.com 142.250.186.46

URL analysis

Information computed with MobSF.

http://www.android.com/
Defined in X/AnonymousClass07J.java
https://www.facebook.com/.well-known/assetlinks.json
https://m.facebook.com
https://www.facebook.com
Defined in Android String Resource
https://www.facebook.com/.well-known/assetlinks.json
https://m.facebook.com
https://www.facebook.com
Defined in Android String Resource
https://www.facebook.com/.well-known/assetlinks.json
https://m.facebook.com
https://www.facebook.com
Defined in Android String Resource

Permissions analysis

Information computed with MobSF.

High android.permission.ACCESS_COARSE_LOCATION coarse (network-based) location
Access coarse location sources, such as the mobile network database, to determine an approximate phone location, where available. Malicious applications can use this to determine approximately where you are.
High android.permission.ACCESS_FINE_LOCATION fine (GPS) location
Access fine location sources, such as the Global Positioning System on the phone, where available. Malicious applications can use this to determine where you are and may consume additional battery power.
High android.permission.CALL_PHONE directly call phone numbers
Allows the application to call phone numbers without your intervention. Malicious applications may cause unexpected calls on your phone bill. Note that this does not allow the application to call emergency numbers.
High android.permission.CAMERA take pictures and videos
Allows application to take pictures and videos with the camera. This allows the application to collect images that the camera is seeing at any time.
High android.permission.GET_TASKS retrieve running applications
Allows application to retrieve information about currently and recently running tasks. May allow malicious applications to discover private information about other applications.
High android.permission.READ_CALENDAR read calendar events
Allows an application to read all of the calendar events stored on your phone. Malicious applications can use this to send your calendar events to other people.
High android.permission.READ_CONTACTS read contact data
Allows an application to read all of the contact (address) data stored on your phone. Malicious applications can use this to send your data to other people.
High android.permission.GET_ACCOUNTS list accounts
Allows access to the list of accounts in the Accounts Service.
High android.permission.AUTHENTICATE_ACCOUNTS act as an account authenticator
Allows an application to use the account authenticator capabilities of the Account Manager, including creating accounts as well as obtaining and setting their passwords.
High android.permission.MANAGE_ACCOUNTS manage the accounts list
Allows an application to perform operations like adding and removing accounts and deleting their password.
High android.permission.READ_PHONE_STATE read phone state and identity
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on.
High android.permission.READ_PHONE_NUMBERS Allows read access to the device's phone number(s). This is a subset of the capabilities granted by READ_PHONE_STATE but is exposed to instant applications.
High android.permission.READ_PROFILE read the user's personal profile data
Allows an application to read the user's personal profile data.
High android.permission.RECORD_AUDIO record audio
Allows application to access the audio record path.
High android.permission.SYSTEM_ALERT_WINDOW display system-level alerts
Allows an application to show system-alert windows. Malicious applications can take over the entire screen of the phone.
High android.permission.WRITE_CALENDAR add or modify calendar events and send emails to guests
Allows an application to add or change the events on your calendar, which may send emails to guests. Malicious applications can use this to erase or modify your calendar events or to send emails to guests.
High android.permission.WRITE_CONTACTS write contact data
Allows an application to modify the contact (address) data stored on your phone. Malicious applications can use this to erase or modify your contact data.
High android.permission.WRITE_EXTERNAL_STORAGE read/modify/delete external storage contents
Allows an application to write to external storage.
Low android.permission.ACCESS_NETWORK_STATE view network status
Allows an application to view the status of all networks.
Low android.permission.ACCESS_WIFI_STATE view Wi-Fi status
Allows an application to view the information about the status of Wi-Fi.
Low android.permission.BROADCAST_STICKY send sticky broadcast
Allows an application to send sticky broadcasts, which remain after the broadcast ends. Malicious applications can make the phone slow or unstable by causing it to use too much memory.
Low android.permission.CHANGE_NETWORK_STATE change network connectivity
Allows applications to change network connectivity state.
Low android.permission.CHANGE_WIFI_STATE change Wi-Fi status
Allows an application to connect to and disconnect from Wi-Fi access points and to make changes to configured Wi-Fi networks.
Low android.permission.INTERNET full Internet access
Allows an application to create network sockets.
Low android.permission.RECEIVE_BOOT_COMPLETED automatically start at boot
Allows an application to start itself as soon as the system has finished booting. This can make it take longer to start the phone and allow the application to slow down the overall phone by always running.
Low android.permission.VIBRATE control vibrator
Allows the application to control the vibrator.
Low android.permission.WAKE_LOCK prevent phone from sleeping
Allows an application to prevent the phone from going to sleep.
Low com.sec.android.provider.badge.permission.WRITE Show notification count on app
Show notification count or badge on application launch icon for samsung phones.
Low com.sec.android.provider.badge.permission.READ Show notification count on app
Show notification count or badge on application launch icon for samsung phones.
Low com.htc.launcher.permission.READ_SETTINGS Show notification count on app
Show notification count or badge on application launch icon for htc phones.
Low com.htc.launcher.permission.UPDATE_SHORTCUT Show notification count on app
Show notification count or badge on application launch icon for htc phones.
Low com.sonyericsson.home.permission.BROADCAST_BADGE Show notification count on app
Show notification count or badge on application launch icon for sony phones.
Low com.sonymobile.home.permission.PROVIDER_INSERT_BADGE Show notification count on app
Show notification count or badge on application launch icon for sony phones.
Low com.huawei.android.launcher.permission.CHANGE_BADGE Show notification count on app
Show notification count or badge on application launch icon for huawei phones.
Low com.huawei.android.launcher.permission.READ_SETTINGS Show notification count on app
Show notification count or badge on application launch icon for huawei phones.
Low com.huawei.android.launcher.permission.WRITE_SETTINGS Show notification count on app
Show notification count or badge on application launch icon for huawei phones.
Low com.oppo.launcher.permission.READ_SETTINGS Show notification count on app
Show notification count or badge on application launch icon for oppo phones.
Low com.oppo.launcher.permission.WRITE_SETTINGS Show notification count on app
Show notification count or badge on application launch icon for oppo phones.
Low android.permission.REORDER_TASKS reorder applications running
Allows an application to move tasks to the foreground and background. Malicious applications can force themselves to the front without your control.
Low android.permission.USE_FULL_SCREEN_INTENT Required for apps targeting Build.VERSION_CODES.Q that want to use notification full screen intents.
Low android.permission.FOREGROUND_SERVICE Allows a regular application to use Service.startForeground.
Medium android.permission.BATTERY_STATS modify battery statistics
Allows the modification of collected battery statistics. Not for use by common applications.
Medium com.google.android.c2dm.permission.RECEIVE C2DM permissions
Permission for cloud to device messaging.
com.android.launcher.permission.INSTALL_SHORTCUT Unknown permission
Unknown permission from android reference
com.android.launcher.permission.UNINSTALL_SHORTCUT Unknown permission
Unknown permission from android reference
com.facebook.receiver.permission.ACCESS Unknown permission
Unknown permission from android reference
com.facebook.katana.provider.ACCESS Unknown permission
Unknown permission from android reference
com.facebook.orca.provider.ACCESS Unknown permission
Unknown permission from android reference
com.facebook.mlite.provider.ACCESS Unknown permission
Unknown permission from android reference
com.facebook.wakizashi.provider.ACCESS Unknown permission
Unknown permission from android reference
com.facebook.permission.prod.FB_APP_COMMUNICATION Unknown permission
Unknown permission from android reference
com.facebook.services.identity.FEO2 Unknown permission
Unknown permission from android reference
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE Unknown permission
Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Method reflection
Confidence:
100%
Monitor the broadcast action events (BOOT_COMPLETED)
Confidence:
100%
Method reflection
Confidence:
100%
Hide the current app's icon
Confidence:
100%
Initialize class object dynamically
Confidence:
80%
Find a method from given class name, usually for reflection
Confidence:
80%
Read file and put it into a stream
Confidence:
80%
Get declared method from given method name

Behavior analysis

Information computed with MobSF.

Base64 decode
       X/C016106x.java
X/C007703g.java
X/AnonymousClass060.java
X/AnonymousClass03H.java
Base64 encode
       X/AnonymousClass01N.java
X/C016106x.java
X/C007703g.java
X/C000900j.java
X/AnonymousClass03H.java
Content provider
       X/AnonymousClass01O.java
X/AnonymousClass00O.java
Execute os command
       X/AnonymousClass02M.java
X/AnonymousClass04I.java
Get system service
       X/RunnableC004401y.java
X/C005402i.java
X/AnonymousClass00I.java
X/C000800i.java
X/AnonymousClass03Z.java
X/AnonymousClass06O.java
X/AnonymousClass04F.java
X/AbstractC008603p.java
X/AnonymousClass03U.java
Http connection
       X/C005402i.java
X/C005302h.java
X/AnonymousClass07Q.java
Https connection
       X/C005302h.java
X/AnonymousClass07Q.java
Inter process communication
       X/C007503e.java
X/AnonymousClass06Z.java
X/AnonymousClass06V.java
X/C016106x.java
X/AnonymousClass060.java
X/AbstractC007103a.java
X/AnonymousClass018.java
X/job_JobServiceEngineC007203b.java
X/AnonymousClass01U.java
X/AnonymousClass07N.java
X/AnonymousClass03Y.java
X/AnonymousClass06B.java
X/C014006a.java
X/AnonymousClass04Q.java
X/AnonymousClass05K.java
X/AnonymousClass05L.java
X/AnonymousClass03Z.java
X/AnonymousClass070.java
X/AnonymousClass017.java
X/AnonymousClass04F.java
X/AsyncTaskC007303c.java
X/AnonymousClass062.java
X/AbstractC007403d.java
Java reflection
       X/AnonymousClass07W.java
X/C015306n.java
X/AnonymousClass071.java
X/AnonymousClass077.java
X/C002901g.java
X/AnonymousClass00T.java
X/C014806i.java
X/AnonymousClass01S.java
X/AnonymousClass008.java
X/AnonymousClass08W.java
X/AnonymousClass00O.java
X/C014906j.java
X/AnonymousClass00U.java
X/AnonymousClass04g.java
X/C010704t.java
X/AnonymousClass01I.java
X/AnonymousClass00H.java
X/AnonymousClass07J.java
X/AnonymousClass06W.java
Load and manipulate dex files
       X/C010704t.java
X/AnonymousClass00H.java
X/AnonymousClass008.java
Loading native code (shared library)
       X/AnonymousClass08W.java
X/AnonymousClass07J.java
Local file i/o operations
       X/C016306z.java
X/AnonymousClass076.java
X/AnonymousClass07O.java
X/AnonymousClass097.java
X/C009103u.java
X/AnonymousClass090.java
X/AnonymousClass070.java
X/C011905f.java
Message digest
       X/AnonymousClass01N.java
X/AnonymousClass08W.java
X/AnonymousClass03H.java
Starting service
       X/AnonymousClass04F.java
Tcp socket
       X/AnonymousClass08Q.java
X/AnonymousClass01S.java
X/AnonymousClass01K.java
X/AnonymousClass01M.java
X/AnonymousClass090.java
X/AnonymousClass09N.java

Control flow graphs analysis

Information computed by Pithus.

The application probably dynamically loads code

The application probably gets the network connections information

The application probably sends data over HTTP/S

The application probably executes OS commands

The application probably gets memory and CPU information