Moderate Risk

Threat level

com.iqqijni.dv12key

12Key-Keyboard

Analyzed on 2021-04-15T15:30:17.435697

1

permissions

1

activities

1

services

0

receivers

0

domains

File sums

MD5 1407a3caf9e077459d8092674c82b93d
SHA1 e07adbebe91b20597d9376b0c3806da5a06bbccd
SHA256 41029c7f5b4771a4d4ba81bef42bbc047d63a198cbdfd3e1698d1fcb0cffc334
Size 61.28MB

APKiD

Information computed with APKiD.

/tmp/tmp5ydyp3n5!classes.dex
compiler
  • r8

SSdeep

Information computed with ssdeep.

APK file 1572864:e2JJtX3g3sOo6dRKZzwEFF4lAFsd8JoVPVv:e2JJJZOouRKZslAmdsI
Manifest 96:YbVMU12x6ejr/oYjhXLT0TSTDTT9SqD5DqE2otGhtx8FCE:I+6ejDoYjhXLgG3P9SQLStx8FCE
classes.dex 49152:qnjGLQCozMBggXanNhMKfjK62mfe8E4kYyO3ZKpNSl225xI/O:c2QtMBKNhRK62inB

Dexofuzzy

Information computed with Dexofuzzy.

APK file 768:SwGR2iPzx5hYAOW00k6TyTQinxUKhe/S/viWFRllVVVpAyGuereU17MGnBUEHj+p:IbPd5Xv00eTQ8xUDS/vTF
classes.dex 768:SwGR2iPzx5hYAOW00k6TyTQinxUKhe/S/viWFRllVVVpAyGuereU17MGnBUEHj+p:IbPd5Xv00eTQ8xUDS/vTF

APK details

Information computed with AndroGuard and Pithus.

Package com.iqqijni.dv12key
App name 12Key-Keyboard
Version name 2020.10.30-1.75
Version code 175
SDK 16 - 26
UAID 9752ae3c81945ef2b6d1cdeba4c6e68a7b3cbf8f
Signature Signature V1
Frosting Not frosted

Certificate details

Information computed with AndroGuard.

MD5 85d519a763edb626edc8ad213c008875
SHA1 9826bfdda78c176897d6922a0eb7bab866b93c46
SHA256 d24c9c3f4379b8070310617c96a87c88618dfb5297b2ebb8da39d45e2d13dac9
Issuer Common Name: IQQI, Organizational Unit: IQ Technology Inc., Organization: IQ, Locality: Taipei Xizhi
Not before 2010-12-06T04:19:15+00:00
Not after 2110-11-12T04:19:15+00:00

Manifest analysis

Information computed with MobSF.

Medium Application Data can be Backed up[android:allowBackup=true]
This flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
High Service (com.iqqijni.dv12key.keyboard_service.view.HDKeyboardService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_INPUT_METHOD [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.

Activities

Information computed with AndroGuard.

com.iqqijni.dv12key.activity.SettingsActivity

Services

Information computed with AndroGuard.

com.iqqijni.dv12key.keyboard_service.view.HDKeyboardService

Similar samples

Information computed by Pithus.

SHA256 Similarity
41029c7f5b4771a4d4ba81bef42bbc047d63a198cbdfd3e1698d1fcb0cffc334
100%

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to no hardware resources.
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has no network communications.
Network Communications
FDP_DAR_EXT.1.1 The application implement functionality to encrypt sensitive data in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit
FCS_CKM.1.1(3)
FCS_CKM.1.2(3)
A password/passphrase shall perform [Password-based Key Derivation Functions] in accordance with a specified cryptographic algorithm..
Password Conditioning

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 com/iqqijni/dv12key/keyboard_service/model/language/LanguageModel.java
com/iqqijni/dv12key/keyboard_service/model/external_config/ExternalConfigModel.java
com/iqqijni/dv12key/keyboard_service/presenter/ServicePresenterCompl.java
com/iqqijni/dv12key/keyboard_service/model/keyboard_aciton/language/base/PinYinActionModel.java
com/iqqijni/dv12key/keyboard_service/model/polling_table/PollingTableModel.java
com/iqqijni/dv12key/tools/kikaLog.java
com/iqqijni/dv12key/tools/Tools.java
com/iqqijni/dv12key/keyboard_service/model/keyboard_aciton/language/pinyin/korean/KoreanComposingBuffer.java
com/snatik/storage/security/SecurityUtil.java
com/readystatesoftware/sqliteasset/SQLiteAssetHelper.java
com/iqqijni/dv12key/keyboard_service/model/keyboard_aciton/language/latin/republic_of_India/hindi/Hindi12KeyActionModel.java
com/iqqijni/dv12key/receiver/IMEReceiver.java
com/iqqijni/dv12key/keyboard_service/model/keyboard_aciton/language/pinyin/japanese/JapaneseActionModel.java
com/iqqijni/dv12key/keyboard_service/model/spell_checker/OneZhuyinSpellCheckerModel.java
com/iqqijni/dv12key/keyboard_service/model/keyboard_aciton/language/base/LatinActionModel.java
com/readystatesoftware/sqliteasset/Utils.java
com/iqqijni/dv12key/keyboard_service/model/symbol_table/SymbolTableModel.java
com/readystatesoftware/sqliteasset/VersionComparator.java
com/snatik/storage/EncryptConfiguration.java
com/iqqijni/dv12key/keyboard_service/view/HDKeyboardService.java
com/snatik/storage/Storage.java
com/iqqijni/dv12key/keyboard_service/model/spell_checker/SpellCheckerModel.java
com/iqqijni/dv12key/keyboard_service/model/keyboard_aciton/language/base/KeyboardActionModel.java
High
CVSS:5.9
SHA-1 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 com/snatik/storage/EncryptConfiguration.java
High
CVSS:7.4
Files may contain hardcoded sensitive informations like usernames, passwords, keys etc.
MASVS: MSTG-STORAGE-14
CWE-312 Cleartext Storage of Sensitive Information
M9: Reverse Engineering
Files:
 com/iqqijni/dv12key/keyboard_service/model/external_config/ExternalConfigModel.java
com/iqqijni/dv12key/keyboard_service/model/external_config/ExternalConfig.java
com/iqqijni/dv12key/keyboard_service/model/language/Language.java
High
CVSS:5.5
App can read/write to External Storage. Any App can read data written to External Storage.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 com/snatik/storage/Storage.java
High
CVSS:5.9
App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
M7: Client Code Quality
Files:
 com/readystatesoftware/sqliteasset/SQLiteAssetHelper.java

Permissions analysis

Information computed with MobSF.

High android.permission.READ_USER_DICTIONARY read user-defined dictionary
Allows an application to read any private words, names and phrases that the user may have stored in the user dictionary.

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Implicit intent(view a web page, make a phone call, etc.)
Confidence:
100%
Find a method from given class name, usually for reflection
Confidence:
100%
Method reflection
Confidence:
100%
Load class from given class name
Confidence:
100%
Retrieve data from broadcast
Confidence:
100%
Read sensitive data(SMS, CALLLOG, etc)
Confidence:
100%
Monitor the broadcast action events (BOOT_COMPLETED)
Confidence:
100%
Read file from assets directory
Confidence:
100%
Get last known location of the device
Confidence:
100%
Get location of the device
Confidence:
100%
Method reflection
Confidence:
100%
Get the time of current location
Confidence:
100%
Initialize class object dynamically
Confidence:
100%
Get specific method from other Dex files
Confidence:
80%
Load external class
Confidence:
80%
Read file and put it into a stream
Confidence:
80%
Implicit intent(view a web page, make a phone call, etc.) via setData
Confidence:
80%
Get absolute path of the file and store in string
Confidence:
80%
Get resource file from res/raw directory

Behavior analysis

Information computed with MobSF.

Crypto
       com/snatik/storage/EncryptConfiguration.java
com/snatik/storage/security/SecurityUtil.java
Get system service
       com/iqqijni/dv12key/activity/SettingsActivity.java
com/iqqijni/dv12key/tools/Tools.java
Inter process communication
       com/iqqijni/dv12key/keyboard_service/model/recongnize_speech/RecognizeSpeechModel.java
com/iqqijni/dv12key/keyboard_service/view/HDKeyboardService.java
com/iqqijni/dv12key/tools/Tools.java
com/iqqijni/dv12key/receiver/IMEReceiver.java
Loading native code (shared library)
       iqt/iqqi/inputmethod/Resource/iqqijni.java
kika/qwt9/inputmethod/Resource/qwt9ini.java
Local file i/o operations
       com/iqqijni/dv12key/keyboard_service/model/language/LanguageModel.java
com/iqqijni/dv12key/keyboard_service/model/symbol_table/SymbolTableModel.java
com/iqqijni/dv12key/keyboard_service/view/HDKeyboardService.java
com/iqqijni/dv12key/tools/Tools.java
com/snatik/storage/Storage.java
com/iqqijni/dv12key/keyboard_service/model/spell_checker/SpellCheckerModel.java
com/iqqijni/dv12key/receiver/IMEReceiver.java
com/iqqijni/dv12key/keyboard_service/model/settings/SettingsModel.java
Starting activity
       com/iqqijni/dv12key/tools/Tools.java