Moderate Risk

Threat level

bou.amine.apps.readerforselfossv2.android

Reader for Selfoss

Analyzed on 2022-09-09T09:21:08.683015

5

permissions

10

activities

4

services

8

receivers

157

domains

File sums

MD5 114d6849b076a3f85b9a27f0ea02330b
SHA1 3f6e1b080a27b14aaaf77a929d00b05142e91bcf
SHA256 4943e12c41a44581358c0c1907782738d0777e654163c722c958ba8ca23a217c
Size 5.51MB

APKiD

Information computed with APKiD.

/tmp/tmpzyshtnhr!classes.dex
anti_vm
  • Build.FINGERPRINT check
  • Build.MANUFACTURER check
compiler
  • dx
/tmp/tmpzyshtnhr!classes2.dex
compiler
  • r8 without marker (suspicious)
/tmp/tmpzyshtnhr!classes3.dex
compiler
  • dx

SSdeep

Information computed with ssdeep.

APK file 98304:d+bo7Mc4AXJAuNJuRCS0QPV1ueBOALtA2cfrPpyAzYBT1fZJ:UbHJcoRCS0QPV1vOAL2G1fZJ
Manifest 384:+5nyRxcKE6X5iSbntu1TmRzetyO7M8+tjdXza4FO4z+TtrTFu0HQqxRs8SQSyPmG:…
classes.dex 98304:LVhmYE32+FSASAhTvbQe3WWxgGNxTPgblYr:LVhm2/RWxgGNxTPgblYr
classes2.dex 6144:fdRyAPu7jwmfBfwhbWhcsMVNZECEa0XXGGNNFZg1kDBkyuqQwcH7uxcUMlIF:n9P…
classes3.dex 24576:75Itmi88v+w3wmw908Gowhlpzd+e3aHiga28ibovU8rrS:LiXF9xhlpzd+e3vib…

Dexofuzzy

Information computed with Dexofuzzy.

APK file 6144:NcQuyVGNllQUoSFz7tWGZipSqbblO4RhmpY9:Nc5xQvS5ZkS76
classes.dex 3072:NhemcZOuypzoORlQlwu8zNAlO4WUopPr3bSFk47GtCW66IXpi8Y6sSojp:NcQuyV…
classes2.dex 768:gPgkFWVPn8oFzfR6sWp3P5F/F/03Zk/HwD2xkbblM+ap4OTTrC4Oua1:gPgkFWVPn…
classes3.dex 1536:y3Sn/vXHwJeuE3n/CseAyDkRPSyY7vLm1u2S14RRo8:aheX/phSB7vUuH4Rb

APK details

Information computed with AndroGuard and Pithus.

Package bou.amine.apps.readerforselfossv2.android
App name Reader for Selfoss
Version name 122092503-github
Version code 122092503
SDK 21 - 31
UAID fa86b2bea907621c7486df6e8202648fce8713d1
Signature Signature V1 Signature V2 Signature V3
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0xf05368c0: Unknown
  • 0x42726577: Verity padding

Certificate details

Information computed with AndroGuard.

MD5 8cdb164262b7b688de7846999530e818
SHA1 6080d5e438b1052908a0fb90bb21a374e77fea37
SHA256 cfc7f4682c566685c30bc2326d47833660cf1186a5ae13bdfcd2de64e82722e8
Issuer Common Name: buildserver_licaon, Organizational Unit: F-Droid
Not before 2022-09-09T09:18:08+00:00
Not after 2050-01-25T09:18:08+00:00

Manifest analysis

Information computed with MobSF.

Low App has a Network Security Configuration[android:networkSecurityConfig=@xml/network_security_config]
The Network Security Configuration feature lets apps customize their network security settings in a safe, declarative configuration file without modifying app code. These settings can be configured for specific domains and for a specific app.
High Activity (bou.amine.apps.readerforselfossv2.android.AddSourceActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (androidx.work.impl.background.systemjob.SystemJobService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.DUMP [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.

Main Activity

Information computed with AndroGuard.

bou.amine.apps.readerforselfossv2.android.MainActivity

Activities

Information computed with AndroGuard.

bou.amine.apps.readerforselfossv2.android.MainActivity
bou.amine.apps.readerforselfossv2.android.LoginActivity
bou.amine.apps.readerforselfossv2.android.HomeActivity
bou.amine.apps.readerforselfossv2.android.settings.SettingsActivity
bou.amine.apps.readerforselfossv2.android.SourcesActivity
bou.amine.apps.readerforselfossv2.android.AddSourceActivity
bou.amine.apps.readerforselfossv2.android.ReaderActivity
bou.amine.apps.readerforselfossv2.android.ImageActivity
com.mikepenz.aboutlibraries.ui.LibsActivity
com.ftinc.scoop.ui.ScoopSettingsActivity

Receivers

Information computed with AndroGuard.

androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy
androidx.work.impl.background.systemalarm.RescheduleReceiver
androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver
androidx.work.impl.diagnostics.DiagnosticsReceiver

Services

Information computed with AndroGuard.

androidx.work.impl.background.systemalarm.SystemAlarmService
androidx.work.impl.background.systemjob.SystemJobService
androidx.work.impl.foreground.SystemForegroundService
androidx.room.MultiInstanceInvalidationService

Hunting matches

Information computed by Pithus.

Yara ruleset: mail
with_urls
matching files:
/classes3.dex

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application invoke platform-provided DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['network connectivity'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit
FCS_RBG_EXT.2.1
FCS_RBG_EXT.2.2
The application perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using Hash_DRBG. The deterministic RBG is seeded by an entropy source that accumulates entropy from a platform-based DRBG and a software-based noise source, with a minimum of 256 bits of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate.
Random Bit Generation from Application
FCS_COP.1.1(2) The application perform cryptographic hashing services in accordance with a specified cryptographic algorithm SHA-1/SHA-256/SHA-384/SHA-512 and message digest sizes 160/256/384/512 bits.
Cryptographic Operation - Hashing
FCS_HTTPS_EXT.1.1 The application implement the HTTPS protocol that complies with RFC 2818.
HTTPS Protocol
FCS_HTTPS_EXT.1.2 The application implement HTTPS using TLS.
HTTPS Protocol
FCS_HTTPS_EXT.1.3 The application notify the user and not establish the connection or request application authorization to establish the connection if the peer certificate is deemed invalid.
HTTPS Protocol
FIA_X509_EXT.2.1 The application use X.509v3 certificates as defined by RFC 5280 to support authentication for HTTPS , TLS.
X.509 Certificate Authentication

Code analysis

Information computed with MobSF.

Medium
CVSS:7.5
The App uses an insecure Random Number Generator.
MASVS: MSTG-CRYPTO-6
CWE-330 Use of Insufficiently Random Values
M5: Insufficient Cryptography
Files:
 a2/a.java
q7/a.java
j$/util/concurrent/ThreadLocalRandom.java
r7/a.java
q7/b.java
Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 v/a.java
v2/a.java
n3/h.java
com/bumptech/glide/manager/d.java
j2/o.java
j2/i.java
o2/d.java
r4/f.java
y2/d.java
com/bumptech/glide/manager/e.java
j2/g.java
com/bumptech/glide/manager/SupportRequestManagerFragment.java
h2/j.java
o2/r.java
o2/f.java
w4/b.java
w4/s.java
o9/h.java
o2/c.java
k2/i.java
f2/a.java
q5/b.java
b0/c.java
h2/a.java
r2/n.java
e2/e.java
j2/w.java
r4/d.java
r2/j.java
q/d.java
o1/b.java
l2/e.java
a4/d.java
i2/c.java
t8/c.java
o2/s.java
v2/i.java
r2/d.java
j2/f.java
c2/c.java
d4/g.java
e2/d.java
o0/a.java
s0/l.java
b5/g.java
m2/a.java
m3/a.java
g0/c.java
r4/c.java
b4/b.java
com/jaredrummler/android/colorpicker/ColorPickerDialog.java
a3/h.java
j5/a.java
p0/d0.java
r2/l.java
j/g.java
g0/a.java
h2/h.java
f3/a.java
l2/i.java
r2/r.java
v2/d.java
k2/j.java
l0/c.java
k/c.java
b3/i.java
y/c.java
Medium
CVSS:7.4
Files may contain hardcoded sensitive information like usernames, passwords, keys etc.
MASVS: MSTG-STORAGE-14
CWE-312 Cleartext Storage of Sensitive Information
M9: Reverse Engineering
Files:
 f8/q0.java
j2/u.java
g2/i.java
w1/a.java
j2/n.java
j2/b.java
Medium
CVSS:5.9
App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
M7: Client Code Quality
Files:
 m0/a.java
Info
CVSS:0
This App uses SSL certificate pinning to detect or prevent MITM attacks in secure communication channel.
MASVS: MSTG-NETWORK-4
Files:
 s8/g.java
s8/h.java
s8/d.java
s8/c.java
Medium
CVSS:5.5
App creates temp file. Sensitive information should never be written into a temp file.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 g0/c.java
Pygal Australia: 200 Canada: 100 Switzerland: 200 China: 100 Czech Republic: 200 Germany: 900 Spain: 600 Finland: 100 France: 500 United Kingdom: 200 Italy: 100 Korea, Republic of: 200 Lithuania: 100 Netherlands: 300 Poland: 100 Russian Federation: 100 Sweden: 100 Singapore: 200 United States: 10600

Map computed by Pithus.

Network analysis

Information computed with MobSF.

High Base config is insecurely configured to permit clear text traffic to all domains.
Scope: ['*']

Domains analysis

Information computed with MobSF.

US joda-time.sourceforge.net 204.68.111.100
US mozilla.org 44.236.72.93
US creativecommons.org 172.67.34.140
US moove-it.com 54.148.64.88
US google.com 172.217.16.206
US wasabeef.jp 151.101.65.195
US reactivex.io 185.199.111.153
US google.github.io 185.199.111.153
US fabric.io 216.239.32.29
DE www.wix.com 35.242.251.130
US aidanfollestad.com 216.239.32.21
US wiresareobsolete.com 151.101.1.195
US jeffgilfelt.com 54.161.222.85
US inthecheesefactory.com 104.21.5.227
US libphonenumber.googlecode.com 142.251.5.82
US news.google.com 142.250.185.174
GB www.jetbrains.org 52.222.236.105
US mixpanel.com 35.188.216.35
US commons.apache.org 151.101.2.132
US gitlab.com 172.65.251.78
US satyan.github.io 185.199.108.153
US ksoichiro.blogspot.pt 142.250.184.225
US www.akexorcist.com 142.250.185.115
www.daniel-stone.uk
US apache.org 151.101.2.132
ES jaredrummler.com 188.114.96.3
DE axelrindle.de 91.216.248.22
www.answers.io
US www.threeten.org 185.199.110.153
US android.googlesource.com 66.102.1.82
FR jscience.org 109.234.160.142
US devbrackets.com 208.113.196.188
US airbnb.com 52.71.105.113
NL trello.com 185.166.143.26
FR www.amine-louveau.fr 37.59.55.203
US www.fabric.io 216.239.32.29
US about.me 172.67.22.49
PL wittchen.biz.pl 91.237.52.33
US www.javadude.nl 216.239.32.21
SE emilsjolander.se 185.76.64.185
SG 2359media.com 54.251.229.160
US www.crashlytics.com 142.250.181.238
US www.example.com 93.184.216.34
US www.facebook.com 185.60.216.35
US roomorama.com 199.59.243.222
FR gitea.amine-louveau.fr 37.59.55.203
chris.banes.me
US uber.github.io 185.199.111.153
US www.kunzisoft.com 185.199.108.153
US mixpanel.github.io 185.199.109.153
US code.google.com 172.217.16.206
wiki.fasterxml.com
US saket.me 66.85.47.200
paymill.com
US www.activeandroid.com 107.170.99.102
US www.michaelpardo.com 185.199.110.153
CZ yalantis.com 13.32.121.14
AU www.bouncycastle.org 203.32.61.103
US fasterxml.com 52.216.33.109
US www.apache.org 151.101.2.132
US ksoichiro.github.io 185.199.111.153
US luke.klinker.xyz 185.199.110.153
US actionbarsherlock.com 192.30.252.153
US blog.wiresareobsolete.com 142.250.185.115
US source.android.com 142.250.185.78
US xipdev.wordpress.com 192.0.78.12
US markusamshove.github.io 185.199.108.153
US relex.me 69.49.234.166
CH www.qos.ch 83.173.251.158
CN baoyz.com 118.24.62.125
US kingja.github.io 185.199.110.153
US bluelinelabs.com 104.236.238.202
US robolectric.org 192.30.252.153
KR path.com 27.0.237.47
RU daimajia.com 79.133.177.218
ES code-troopers.com 188.114.97.3
US www.williammora.com 185.199.111.153
DE siyamed.com 185.53.178.51
DE www.microsoft.com 2.18.233.62
US danlew.net 216.239.32.21
JP jhy.io 172.67.221.133
US mina.apache.org 151.101.2.132
US scripts.sil.org 104.22.11.254
US blog.zhanghai.me 185.199.111.153
ES www.joanzapata.com 188.114.96.3
US jakewharton.github.io 185.199.108.153
US www.npgall.com 142.250.184.211
US jakewharton.com 52.222.214.34
US orhanobut.com 107.148.137.94
US amlcurran.github.io 185.199.111.153
DE stfalcon.com 167.233.14.214
NL su.chainfire.eu 5.79.66.53
US crwd.in 35.168.182.129
IT www.gotev.net 217.64.195.207
US ktor.io 18.66.147.4
US realm.io 108.156.60.107
US airbnb.io 185.199.109.153
US developer.android.com 142.250.185.238
US www.jetbrains.com 18.66.97.10
US square.github.io 185.199.109.153
US rtyley.github.io 185.199.111.153
US opensource.org 104.21.84.214
US gmariotti.blogspot.it 142.250.181.225
DE cloudrail.com 18.185.63.54
CA www.eclipse.org 198.41.30.198
US mikepenz.com 172.67.141.197
NL hockeyapp.net 40.68.213.90
GB www.linkedin.com 13.107.42.14