0/63

Threat

com.google.android.apps.restore

Data Restore Tool

Analyzed on 2022-06-22T03:08:04.742838

32

permissions

13

activities

13

services

15

receivers

14

domains

File sums

MD5 24f64a5512d0798eef1071d509e4254e
SHA1 420624fdd5e826c4ca9b0e5a32b0bf99d47cd2e2
SHA256 4956b6024d83ebf6b921ab4f10b89dc24474f513f5dea3e4d5630712fb18fd24
Size 9.05MB

APKiD

Information computed with APKiD.

/tmp/tmpclq1apyq
anti_disassembly
  • illegal class name
/tmp/tmpclq1apyq!classes.dex
anti_disassembly
  • illegal class name
anti_vm
  • Build.FINGERPRINT check
  • Build.MANUFACTURER check
  • Build.HARDWARE check
  • Build.TAGS check
compiler
  • r8 without marker (suspicious)
/tmp/tmpclq1apyq!classes2.dex
compiler
  • r8 without marker (suspicious)

SSdeep

Information computed with ssdeep.

APK file 98304:nuxLuRKSBUIWmmVeuy+/t2rOMkZUF3mF7Y0Vg2/u84:ux02mnuy+/tL7Y0Vg2284
Manifest 768:KbeRxcKE6X1SbnBVTm9OUyY3oelty1fK9RdbGAvDXJtCNBuUmpz7F/z+TtrTFu0I:…
classes.dex 49152:Tux6KuRqpGqivMn/xLKsJ+PUossgNT8WmmVek:TuxLuRKSBUIWmmVek
classes2.dex 6144:2FzPYV4U/Pl17/YHXe9YTO7uDzojwM4H335Rllvo8Cwvk8+GE:MyPv7WOZZ

Dexofuzzy

Information computed with Dexofuzzy.

APK file 6144:HDrorb/lfbKrC7eJ08Ojsxit2ECOYhIhsS:gr19DhY0t
classes.dex 3072:HaK2hEorb/JffbKrPCV8iaVvJbQ8ktbXsC7Maht2M1COY3wyns:HDrorb/lfbKrC…
classes2.dex 384:638d4eLEFUXmzAWirIuTXdIUrSZb6GRYrTt:604KEFyz1IjDRYrB

APK details

Information computed with AndroGuard and Pithus.

Package com.google.android.apps.restore
App name Data Restore Tool
Version name 1.0.412254046
Version code 31772
SDK 28 - 31
UAID 5629cbd5a7c18bb4e5ede68bd2470e5e1e9d1044
Signature Signature V1 Signature V2 Signature V3
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0xf05368c0: Unknown
  • 0x6dff800d: Source stamp V2 X509 cert
  • 0x42726577: Verity padding

Certificate details

Information computed with AndroGuard.

MD5 ddf6373b278f316dcad73cd20cc8eb49
SHA1 19da94896ce4078c38ca695701f1dec741ec6d67
SHA256 56be132b780656fe2444cd34326eb5d7aac91d2096abf0fe673a99270622ec87
Issuer Common Name: Android, Organizational Unit: Android, Organization: Google Inc., Locality: Mountain View, State/Province: California, Country: US
Not before 2018-01-16T00:57:29+00:00
Not after 2048-01-16T00:57:29+00:00

File Analysis

Information computed with MobSF.

Findings Files
Certificate/Key files hardcoded inside the app. META-INF/services/com.google.protobuf.GeneratedExtensionRegistryLoader
Findings Files
Hardcoded Keystore found. com/google/api/client/googleapis/google.jks

Manifest analysis

Information computed with MobSF.

High Activity (com.google.android.apps.pixelmigrate.component.FlowChoiceActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.google.android.apps.pixelmigrate.migrate.component.UsbD2dMigrateFlowActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.google.android.apps.pixelmigrate.common.component.WorkProfileSetupActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.google.android.apps.pixelmigrate.common.component.IosSetupActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.google.android.apps.pixelmigrate.component.RestoreChoiceActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.google.android.apps.pixelmigrate.migrate.component.WifiD2dMigrateFlowActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.google.android.apps.pixelmigrate.cloudrestore.component.CloudRestoreFlowActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.google.android.apps.pixelmigrate.migrate.component.D2dWizardManager) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.google.android.apps.pixelmigrate.cloudrestore.component.KeyRecoveryLockScreenEntryActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.google.android.apps.pixelmigrate.cloudrestore.component.AddAccountActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.google.android.apps.pixelmigrate.cloudrestore.component.AppPickerHostActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Content Provider (com.google.android.apps.pixelmigrate.common.component.LauncherLayoutContentProvider) is not Protected. [android:exported=true]
A Content Provider is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
Low Broadcast Receiver (com.google.android.apps.pixelmigrate.component.ResetFlowReceiver) is Protected by a permission.
Permission: com.google.android.apps.pixelmigrate.RESET_FLOW_PERMISSION
protectionLevel: signature[android:exported=true]
A Broadcast Receiver is found to be exported, but is protected by permission.
High Broadcast Receiver (com.google.android.apps.pixelmigrate.component.LauncherRestoreStartReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BACKUP [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (com.google.android.apps.pixelmigrate.component.LauncherRestoreFinishReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BACKUP [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (com.google.android.apps.pixelmigrate.migrate.ios.appdatareader.AppDataReaderService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.google.android.apps.pixelmigrate.migrate.ios.appdatawriter.AppDataWriterService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.google.android.gms.nearby.exposurenotification.WakeUpService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.google.android.gms.nearby.exposurenotification.EXPOSURE_CALLBACK [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (com.google.android.libraries.phenotype.client.stable.AccountRemovedBroadcastReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.google.android.libraries.phenotype.client.stable.PhenotypeUpdateBackgroundBroadcastReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.google.android.gms.permission.PHENOTYPE_UPDATE_BROADCAST [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (androidx.work.impl.background.systemjob.SystemJobService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.DUMP [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
Medium High Intent Priority (1000)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.

Activities

Information computed with AndroGuard.

com.google.android.apps.pixelmigrate.component.FlowChoiceActivity
com.google.android.apps.pixelmigrate.migrate.component.UsbD2dMigrateFlowActivity
com.google.android.apps.pixelmigrate.common.component.WorkProfileSetupActivity
com.google.android.apps.pixelmigrate.common.component.IosSetupActivity
com.google.android.apps.pixelmigrate.component.RestoreChoiceActivity
com.google.android.apps.pixelmigrate.migrate.component.WifiD2dMigrateFlowActivity
com.google.android.apps.pixelmigrate.cloudrestore.component.CloudRestoreFlowActivity
com.google.android.apps.pixelmigrate.migrate.component.D2dWizardManager
com.google.android.apps.pixelmigrate.cloudrestore.component.KeyRecoveryLockScreenEntryActivity
com.google.android.apps.pixelmigrate.component.StubLauncherActivity
com.google.android.apps.pixelmigrate.cloudrestore.component.AddAccountActivity
com.google.android.apps.pixelmigrate.cloudrestore.component.AppPickerHostActivity
com.google.android.gms.common.api.GoogleApiActivity

Receivers

Information computed with AndroGuard.

com.google.android.apps.pixelmigrate.component.ResetFlowReceiver
com.google.android.apps.pixelmigrate.component.LauncherRestoreStartReceiver
com.google.android.apps.pixelmigrate.component.LauncherRestoreFinishReceiver
com.google.android.apps.pixelmigrate.cloudrestore.googleone.GoogleOneNotificationClickReceiver
com.google.android.libraries.performance.primes.transmitter.LifeboatReceiver
com.google.android.libraries.phenotype.client.stable.AccountRemovedBroadcastReceiver
com.google.android.libraries.phenotype.client.stable.PhenotypeUpdateBackgroundBroadcastReceiver
androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy
androidx.work.impl.background.systemalarm.RescheduleReceiver
androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver
androidx.work.impl.diagnostics.DiagnosticsReceiver

Services

Information computed with AndroGuard.

com.google.android.libraries.phenotype.registration.PhenotypeMetadataHolderService
com.google.android.apps.pixelmigrate.migrate.component.UsbD2dMigrateService
com.google.android.apps.pixelmigrate.migrate.component.WifiD2dMigrateService
com.google.android.apps.pixelmigrate.cloudrestore.service.RestoreService
com.google.android.apps.pixelmigrate.cloudrestore.component.CloudRestoreService
com.google.android.apps.pixelmigrate.migrate.utilities.PreservedFileCleanerService
com.google.android.apps.pixelmigrate.migrate.ios.appdatareader.AppDataReaderService
com.google.android.apps.pixelmigrate.migrate.ios.appdatawriter.AppDataWriterService
com.google.android.gms.nearby.exposurenotification.WakeUpService
androidx.work.impl.background.systemalarm.SystemAlarmService
androidx.work.impl.background.systemjob.SystemJobService
androidx.work.impl.foreground.SystemForegroundService
com.google.android.build.data.PropertiesServiceHolder

Sample timeline

Oldest file found in APK Jan. 1, 2009, midnight
Latest file found in APK Jan. 1, 2009, midnight
Certificate valid not before Jan. 16, 2018, 12:57 a.m.
First submission on VT Jan. 30, 2022, 8 a.m.
Last submission on VT April 30, 2022, 2:44 p.m.
Upload on Pithus June 22, 2022, 3:08 a.m.
Certificate valid not after Jan. 16, 2048, 12:57 a.m.

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application invoke platform-provided DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application implement asymmetric key generation.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['location', 'NFC', 'network connectivity'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to ['call lists', 'address book'].
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application implement functionality to encrypt sensitive data in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit
FCS_RBG_EXT.2.1
FCS_RBG_EXT.2.2
The application perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using Hash_DRBG. The deterministic RBG is seeded by an entropy source that accumulates entropy from a platform-based DRBG and a software-based noise source, with a minimum of 256 bits of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate.
Random Bit Generation from Application
FCS_CKM.1.1(1) The application generate asymmetric cryptographic keys in accordance with a specified cryptographic key generation algorithm RSA schemes using cryptographic key sizes of 2048-bit or greater.
Cryptographic Asymmetric Key Generation
FCS_COP.1.1(1) The application perform encryption/decryption in accordance with a specified cryptographic algorithm AES-CBC (as defined in NIST SP 800-38A) mode or AES-GCM (as defined in NIST SP 800-38D) and cryptographic key sizes 256-bit/128-bit.
Cryptographic Operation - Encryption/Decryption
FCS_COP.1.1(2) The application perform cryptographic hashing services not in accordance with FCS_COP.1.1(2) and uses the cryptographic algorithm RC2/RC4/MD4/MD5.
Cryptographic Operation - Hashing
FCS_HTTPS_EXT.1.1 The application implement the HTTPS protocol that complies with RFC 2818.
HTTPS Protocol
FCS_HTTPS_EXT.1.2 The application implement HTTPS using TLS.
HTTPS Protocol
FCS_HTTPS_EXT.1.3 The application notify the user and not establish the connection or request application authorization to establish the connection if the peer certificate is deemed invalid.
HTTPS Protocol
FIA_X509_EXT.1.1 The application invoked platform-provided functionality to validate certificates in accordance with the following rules: ['The certificate path must terminate with a trusted CA certificate'].
X.509 Certificate Validation
FIA_X509_EXT.2.1 The application use X.509v3 certificates as defined by RFC 5280 to support authentication for HTTPS , TLS.
X.509 Certificate Authentication
FPT_TUD_EXT.2.1 The application shall be distributed using the format of the platform-supported package manager.
Integrity for Installation and Update
FCS_CKM.1.1(2) The application shall generate symmetric cryptographic keys using a Random Bit Generator as specified in FCS_RBG_EXT.1 and specified cryptographic key sizes 128 bit or 256 bit.
Cryptographic Symmetric Key Generation

Code analysis

Information computed with MobSF.

Medium
CVSS:7.5
The App uses an insecure Random Number Generator.
MASVS: MSTG-CRYPTO-6
CWE-330 Use of Insufficiently Random Values
M5: Insufficient Cryptography
Files:
 defpackage/cqo.java
defpackage/fdl.java
defpackage/evl.java
defpackage/crx.java
defpackage/lk.java
defpackage/cqx.java
defpackage/evg.java
defpackage/bnr.java
defpackage/evj.java
defpackage/la.java
defpackage/cmr.java
j$/util/concurrent/ThreadLocalRandom.java
defpackage/cqn.java
defpackage/fid.java
defpackage/cmd.java
defpackage/dlq.java
defpackage/ckc.java
defpackage/cqy.java
defpackage/ezd.java
defpackage/cql.java
Medium
CVSS:4.3
IP Address disclosure
MASVS: MSTG-CODE-2
CWE-200 Information Exposure
Files:
 defpackage/fqy.java
defpackage/fqc.java
defpackage/fpo.java
defpackage/fpc.java
defpackage/fqf.java
defpackage/fpe.java
defpackage/fph.java
defpackage/foy.java
defpackage/fpd.java
defpackage/fqe.java
defpackage/fqb.java
defpackage/fps.java
defpackage/fpn.java
defpackage/fqd.java
defpackage/fox.java
Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 defpackage/czd.java
defpackage/wr.java
defpackage/cfc.java
defpackage/dcb.java
defpackage/bsv.java
defpackage/np.java
defpackage/csj.java
defpackage/cdf.java
defpackage/caq.java
defpackage/at.java
defpackage/j.java
defpackage/bpj.java
defpackage/eb.java
defpackage/uv.java
defpackage/bxt.java
defpackage/etc.java
defpackage/bwd.java
defpackage/i.java
defpackage/awz.java
defpackage/csu.java
defpackage/sa.java
defpackage/dca.java
defpackage/bxi.java
defpackage/bxf.java
defpackage/eta.java
defpackage/cd.java
defpackage/bw.java
defpackage/jx.java
defpackage/bwy.java
defpackage/bk.java
defpackage/ddh.java
defpackage/ag.java
defpackage/boo.java
defpackage/cue.java
defpackage/bvx.java
defpackage/aj.java
defpackage/wg.java
defpackage/g.java
defpackage/ga.java
defpackage/ccc.java
defpackage/bzy.java
defpackage/dbx.java
defpackage/ddq.java
defpackage/en.java
defpackage/bya.java
defpackage/dfp.java
defpackage/ek.java
defpackage/cn.java
defpackage/bvh.java
defpackage/fls.java
defpackage/x.java
defpackage/byc.java
defpackage/css.java
defpackage/axv.java
defpackage/al.java
defpackage/xh.java
defpackage/zv.java
defpackage/bwa.java
defpackage/ar.java
defpackage/cai.java
defpackage/csy.java
defpackage/ckt.java
defpackage/ej.java
defpackage/bxd.java
defpackage/xn.java
defpackage/eyc.java
defpackage/dud.java
defpackage/rs.java
defpackage/ctp.java
defpackage/cz.java
defpackage/bvb.java
defpackage/dbs.java
defpackage/yv.java
defpackage/mp.java
defpackage/dad.java
defpackage/we.java
defpackage/cde.java
defpackage/dco.java
defpackage/bub.java
defpackage/wt.java
defpackage/cdh.java
defpackage/cfd.java
defpackage/chl.java
defpackage/duv.java
defpackage/apy.java
defpackage/aze.java
defpackage/ed.java
defpackage/dup.java
defpackage/dek.java
defpackage/qt.java
defpackage/hl.java
defpackage/bzr.java
defpackage/cb.java
defpackage/cdq.java
defpackage/dw.java
defpackage/wn.java
defpackage/bxp.java
defpackage/wk.java
defpackage/ce.java
defpackage/ur.java
defpackage/bok.java
defpackage/fv.java
defpackage/qz.java
defpackage/cui.java
defpackage/bzj.java
defpackage/bg.java
defpackage/csp.java
defpackage/btt.java
defpackage/cjy.java
defpackage/oc.java
defpackage/bti.java
defpackage/yu.java
defpackage/ge.java
defpackage/c.java
defpackage/cj.java
defpackage/cyf.java
defpackage/cmd.java
defpackage/an.java
defpackage/blv.java
defpackage/crv.java
defpackage/am.java
defpackage/iz.java
defpackage/cbz.java
defpackage/qx.java
defpackage/cuk.java
defpackage/ddn.java
defpackage/ebb.java
defpackage/kk.java
defpackage/bxo.java
defpackage/cqu.java
defpackage/ctj.java
defpackage/bh.java
defpackage/csq.java
defpackage/flx.java
defpackage/buc.java
defpackage/ddz.java
defpackage/vf.java
defpackage/duo.java
defpackage/cee.java
defpackage/dul.java
defpackage/yw.java
defpackage/bwr.java
defpackage/cht.java
defpackage/bj.java
defpackage/cuj.java
defpackage/aw.java
defpackage/fu.java
defpackage/us.java
defpackage/ahc.java
defpackage/bp.java
defpackage/id.java
defpackage/btw.java
defpackage/aeg.java
defpackage/csr.java
defpackage/jc.java
defpackage/bvo.java
defpackage/bxu.java
defpackage/ef.java
defpackage/drv.java
defpackage/btj.java
defpackage/xi.java
defpackage/h.java
defpackage/ei.java
defpackage/clo.java
defpackage/ani.java
defpackage/cp.java
defpackage/cuz.java
defpackage/cod.java
defpackage/zb.java
defpackage/akz.java
defpackage/ccp.java
defpackage/ewb.java
defpackage/afp.java
defpackage/cru.java
defpackage/cgk.java
defpackage/fln.java
defpackage/vm.java
defpackage/bam.java
Medium
CVSS:5.5
App creates temp file. Sensitive information should never be written into a temp file.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 defpackage/asx.java
Medium
CVSS:5.9
App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
M7: Client Code Quality
Files:
 defpackage/auz.java
defpackage/atd.java
defpackage/atl.java
defpackage/avx.java
defpackage/avv.java
defpackage/avf.java
defpackage/axj.java
defpackage/atu.java
defpackage/rz.java
defpackage/awc.java
defpackage/atn.java
defpackage/avd.java
defpackage/auv.java
Medium
CVSS:7.4
MD5 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 defpackage/eaw.java
High
CVSS:5.5
App can read/write to External Storage. Any App can read data written to External Storage.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 defpackage/auz.java
defpackage/bcg.java
defpackage/cvf.java
defpackage/bcb.java
defpackage/atg.java
Info
CVSS:0
This App may have root detection capabilities.
MASVS: MSTG-RESILIENCE-1
Files:
 defpackage/cod.java
Medium
CVSS:5.9
SHA-1 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 defpackage/bzk.java
Pygal United States: 1300

Map computed by Pithus.

Domains analysis

Information computed with MobSF.

US apache.org 151.101.2.132
US google.com 172.217.18.110
US android.googleapis.com 216.58.212.138
US androidbackupmigrationservices-pa.googleapis.com 172.217.23.106
schemas.android.com
US www.googleapis.com 172.217.23.106
US one.google.com 142.250.184.206
US keep-pa.googleapis.com 172.217.23.106
US www.apple.com 69.192.160.210
US android.clients.google.com 142.250.186.110
US xml.org 104.239.240.11
US g.co 172.217.18.14
US crbug.com 216.239.32.29
US plus.google.com 216.58.212.142

URL analysis

Information computed with MobSF.

https://android.clients.google.com/backup
Defined in defpackage/ens.java
https://www.googleapis.com/batch
Defined in defpackage/dex.java
https://crbug.com/581399
Defined in defpackage/flx.java
http://www.apple.com/DTDs/PropertyList-1.0.dtd
Defined in defpackage/ain.java
https://www.googleapis.com/auth/subscriptions
Defined in defpackage/enj.java
https://www.googleapis.com/
Defined in defpackage/dip.java
https://www.googleapis.com/auth/peopleapi.readonly
Defined in defpackage/elt.java
https://plus.google.com/
Defined in defpackage/bxw.java
https://www.googleapis.com/auth/calendar
Defined in defpackage/aua.java
https://g.co/datatransferhelp
https://%s/backup
https://android.googleapis.com/backup
Defined in defpackage/apk.java
https://g.co/datatransferhelp
https://%s/backup
https://android.googleapis.com/backup
Defined in defpackage/apk.java
https://one.google.com/storage
Defined in defpackage/eln.java
https://keep-pa.googleapis.com/
Defined in defpackage/djp.java
https://www.googleapis.com/auth/android_backup.migration
Defined in defpackage/emi.java
https://androidbackupmigrationservices-pa.googleapis.com/v1/2/appmapping
Defined in defpackage/awz.java
http://google.com/
Defined in defpackage/atx.java
http://apache.org/xml/features/nonvalidating/load-external-dtd
http://xml.org/sax/features/external-general-entities
http://xml.org/sax/features/external-parameter-entities
Defined in defpackage/ait.java
http://apache.org/xml/features/nonvalidating/load-external-dtd
http://xml.org/sax/features/external-general-entities
http://xml.org/sax/features/external-parameter-entities
Defined in defpackage/ait.java
http://apache.org/xml/features/nonvalidating/load-external-dtd
http://xml.org/sax/features/external-general-entities
http://xml.org/sax/features/external-parameter-entities
Defined in defpackage/ait.java
http://schemas.android.com/apk/res/android
Defined in defpackage/cn.java
https://www.googleapis.com/auth/memento
Defined in defpackage/avd.java

Permissions analysis

Information computed with MobSF.

High android.permission.ACCESS_FINE_LOCATION fine (GPS) location
Access fine location sources, such as the Global Positioning System on the phone, where available. Malicious applications can use this to determine where you are and may consume additional battery power.
High android.permission.MANAGE_EXTERNAL_STORAGE Allows an application a broad access to external storage in scoped storage
Allows an application a broad access to external storage in scoped storage. Intended to be used by few apps that need to manage files on behalf of the users.
High android.permission.READ_CALL_LOG Allows an application to read the user's call log.
High android.permission.READ_CONTACTS read contact data
Allows an application to read all of the contact (address) data stored on your phone. Malicious applications can use this to send your data to other people.
High android.permission.READ_EXTERNAL_STORAGE read external storage contents
Allows an application to read from external storage.
High android.permission.WRITE_CALL_LOG Allows an application to write (but not read) the user's call log data.
High android.permission.WRITE_CONTACTS write contact data
Allows an application to modify the contact (address) data stored on your phone. Malicious applications can use this to erase or modify your contact data.
High android.permission.WRITE_EXTERNAL_STORAGE read/modify/delete external storage contents
Allows an application to write to external storage.
High android.permission.WRITE_SETTINGS modify global system settings
Allows an application to modify the system's settings data. Malicious applications can corrupt your system's configuration.
Low android.permission.ACCESS_NETWORK_STATE view network status
Allows an application to view the status of all networks.
Low android.permission.ACCESS_WIFI_STATE view Wi-Fi status
Allows an application to view the information about the status of Wi-Fi.
Low android.permission.CHANGE_WIFI_STATE change Wi-Fi status
Allows an application to connect to and disconnect from Wi-Fi access points and to make changes to configured Wi-Fi networks.
Low android.permission.FOREGROUND_SERVICE Allows a regular application to use Service.startForeground.
Low android.permission.GET_PACKAGE_SIZE measure application storage space
Allows an application to find out the space used by any package.
Low android.permission.INTERNET full Internet access
Allows an application to create network sockets.
Low android.permission.NFC control Near-Field Communication
Allows an application to communicate with Near-Field Communication (NFC) tags, cards and readers.
Low android.permission.QUERY_ALL_PACKAGES Allows query of any normal app on the device, regardless of manifest declarations.
Low android.permission.RECEIVE_BOOT_COMPLETED automatically start at boot
Allows an application to start itself as soon as the system has finished booting. This can make it take longer to start the phone and allow the application to slow down the overall phone by always running.
Low android.permission.SET_WALLPAPER set wallpaper
Allows the application to set the system wallpaper.
Low android.permission.WAKE_LOCK prevent phone from sleeping
Allows an application to prevent the phone from going to sleep.
Medium android.permission.BACKUP control system back up and restore
Allows the application to control the system's back-up and restore mechanism. Not for use by common applications.
Medium android.permission.WRITE_SECURE_SETTINGS modify secure system settings
Allows an application to modify the system's secure settings data. Not for use by common applications.
android.permission.MANAGE_USB Unknown permission
Unknown permission from android reference
android.permission.MANAGE_USERS Unknown permission
Unknown permission from android reference
android.permission.READ_PRIVILEGED_PHONE_STATE Unknown permission
Unknown permission from android reference
android.permission.SUBSTITUTE_NOTIFICATION_APP_NAME Unknown permission
Unknown permission from android reference
android.permission.WRITE_EMBEDDED_SUBSCRIPTIONS Unknown permission
Unknown permission from android reference
com.android.vending.setup.PLAY_SETUP_SERVICE Unknown permission
Unknown permission from android reference
com.google.android.providers.gsf.permission.READ_GSERVICES Unknown permission
Unknown permission from android reference
com.google.android.setupwizard.READ_DEVICE_ORIGIN_FIRST_PARTY Unknown permission
Unknown permission from android reference
com.google.android.setupwizard.SETUP_COMPAT_SERVICE Unknown permission
Unknown permission from android reference
com.google.android.setupwizard.WRITE_DEVICE_ORIGIN Unknown permission
Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Check if the network is connected
Confidence:
100%
Load external class
Confidence:
100%
Query the list of the installed packages
Confidence:
100%
Find a method from given class name, usually for reflection
Confidence:
100%
Check the active network type
Confidence:
100%
Method reflection
Confidence:
100%
Monitor data identified by a given content URI changes(SMS, MMS, etc.)
Confidence:
100%
Save the response to JSON after connecting to the remote server
Confidence:
100%
Load class from given class name
Confidence:
100%
Retrieve data from broadcast
Confidence:
100%
Read sensitive data(SMS, CALLLOG, etc)
Confidence:
100%
Open a file from given absolute path of the file
Confidence:
100%
Implicit intent(view a web page, make a phone call, etc.) via setData
Confidence:
100%
Connect to a URL and get the response code
Confidence:
100%
Send notification
Confidence:
100%
Monitor the broadcast action events (BOOT_COMPLETED)
Confidence:
100%
Return dynamic information about the current Wi-Fi connection
Confidence:
100%
Check the current active network type
Confidence:
100%
Query The ISO country code
Confidence:
100%
Check the network capabilities
Confidence:
100%
Get calendar information
Confidence:
100%
Get the current WIFI information
Confidence:
100%
Method reflection
Confidence:
100%
Hide the current app's icon
Confidence:
100%
Connect to the remote server through the given URL
Confidence:
100%
Check if the device is in data roaming mode
Confidence:
100%
Initialize class object dynamically
Confidence:
100%
Read the input stream from given URL
Confidence:
100%
Connect to a URL and set request method
Confidence:
100%
Get specific method from other Dex files
Confidence:
80%
Start another application from current application
Confidence:
80%
Read data and put it into a buffer stream
Confidence:
80%
Connect to a URL and receive input stream from the server
Confidence:
80%
Connect to a URL and read data from it
Confidence:
80%
Get declared method from given method name
Confidence:
80%
Get absolute path of the file and store in string
Confidence:
80%
Check if the given file path exist
Confidence:
80%
Get resource file from res/raw directory

Behavior analysis

Information computed with MobSF.

Android notifications
       defpackage/btj.java
Base64 decode
       defpackage/cn.java
defpackage/awo.java
defpackage/cug.java
defpackage/bzc.java
defpackage/clu.java
defpackage/csu.java
defpackage/adx.java
Base64 encode
       defpackage/nr.java
defpackage/cdu.java
defpackage/asv.java
defpackage/ei.java
defpackage/flc.java
defpackage/asr.java
defpackage/clu.java
defpackage/cdw.java
defpackage/cds.java
defpackage/awr.java
Certificate handling
       defpackage/cfc.java
defpackage/caq.java
defpackage/cfd.java
Content provider
       defpackage/bir.java
defpackage/atn.java
defpackage/bok.java
Crypto
       defpackage/dx.java
defpackage/dw.java
defpackage/bxg.java
Get installed applications
       defpackage/apt.java
Get system service
       defpackage/bcn.java
defpackage/daw.java
defpackage/daf.java
defpackage/bcb.java
defpackage/cjy.java
defpackage/cnr.java
defpackage/aop.java
defpackage/akh.java
defpackage/blu.java
defpackage/dy.java
defpackage/lq.java
defpackage/bcs.java
defpackage/cnj.java
defpackage/eks.java
defpackage/avn.java
defpackage/axv.java
defpackage/aki.java
defpackage/cuj.java
defpackage/qy.java
defpackage/ej.java
defpackage/xn.java
defpackage/nh.java
defpackage/bib.java
defpackage/bkh.java
defpackage/bbf.java
defpackage/cll.java
defpackage/cpq.java
defpackage/yv.java
defpackage/btj.java
defpackage/dad.java
defpackage/aoj.java
defpackage/wh.java
defpackage/gi.java
defpackage/anc.java
defpackage/bub.java
defpackage/awt.java
defpackage/clu.java
defpackage/wt.java
defpackage/cp.java
defpackage/chl.java
defpackage/apy.java
defpackage/zb.java
defpackage/aqz.java
defpackage/bco.java
defpackage/hl.java
defpackage/avm.java
defpackage/aqt.java
defpackage/azy.java
defpackage/bhy.java
Get wifi details
       defpackage/avn.java
defpackage/bib.java
defpackage/awt.java
Http connection
       defpackage/dgt.java
defpackage/agl.java
defpackage/aad.java
defpackage/caq.java
defpackage/flh.java
defpackage/flk.java
defpackage/eyc.java
defpackage/ahi.java
defpackage/dgs.java
defpackage/dgq.java
defpackage/bld.java
defpackage/awz.java
defpackage/aee.java
Https connection
       defpackage/cfc.java
defpackage/dgt.java
defpackage/caq.java
Inter process communication
       defpackage/bcn.java
defpackage/bhw.java
defpackage/akl.java
defpackage/car.java
defpackage/bwd.java
defpackage/xj.java
defpackage/bop.java
defpackage/bde.java
defpackage/bxf.java
defpackage/cco.java
defpackage/bte.java
defpackage/qs.java
defpackage/bze.java
defpackage/bvm.java
defpackage/ceh.java
defpackage/cr.java
defpackage/ct.java
defpackage/x.java
defpackage/byc.java
defpackage/axv.java
defpackage/al.java
defpackage/xh.java
defpackage/ces.java
defpackage/cai.java
defpackage/bsy.java
defpackage/dbl.java
defpackage/bxd.java
defpackage/bws.java
defpackage/ank.java
defpackage/dbs.java
defpackage/aql.java
defpackage/bsc.java
defpackage/wh.java
defpackage/bue.java
defpackage/gf.java
defpackage/alr.java
defpackage/apy.java
defpackage/btu.java
defpackage/cdq.java
defpackage/deb.java
defpackage/bok.java
defpackage/bvt.java
defpackage/cgm.java
defpackage/ctt.java
defpackage/azv.java
defpackage/cfi.java
defpackage/azj.java
defpackage/bmz.java
defpackage/brx.java
defpackage/bhe.java
defpackage/bxb.java
defpackage/wm.java
defpackage/bse.java
defpackage/bxn.java
defpackage/cak.java
defpackage/cep.java
defpackage/nk.java
defpackage/bjz.java
defpackage/aqi.java
defpackage/brw.java
defpackage/apn.java
defpackage/cjx.java
defpackage/bys.java
defpackage/caj.java
defpackage/bcg.java
defpackage/bqf.java
defpackage/cub.java
defpackage/blu.java
defpackage/ccu.java
defpackage/be.java
defpackage/cgo.java
defpackage/cmx.java
defpackage/bpy.java
defpackage/ddz.java
defpackage/bxz.java
defpackage/aga.java
defpackage/eh.java
defpackage/cci.java
defpackage/axp.java
defpackage/btk.java
defpackage/axe.java
defpackage/lk.java
defpackage/btw.java
defpackage/bom.java
defpackage/cqv.java
defpackage/bzt.java
defpackage/btj.java
defpackage/ei.java
defpackage/xr.java
defpackage/btd.java
defpackage/bjo.java
defpackage/z.java
defpackage/cp.java
defpackage/ccj.java
defpackage/blz.java
defpackage/byt.java
defpackage/bsw.java
defpackage/cq.java
defpackage/ccn.java
defpackage/wr.java
defpackage/bcb.java
defpackage/bpj.java
defpackage/bcz.java
defpackage/bxt.java
defpackage/cnl.java
defpackage/bew.java
defpackage/bnb.java
defpackage/dbv.java
defpackage/xk.java
defpackage/bka.java
defpackage/bwc.java
defpackage/bvl.java
defpackage/li.java
defpackage/aqo.java
defpackage/apt.java
defpackage/bwy.java
defpackage/boo.java
defpackage/cue.java
defpackage/aqm.java
defpackage/blg.java
defpackage/cfz.java
defpackage/api.java
defpackage/bwe.java
defpackage/cls.java
defpackage/lp.java
defpackage/bqp.java
defpackage/bwa.java
defpackage/ar.java
defpackage/cbl.java
defpackage/ceg.java
defpackage/cao.java
defpackage/azt.java
defpackage/bib.java
defpackage/dbm.java
defpackage/bpa.java
defpackage/byi.java
defpackage/yv.java
defpackage/egz.java
defpackage/pn.java
defpackage/bub.java
defpackage/brv.java
defpackage/cdk.java
defpackage/alu.java
defpackage/cfd.java
defpackage/bzu.java
defpackage/bqg.java
defpackage/qt.java
defpackage/lm.java
defpackage/wn.java
defpackage/bxm.java
defpackage/bxp.java
defpackage/wk.java
defpackage/bdd.java
defpackage/cfm.java
defpackage/boh.java
defpackage/bzj.java
defpackage/bua.java
defpackage/cch.java
defpackage/bow.java
defpackage/bxy.java
defpackage/aiv.java
defpackage/btt.java
defpackage/agb.java
defpackage/ln.java
defpackage/ceq.java
defpackage/cgl.java
defpackage/ge.java
defpackage/aiu.java
defpackage/bov.java
defpackage/an.java
defpackage/cdl.java
defpackage/lb.java
defpackage/bxl.java
defpackage/lc.java
defpackage/cbz.java
defpackage/byp.java
defpackage/ccr.java
defpackage/cdm.java
defpackage/bxw.java
defpackage/aqj.java
defpackage/byd.java
defpackage/gd.java
defpackage/bwx.java
defpackage/cat.java
defpackage/aqk.java
defpackage/wo.java
defpackage/wj.java
defpackage/cfk.java
defpackage/eww.java
defpackage/bet.java
defpackage/als.java
defpackage/wi.java
defpackage/arj.java
defpackage/azg.java
defpackage/lo.java
defpackage/xi.java
defpackage/qr.java
defpackage/bqo.java
defpackage/xo.java
defpackage/ape.java
defpackage/dbw.java
defpackage/bye.java
defpackage/cgw.java
defpackage/akz.java
defpackage/cgk.java
defpackage/bhy.java
Java reflection
       defpackage/fak.java
defpackage/fbu.java
defpackage/fhw.java
defpackage/csj.java
defpackage/eft.java
defpackage/az.java
defpackage/uv.java
defpackage/dpj.java
defpackage/fkk.java
defpackage/fbv.java
defpackage/etc.java
defpackage/fal.java
j$/util/DesugarCollections.java
defpackage/dyl.java
defpackage/dty.java
defpackage/bbi.java
defpackage/cj.java
defpackage/eej.java
defpackage/oy.java
defpackage/uj.java
defpackage/dgz.java
defpackage/dvr.java
defpackage/cd.java
defpackage/iz.java
defpackage/esw.java
defpackage/ad.java
defpackage/bwy.java
defpackage/blx.java
defpackage/etg.java
defpackage/ain.java
defpackage/edd.java
defpackage/cf.java
defpackage/epz.java
defpackage/esf.java
defpackage/vf.java
defpackage/erh.java
defpackage/po.java
defpackage/eyn.java
defpackage/en.java
defpackage/dhl.java
defpackage/ek.java
defpackage/fdi.java
defpackage/fqv.java
defpackage/eff.java
defpackage/fu.java
defpackage/efw.java
defpackage/duj.java
defpackage/kx.java
defpackage/id.java
defpackage/cai.java
defpackage/efx.java
defpackage/fbs.java
defpackage/ft.java
defpackage/dww.java
defpackage/ej.java
defpackage/aeg.java
defpackage/jc.java
defpackage/fet.java
defpackage/ef.java
defpackage/esx.java
defpackage/eel.java
defpackage/clo.java
defpackage/edh.java
defpackage/ox.java
defpackage/fbw.java
defpackage/fin.java
defpackage/cuz.java
defpackage/fhm.java
defpackage/bzu.java
defpackage/duv.java
defpackage/evj.java
defpackage/ed.java
defpackage/dgx.java
defpackage/edn.java
defpackage/czb.java
defpackage/dhs.java
defpackage/eex.java
defpackage/axz.java
defpackage/bzr.java
defpackage/cdq.java
defpackage/dnp.java
defpackage/dz.java
defpackage/eeo.java
defpackage/ce.java
defpackage/eeu.java
j$/sun/misc/DesugarUnsafe.java
defpackage/C0001if.java
Kill process
       defpackage/cuj.java
Load and manipulate dex files
       defpackage/bzz.java
Local file i/o operations
       defpackage/cht.java
defpackage/cn.java
defpackage/asv.java
defpackage/cbz.java
defpackage/vw.java
defpackage/cvf.java
defpackage/cmk.java
defpackage/bot.java
defpackage/aeg.java
defpackage/cty.java
defpackage/aqt.java
defpackage/ahq.java
defpackage/vx.java
defpackage/bmg.java
Message digest
       defpackage/bmh.java
defpackage/eaw.java
defpackage/cls.java
defpackage/ake.java
defpackage/bzk.java
defpackage/dwh.java
defpackage/dwj.java
defpackage/btt.java
Query database of sms, contacts etc
       defpackage/biq.java
defpackage/cik.java
defpackage/cbz.java
defpackage/bir.java
defpackage/bik.java
defpackage/cai.java
defpackage/csy.java
Sending broadcast
       defpackage/wj.java
defpackage/ctt.java
defpackage/apt.java
defpackage/bcg.java
defpackage/akl.java
defpackage/bcb.java
defpackage/aqi.java
defpackage/arj.java
Set or read clipboard data
       defpackage/hl.java
Starting activity
       defpackage/apt.java
defpackage/ge.java
defpackage/bxm.java
defpackage/akl.java
defpackage/api.java
defpackage/lk.java
Starting service
       defpackage/bzj.java
defpackage/apt.java
defpackage/azj.java
defpackage/bjo.java
defpackage/bmz.java
defpackage/blz.java
defpackage/cqu.java
defpackage/dbw.java
defpackage/bji.java
defpackage/wj.java
defpackage/bma.java
defpackage/vj.java
defpackage/ajr.java
Tcp server socket
       defpackage/akx.java
defpackage/bbl.java
Tcp socket
       defpackage/cfc.java
defpackage/akx.java
defpackage/eqi.java
defpackage/bbj.java
defpackage/bbm.java
defpackage/exj.java
defpackage/exi.java
defpackage/agl.java
defpackage/euu.java
defpackage/evg.java
defpackage/bbl.java
defpackage/eqk.java
defpackage/eww.java
defpackage/eqj.java
defpackage/ewk.java
defpackage/afx.java
defpackage/eqg.java
defpackage/bbh.java
defpackage/fhg.java
defpackage/esh.java
Url connection to file/http/https/ftp/jar
       defpackage/caq.java
defpackage/flh.java

Control flow graphs analysis

Information computed by Pithus.

The application probably opens socket

The application probably gets different information regarding the telephony capabilities

The application probably gets the IMEI of the phone

The application probably gets the Wi-Fi connection information

The application probably gets the network connections information

The application probably uses cryptography

The application probably makes OS calls

The application probably sends data over HTTP/S

The application probably lists all installed applications

The application probably gets memory and CPU information