0/62

Threat

com.spotify.music

Spotify

Analyzed on 2022-09-18T10:18:19.903694

33

permissions

99

activities

43

services

31

receivers

94

domains

File sums

MD5 caf95108297438708b0e71f6f8be7930
SHA1 20226b2901d61c9635da88249880bb723da3b9c8
SHA256 51e93ce357de6aaeb5289192d41a386d566be6467dcfaabf1f4f6c500977a21c
Size 56.04MB

APKiD

Information computed with APKiD.

/tmp/tmp5y81mah0!classes.dex
anti_disassembly
  • illegal class name
anti_vm
  • Build.FINGERPRINT check
  • Build.MODEL check
  • Build.MANUFACTURER check
  • Build.PRODUCT check
  • Build.HARDWARE check
  • Build.TAGS check
  • possible VM check
anti_debug
  • Debug.isDebuggerConnected() check
compiler
  • dexlib 2.x
/tmp/tmp5y81mah0!classes2.dex
anti_disassembly
  • illegal class name
anti_vm
  • Build.MANUFACTURER check
  • network operator name check
compiler
  • dexlib 2.x
/tmp/tmp5y81mah0!classes3.dex
anti_disassembly
  • illegal class name
anti_vm
  • Build.MANUFACTURER check
compiler
  • dexlib 2.x
/tmp/tmp5y81mah0!classes4.dex
anti_disassembly
  • illegal class name
anti_vm
  • Build.MODEL check
  • Build.MANUFACTURER check
compiler
  • dexlib 2.x

SSdeep

Information computed with ssdeep.

APK file 786432:8Y57zDDr6k/Exk1cypQpf0kLGFkPyqS78hhKowoge0nc/gMMg15b7Kel:8Y57Sk/ESc+QpcZFt58hhthgqhiel
Manifest 768:x9YiRz/6T5PAmfAKdo/rfRt6pcKE6XRPRQSbqUYX1tDoPXpT7EOehLLtPpqp43za:…
classes.dex 98304:OuJsNnhtyYRb8QVmi4sDOOMFYRx6O5KNmx7hplkXt4Vf:/SNnLyYRb8QVmBO2rf…
classes2.dex 98304:ov5aikGGpjSZPzsnOxkhozvrUaVjKWAKNk:65N5ZPzsZhoz1Fk
classes3.dex 98304:fXMoo9IAddUej3ZXJKSwQK3ypmPYXZ4IYhuankE:f7QIWdzFXJeQK3yEPYX+gkkE
classes4.dex 98304:i35TWVvQO4tgQ88febJDTZVxotJLnMC+I7GFltOC7lkWEwwpp2Ng4B3:i3AlQO4…

Dexofuzzy

Information computed with Dexofuzzy.

APK file 24576:Z4DC+DTsdFPuE9aJnuhCil+a4ylqWGHMYClr5zZfKlgQ96ATQxrWq3sQQaJgXBw…
classes.dex 12288:9P4DVQ+hZLTsuGFy6BmjEm+2fJBQyWGjVUJhCil14a4ylRtf:Z4DC+DTsdFPuE9…
classes2.dex 6144:5Q9p40W0aKgkKXHv6842vs+VIA+/vhMvf9eACnntLvEbnnN7s70KST35x/ba+W0J…
classes3.dex 12288:Rlr2OzZfKPNgQ99T3XnMu7HT8rxr4WUBq3ixoRe4:Rlr5zZfKlgQ96ATQxrWq3h
classes4.dex 12288:KQQaJxDCBvxFDNB+EaLVrT1bdDcvfvyxu:KQQaJgXBwFn1bdAfyxu

APK details

Information computed with AndroGuard and Pithus.

Package com.spotify.music
App name Spotify
Version name 8.7.62.398
Version code 90966754
SDK 21 - 31
UAID 89755650f360abba5777f1bd187277355d1a8f28
Signature Signature V1 Signature V2 Signature V3
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0xf05368c0: Unknown
  • 0x42726577: Verity padding

Certificate details

Information computed with AndroGuard.

MD5 a8378db5c589a9a7eaac97e2279e8a8a
SHA1 60c2ca515229da14caa5527a7b8aa86de3bee73c
SHA256 0cfb4663831a0fb8d6973aad44e221a8ba78f7f684bd0b17d3b44bec82316484
Issuer Common Name: rockz5555 OU=Droid Freedom Unit O=Droid Freedom Inc L=Unknown S=Unknown C=LK
Not before 2014-12-05T00:45:57+00:00
Not after 2044-11-27T00:45:57+00:00

File Analysis

Information computed with MobSF.

Findings Files
Certificate/Key files hardcoded inside the app. res/raw/certificate.cer

Manifest analysis

Information computed with MobSF.

Low App has a Network Security Configuration[android:networkSecurityConfig=@xml/network_security_config]
The Network Security Configuration feature lets apps customize their network security settings in a safe, declarative configuration file without modifying app code. These settings can be configured for specific domains and for a specific app.
High Service (com.spotify.music.libs.mediabrowserservice.SpotifyMediaBrowserService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Content Provider (com.spotify.externalintegration.service.provider.MediaProvider) is not Protected. [android:exported=true]
A Content Provider is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.spotify.carmobile.waze.WazeReturnActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.spotify.partneraccountlinking.partneraccountlinking.PartnerAccountLinkingActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.spotify.carmobile.wazesdk.navigation.WazeWakeUpReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.spotify.widget.widget.SpotifyWidget) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.spotify.wear.wearabledatalayer.SpotifyWearableListenerService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.spotify.interapp.service.service.BluetoothAclReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.spotify.interapp.service.service.InterAppStartServerReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.spotify.interapp.service.service.AppProtocolRemoteService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.spotify.tap.go.receiver.ConnectionStateChangedReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.spotify.music.features.spoton.receiver.SpotOnReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.spotify.tap.spoton.SpotOnService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High TaskAffinity is set for Activity
(com.spotify.playlistcuration.addtoplaylistpage.AddToPlaylistActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Broadcast Receiver (com.spotify.music.alarmlauncher.SpotifyAlarmLauncherReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.spotify.music.alarmlauncher.SpotifyAlarmLauncherService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.spotify.carmobile.carnotifications.CarNotificationsAclReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.spotify.mediasession.mediasession.receiver.MediaButtonReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.spotify.login.loginflowimpl.QuickLoginActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High TaskAffinity is set for Activity
(com.spotify.appauthorization.sso.AuthorizationActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Activity (com.spotify.appauthorization.sso.AuthorizationActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High TaskAffinity is set for Activity
(com.spotify.appauthorization.sso.internalauth.AuthorizationActivityInternalProxy)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High TaskAffinity is set for Activity
(com.spotify.appauthorization.sso.util.AfterLoginDummyActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Service (com.spotify.superbird.controlothermedia.NotificationListener) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_NOTIFICATION_LISTENER_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.spotify.login.magiclink.MagicLinkActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.spotify.appauthorization.externallogin.LoginRedirectActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Content Provider (com.spotify.connect.providerimpl.SpotifyConnectStateProvider) is not Protected. [android:exported=true]
A Content Provider is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Content Provider (com.spotify.connect.providerimpl.ExternalMessagingProvider) is not Protected. [android:exported=true]
A Content Provider is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.spotify.accessory.statemanagerimpl.bluetooth.connectionstate.BluetoothConnectionStateReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.facebook.CustomTabActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.google.android.gms.auth.api.signin.RevocationBoundService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.google.android.c2dm.permission.SEND [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (com.google.android.play.core.assetpacks.AssetPackExtractionService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (androidx.work.impl.background.systemjob.SystemJobService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.DUMP [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.DUMP [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.

Browsable activities

Information computed with MobSF.

com.spotify.music.MainActivity

Hosts: open.spotify.com spotify.test-app.link spotify-alternate.test-app.link spotify.app.link spotify-alternate.app.link spotify.link www.spotify.com spotify.com accounts.spotify.com auth-callback.spotify.com callback

Schemes: spotify:// http:// https:// content:// spotify-auth-music://

Mime types: audio/*

com.spotify.partneraccountlinking.partneraccountlinking.PartnerAccountLinkingActivity

Hosts: samsungv1

Schemes: spotifyaccountlinking://

com.spotify.appauthorization.sso.AuthorizationActivity

Hosts: accounts.spotify.com

Schemes: https://

com.spotify.login.magiclink.MagicLinkActivity

Hosts: accounts.spotify.com

Schemes: https://

com.facebook.CustomTabActivity

Hosts: cct.com.spotify.music

Schemes: fbconnect://

Main Activity

Information computed with AndroGuard.

com.spotify.music.MainActivity

Activities

Information computed with AndroGuard.

com.spotify.music.MainActivity
com.facebook.FacebookActivity
com.spotify.musicappplatform.offlineerrors.OfflineDeviceLimitReachedActivity
com.spotify.messaging.quicksilvermusicintegration.v2.inappinternalwebview.InAppInternalWebviewActivity
com.spotify.carmobile.waze.WazeReturnActivity
com.spotify.nowplaying.musicinstallation.NowPlayingActivity
com.spotify.partneraccountlinking.partneraccountlinking.PartnerAccountLinkingActivity
com.spotify.settings.settings.soundeffects.SoundEffectsWarningActivity
com.spotify.settings.settings.deletecache.StorageDeleteCacheActivity
com.spotify.settings.settings.disableofflinelistening.StorageDisableOfflineListeningActivity
com.spotify.settings.settings.removedownloads.StorageRemoveDownloadsActivity
com.spotify.guest.signupwall.SignupWallActivity
com.spotify.adsdisplay.display.DisplayAdActivity
com.spotify.adsdisplay.products.cmp.CMPActivity
com.spotify.adsdisplay.products.screensaver.ScreensaverAdActivity
com.spotify.premiumaccountmanagement.management.page.PremiumAccountManagementWebviewActivity
com.spotify.thestage.vtec.container.VtecActivity
com.spotify.marquee.marquee.MarqueeActivity
com.spotify.marquee.marquee.learnmore.LearnMoreWebActivity
com.spotify.adsinternal.adscommon.inappbrowser.InAppBrowserLauncherActivity
com.spotify.blend.tastematch.BlendTasteMatchActivity
com.spotify.blend.tastematch.BlendStoryContainerActivity
com.spotify.superbird.setup.SuperbirdSetupActivity
com.spotify.micdrop.lyricspage.MicdropLyricsActivity
com.spotify.storage.localstorage.MoveCacheConfirmationActivity
com.spotify.storage.localstorage.DiskAlmostFullActivity
com.spotify.playlistcuration.addtoplaylistpage.AddToPlaylistActivity
com.spotify.campaigns.wrapped2022.stories.container.Wrapped2022StoriesActivity
com.spotify.connect.connectuiv2.picker.legacy.ui.LegacyDevicePickerActivity
com.spotify.connect.connectuiv2.picker.legacy.contextmenu.ui.DeviceContextMenuActivity
com.spotify.playlistcuration.editplaylistpage.EditPlaylistActivity
com.spotify.fullscreenstory.fullscreenstoryimpl.FullscreenStoryActivity
com.spotify.playlistcuration.playlistallsongspage.PlaylistAllSongsActivity
com.spotify.messaging.premiummessaging.view.PremiumMessagingActivity
com.spotify.queue.queue.QueueActivity
com.spotify.playlistcuration.assistedcurationpage.AssistedCurationActivity
com.spotify.playlistcuration.assistedcurationpage.search.AssistedCurationSearchActivity
com.spotify.contentpromotion.promos.hubs.CoverImageActivity
com.spotify.nativeadshomeformats.nativeadshomeformats.impl.help.HelpWebViewActivity
com.spotify.connect.connectui.dialogs.newdevice.NewDeviceActivity
com.spotify.hifi.onboarding.view.HiFiOnboardingActivity
com.spotify.hifi.hifi.debug.HiFiDebugActivity
com.spotify.sociallistening.notificationcenterimpl.dialogs.IPLDialogsHostActivity
com.spotify.connect.connect.volume.dialog.VolumeWidgetActivity
com.spotify.mediasession.mediasession.login.AfterLoginDummyActivity
com.spotify.email.editemail.sso.SsoUpdateEmailActivity
com.spotify.profile.editprofile.editprofile.EditProfileActivity
com.spotify.profile.editprofile.editprofile.ChangeImageActivity
com.spotify.freetierallsongsdialog.freetierallsongsdialog.FreeTierAllSongsDialogActivity
com.spotify.wear.pinpairing.PinPairingActivity
com.spotify.messaging.churnlockedstate.ChurnLockedStateActivity
com.spotify.checkout.checkoutnative.web.PremiumSignupActivity
com.spotify.inspirecreation.flow.InspireCreationActivity
com.spotify.facebookconnect.facebookconnectimpl.FacebookConnectActivity
com.spotify.premiummini.premiumminiimpl.upsell.PremiumMiniUpsellActivity
com.spotify.liveevents.concertsentity.webview.TicketingFlowActivity
com.spotify.login.loginflowimpl.LoginActivity
com.spotify.login.loginflowimpl.QuickLoginActivity
com.spotify.adsdisplay.browser.inapp.InAppBrowserActivity
com.spotify.leaderboard.leaderboardpage.LeaderboardMainActivity
com.spotify.music.features.languagepicker.LanguageOnboardingActivity
com.spotify.hype.promodisclosureimpl.PromoDisclosureActivity
com.spotify.ratings.ratingsandreviewspage.ui.RatingsActivity
com.spotify.appauthorization.sso.AuthorizationActivity
com.spotify.appauthorization.sso.internalauth.AuthorizationActivityInternalProxy
com.spotify.appauthorization.sso.util.AfterLoginDummyActivity
com.spotify.trackcredits.trackcredits.TrackCreditsActivity
com.spotify.effortlesslogin.effortlesslogin.EffortlessLoginActivity
com.spotify.allboarding.allboarding.AllboardingActivity
com.spotify.campaigns.storytelling.debug.feature.StorytellingDebugFeatureActivity
com.spotify.sociallistening.participantlistimpl.SocialListeningActivity
com.spotify.endless.lexexperiments.experiments.LexExperimentsActivity
com.spotify.scannables.scannables.ScannablesActivity
com.spotify.scannables.scannables.view.ScannablesOnboardingActivity
com.spotify.ageverification.dialog.view.AgeVerificationDialogActivity
com.spotify.login.magiclink.MagicLinkActivity
com.spotify.login.magiclinkapi.setpassword.MagicLinkSetPasswordActivity
com.spotify.login.phonenumbersignup.callingcode.CallingCodePickerActivity
com.spotify.sociallistening.dialogsimpl.SocialListeningIPLOnboardingActivity
com.spotify.sociallistening.dialogsimpl.SocialListeningEducationActivity
com.spotify.sociallistening.dialogsimpl.SocialListeningInfoDialogActivity
com.spotify.sociallistening.dialogsimpl.SocialListeningSessionEndedActivity
com.spotify.sociallistening.dialogsimpl.SocialListeningJoinConfirmationActivity
com.spotify.messaging.messagingplatformimpl.slate.SlateMessageHostActivity
com.spotify.playlistcuration.createplaylistpage.CreatePlaylistActivity
com.spotify.musicappplatform.notificationwebview.NotificationWebViewActivity
com.spotify.appauthorization.externallogin.LoginRedirectActivity
com.spotify.appendix.slate.SlateModalActivity
com.spotify.connect.devicepickerimpl.DevicePickerActivity
com.spotify.apprater.appraterdialog.AppRaterActivity
com.spotify.playlistcuration.imagepickerimpl.ImagePickerActivity
com.spotify.android.permissions.PermissionsRequestActivity
com.facebook.CustomTabMainActivity
com.facebook.CustomTabActivity
androidx.car.app.CarAppPermissionActivity
com.google.android.gms.auth.api.signin.internal.SignInHubActivity
com.google.android.gms.common.api.GoogleApiActivity
com.google.android.play.core.missingsplits.PlayCoreMissingSplitsActivity
com.google.android.play.core.common.PlayCoreDialogWrapperActivity

Receivers

Information computed with AndroGuard.

com.spotify.carmobile.wazesdk.navigation.WazeWakeUpReceiver
com.spotify.widget.widget.SpotifyWidget
com.spotify.interapp.service.service.BluetoothAclReceiver
com.spotify.interapp.service.service.InterAppStartServerReceiver
com.spotify.tap.go.receiver.ConnectionStateChangedReceiver
com.spotify.music.features.spoton.receiver.SpotOnReceiver
com.spotify.music.alarmlauncher.SpotifyAlarmLauncherReceiver
com.spotify.carmobile.carnotifications.CarNotificationsAclReceiver
com.spotify.mediasession.mediasession.receiver.MediaButtonReceiver
com.spotify.preload.notification.PreloadNotificationReceiver
com.spotify.adsdisplay.browser.inapp.external.ShareSheetCallback
com.spotify.premiumdestination.upsell.activity.upsell.PremiumActivationNotificationStyleStrategy$NotificationsIntentReceiver
com.spotify.share.impl.util.ShareResultReceiver
com.spotify.messaging.messagingplatformimpl.push.PushNotificationIntentReceiver
com.spotify.shortcuts.installer.ShortcutPinnedReceiver
com.spotify.accessory.statemanagerimpl.bluetooth.connectionstate.BluetoothConnectionStateReceiver
com.google.android.gms.cast.framework.media.MediaIntentReceiver
androidx.car.app.notification.CarAppNotificationBroadcastReceiver
com.google.firebase.iid.FirebaseInstanceIdReceiver
com.google.android.gms.measurement.AppMeasurementReceiver
com.facebook.CurrentAccessTokenExpirationBroadcastReceiver
androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy
androidx.work.impl.background.systemalarm.RescheduleReceiver
androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver
androidx.work.impl.diagnostics.DiagnosticsReceiver
androidx.profileinstaller.ProfileInstallReceiver
com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver

Services

Information computed with AndroGuard.

com.spotify.music.libs.mediabrowserservice.SpotifyMediaBrowserService
com.spotify.app.music.service.SpotifyService
com.spotify.messaging.quicksilvermusicintegration.utils.QuicksilverLoggerService
com.spotify.messaging.quicksilvermusicintegration.utils.QuicksilverPlaybackService
com.spotify.adsdisplay.voice.VoiceAdService
com.spotify.notifications.notificationsettings.NotificationPreferenceUpdateService
com.spotify.marquee.marquee.MarqueeService
com.spotify.wear.wearabledatalayer.SpotifyWearableListenerService
com.spotify.interapp.service.service.AppProtocolBluetoothService
com.spotify.interapp.service.service.AppProtocolRemoteService
com.spotify.tap.go.service.GoBluetoothService
com.spotify.tap.spoton.SpotOnService
com.spotify.storage.localstorage.CacheMovingIntentService
com.spotify.music.alarmlauncher.SpotifyAlarmLauncherService
com.spotify.queue.queue.service.QueueService
com.spotify.collection.legacymusiccollection.service.OffliningService
com.spotify.collection.legacymusiccollection.service.CollectionServiceEsperanto
com.spotify.collection.legacymusiccollection.played.PlayedStateService
com.spotify.email.verifyemail.EmailVerifyDispatcherService
com.spotify.service.featureservice.FeatureService
com.spotify.recentlyplayed.recentlyplayed.RecentlyPlayedService
com.spotify.radio.radio.formatlist.RadioFormatListService
com.spotify.radio.radio.service.RadioActionsService
com.spotify.premiumdestination.upsell.activity.dynamicupsell.DynamicUpsellLoggerService
com.spotify.premiumdestination.upsell.activity.upsell.TrialActivationService
com.spotify.notifications.notificationssdk.SpotifyFirebaseMessagingService
com.spotify.superbird.controlothermedia.NotificationListener
com.spotify.playlist.serviceimpl.PlaylistService
com.spotify.shortcuts.installer.ShortcutInstallerService
com.google.android.gms.cast.framework.media.MediaNotificationService
com.google.android.gms.cast.framework.ReconnectionService
com.google.android.gms.auth.api.signin.RevocationBoundService
com.google.firebase.messaging.FirebaseMessagingService
com.google.firebase.components.ComponentDiscoveryService
com.google.android.gms.measurement.AppMeasurementService
com.google.android.gms.measurement.AppMeasurementJobService
com.google.android.play.core.assetpacks.AssetPackExtractionService
androidx.work.impl.background.systemalarm.SystemAlarmService
androidx.work.impl.background.systemjob.SystemJobService
androidx.work.impl.foreground.SystemForegroundService
androidx.room.MultiInstanceInvalidationService
com.google.android.datatransport.runtime.backends.TransportBackendDiscovery
com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService

Sample timeline

Certificate valid not before Dec. 5, 2014, 12:45 a.m.
Oldest file found in APK Sept. 8, 2022, 2:28 a.m.
Latest file found in APK Sept. 9, 2022, 7:56 p.m.
First submission on VT Sept. 10, 2022, 7:24 a.m.
Last submission on VT Sept. 18, 2022, 10:16 a.m.
Upload on Pithus Sept. 18, 2022, 10:18 a.m.
Certificate valid not after Nov. 27, 2044, 12:45 a.m.

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application invoke platform-provided DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application implement asymmetric key generation.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['microphone', 'NFC', 'camera', 'bluetooth', 'network connectivity'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application implement functionality to encrypt sensitive data in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit
FCS_RBG_EXT.2.1
FCS_RBG_EXT.2.2
The application perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using Hash_DRBG. The deterministic RBG is seeded by an entropy source that accumulates entropy from a platform-based DRBG and a software-based noise source, with a minimum of 256 bits of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate.
Random Bit Generation from Application
FCS_CKM.1.1(1) The application generate asymmetric cryptographic keys not in accordance with FCS_CKM.1.1(1) using key generation algorithm RSA schemes and cryptographic key sizes of 1024-bit or lower.
Cryptographic Asymmetric Key Generation
FCS_COP.1.1(1) The application perform encryption/decryption not in accordance with FCS_COP.1.1(1), AES-ECB mode is being used.
Cryptographic Operation - Encryption/Decryption
FCS_COP.1.1(2) The application perform cryptographic hashing services not in accordance with FCS_COP.1.1(2) and uses the cryptographic algorithm RC2/RC4/MD4/MD5.
Cryptographic Operation - Hashing
FCS_COP.1.1(3) The application perform cryptographic signature services (generation and verification) in accordance with a specified cryptographic algorithm RSA schemes using cryptographic key sizes of 2048-bit or greater.
Cryptographic Operation - Signing
FCS_HTTPS_EXT.1.1 The application implement the HTTPS protocol that complies with RFC 2818.
HTTPS Protocol
FCS_HTTPS_EXT.1.2 The application implement HTTPS using TLS.
HTTPS Protocol
FCS_HTTPS_EXT.1.3 The application notify the user and not establish the connection or request application authorization to establish the connection if the peer certificate is deemed invalid.
HTTPS Protocol
FIA_X509_EXT.1.1 The application invoked platform-provided functionality to validate certificates in accordance with the following rules: ['The certificate path must terminate with a trusted CA certificate'].
X.509 Certificate Validation
FIA_X509_EXT.2.1 The application use X.509v3 certificates as defined by RFC 5280 to support authentication for HTTPS , TLS.
X.509 Certificate Authentication
FPT_TUD_EXT.2.1 The application shall be distributed using the format of the platform-supported package manager.
Integrity for Installation and Update

Code analysis

Information computed with MobSF.

Medium
CVSS:7.5
The App uses an insecure Random Number Generator.
MASVS: MSTG-CRYPTO-6
CWE-330 Use of Insufficiently Random Values
M5: Insufficient Cryptography
Files:
 p/fok.java
p/egm.java
p/kx8.java
p/zln.java
p/m10.java
p/zwg.java
p/jzu.java
p/x07.java
p/s5.java
p/iuy.java
com/adjust/sdk/Util.java
p/chv.java
p/s0w.java
p/q0w.java
p/iz5.java
p/jhx.java
p/cc5.java
p/toe.java
p/kof.java
p/dgz.java
p/vfw.java
p/i7z.java
p/wyz.java
p/uxn.java
p/bdc.java
p/v1y.java
p/kgm.java
p/lm7.java
p/drm.java
p/ply.java
p/iuq.java
p/e77.java
p/ahq.java
p/xo9.java
p/au4.java
p/j3v.java
p/jir.java
p/em7.java
p/kfw.java
p/ifw.java
p/zub.java
p/wxt.java
p/sub.java
p/nfw.java
p/za7.java
p/kzs.java
p/ofw.java
p/jeh.java
p/nss.java
p/liq.java
p/wa3.java
p/gl7.java
p/gq7.java
p/pl7.java
p/lkc.java
p/myn.java
p/sss.java
p/zrt.java
p/hnq.java
p/w9c.java
p/mus.java
p/yo3.java
p/va4.java
p/jo7.java
p/ypw.java
p/l0v.java
p/pp8.java
p/hxb.java
p/fu4.java
p/uka.java
p/sp7.java
p/cka.java
com/spotify/legacyglue/hugsbindings/defaults/components/glue2/b.java
p/cqf.java
p/ju4.java
Medium
CVSS:8.8
Insecure WebView Implementation. Execution of user controlled code in WebView is a critical Security Hole.
MASVS: MSTG-PLATFORM-7
CWE-749 Exposed Dangerous Method or Function
M1: Improper Platform Usage
Files:
 p/idy.java
p/fqf.java
p/g9k.java
p/iy7.java
Medium
CVSS:7.4
Files may contain hardcoded sensitive information like usernames, passwords, keys etc.
MASVS: MSTG-STORAGE-14
CWE-312 Cleartext Storage of Sensitive Information
M9: Reverse Engineering
Files:
 p/gxs.java
p/wcu.java
p/tut.java
p/szf.java
com/spotify/cosmos/session/model/LoginCredentials.java
p/l4n.java
p/pqp.java
com/spotify/login/magiclinkapi/accountrecoveryapi/MagicLinkRequestBody.java
com/spotify/voiceassistants/playermodels/VoiceAssistantsPerformance.java
com/spotify/login/signupapi/services/model/EmailSignupResponse.java
p/bpp.java
p/sdw.java
p/lxs.java
p/ups.java
p/rwr.java
p/eys.java
p/dys.java
p/b4n.java
com/spotify/login/signupsplitflow/password/domain/PasswordModel.java
p/rqp.java
p/uqp.java
p/bj.java
p/qqp.java
p/kut.java
p/j35.java
p/o99.java
com/spotify/login/signupapi/services/model/FacebookSignupResponse.java
p/fwt.java
p/yop.java
p/zop.java
p/gys.java
p/yvr.java
p/cys.java
p/fys.java
p/orj.java
Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 p/roj.java
p/wy5.java
p/h25.java
p/ir1.java
p/alj.java
p/tzu.java
p/s5p.java
p/g1x.java
p/iwu.java
p/kez.java
p/tkr.java
p/uaw.java
p/my5.java
p/d1y.java
p/psq.java
p/hxx.java
p/qjv.java
com/huawei/hms/ads/identifier/c.java
p/sy5.java
com/spotify/music/SpotifyApplication.java
p/nxx.java
p/de3.java
p/tqi.java
com/spotify/superbird/interappprotocol/instrumentation/model/InstrumentationAppProtocol.java
p/h2l.java
p/fwx.java
p/dx0.java
p/t1y.java
p/j6w.java
p/jzs.java
p/ukz.java
p/uqz.java
p/abr.java
p/rbx.java
com/spotify/encoreconsumermobile/podcastinteractivity/elements/SeeMoreTextView.java
p/ppg.java
p/r1w.java
p/wdr.java
p/k2b.java
p/fz6.java
p/h8c.java
p/ey0.java
p/epb.java
p/vsd.java
p/ual.java
p/frz.java
p/nrz.java
p/e5e.java
p/vrz.java
p/v93.java
p/pr6.java
p/b95.java
p/gtz.java
p/kcm.java
p/otb.java
p/jy0.java
p/xkj.java
p/rtb.java
p/xac.java
p/pfz.java
p/hmi.java
p/fgr.java
p/ccy.java
p/nbh.java
p/rcw.java
p/m9d.java
p/fr6.java
p/imu.java
p/hqz.java
p/x1y.java
p/y2r.java
p/os8.java
p/hr6.java
p/h9q.java
p/v1y.java
p/gg.java
p/r800.java
p/n6c.java
p/tgc.java
p/uoc.java
p/dwz.java
p/iqy.java
p/be3.java
p/pf0.java
p/po2.java
p/key.java
p/wxt.java
p/dw7.java
p/cxq.java
p/jvs.java
p/q1x.java
p/dbr.java
p/s2l.java
p/iln.java
p/ps6.java
p/o2v.java
p/hnj.java
p/d61.java
p/faz.java
p/pzv.java
p/sss.java
com/spotify/adsdisplay/voice/VoiceAdService.java
p/jky.java
p/dx7.java
p/axi.java
p/ci4.java
p/es7.java
p/pqh.java
p/z85.java
p/ns5.java
p/uoj.java
p/g300.java
com/adjust/sdk/Logger.java
p/xmj.java
p/pez.java
p/adl.java
p/u3r.java
p/d9u.java
p/lkq.java
p/llj.java
p/wbz.java
p/lr1.java
p/lpz.java
p/z6r.java
p/iij.java
p/xff.java
com/huawei/hms/ads/identifier/d.java
p/f1x.java
p/wgx.java
p/ysz.java
p/mul.java
p/fvd.java
p/h1x.java
p/apc.java
com/spotify/messages/CarThingRequestLog.java
p/nu0.java
p/xwq.java
p/hs7.java
p/js7.java
p/zpz.java
p/cak.java
p/ow0.java
p/z51.java
p/fom.java
p/bjz.java
p/ex0.java
com/github/mikephil/charting/charts/BarChart.java
p/zqz.java
p/bgj.java
p/yuh.java
p/j800.java
p/vvx.java
p/chz.java
p/lzx.java
p/a2l.java
p/rfj.java
p/e06.java
p/q2l.java
p/vzv.java
p/o1n.java
p/qs6.java
p/lig.java
p/kam.java
com/comscore/android/util/log/AndroidLogger.java
p/ggz.java
p/mtl.java
p/qcw.java
p/hy5.java
p/zkz.java
p/ygx.java
p/ghj.java
p/jeq.java
p/xe2.java
p/hpm.java
p/woy.java
p/xrf.java
p/mcz.java
p/t3h.java
p/bj.java
p/igf.java
com/googlecode/mp4parser/AbstractBox.java
p/ir6.java
p/i9.java
p/jmj.java
p/oxx.java
p/en8.java
p/py0.java
p/or6.java
p/hq3.java
p/zyj.java
p/e0a.java
com/spotify/adsinternal/adscommon/events/proto/VoiceAdLog.java
p/psj.java
p/u61.java
p/tkl.java
p/br6.java
p/ex7.java
p/iky.java
com/coremedia/iso/boxes/sampleentry/AudioSampleEntry.java
p/ns9.java
p/kky.java
p/wrf.java
p/dr6.java
p/a01.java
p/e6d.java
p/pg8.java
p/byj.java
p/vkx.java
p/bfe.java
p/sj6.java
p/jgf.java
p/yoc.java
p/p9z.java
p/woc.java
p/gqy.java
p/f900.java
p/cx0.java
p/xfj.java
p/cvz.java
p/h500.java
p/sfj.java
p/nuz.java
p/a31.java
p/fx0.java
com/spotify/messages/CarThingUbiLog.java
p/myz.java
p/fhz.java
p/sbr.java
p/moa.java
p/rz2.java
p/yv0.java
p/h61.java
p/q600.java
p/lez.java
p/ii0.java
p/pzs.java
p/wn2.java
p/scw.java
p/lhf.java
p/hxz.java
p/tqh.java
com/spotify/watchfeed/uiusecases/elements/SeeMoreTextView.java
p/eex.java
p/uvv.java
p/ohx.java
p/pb5.java
p/vtb.java
p/Ctry.java
p/zli.java
p/zoz.java
p/drz.java
p/wc1.java
p/iug.java
p/yqi.java
com/spotify/adsdisplay/display/events/proto/LyricsOverlayAdLog.java
p/xg9.java
p/mdl.java
p/sc4.java
p/f9.java
High
CVSS:5.5
App can read/write to External Storage. Any App can read data written to External Storage.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 p/e5p.java
p/bct.java
p/ghx.java
p/jhc.java
p/gw7.java
p/xsy.java
p/hgi.java
p/vul.java
p/ysu.java
p/xsu.java
p/bfx.java
p/h61.java
p/hlv.java
Medium
CVSS:7.4
MD5 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 com/comscore/android/id/IdHelperAndroid.java
p/zoz.java
p/e8e.java
p/xfj.java
p/fm0.java
p/t7e.java
com/comscore/util/crashreport/CrashReportDecorator.java
p/wyz.java
Medium
CVSS:5.5
App creates temp file. Sensitive information should never be written into a temp file.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 p/qhf.java
p/shf.java
p/ops.java
p/n6c.java
p/lrr.java
p/yyd.java
p/lla.java
p/fdl.java
Medium
CVSS:5.9
App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
M7: Client Code Quality
Files:
 p/u3r.java
p/a1s.java
p/prr.java
p/qrr.java
p/ua8.java
p/mlx.java
p/ki3.java
p/gh3.java
p/jpz.java
p/l9d.java
p/e6d.java
p/myz.java
p/qbx.java
p/bub.java
p/rc0.java
p/mrr.java
p/siz.java
p/anb.java
Info
CVSS:0
This App uses SSL certificate pinning to detect or prevent MITM attacks in secure communication channel.
MASVS: MSTG-NETWORK-4
Files:
 p/sx5.java
p/gom.java
p/auq.java
p/iln.java
com/adjust/sdk/AdjustFactory.java
p/m73.java
Medium
CVSS:5.9
SHA-1 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 p/xgf.java
p/b95.java
p/vmy.java
p/t7e.java
com/adjust/sdk/AdjustFactory.java
com/comscore/util/crashreport/CrashReportDecorator.java
p/l8c.java
p/h61.java
p/woc.java
Medium
CVSS:4.3
IP Address disclosure
MASVS: MSTG-CODE-2
CWE-200 Information Exposure
Files:
 com/spotify/messages/ConfigurationApplied.java
p/bjy.java
p/jiy.java
com/spotify/messages/ConfigurationAppliedNonAuth.java
com/spotify/messages/ConfigurationFetched.java
com/spotify/ucs/proto/v0/UcsRequest.java
com/spotify/messages/DefaultConfigurationAppliedNonAuth.java
p/rs4.java
com/spotify/messages/DefaultConfigurationApplied.java
p/nbs.java
com/spotify/messages/ConfigurationFetchedNonAuth.java
p/gdl.java
Low
CVSS:0
This App copies data to clipboard. Sensitive data should not be copied to clipboard as other applications can access it.
MASVS: MSTG-STORAGE-10
Files:
 p/mu3.java
p/kse.java
Info
CVSS:0
This App may have root detection capabilities.
MASVS: MSTG-RESILIENCE-1
Files:
 com/comscore/android/CommonUtils.java
p/b95.java
p/drz.java
p/mbz.java
com/comscore/android/util/jni/AndroidJniHelper.java
Low
CVSS:3.9
App can write to App Directory. Sensitive Information should be encrypted.
MASVS: MSTG-STORAGE-14
CWE-276 Incorrect Default Permissions
Files:
 p/fgx.java
p/dsf.java
p/q5p.java
p/qop.java
p/v8.java
High
CVSS:7.4
The App uses the encryption mode CBC with PKCS5/PKCS7 padding. This configuration is vulnerable to padding oracle attacks.
MASVS: MSTG-CRYPTO-3
CWE-649 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
M5: Insufficient Cryptography
Files:
 p/fw.java
High
CVSS:5.4
Remote WebView debugging is enabled.
MASVS: MSTG-RESILIENCE-2
CWE-919 - Weaknesses in Mobile Applications
M1: Improper Platform Usage
Files:
 p/g9k.java
Info
CVSS:0
This app has capabilities to prevent tapjacking attacks.
MASVS: MSTG-PLATFORM-9
Files:
 p/qlo.java
Pygal Canada: 200 Switzerland: 100 Czech Republic: 300 Germany: 800 United States: 7400

Map computed by Pithus.

Network analysis

Information computed with MobSF.

High Base config is insecurely configured to permit clear text traffic to all domains.
Scope: ['*']
Info Domain config is securely configured to disallow clear text traffic to these domains in scope.
Scope: ['appspot.com', 'facebook.com', 'genius.com', 'google.com', 'googleapis.com', 'instagram.com', 'qualtrics.com', 'scdn.co', 'slack.com', 'spotify.com', 'spotify.net', 'spotifyinternal.com', 'twitter.com']

Domains analysis

Information computed with MobSF.

US mobile-ap.spotify.com 34.158.0.131
US google.com 142.250.185.78
US www.google-analytics.com 142.250.186.110
US app.adjust.com 185.151.204.10
US tracing.spotify.com 35.186.224.25
US segment-data-us-east.zqtk.net 52.72.26.11
US accounts.spotify.com 35.186.224.25
US firebase-settings.crashlytics.com 142.250.185.99
US the-stage-test.appspot.com 142.250.74.212
US about-recommendations.spotify.com 35.186.224.25
US app.adjust.world 185.151.204.40
US spclient.wg.spotify.com 35.186.224.25
US sponsored-recommendations.spotify.com 35.186.224.25
.facebook.com
US canvaz.scdn.co 151.101.14.248
US open.spotify.com 35.186.224.25
DE gdpr.adjust.com 178.162.219.36
US apache.org 151.101.2.132
US maps.google.com 142.250.185.142
US newsroom.spotify.com 216.239.34.21
US scannables.scdn.co 151.101.62.248
US rewards-staging.spotify.com 35.186.224.25
US pme-config.spotifycdn.com 151.101.14.249
internal-podcast.spotify.net
US www.google.com 142.250.185.196
DE facebook.com 31.13.92.36
US apresolve.spotify.com 34.98.74.57
US app-measurement.com 142.250.185.174
US mosaic.scdn.co 151.101.38.248
US app.adjust.net.in 185.151.204.33
DE www.facebook.com 31.13.92.36
US www.amazon.com 18.66.128.229
US dashif.org 185.199.111.153
US www.sandbox.paypal.com 151.101.65.21
DE betamax.akamaized.net 193.108.153.9
US artists.spotify.com 35.186.224.25
DE gdpr.adjust.world 178.162.219.36
US partner-accounts.spotify.com 35.186.224.25
US support.spotify.com 35.186.224.25
r.spotify.com
US clienttoken.spotify.com 35.186.224.25
US backstage.spotify.net 35.241.59.87
US cdn.branch.io 108.138.17.81
US subscription.adjust.world 185.151.204.44
DE gdpr.adjust.net.in 178.162.219.36
US subscription.adjust.net.in 185.151.204.34
US crashpad.chromium.org 142.250.181.243
US vocal-removal.scdn.co 151.101.114.248
US spotify.com 35.186.224.25
- remote-mic.spotify.net 10.174.16.129
US www.recaptcha.net 142.250.186.163
US i.scdn.co 151.101.14.248
US auth-callback.spotify.com 35.186.224.25
US exoplayer.dev 185.199.111.153
CZ sb.scorecardresearch.com 13.32.121.21
CZ udm.scorecardresearch.com 13.32.121.32
US pushka-notifications.firebaseio.com 34.120.160.131
US www.w3.org 128.30.52.100
US oauth-redirect.googleusercontent.com 142.250.184.193
US www.paypal.com 151.101.65.21
CA wiki.eclipse.org 198.41.30.195
US netty.io 172.67.130.186
US goo.gl 172.217.16.206
US play.spotify.com 35.186.224.25
US spotify.backtrace.io 52.2.190.21
schemas.android.com
US accounts.google.com 142.250.186.141
CA www.eclipse.org 198.41.30.198
US superbird.spotifycdn.com 151.101.62.249
US subscription.adjust.com 185.151.204.52
ns.adobe.com
US firebase.google.com 142.250.185.206
US plus.google.com 142.250.185.238
US exp.wg.spotify.com 35.186.224.25
US www.googleadservices.com