1/62

Threat

org.cyanogenmod.gello.browser

Browser

Analyzed on 2022-02-13T20:35:15.090637

25

permissions

12

activities

25

services

5

receivers

291

domains

File sums

MD5 34ac0aa3964e0889539e02d3f504c0b7
SHA1 22ad02a5148dd7e19c9e4e1c64a4c58813f4d3d3
SHA256 6b1951e060a50efc24f9e8dd8d7436ae30b2a8dbd59dc7c3d61d55a976cad125
Size 59.81MB

APKiD

Information computed with APKiD.

/tmp/tmp1repevqs!classes.dex
anti_vm
  • Build.FINGERPRINT check
  • Build.MODEL check
  • Build.MANUFACTURER check
  • Build.PRODUCT check
manipulator
  • dexmerge
compiler
  • dx (possible dexmerge)

SSdeep

Information computed with ssdeep.

APK file 786432:ev3Wt0eTWFphr1Flf0Z61OyQf973kaGItTA6qy1gb:eOoZp03kOTAA1gb
Manifest 768:dAgSd9D9OUFy5+aOtGH1JfuDiJnrR1JuvOwctlM4TMJLLpZ1Amtp6+gZJs6kqj0z:…
classes.dex 49152:+Qx9yGAbadH1ldIO7K8P/rlrWWSnIrSDRbXqk6Pq4o0x12KKcnY16RLgk7CsHMf…

Dexofuzzy

Information computed with Dexofuzzy.

APK file 3072:q9TIJhLh9RDq2n0GJRT24gLNIWIOkJedOX9/OWHBY/QnfERNTSCp9Hn2I2OH1:q9…
classes.dex 3072:q9TIJhLh9RDq2n0GJRT24gLNIWIOkJedOX9/OWHBY/QnfERNTSCp9Hn2I2OH1:q9…

APK details

Information computed with AndroGuard and Pithus.

Package org.cyanogenmod.gello.browser
App name Browser
Version name 42.0.2311.1185 (747cb06)
Version code 23111185
SDK 22 - 23
UAID 31a7fadcec1af3285c759ceba0f052255ea75813
Signature Signature V1 Signature V2
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown

Certificate details

Information computed with AndroGuard.

MD5 e89b158e4bcf988ebd09eb83f5378e87
SHA1 61ed377e85d386a8dfee6b864bd85b0bfaa5af81
SHA256 a40da80a59d170caa950cf15c18c454d47a39b26989d8b640ecd745ba71bf5dc
Issuer Email Address: android@android.com, Common Name: Android, Organizational Unit: Android, Organization: Android, Locality: Mountain View, State/Province: California, Country: US
Not before 2008-02-29T01:33:46+00:00
Not after 2035-07-17T01:33:46+00:00

Manifest analysis

Information computed with MobSF.

Medium Application Data can be Backed up[android:allowBackup] flag is missing.
The flag [android:allowBackup] should be set to false. By default it is set to true and allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
High Content Provider (com.android.browser.provider.BrowserProvider2) is not Protected. [android:exported=true]
A Content Provider is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (org.cyanogenmod.gello.browser.BrowserLauncher) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.android.browser.BrowserActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.android.browser.ShortcutActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.android.browser.BrowserPreferencesPage) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.android.browser.BookmarkSearch) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.android.browser.AddBookmarkPage) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.android.browser.DownloadSettings) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.android.browser.AddBookmarkFolder) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Broadcast Receiver (com.android.browser.widget.BookmarkThumbnailWidgetProvider) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Activity (com.android.browser.widget.BookmarkWidgetConfigure) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Broadcast Receiver (com.android.browser.OpenDownloadReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Broadcast Receiver (com.android.browser.MessagesReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
Low Broadcast Receiver (com.android.browser.PreloadRequestReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: org.cyanogenmod.gello.browser.permission.PRELOAD
protectionLevel: signatureOrSystem [android:exported=true]
A Broadcast Receiver is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.

Browsable activities

Information computed with MobSF.

com.android.browser.BrowserActivity

Schemes: http:// https:// about:// javascript:// inline:// file://

Mime types: text/html text/plain application/xhtml+xml application/vnd.wap.xhtml+xml application/x-webarchive-xml

Main Activity

Information computed with AndroGuard.

com.android.browser.BrowserLauncher

Activities

Information computed with AndroGuard.

com.android.browser.BrowserLauncher
com.android.browser.BrowserActivity
com.android.browser.ShortcutActivity
com.android.browser.BrowserPreferencesPage
com.android.browser.preferences.LegalPreviewActivity
com.android.browser.BookmarkSearch
com.android.browser.AddBookmarkPage
com.android.browser.DownloadSettings
com.android.browser.AddBookmarkFolder
com.android.browser.ComboViewActivity
com.android.browser.widget.BookmarkWidgetConfigure
com.android.browser.mynavigation.AddMyNavigationPage

Receivers

Information computed with AndroGuard.

com.android.browser.widget.BookmarkThumbnailWidgetProvider
com.android.browser.widget.BookmarkWidgetProxy
com.android.browser.OpenDownloadReceiver
com.android.browser.MessagesReceiver
com.android.browser.PreloadRequestReceiver

Services

Information computed with AndroGuard.

com.android.browser.widget.BookmarkThumbnailWidgetService
org.chromium.content.app.SandboxedProcessService0
org.chromium.content.app.SandboxedProcessService1
org.chromium.content.app.SandboxedProcessService2
org.chromium.content.app.SandboxedProcessService3
org.chromium.content.app.SandboxedProcessService4
org.chromium.content.app.SandboxedProcessService5
org.chromium.content.app.SandboxedProcessService6
org.chromium.content.app.SandboxedProcessService7
org.chromium.content.app.SandboxedProcessService8
org.chromium.content.app.SandboxedProcessService9
org.chromium.content.app.SandboxedProcessService10
org.chromium.content.app.SandboxedProcessService11
org.chromium.content.app.SandboxedProcessService12
org.chromium.content.app.SandboxedProcessService13
org.chromium.content.app.SandboxedProcessService14
org.chromium.content.app.SandboxedProcessService15
org.chromium.content.app.SandboxedProcessService16
org.chromium.content.app.SandboxedProcessService17
org.chromium.content.app.SandboxedProcessService18
org.chromium.content.app.SandboxedProcessService19
org.chromium.content.app.PrivilegedProcessService0
org.chromium.content.app.PrivilegedProcessService1
org.chromium.content.app.PrivilegedProcessService2
com.android.browser.UpdateNotificationService

Sample timeline

Certificate valid not before Feb. 29, 2008, 1:33 a.m.
Oldest file found in APK Jan. 1, 2009, midnight
Latest file found in APK Jan. 1, 2009, midnight
First submission on VT Nov. 17, 2016, 6:45 p.m.
Last submission on VT Feb. 25, 2017, 7:14 p.m.
Upload on Pithus Feb. 13, 2022, 8:35 p.m.
Certificate valid not after July 17, 2035, 1:33 a.m.

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application invoke platform-provided DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application invoke the functionality provided by the platform to securely store credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application implement asymmetric key generation.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['location', 'NFC', 'network connectivity', 'camera', 'microphone'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application implement functionality to encrypt sensitive data in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit
FCS_RBG_EXT.2.1
FCS_RBG_EXT.2.2
The application perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using Hash_DRBG. The deterministic RBG is seeded by an entropy source that accumulates entropy from a platform-based DRBG and a software-based noise source, with a minimum of 256 bits of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate.
Random Bit Generation from Application
FCS_COP.1.1(1) The application perform encryption/decryption in accordance with a specified cryptographic algorithm AES-CBC (as defined in NIST SP 800-38A) mode or AES-GCM (as defined in NIST SP 800-38D) and cryptographic key sizes 256-bit/128-bit.
Cryptographic Operation - Encryption/Decryption
FCS_COP.1.1(2) The application perform cryptographic hashing services not in accordance with FCS_COP.1.1(2) and uses the cryptographic algorithm RC2/RC4/MD4/MD5.
Cryptographic Operation - Hashing
FCS_COP.1.1(3) The application perform cryptographic signature services (generation and verification) in accordance with a specified cryptographic algorithm RSA schemes using cryptographic key sizes of 2048-bit or greater.
Cryptographic Operation - Signing
FCS_HTTPS_EXT.1.1 The application implement the HTTPS protocol that complies with RFC 2818.
HTTPS Protocol
FCS_HTTPS_EXT.1.2 The application implement HTTPS using TLS.
HTTPS Protocol
FCS_HTTPS_EXT.1.3 The application notify the user and not establish the connection or request application authorization to establish the connection if the peer certificate is deemed invalid.
HTTPS Protocol
FIA_X509_EXT.2.1 The application use X.509v3 certificates as defined by RFC 5280 to support authentication for HTTPS , TLS.
X.509 Certificate Authentication
FIA_X509_EXT.2.2 When the application cannot establish a connection to determine the validity of a certificate, the application allow the administrator to choose whether to accept the certificate in these cases or accept the certificate ,or not accept the certificate.
X.509 Certificate Authentication

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 org/codeaurora/swe/Engine.java
com/qualcomm/qti/webrefiner/WebRefinerRuleSetManager.java
com/qualcomm/qti/sweetview/SweetAccelerator.java
com/qualcomm/qti/webrefiner/WebRefinerImpl.java
org/codeaurora/swe/SWEContentViewClient.java
org/codeaurora/swe/WebView.java
org/codeaurora/swe/WebRefiner.java
org/codeaurora/swe/PermissionsServiceFactory.java
org/codeaurora/net/NetworkServices.java
org/codeaurora/swe/utils/Logger.java
org/codeaurora/net/TcmIdleTimerMonitor.java
Medium
CVSS:7.5
The App uses an insecure Random Number Generator.
MASVS: MSTG-CRYPTO-6
CWE-330 Use of Insufficiently Random Values
M5: Insufficient Cryptography
Files:
 org/codeaurora/swe/SWEContentViewClient.java
Pygal Afghanistan: 100 Argentina: 100 Australia: 200 Bosnia and Herzegovina: 100 Belgium: 100 Bulgaria: 100 Brunei Darussalam: 100 Brazil: 100 Bhutan: 100 Belarus: 200 Canada: 100 Switzerland: 100 China: 100 Czech Republic: 500 Germany: 2400 Estonia: 200 Spain: 300 Finland: 100 France: 300 United Kingdom: 200 Georgia: 100 Greece: 100 Hong Kong: 100 Croatia: 100 Hungary: 200 Ireland: 3700 Israel: 100 India: 100 Iceland: 100 Italy: 100 Korea, Republic of: 400 Sri Lanka: 100 Lithuania: 200 Luxembourg: 100 Latvia: 300 Mongolia: 100 Mexico: 100 Nicaragua: 100 Netherlands: 900 Norway: 200 Nepal: 100 Peru: 100 Pakistan: 100 Poland: 300 Portugal: 300 Serbia: 100 Russian Federation: 1500 Singapore: 300 Slovenia: 100 Slovakia: 200 Swaziland: 100 Tunisia: 100 Turkey: 100 Taiwan, Province of China: 100 Ukraine: 100 United States: 9000 Uruguay: 100 Uzbekistan: 100 Venezuela, Bolivarian Republic of: 100 Viet Nam: 100 South Africa: 100

Map computed by Pithus.

Domains analysis

Information computed with MobSF.

US wallet.google.com 64.233.167.92
US www.codigopostal4-72.com.co 199.59.243.200
AR www.correoargentino.com.ar 200.5.115.233
CH www.post.ch 194.41.184.148
NP www.gpo.gov.np 202.166.194.34
RU nova.rambler.ru 81.19.82.75
BR www.correios.com.br 201.48.198.24
IE ve.search.yahoo.com 212.82.100.137
DE www.postnl.nl 104.111.218.155
NL mixidj.delta-search.com 198.20.96.92
IE sg.search.yahoo.com 212.82.100.137
DE www.walla.co.il 143.204.98.77
US search.softonic.com 35.186.229.182
US clients1.google.com 142.250.186.174
US passwords.google.com 142.250.181.238
US nwalsh.com 69.163.219.40
DE www.royalmail.com 23.32.238.209
- www.svgpost.gov.vc 23.170.80.10
sp.br.ask.com
US translate.googleapis.com 142.250.186.42
US www.ask.com 151.101.14.114
IE tr.search.yahoo.com 212.82.100.137
KR search.naver.com 223.130.200.148
NL www.post.at 52.157.254.46
IE search.yahoo.com 212.82.100.137
nigma.ru
US beacons.gvt2.com 172.217.16.131
SI www.najdi.si 89.143.247.51
US chrome-devtools-frontend.appspot.com 142.250.186.148
NL www.delta-search.com 198.20.96.92
HU posta.hu 194.88.45.136
SK psc.posta.sk 62.152.231.250
DE www.correos.es 99.86.3.40
RU go.mail.ru 217.69.139.53
SG www.singpost.com.sg 54.251.177.72
DE isearch.avg.com 104.109.85.188
DE search.avg.com 104.109.85.188
US zip4.usps.com 192.229.221.165
GB www.nzpost.co.nz 185.125.86.33
SZ www.sptc.co.sz 69.63.64.21
PT pesquisa.sapo.pt 213.13.145.10
JP search.goo.ne.jp 114.179.184.146
US search.incredibar.com 3.131.129.12
US accounts.google.com 142.250.185.77
US www.softonic.com.br 35.227.233.104
EE www.neti.ee 195.50.209.244
TN www.poste.tn 193.95.101.227
PL szukaj.wp.pl 212.77.100.215
DE sstatic.naver.net 2.16.186.98
IE ru.search.yahoo.com 212.82.100.137
PT www.ctt.pt 62.28.56.1
RU yastatic.net 178.154.131.217
CZ searchatlas.centrum.cz 46.255.231.195
LV g1.delphi.lv 62.63.137.115
IE qc.search.yahoo.com 212.82.100.137
FI www.verkkoposti.com 192.89.57.51
FR www.correos.cl 45.223.19.107
US www.bing.com 204.79.197.200
KR www.epost.go.kr 211.250.131.141
RU www.yandex.com.tr 87.250.255.11
US fonts.googleapis.com 142.250.186.42
hladaj.atlas.sk
proxy-dev.googlezip.net
US clients3.google.com 142.250.185.110
US tools.usps.com 192.229.221.165
KR ac.search.naver.com 223.130.200.117
US ss.uk.ask.com 52.73.41.80
US exslt.org 192.30.252.154
DE mystart.incredibar.com 143.204.98.37
US szukaj.onet.pl 75.2.79.134
US google.com 142.250.185.206
PT imgs.sapo.pt 213.13.65.100
US start.iminent.com 163.171.128.148
DE www.postdirekt.de 46.231.177.227
NL www.yhs.delta-search.com 198.20.96.164
IE uk.search.yahoo.com 212.82.100.137
FR xmlsoft.org 91.121.203.120
JP goo.ne.jp 114.179.184.93
HR www.posta.hr 195.182.46.22
NL www2.delta-search.com 198.20.96.164
AX www.posten.ax 194.112.10.212
3g.189store.com
DE search.walla.co.il 143.204.98.84
US example.com 93.184.216.34
IE tw.search.yahoo.com 212.82.100.137
autocomplete.nigma.ru
US buscar.terra.com.ar 208.70.188.79
PK www.pakpost.gov.pk