0/62

Threat

com.att.csoiam.mobilekey

ATT Security Services

Analyzed on 2022-06-24T02:15:02.696098

4

permissions

0

activities

1

services

0

receivers

0

domains

File sums

MD5 59b145b17b9d7c5a8a66a39033c53d99
SHA1 148189268bb4e4a7e1be6e116f6349a44a59f21c
SHA256 736950a6fb058a1488303761fba903ec130c317f9666a0e5835075ce7d626d48
Size 0.91MB

APKiD

Information computed with APKiD.

/tmp/tmpzt3hpfh3!classes.dex
anti_vm
  • Build.MANUFACTURER check
compiler
  • r8

SSdeep

Information computed with ssdeep.

APK file 12288:Qzh3wOOemz00t/2hJtyca8QDC7lqfWMhWZK9jXAXQXUXQ5bnOwuEChLCJYz5KH:+zmz00y1qvBXAXQXUXhXhLKYzIH
Manifest 96:95cJSUebpaGb5yRG9uBSFY5D0MBmpsyZP3BM/:Gqb5yRUISmX0BM/
classes.dex 12288:+emz00t/2hJtyca8QDC7lqfWMhWZK9jXAXQXUXQ5bnOwuEChLCJYJ:7mz00y1qv…

Dexofuzzy

Information computed with Dexofuzzy.

APK file 768:FyLje6Dycivt35kluPk7WgI7UUkL/JgC7PyxIPpKJSOj6RJk5OCTYU:FyLy6D3i13…
classes.dex 768:FyLje6Dycivt35kluPk7WgI7UUkL/JgC7PyxIPpKJSOj6RJk5OCTYU:FyLy6D3i13…

APK details

Information computed with AndroGuard and Pithus.

Package com.att.csoiam.mobilekey
App name ATT Security Services
Version name 1.0.9
Version code 9
SDK 24 - 30
UAID 4e180b55a9704fcfa0dd89040be0dd30c762fe1a
Signature Signature V1 Signature V2 Signature V3
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0xf05368c0: Unknown
  • 0x42726577: Verity padding

Certificate details

Information computed with AndroGuard.

MD5 905964bebbad734705cf27d647a83859
SHA1 1f8015097f7e786d31dcb3ccf69bb72ae5ba8915
SHA256 c7f79aba69d3a75cfa4fa03599d08eebc5d1c0eeb1c390cf6ca87940d4f192ad
Issuer Common Name: Unknown; Organizational Unit: AT&T Services, Inc.; Organization: AT&T Services, Inc.; Locality: Unknown; State/Province: Unknown; Country: US
Not before 2010-04-23T03:20:08+00:00
Not after 2037-09-08T03:20:08+00:00

Manifest analysis

Information computed with MobSF.

Low Service (com.att.csoiam.mobilekey.EapService.MyEapService) is Protected by a permission.
Permission: com.att.csoiam.mobilekey.permission.ICCA
protectionLevel: signature[android:exported=true]
A Service is found to be exported, but is protected by permission.

Services

Information computed with AndroGuard.

com.att.csoiam.mobilekey.EapService.MyEapService

Sample timeline

Oldest file found in APK Jan. 1, 1981, 1:01 a.m.
Latest file found in APK Jan. 1, 1981, 1:01 a.m.
Certificate valid not before April 23, 2010, 3:20 a.m.
First submission on VT Nov. 25, 2021, 12:29 a.m.
Last submission on VT May 31, 2022, 5:24 a.m.
Upload on Pithus June 24, 2022, 2:15 a.m.
Certificate valid not after Sept. 8, 2037, 3:20 a.m.

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['network connectivity'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application implement functionality to encrypt sensitive data in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 com/att/csoiam/mobilekey/EapService/MyEapService.java

Permissions analysis

Information computed with MobSF.

Low android.permission.ACCESS_NETWORK_STATE view network status
Allows an application to view the status of all networks.
Low android.permission.INTERNET full Internet access
Allows an application to create network sockets.
android.permission.READ_PRIVILEGED_PHONE_STATE Unknown permission
Unknown permission from android reference
com.att.csoiam.mobilekey.permission.ICCA Unknown permission
Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Find a method from given class name, usually for reflection
Confidence:
100%
Method reflection
Confidence:
100%
Retrieve data from broadcast
Confidence:
100%
Read sensitive data(SMS, CALLLOG, etc)
Confidence:
100%
Monitor the broadcast action events (BOOT_COMPLETED)
Confidence:
100%
Method reflection
Confidence:
80%
Read file and put it into a stream
Confidence:
80%
Get declared method from given method name
Confidence:
80%
Initialize class object dynamically

Behavior analysis

Information computed with MobSF.

Get subscriber id
       com/att/csoiam/mobilekey/EapService/MyEapService.java
Get system service
       com/att/csoiam/mobilekey/EapService/MyEapService.java
Inter process communication
       com/att/csoiam/mobilekey/EapService/MyEapService.java
com/att/csoiam/mobilekey/lib/EapService.java

Control flow graphs analysis

Information computed by Pithus.

The application probably gets the subscriber ID associated to the SIM card/ Should never be collected

The application probably gets the network connections information