0/61

Threat

com.osp.app.signin

Samsung account

Analyzed on 2022-01-25T01:45:22.374936

15

permissions

3

activities

2

services

1

receivers

0

domains

File sums

MD5 d051558e6e4012c6bca9e9cfd21b6f12
SHA1 6d7428bf6e4fbc09508ddc03a537e8c77d1a9e60
SHA256 7980535dcbbd43f985677255dd0b74ada75198322d03daa16b6c9760411827e3
Size 1.38MB

APKiD

Information computed with APKiD.

/tmp/tmpb1m69mkb!classes.dex
compiler
  • dx
/tmp/tmpb1m69mkb!classes2.dex
compiler
  • dx
/tmp/tmpb1m69mkb!classes3.dex
compiler
  • unknown (please file detection issue!)
/tmp/tmpb1m69mkb!classes4.dex
compiler
  • dx
/tmp/tmpb1m69mkb!classes5.dex
compiler
  • dx
/tmp/tmpb1m69mkb!classes6.dex
compiler
  • dx
/tmp/tmpb1m69mkb!classes7.dex
compiler
  • dx

SSdeep

Information computed with ssdeep.

APK file 24576:RFdzDKSUkkgTcr604P72YtVIzdpkq65KHOR97R5/AH0YH2VIJifxfxWZg3v:RFN3dkgTcuNyOMdpUsHY73A7HTifxfxR
Manifest 192:iL+pjKrgSxjBfjGzGyqLgLOpk+CeV2GpqzKEOnRhsPMLLX1acu4AiZVY5yFlkj:ii…
classes.dex 6144:I0eBeNDQea8IqnPTqgzLy8v9PB/JsMntvIcLpXAaa9r7JmvbI23YCKV8AP+jmxUP…
classes2.dex 12:HQSmdUz3dZgl/wzUvqWzL8Ow037134ME91M7qTvfEHi6iYJExSdEsiskJ:HcSdSwAv…
classes3.dex 96:1qruf6zUL4rMblKuMUC9kwrYqUsROVQiT:1qKfj41nNR0/
classes4.dex 3072:Je4cgNH+2YhGKtEsDhQnMara7Zp5EMw3clH/YO/sNyzwRRuyOLDb/A4/dm1Y2NjM…
classes5.dex 12288:3Q/BBGxXOvUG2VydMmAcNq3pf/9rwWYdMhkX1AYz9:YBhS2WYhXr
classes6.dex 6144:52IkJryQFJg/+zbvU9Bvo6YPdkh+EhMZKCMWDCA:52vyUJNUeBCA
classes7.dex 6144:FB8Xu+ibNTIztIlOnQtEInwJrDVIDsnUd19y:Fp+sSzUt13d19y

Dexofuzzy

Information computed with Dexofuzzy.

APK file 192:y3PZm5YDAPi9GGtPfzNCb/qin796YiMS82W:y33DAPiBfzc7qin796CS8T
classes.dex None
classes2.dex 3:Ln:Ln
classes3.dex None
classes4.dex None
classes5.dex None
classes6.dex 192:23PZm5YDAPi9GGtPfzNCb/qin796YiMS82W:233DAPiBfzc7qin796CS8T
classes7.dex None

APK details

Information computed with AndroGuard and Pithus.

Package com.osp.app.signin
App name Samsung account
Version name 4.0.00.2
Version code 400002000
SDK 23 - 23
UAID 57bb1db71fe55d5587e7e6aa009c12248216d002
Signature Signature V1
Frosting Not frosted

Certificate details

Information computed with AndroGuard.

MD5 0d6bb20d354792ad509315426a5e70d0
SHA1 cf3181be0fc4c2e0aca7b777dbbb83da54c9d1be
SHA256 aa3ee844efd4f6efd5def1e1f777c7421fb7beaeed3497dcd783e4b4644701b1
Issuer Common Name: samsung, Organizational Unit: samsung
Not before 2011-08-30T10:25:20+00:00
Not after 2111-08-06T10:25:20+00:00

Manifest analysis

Information computed with MobSF.

High Activity (com.osp.app.signin.AccountView) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.osp.app.signin.ReceiveMarketingActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.osp.app.signin.UserValidateCheck) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.msc.sa.service.RequestService) is not Protected.An intent-filter exists.
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Service is explicitly exported.
High Broadcast Receiver (com.osp.app.signin.MigrationEventReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.

Activities

Information computed with AndroGuard. 

com.osp.app.signin.AccountView
com.osp.app.signin.ReceiveMarketingActivity
com.osp.app.signin.UserValidateCheck

Receivers

Information computed with AndroGuard. 

com.osp.app.signin.MigrationEventReceiver

Services

Information computed with AndroGuard. 

com.msc.sa.service.RequestService
com.osp.app.legacy.MigrationEventService

Sample timeline

Oldest file found in APK Jan. 1, 1980, midnight
Certificate valid not before Aug. 30, 2011, 10:25 a.m.
Latest file found in APK Sept. 18, 2019, 2:35 p.m.
First submission on VT Nov. 1, 2019, 1:44 a.m.
Last submission on VT Dec. 16, 2020, 5:28 p.m.
Upload on Pithus Jan. 25, 2022, 1:45 a.m.
Certificate valid not after Aug. 6, 2111, 10:25 a.m.

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application invoke platform-provided DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to no hardware resources.
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has no network communications.
Network Communications
FDP_DAR_EXT.1.1 The application implement functionality to encrypt sensitive data in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product.
Protection of Data in Transit
FCS_RBG_EXT.2.1
FCS_RBG_EXT.2.2		 The application perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using Hash_DRBG. The deterministic RBG is seeded by an entropy source that accumulates entropy from a platform-based DRBG and a software-based noise source, with a minimum of 256 bits of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate.
Random Bit Generation from Application
FCS_COP.1.1(2) The application perform cryptographic hashing services not in accordance with FCS_COP.1.1(2) and uses the cryptographic algorithm RC2/RC4/MD4/MD5.
Cryptographic Operation - Hashing
FCS_HTTPS_EXT.1.3 The application notify the user and not establish the connection or request application authorization to establish the connection if the peer certificate is deemed invalid.
HTTPS Protocol

Code analysis

Information computed with MobSF.

High
CVSS:5.9
App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
M7: Client Code Quality
Files: 
 com/osp/app/legacy/PropertyContentProvider.java
 com/osp/app/legacy/CredentialContentProvider.java
 com/osp/app/legacy/OpenContentProvider.java
 com/osp/app/legacy/ProvisioningContentProvider.java
 com/osp/app/legacy/SamsungServiceProvider.java
 com/osp/app/legacy/ApplistContentProvider.java
 com/osp/app/legacy/IdentityContentProvider.java
High
CVSS:7.4
Files may contain hardcoded sensitive informations like usernames, passwords, keys etc.
MASVS: MSTG-STORAGE-14
CWE-312 Cleartext Storage of Sensitive Information
M9: Reverse Engineering
Files: 
 com/osp/app/legacy/PropertyContentProvider.java
 com/osp/app/legacy/CredentialContentProvider.java
 com/osp/app/legacy/OpenContentProvider.java
 com/osp/app/legacy/DbManagerV2.java
 com/osp/app/legacy/ProvisioningContentProvider.java
 com/osp/app/legacy/SamsungServiceProvider.java
 com/osp/common/crypto/AESCrypto.java
 com/osp/app/legacy/identity/IdentityManager.java
 com/osp/app/legacy/IdentityContentProvider.java
 com/osp/app/util/Config.java
 com/osp/social/member/MemberServiceManager.java
Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files: 
 com/osp/app/util/Util.java
High
CVSS:5.9
SHA-1 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files: 
 com/osp/common/crypto/AESCryptoV02.java
High
CVSS:7.4
MD5 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files: 
 com/osp/common/crypto/AESCryptoV01.java

Permissions analysis

Information computed with MobSF.

High android.permission.GET_ACCOUNTS list accounts
Allows access to the list of accounts in the Accounts Service.
High android.permission.WRITE_EXTERNAL_STORAGE read/modify/delete external storage contents
Allows an application to write to external storage.
High android.permission.READ_PHONE_STATE read phone state and identity
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on.
High android.permission.READ_EXTERNAL_STORAGE read external storage contents
Allows an application to read from external storage.
Low android.permission.RECEIVE_BOOT_COMPLETED automatically start at boot
Allows an application to start itself as soon as the system has finished booting. This can make it take longer to start the phone and allow the application to slow down the overall phone by always running.
Medium android.permission.GET_ACCOUNTS_PRIVILEGED Allows access to the list of accounts in the Accounts Service.
com.samsung.android.unifiedprofile.permission.PRIVACY Unknown permission
Unknown permission from android reference
com.osp.app.signin.PREF_READ Unknown permission
Unknown permission from android reference
com.osp.app.signin.PREF_WRITE Unknown permission
Unknown permission from android reference
com.osp.app.legacy.OpenContentProvider.READ_CONTENT Unknown permission
Unknown permission from android reference
com.osp.app.legacy.OpenContentProvider.WrItE_CoNTeNt.PROHIBIT_external_access Unknown permission
Unknown permission from android reference
com.osp.contentprovider.OSPContentProvider.OSP_READ_CONTENT Unknown permission
Unknown permission from android reference
com.osp.contentprovider.OSPContentProvider.OSP_WRITE_CONTENT Unknown permission
Unknown permission from android reference
android.permission.REAL_GET_TASKS Unknown permission
Unknown permission from android reference
com.samsung.android.mobileservice.PERMISSION_MIGRATION_COMPLETED Unknown permission
Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Find a method from given class name, usually for reflection
Confidence:
100%
Method reflection
Confidence:
100%
Load class from given class name
Confidence:
100%
Read sensitive data(SMS, CALLLOG, etc)
Confidence:
100%
Monitor the broadcast action events (BOOT_COMPLETED)
Confidence:
100%
Get last known location of the device
Confidence:
100%
Get location of the device
Confidence:
100%
Query the IMEI number
Confidence:
100%
Method reflection
Confidence:
100%
Get the time of current location
Confidence:
80%
Get resource file from res/raw directory

Behavior analysis

Information computed with MobSF.

Content provider 
       com/osp/app/legacy/OpenContentProvider.java
       com/osp/app/legacy/SamsungServiceProvider.java
       com/osp/app/legacy/PrefProvider.java
       com/osp/app/legacy/OSPContentProvider.java
Crypto 
       com/osp/common/crypto/AESCryptoV02.java
       com/osp/common/crypto/AESCryptoV01.java
       com/osp/common/crypto/AESCrypto.java
Get system service 
       com/osp/app/device/DeviceRegistrationManager.java
       com/osp/app/util/StateCheckUtil.java
Inter process communication 
       com/osp/app/signin/ReceiveMarketingActivity.java
       com/osp/app/signin/MigrationEventReceiver.java
       com/msc/sa/aidl/ISAService.java
       com/samsung/android/pass/IPassHelper.java
       com/msc/sa/aidl/ISAExpandableCallback.java
       com/msc/sa/aidl/ISAExpandableService.java
       com/msc/sa/service/RequestService.java
       com/osp/app/signin/AccountView.java
       com/msc/sa/aidl/ISACallback.java
       com/sec/android/app/suwscriptplayer/ISuwScriptPlayerCallback.java
       com/osp/app/signin/UserValidateCheck.java
       com/semsm/sa/aidl/ISAExpandableService.java
       android/view/IWindowManager.java
       com/sec/spp/push/dlc/api/IDlcService.java
       com/osp/app/legacy/MigrationEventService.java
       com/semsm/sa/aidl/ISAService.java
       com/sec/android/app/sns3/svc/sp/facebook/auth/api/ISnsFacebookForAuthToken.java
       android/content/pm/IPackageInstallObserver.java
       com/sec/android/app/suwscriptplayer/ISuwScriptPlayer.java
       com/osp/app/util/Util.java
Local file i/o operations 
       com/osp/app/util/StateCheckUtil.java
       com/osp/common/crypto/AESCrypto.java
       com/osp/app/legacy/MigrationEventService.java
       com/osp/app/legacy/PrefProvider.java
       com/osp/app/signin/SamsungService.java
Message digest 
       com/osp/common/crypto/AESCryptoV01.java
Query database of sms, contacts etc 
       com/osp/app/legacy/OpenDBManager.java
       com/osp/app/legacy/identity/IdentityRepository.java
       com/osp/app/legacy/DbManagerV2.java
       com/osp/app/legacy/credential/CredentialRepository.java
       com/osp/social/member/MemberServiceRepository.java
Starting activity 
       com/osp/app/signin/ReceiveMarketingActivity.java
       com/osp/app/signin/AccountView.java
       com/osp/app/signin/UserValidateCheck.java
Starting service 
       com/msc/sa/service/RequestService.java
       com/osp/app/signin/MigrationEventReceiver.java

Control flow graphs analysis

Information computed by Pithus.

The application probably dynamically loads code

The application probably gets the IMEI of the phone

The application probably gets the location based on GPS and/or Wi-Fi

The application probably gets the network connections information

The application probably uses cryptography

The application probably plays sound

The application probably creates an accessibility service

The application probably listens accessibility events