0/62

Threat

com.glasswire.android

GlassWire

Analyzed on 2021-09-07T20:53:16.137387

7

permissions

22

activities

3

services

5

receivers

5

domains

File sums

MD5 38bdda7d625b14f69bfdde26d28719a7
SHA1 31cb2ec2a03bf0b1281f0ce4f0f950e68c72fbb4
SHA256 93dd2fe74c8574441a2c18300baa63158b47f120ff01b9a7d7871e5c30c03548
Size 3.73MB

APKiD

Information computed with APKiD.

/tmp/tmp7913z83b!classes.dex
anti_vm
  • Build.FINGERPRINT check
  • Build.MANUFACTURER check
compiler
  • dx

SSdeep

Information computed with ssdeep.

APK file 49152:y1gtYCLgfrvLVAKi0agABllCPS+yBs+pACNiS4TDSGOCowH/oemxgPPKohdaAB58:0WgfrvLuKlAMyKdd/SCFwHgPfdaF
Manifest 384:eRDK1AsmiMSMKv0wRetypIh54vMkCrAX6E+LdOeDep/IUili5WlX2XAMQ5bo5lqL:…
classes.dex 24576:6MB9bT9LwE0i4bVGoPqWGYouGvxrVRCny7WEe2MjYRDLZm0Zjg62FUA6+7xBnpS…

Dexofuzzy

Information computed with Dexofuzzy.

APK file 6144:QA3tnah5TDTW/h2EcDTTyCiwKAf9O6a7uzpwW:QA3tah5T3WZeDdmv6a7a
classes.dex 6144:QA3tnah5TDTW/h2EcDTTyCiwKAf9O6a7uzpwW:QA3tah5T3WZeDdmv6a7a

APK details

Information computed with AndroGuard and Pithus.

Package com.glasswire.android
App name GlassWire
Version name 3.0.368r
Version code 368
SDK 23 - 30
UAID 35afc55ed806f3f435ddd5b291b755995516e18c
Signature Signature V1 Signature V2 Signature V3
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0xf05368c0: Unknown
  • 0x42726577: Verity padding

Certificate details

Information computed with AndroGuard.

MD5 c9239e6a0ebe0bcac1b1a87c7cd0f388
SHA1 73e51472f874a39aabc952937ac3e760f551c03e
SHA256 0c3f90ab96c1a0a7cb02088f8f462e7494b1fe23fbe0e290e783044213407dab
Issuer Common Name: Kirlif'
Not before 2016-01-18T19:34:57+00:00
Not after 2100-12-28T19:34:57+00:00

Manifest analysis

Information computed with MobSF.

High Broadcast Receiver (com.glasswire.android.device.receivers.BootCompletedReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.glasswire.android.device.receivers.UpdateReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.glasswire.android.device.receivers.WidgetCounterReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.glasswire.android.device.receivers.WidgetFirewallReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.glasswire.android.device.receivers.WidgetStatsReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.

Main Activity

Information computed with AndroGuard.

com.glasswire.android.presentation.activities.start.StartActivity

Activities

Information computed with AndroGuard.

com.glasswire.android.presentation.activities.start.StartActivity
com.glasswire.android.presentation.activities.billing.subscription.BillingSubscriptionActivity
com.glasswire.android.presentation.activities.billing.subscription.details.BillingSubscriptionDetailsActivity
com.glasswire.android.presentation.activities.themes.ThemesActivity
com.glasswire.android.presentation.activities.themes.selector.ThemesSelectorActivity
com.glasswire.android.presentation.activities.settings.main.SettingsActivity
com.glasswire.android.presentation.activities.settings.alerts.SettingsAlertsActivity
com.glasswire.android.presentation.activities.settings.period.SettingsDataPeriodActivity
com.glasswire.android.presentation.activities.about.AboutActivity
com.glasswire.android.presentation.activities.stability.battery.StabilityBatteryActivity
com.glasswire.android.presentation.activities.app.details.AppDetailsActivity
com.glasswire.android.presentation.activities.counter.DataCounterActivity
com.glasswire.android.presentation.activities.counter.options.DataCounterOptionsActivity
com.glasswire.android.presentation.activities.firewall.profile.FirewallProfileActivity
com.glasswire.android.presentation.activities.feedback.FeedbackActivity
com.glasswire.android.presentation.activities.alerts.AlertsActivity
com.glasswire.android.presentation.activities.widget.configure.WidgetConfigureCounterActivity
com.glasswire.android.presentation.activities.widget.configure.WidgetConfigureStatsActivity
com.glasswire.android.presentation.activities.widget.configure.WidgetConfigureFirewallActivity
com.google.android.gms.oss.licenses.OssLicensesMenuActivity
com.google.android.gms.oss.licenses.OssLicensesActivity
com.google.android.gms.common.api.GoogleApiActivity

Receivers

Information computed with AndroGuard.

com.glasswire.android.device.receivers.BootCompletedReceiver
com.glasswire.android.device.receivers.UpdateReceiver
com.glasswire.android.device.receivers.WidgetCounterReceiver
com.glasswire.android.device.receivers.WidgetFirewallReceiver
com.glasswire.android.device.receivers.WidgetStatsReceiver

Services

Information computed with AndroGuard.

com.glasswire.android.device.services.local.LocalService
com.glasswire.android.device.services.vpn.VpnService
androidx.room.MultiInstanceInvalidationService

Sample timeline

Oldest file found in APK Jan. 1, 1980, midnight
Latest file found in APK Jan. 1, 1980, midnight
Certificate valid not before Jan. 18, 2016, 7:34 p.m.
First submission on VT Aug. 28, 2021, 10:24 a.m.
Last submission on VT Aug. 28, 2021, 10:51 a.m.
Upload on Pithus Sept. 7, 2021, 8:53 p.m.
Certificate valid not after Dec. 28, 2100, 7:34 p.m.

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application use no DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['network connectivity'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit
FCS_HTTPS_EXT.1.3 The application notify the user and not establish the connection or request application authorization to establish the connection if the peer certificate is deemed invalid.
HTTPS Protocol

Code analysis

Information computed with MobSF.

High
CVSS:7.5
The App uses an insecure Random Number Generator.
MASVS: MSTG-CRYPTO-6
CWE-330 Use of Insufficiently Random Values
M5: Insufficient Cryptography
Files:
 l7/t.java
b8/a.java
a8/a.java
l7/o.java
l6/p.java
a8/b.java
j8/f.java
Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 t/f.java
q/d.java
o6/a.java
y/k.java
a6/g.java
Medium
CVSS:4.3
IP Address disclosure
MASVS: MSTG-CODE-2
CWE-200 Information Exposure
Files:
 m2/b.java
High
CVSS:5.9
App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
M7: Client Code Quality
Files:
 y0/a.java
p2/a.java
Pygal France: 100 United States: 300

Map computed by Pithus.

Domains analysis

Information computed with MobSF.

FR www.glasswire.com 143.204.228.32
US play.google.com 142.250.186.78
US twitter.com 104.244.42.129
US plus.google.com 142.250.186.174
schemas.android.com

URL analysis

Information computed with MobSF.

https://plus.google.com/
Defined in c6/j.java
http://schemas.android.com/apk/res/android
Defined in z/g.java
https://www.glasswire.com/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://play.google.com/store/apps/details?id=
https://play.google.com/store/account/subscriptions?sku=
https://www.glasswire.com/android-help/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://www.glasswire.com/privacy/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://www.glasswire.com/license/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://twitter.com/glasswire
Defined in i2/h.java
https://www.glasswire.com/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://play.google.com/store/apps/details?id=
https://play.google.com/store/account/subscriptions?sku=
https://www.glasswire.com/android-help/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://www.glasswire.com/privacy/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://www.glasswire.com/license/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://twitter.com/glasswire
Defined in i2/h.java
https://www.glasswire.com/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://play.google.com/store/apps/details?id=
https://play.google.com/store/account/subscriptions?sku=
https://www.glasswire.com/android-help/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://www.glasswire.com/privacy/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://www.glasswire.com/license/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://twitter.com/glasswire
Defined in i2/h.java
https://www.glasswire.com/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://play.google.com/store/apps/details?id=
https://play.google.com/store/account/subscriptions?sku=
https://www.glasswire.com/android-help/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://www.glasswire.com/privacy/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://www.glasswire.com/license/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://twitter.com/glasswire
Defined in i2/h.java
https://www.glasswire.com/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://play.google.com/store/apps/details?id=
https://play.google.com/store/account/subscriptions?sku=
https://www.glasswire.com/android-help/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://www.glasswire.com/privacy/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://www.glasswire.com/license/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://twitter.com/glasswire
Defined in i2/h.java
https://www.glasswire.com/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://play.google.com/store/apps/details?id=
https://play.google.com/store/account/subscriptions?sku=
https://www.glasswire.com/android-help/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://www.glasswire.com/privacy/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://www.glasswire.com/license/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://twitter.com/glasswire
Defined in i2/h.java
https://www.glasswire.com/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://play.google.com/store/apps/details?id=
https://play.google.com/store/account/subscriptions?sku=
https://www.glasswire.com/android-help/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://www.glasswire.com/privacy/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://www.glasswire.com/license/?utm_source=gw-android&utm_medium=app&utm_campaign=usage
https://twitter.com/glasswire
Defined in i2/h.java
https://www.glasswire.com/android-help
https://www.glasswire.com/privacy
Defined in Android String Resource
https://www.glasswire.com/android-help
https://www.glasswire.com/privacy
Defined in Android String Resource

Permissions analysis

Information computed with MobSF.

High android.permission.READ_PHONE_STATE read phone state and identity
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on.
Low android.permission.INTERNET full Internet access
Allows an application to create network sockets.
Low android.permission.RECEIVE_BOOT_COMPLETED automatically start at boot
Allows an application to start itself as soon as the system has finished booting. This can make it take longer to start the phone and allow the application to slow down the overall phone by always running.
Low android.permission.ACCESS_NETWORK_STATE view network status
Allows an application to view the status of all networks.
Low android.permission.FOREGROUND_SERVICE Allows a regular application to use Service.startForeground
Low android.permission.QUERY_ALL_PACKAGES Allows query of any normal app on the device, regardless of manifest declarations.
Medium android.permission.PACKAGE_USAGE_STATS update component usage statistics
Allows the modification of collected component usage statistics. Not for use by common applications.

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Load external class
Confidence:
100%
Find a method from given class name, usually for reflection
Confidence:
100%
Method reflection
Confidence:
100%
Retrieve data from broadcast
Confidence:
100%
Get declared method from given method name
Confidence:
100%
Read sensitive data(SMS, CALLLOG, etc)
Confidence:
100%
Open a file from given absolute path of the file
Confidence:
100%
Implicit intent(view a web page, make a phone call, etc.) via setData
Confidence:
100%
Monitor the broadcast action events (BOOT_COMPLETED)
Confidence:
100%
Get absolute path of the file and store in string
Confidence:
100%
Get last known location of the device
Confidence:
100%
Get location of the device
Confidence:
100%
Method reflection
Confidence:
100%
Connect to the remote server through the given URL
Confidence:
100%
Get the time of current location
Confidence:
100%
Initialize class object dynamically
Confidence:
100%
Connect to a URL and set request method
Confidence:
80%
Query the list of the installed packages
Confidence:
80%
Read file and put it into a stream
Confidence:
80%
Read file from assets directory
Confidence:
80%
Get resource file from res/raw directory

Behavior analysis

Information computed with MobSF.

Android notifications
       a6/d.java
y/k.java
q5/h.java
Base64 decode
       g1/b.java
z/c.java
Base64 encode
       f0/d.java
Gps location
       e/k.java
Get subscriber id
       q2/a.java
Get system service
       e/k.java
y/d.java
a6/d.java
y/k.java
n0/a.java
e/e.java
a6/g.java
l0/c.java
j/d.java
Http connection
       l1/a.java
l1/b.java
Inter process communication
       com/glasswire/android/presentation/activities/counter/DataCounterActivity.java
q5/d.java
com/glasswire/android/presentation/activities/widget/configure/b.java
d6/c.java
l6/b.java
com/glasswire/android/presentation/activities/settings/period/SettingsDataPeriodActivity.java
r2/a.java
com/glasswire/android/presentation/activities/settings/alerts/SettingsAlertsActivity.java
e/b.java
h6/b.java
m6/e.java
a1/k0.java
com/glasswire/android/device/receivers/WidgetStatsReceiver.java
k/a.java
c/b.java
com/glasswire/android/presentation/activities/stability/battery/StabilityBatteryActivity.java
y/a.java
x3/a.java
l6/a.java
y/k.java
q5/c.java
a6/a.java
com/glasswire/android/presentation/activities/app/details/AppDetailsActivity.java
com/glasswire/android/presentation/activities/widget/configure/a.java
a6/k.java
j6/b.java
l5/x.java
com/glasswire/android/device/services/vpn/VpnService.java
a6/e.java
t4/k.java
c/a.java
l5/i.java
j6/a.java
c6/h.java
com/glasswire/android/device/App.java
a/a.java
com/glasswire/android/device/receivers/BootCompletedReceiver.java
com/glasswire/android/device/receivers/UpdateReceiver.java
o6/c.java
com/glasswire/android/presentation/activities/feedback/FeedbackActivity.java
r2/b.java
y/j.java
q5/b.java
q5/h.java
c6/b.java
q5/e.java
m5/v.java
m6/f.java
y/o.java
q5/a.java
y/i.java
l6/e.java
o6/a.java
com/glasswire/android/presentation/activities/counter/options/DataCounterOptionsActivity.java
com/glasswire/android/device/receivers/WidgetCounterReceiver.java
k/d.java
c6/j.java
com/glasswire/android/presentation/activities/firewall/profile/FirewallProfileActivity.java
a6/d.java
o5/a.java
com/glasswire/android/presentation/activities/themes/ThemesActivity.java
y/h.java
i6/b.java
com/glasswire/android/presentation/activities/widget/configure/WidgetConfigureStatsActivity.java
e/e.java
u1/b.java
b6/a.java
com/glasswire/android/device/receivers/WidgetFirewallReceiver.java
r2/c.java
com/glasswire/android/presentation/activities/billing/subscription/BillingSubscriptionActivity.java
i6/a.java
e6/a.java
com/glasswire/android/presentation/activities/about/AboutActivity.java
k6/a.java
com/glasswire/android/presentation/activities/billing/subscription/details/BillingSubscriptionDetailsActivity.java
com/glasswire/android/presentation/activities/start/StartActivity.java
com/glasswire/android/presentation/activities/widget/configure/WidgetConfigureCounterActivity.java
com/glasswire/android/presentation/activities/settings/main/SettingsActivity.java
o6/h.java
com/glasswire/android/device/services/local/LocalService.java
o6/b.java
com/glasswire/android/presentation/activities/widget/configure/WidgetConfigureFirewallActivity.java
y/f.java
c/c.java
com/glasswire/android/presentation/activities/alerts/AlertsActivity.java
com/glasswire/android/presentation/activities/themes/selector/ThemesSelectorActivity.java
u1/d.java
k/c.java
s5/a.java
t2/d.java
u1/g.java
l6/c.java
y/c.java
d6/b.java
Java reflection
       a0/j.java
a0/g.java
z/f.java
q7/g.java
r7/a.java
h6/b.java
q2/a.java
g8/w.java
kotlinx/coroutines/internal/j.java
q7/i.java
z0/a.java
a0/e.java
a0/h.java
x7/r.java
kotlinx/coroutines/android/AndroidExceptionPreHandler.java
e/e.java
kotlinx/coroutines/internal/v.java
b0/a.java
kotlinx/coroutines/internal/i.java
e/g.java
r7/b.java
g0/b.java
j/g.java
y/j.java
e/i.java
kotlinx/coroutines/internal/d.java
kotlinx/coroutines/internal/h.java
a1/y.java
a0/f.java
b0/f.java
k/c.java
a1/i0.java
y/c.java
Loading native code (shared library)
       com/glasswire/android/device/App.java
Local file i/o operations
       c1/c.java
i2/e.java
x3/a.java
x2/a.java
y5/a.java
p2/a.java
z2/e.java
a0/k.java
Sending broadcast
       t4/k.java
com/glasswire/android/presentation/activities/widget/configure/b.java
com/glasswire/android/device/App.java
com/glasswire/android/presentation/activities/widget/configure/a.java
com/glasswire/android/device/receivers/WidgetCounterReceiver.java
t2/d.java
com/glasswire/android/device/receivers/WidgetStatsReceiver.java
Starting activity
       y/o.java
com/glasswire/android/presentation/activities/settings/period/SettingsDataPeriodActivity.java
com/glasswire/android/presentation/activities/settings/alerts/SettingsAlertsActivity.java
c6/h.java
com/glasswire/android/presentation/activities/about/AboutActivity.java
com/glasswire/android/presentation/activities/feedback/FeedbackActivity.java
r2/b.java
com/glasswire/android/presentation/activities/settings/main/SettingsActivity.java
j5/i.java
com/glasswire/android/presentation/activities/stability/battery/StabilityBatteryActivity.java
y/a.java
com/glasswire/android/presentation/activities/themes/ThemesActivity.java
com/glasswire/android/presentation/activities/widget/configure/WidgetConfigureFirewallActivity.java
com/glasswire/android/presentation/activities/app/details/AppDetailsActivity.java
com/glasswire/android/presentation/activities/themes/selector/ThemesSelectorActivity.java
u1/d.java
com/glasswire/android/device/receivers/WidgetFirewallReceiver.java
Starting service
       y/k.java
e6/a.java
u1/d.java
Tcp socket
       o1/h.java

Control flow graphs analysis

Information computed by Pithus.

The application probably dynamically loads code

The application probably gets the subscriber ID associated to the SIM card/ Should never be collected

The application probably gets the location based on GPS and/or Wi-Fi

The application probably plays sound

The application probably makes OS calls

The application probably sends data over HTTP/S

The application probably lists all installed applications

The application probably gets memory and CPU information

The application probably listens accessibility events