0/62

Threat

com.transsion.phonemaster

Phone Master

Analyzed on 2021-09-29T11:10:26.456411

50

permissions

123

activities

34

services

33

receivers

69

domains

File sums

MD5 402ec3e11a921bcfc3ff2349f721ab30
SHA1 65990e949f814e77bc0cc30129b25d37c80437e2
SHA256 bb8131a2b891ccd39295f1df157f7d2f30d161dba318392f692c8fe8b7bce69d
Size 20.09MB

APKiD

Information computed with APKiD.

/tmp/tmp7nu49hr8!assets/audience_network.dex
anti_vm
  • possible Build.SERIAL check
anti_debug
  • Debug.isDebuggerConnected() check
compiler
  • unknown (please file detection issue!)
/tmp/tmp7nu49hr8!classes.dex
anti_vm
  • Build.FINGERPRINT check
  • Build.MODEL check
  • Build.MANUFACTURER check
  • Build.PRODUCT check
  • SIM operator check
  • subscriber ID check
compiler
  • r8
/tmp/tmp7nu49hr8!classes2.dex
anti_vm
  • Build.MODEL check
  • Build.MANUFACTURER check
  • Build.PRODUCT check
  • Build.HARDWARE check
  • Build.BOARD check
  • possible Build.SERIAL check
  • Build.TAGS check
  • SIM operator check
anti_debug
  • Debug.isDebuggerConnected() check
compiler
  • r8 without marker (suspicious)
/tmp/tmp7nu49hr8!classes3.dex
anti_vm
  • Build.MODEL check
  • Build.MANUFACTURER check
  • SIM operator check
compiler
  • r8 without marker (suspicious)
/tmp/tmp7nu49hr8!classes4.dex
compiler
  • r8 without marker (suspicious)

SSdeep

Information computed with ssdeep.

APK file 393216:anzeJqJBdmQ0bBTjUgB9cfecZh/63UpiM/U8iJn7P2cObqy1rt:abJjchR9cfeI63U8eUPnb07
Manifest 768:hzj5UmRxcKE6Xq9YCKSbPtUQtoTYo9Oeh0RLMh3c38zlCb7yD8MUdGAZQvXF5VQK:…
assets/audience_network.dex 49152:fJcVPgQQTfwljADK21NBYsYybJ9Bk4v49zA5Nmn:feotNeOJy9gA
classes.dex 49152:EVvxDIbsSYeHFsZv4mvOqCTCVZ0/2x+DicJlLVA6Ofn0ROOPigeML0N/qb23mpb…
classes2.dex 49152:eLPUEqTJ5iexYjA8p5yCenDdfJ+Rl2AmSgB1pxQxLhpUV3H2IBNudq:eTUEcxYj…
classes3.dex 24576:mXGOpwQx7lVqDOMkhq6DCkpEWbmfWeBbUYeyfkzBuM0gdtV3lUbfgN3:0fpbcWg…
classes4.dex 12288:O55BkqGVWG+G5TZD4DDEWxIAVq30kdaM4EqLrASwJbj0qybI2WKZKFAdB5hk:O5…

Dexofuzzy

Information computed with Dexofuzzy.

APK file 12288:Y3PTvjwJDe3J2PnrP6zi281mUSzlHdfvOi71dH0eK2UmAbpM8C5vMNaYfc:Y7LW…
assets/audience_network.dex 3072:4AJ6Ywz8+RqIQ+S0FPJ4x+3+LHgA3+qN7tV0yY8UcImqLZZZZZiecvg9171CHl8D…
classes.dex 6144:Y3yuVdGEvAtySSURJnWMeXnJ7YKS4Ac7egGHpPPCaNmx2YfYb28r+Sa3gwNJ2FT:…
classes2.dex 6144:mzuEUOHdFCcvOigEn1KvZq0c0kWhLsIRmn7:mzlHdfvOi71dH0eK27
classes3.dex 1536:4mAbpMu/c+XUUU8IjrxSU3zTPVQtI2Fs5A1K/zaponLJ9ndQDBtkS5zbO:4mAbpM…
classes4.dex 1536:ztwR2SJfDb/hjcMDCVYJusbR921g7r84RpSoMvQrUSqT:ztwR2SJf9NaYJunX4/S…

APK details

Information computed with AndroGuard and Pithus.

Package com.transsion.phonemaster
App name Phone Master
Version name 5.1.6.00003
Version code 4643
SDK 21 - 30
UAID 19bf80392d5ea52ce392cbffeb807fea5e50f4f3
Signature Signature V1 Signature V2
Frosting Frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0x42726577: Verity padding
  • 0x2146444e: Google metadata

Certificate details

Information computed with AndroGuard.

MD5 f846e4634d9eccbab0a5a94511dfd5cf
SHA1 584764d658c39e23adfab94c36bb615bd3ac2c30
SHA256 46cf84703f68634042a002ba447004371e437d4ec28a56534330b5ab624ef8be
Issuer Common Name: Simon Shi, Organizational Unit: PRI-SW, Organization: Transsion Holdings, Locality: Shanghai, State/Province: China, Country: 86
Not before 2017-02-28T02:30:16+00:00
Not after 2042-02-22T02:30:16+00:00

File Analysis

Information computed with MobSF.

Findings Files
Certificate/Key files hardcoded inside the app. assets/-mobadvent.crt
assets/-shtranssioncom.crt

Manifest analysis

Information computed with MobSF.

High Clear text traffic is Enabled For App[android:usesCleartextTraffic=true]
The app intends to use cleartext network traffic, such as cleartext HTTP, FTP stacks, DownloadManager, and MediaPlayer. The default value for apps that target API level 27 or lower is "true". Apps that target API level 28 or higher default to "false". The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering; a network attacker can eavesdrop on transmitted data and also modify it without being detected.
Low App has a Network Security Configuration[android:networkSecurityConfig=@xml/network_security_config]
The Network Security Configuration feature lets apps customize their network security settings in a safe, declarative configuration file without modifying app code. These settings can be configured for specific domains and for a specific app.
High Activity (com.cyin.himgr.widget.activity.PermissionGuideActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.cyin.himgr.widget.activity.MainActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.cyin.himgr.whatsappmanager.views.activities.CleanWhatsAppActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Content Provider (com.cyin.himgr.networkmanager.provider.NetworkProvider) is not Protected. [android:exported=true]
A Content Provider is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.cyin.himgr.applicationmanager.view.activities.NotificationManagementActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.cyin.himgr.autostart.AutoStartActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.cyin.himgr.networkmanager.view.NewTrafficMainActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.cyin.himgr.networkmanager.view.TrafficBootReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Service (com.transsion.common.MasterCoreService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High TaskAffinity is set for Activity
(com.cyin.himgr.applicationmanager.view.activities.MemoryAccelerateWhitelistActivity2)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Activity (com.cyin.himgr.widget.activity.MeFamilyActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.cyin.himgr.clean.view.CleanActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.cyin.himgr.clean.view.CleanMasterActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.cyin.himgr.clean.view.JunkCleanDetailedListActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.cyin.himgr.networkmanager.view.TrafficPermissionActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.cyin.himgr.widget.activity.MainSettingGpActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.example.notification.service.MessageNotificationListenerService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_NOTIFICATION_LISTENER_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.cyin.himgr.advancedclean.views.activities.AdvancedCleanActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.cyin.himgr.filemove.views.activities.FileMoveActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Service (com.transsion.common.InitializeService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (com.cyin.himgr.filemove.receiver.SdcardReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Broadcast Receiver (com.transsion.phonemaster.InstallReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.cyin.himgr.gamemode.view.GameModeMainActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.cyin.himgr.gamemode.view.GameModePermissionActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Service (com.cyin.himgr.gamemode.view.GameModeTile) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (com.cyin.himgr.zerosceen.view.PhoneInfoManagerService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.cyin.himgr.clean.service.TrashService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.cyin.himgr.widget.activity.FeedbackActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High TaskAffinity is set for Activity
(com.cyin.himgr.superclear.view.DesktopBoostActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Activity (com.cyin.himgr.superclear.view.DesktopBoostActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.cyin.himgr.superclear.view.AccessWithListActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.cyin.himgr.powermanager.views.activity.PowerManagerActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.cyin.himgr.smartclean.view.SmartCleanSettingsActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High TaskAffinity is set for Activity
(com.cyin.himgr.launcheruninstall.LauncherUninstallActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Activity (com.cyin.himgr.launcheruninstall.LauncherUninstallActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High TaskAffinity is set for Activity
(com.cyin.himgr.launcherinstall.AppClearActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High TaskAffinity is set for Activity
(com.cyin.himgr.launcherinstall.LauncherInstallActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Activity (com.cyin.himgr.supersave.view.SuperSaveDialogActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.cyin.himgr.supersave.view.SuperSaveSettingActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.cyin.himgr.applicationmanager.view.activities.LockScreenCleanupActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.cyin.himgr.battery.view.BatteryHealthActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Broadcast Receiver (com.cyin.himgr.firebase.fcm.impl.FirebaseNotificationPushHandle$NotifyClickReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Broadcast Receiver (com.cyin.himgr.firebase.fcm.impl.FirebaseNotificationPushHandle$LabidaClickReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Broadcast Receiver (com.cyin.himgr.applicationmanager.receiver.SilentInstallReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Broadcast Receiver (com.transsion.utils.MainShortCutReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.android.launcher.permission.INSTALL_SHORTCUT [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Content Provider (com.transsion.bering.phonemaster.BeringContentProvider) is not Protected. [android:exported=true]
A Content Provider is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High TaskAffinity is set for Activity
(com.transsion.pushui.activity.TransparentActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Activity (com.transsion.pushui.activity.TransparentActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.transsion.pushui.activity.PushActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Broadcast Receiver (com.transsion.push.broadcast.HandlerBroadcastReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.transsion.push.broadcast.FCMMessageReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.google.android.c2dm.permission.SEND [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (com.transsion.push.service.JobHandleService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (com.transsion.push.service.PushJobIntentService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.transsion.cooling.view.MainCoolActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.transsion.cooling.view.CoolingDownActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.example.notification.view.MessageSecurityActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.transsion.applock.activity.GPMainActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.transsion.applock.activity.AdvancedActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.transsion.applock.receiver.BootReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Broadcast Receiver (com.transsion.applock.receiver.AfterTimerReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Broadcast Receiver (com.transsion.applock.receiver.DebugReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High TaskAffinity is set for Activity
(com.transsion.chargescreen.view.activity.SmartChargeActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Activity (com.transsion.chargescreen.view.activity.SmartChargeActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High TaskAffinity is set for Activity
(com.transsion.chargescreen.view.activity.ChargeScreenActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Activity (com.transsion.chargescreen.view.activity.ChargingTipActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High TaskAffinity is set for Activity
(com.transsion.phonemaster.supercharge.view.activity.SuperChargeActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Activity (com.cyin.himgr.applicationmanager.view.activities.AppUninstallActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.cyin.himgr.harassmentintercept.view.HarassmentInterceptActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Service (com.cyin.himgr.harassmentintercept.service.InterceptSercice) is not Protected.An intent-filter exists.
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Service is explicitly exported.
High Content Provider (com.cyin.himgr.harassmentintercept.provider.PhoneNumProvider) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.PACKAGE_USAGE_STATS [android:exported=true]
A Content Provider is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (com.cyin.himgr.harassmentintercept.receiver.PhoneStateReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Activity (com.cyin.himgr.applicationmanager.view.activities.AddFreezeAppActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.cyin.himgr.applicationmanager.view.activities.DisableSettingsActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.cyin.himgr.applicationmanager.view.activities.FreezePermissionActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.cyin.himgr.applicationmanager.view.activities.FreezePermissionActivityForLauncher) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.cyin.himgr.payment.view.PaymentMainActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Broadcast Receiver (com.cyin.himgr.payment.view.MyReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.android.launcher.permission.INSTALL_SHORTCUT [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.transsion.wifimanager.activity.WifiProtectorMainActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.cyin.himgr.powermanager.views.activity.OsPowerActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High TaskAffinity is set for Activity
(com.cyin.himgr.smartclean.view.SmartCleanReportActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Activity (com.cyin.himgr.smartclean.view.SmartCleanReportActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.transsion.utils.NotificationBroadcastReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Broadcast Receiver (com.transsion.utils.CreateShortCutReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.android.launcher.permission.INSTALL_SHORTCUT [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.transsion.antivirus.view.activity.SecurityScanActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.transsion.bering.CollectActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.cyin.gamelib.ui.gameCenter.GameCentreActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.cyin.paopaolib.StartGameActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.talpa.planelib.StartPlaneGameActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (androidx.work.impl.background.systemjob.SystemJobService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (com.firebase.jobdispatcher.GooglePlayReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.google.android.gms.permission.BIND_NETWORK_TASK_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.google.android.c2dm.permission.SEND [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INSTALL_PACKAGES [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
Medium High Intent Priority (1000)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.
Medium High Intent Priority (1000)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.
Medium High Intent Priority (999)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.
Medium High Intent Priority (999)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.
Medium High Intent Priority (2147483647)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.
Medium High Intent Priority (1000)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.

Browsable activities

Information computed with MobSF.

com.cyin.himgr.widget.activity.MainActivity

Hosts: com.transsion.phonemaster

Schemes: phonemaster://

com.cyin.himgr.whatsappmanager.views.activities.CleanWhatsAppActivity

Hosts: com.transsion.phonemaster

Schemes: phonemaster://

com.cyin.himgr.applicationmanager.view.activities.NotificationManagementActivity

Hosts: com.transsion.phonemaster

Schemes: phonemaster://

com.cyin.himgr.networkmanager.view.NewTrafficMainActivity

Hosts: com.transsion.phonemaster

Schemes: phonemaster://

com.cyin.himgr.widget.activity.MeFamilyActivity

Hosts: com.transsion.phonemaster

Schemes: phonemaster://

com.cyin.himgr.clean.view.CleanActivity

Hosts: com.transsion.phonemaster

Schemes: phonemaster://

com.cyin.himgr.clean.view.CleanMasterActivity

Hosts: com.transsion.phonemaster

Schemes: phonemaster://

com.cyin.himgr.advancedclean.views.activities.AdvancedCleanActivity

Hosts: com.transsion.phonemaster

Schemes: phonemaster://

com.cyin.himgr.superclear.view.DesktopBoostActivity

Hosts: com.transsion.phonemaster

Schemes: phonemaster://

com.cyin.himgr.superclear.view.AccessWithListActivity

Hosts: com.transsion.phonemaster

Schemes: phonemaster://

com.cyin.himgr.powermanager.views.activity.PowerManagerActivity

Hosts: com.transsion.phonemaster

Schemes: phonemaster://

com.cyin.himgr.smartclean.view.SmartCleanSettingsActivity

Hosts: com.transsion.phonemaster

Schemes: phonemaster://

com.cyin.himgr.launcheruninstall.LauncherUninstallActivity

Hosts: com.transsion.phonemaster

Schemes: phonemaster://

com.cyin.himgr.supersave.view.SuperSaveSettingActivity

Hosts: com.transsion.phonemaster

Schemes: phonemaster://

com.transsion.cooling.view.MainCoolActivity

Hosts: com.transsion.phonemaster

Schemes: phonemaster://

com.example.notification.view.MessageSecurityActivity

Hosts: com.transsion.phonemaster

Schemes: phonemaster://

com.transsion.applock.activity.GPMainActivity

Hosts: com.transsion.phonemaster

Schemes: phonemaster://

com.transsion.chargescreen.view.activity.SmartChargeActivity

Hosts: com.transsion.phonemaster

Schemes: phonemaster://

com.cyin.himgr.applicationmanager.view.activities.AppUninstallActivity

Hosts: com.transsion.phonemaster

Schemes: package:// phonemaster://

com.cyin.himgr.payment.view.PaymentMainActivity

Hosts: com.transsion.phonemaster

Schemes: phonemaster://

com.transsion.wifimanager.activity.WifiProtectorMainActivity

Hosts: com.transsion.phonemaster

Schemes: phonemaster://

com.transsion.antivirus.view.activity.SecurityScanActivity

Hosts: com.transsion.phonemaster

Schemes: phonemaster://

com.cyin.gamelib.ui.gameCenter.GameCentreActivity

Hosts: com.cyin.gamelib

Schemes: gamecenter://

com.talpa.planelib.StartPlaneGameActivity

Hosts: com.cyin.gamelib

Schemes: gamecenter://

Main Activity

Information computed with AndroGuard.

com.cyin.himgr.ads.SplashActivity

Activities

Information computed with AndroGuard.

com.cyin.himgr.widget.activity.PermissionGuideActivity
com.cyin.himgr.widget.activity.MainActivity
com.cyin.himgr.whatsappmanager.views.activities.CleanWhatsAppActivity
com.cyin.himgr.ads.SplashActivity
com.cyin.himgr.ads.PermissionRequestActivity
com.google.android.gms.ads.AdActivity
com.cyin.himgr.applicationmanager.view.activities.UninstallAppActivity
com.cyin.himgr.applicationmanager.view.activities.NotificationManagementActivity
com.cyin.himgr.autostart.AutoStartActivity
com.cyin.himgr.networkmanager.view.NewTrafficMainActivity
com.cyin.himgr.networkmanager.view.TrafficSetActivity
com.cyin.himgr.applicationmanager.view.activities.MemoryAccelerateWhitelistActivity2
com.cyin.himgr.applicationmanager.view.activities.AppNotificationActivity
com.cyin.himgr.networkmanager.view.NetworkControlActivity
com.cyin.himgr.widget.activity.MeFamilyActivity
com.cyin.himgr.clean.view.CleanActivity
com.cyin.himgr.clean.view.CleanMasterActivity
com.cyin.himgr.clean.view.JunkCleanDetailedListActivity
com.cyin.himgr.clean.view.TrashCleanProgressActivity
com.cyin.himgr.whatsappmanager.views.activities.FileInfoActivity
com.cyin.himgr.networkmanager.view.TrafficPermissionActivity
com.cyin.himgr.widget.activity.MainSettingGpActivity
com.cyin.himgr.advancedclean.views.activities.AdvancedCleanActivity
com.cyin.himgr.advancedclean.views.activities.MediaDisplayActivity
com.cyin.himgr.advancedclean.views.activities.AppListActivity
com.cyin.himgr.advancedclean.views.activities.PictureDisplayActivity
com.cyin.himgr.filemove.views.activities.FileMoveActivity
com.cyin.himgr.filemove.views.activities.DocumentActivity
com.cyin.himgr.widget.activity.LanguageSettingActivity
com.cyin.himgr.filemove.views.activities.ImageFolderActivity
com.cyin.himgr.filemove.views.activities.ImageReviewActivity
com.cyin.himgr.gamemode.view.GameModeMainActivity
com.cyin.himgr.gamemode.view.GameModePermissionActivity
com.cyin.himgr.gamemode.view.GameModeSetting
com.cyin.himgr.gamemode.view.GameModeLoadingPage
com.cyin.himgr.gamemode.view.GameModeAddApps
com.cyin.himgr.gamemode.view.GameModeWhiteListActivity
com.cyin.himgr.widget.activity.FeedbackActivity
com.cyin.himgr.superclear.view.DesktopBoostActivity
com.facebook.ads.AudienceNetworkActivity
com.cyin.himgr.superclear.view.AccessWithListActivity
com.cyin.himgr.powermanager.views.activity.PowerManagerActivity
com.cyin.himgr.superclear.view.BoostingActivity
com.cyin.himgr.networkmanager.view.ShowNetworkSpeed
com.cyin.himgr.networkmanager.view.ShowNetworkSpeedForGP
com.cyin.himgr.networkmanager.view.TrafficFloatPermissionRequestActivity
com.cyin.himgr.advancedclean.views.activities.ImagePickerActivity
com.cyin.himgr.smartclean.view.SmartCleanSettingsActivity
com.cyin.himgr.launcheruninstall.LauncherUninstallActivity
com.cyin.himgr.launcherinstall.AppClearActivity
com.cyin.himgr.launcherinstall.LauncherInstallActivity
com.cyin.himgr.supersave.view.SuperSaveDialogActivity
com.cyin.himgr.supersave.view.SuperSaveSettingActivity
com.cyin.himgr.widget.activity.SettingShortCutActivity
com.cyin.himgr.applicationmanager.view.activities.LockScreenCleanupActivity
com.cyin.himgr.battery.view.BatteryHealthActivity
com.cyin.himgr.applicationmanager.view.activities.NotificationPermissionActivity
com.transsion.pushui.activity.TransparentActivity
com.transsion.pushui.activity.PushActivity
com.transsion.cooling.view.MainCoolActivity
com.transsion.cooling.view.CoolingDownActivity
com.example.notification.view.MessageAppListActivity
com.example.notification.view.MessageSetting
com.example.notification.view.LockPatterActivity
com.example.notification.view.MessagesShowActivity
com.example.notification.view.MessageSecurityActivity
com.example.notification.view.LockPasswordActivity
com.example.notification.view.ConfirmPasswordActivity
com.example.notification.view.ConfirmPattenActivity
com.transsion.applock.activity.GPMainActivity
com.transsion.applock.activity.AdvancedActivity
com.transsion.applock.activity.GPSettingsActivity
com.transsion.applock.activity.ChooseLockPassword
com.transsion.applock.activity.ChooseLockPattern
com.transsion.applock.activity.ConfirmLockPasswordActivity
com.transsion.applock.activity.ConfirmLockPattenActivity
com.transsion.applock.activity.SelfConfirmLockPattenActivity
com.transsion.applock.activity.SelfConfirmLockPasswordActivity
com.transsion.applock.activity.SecurityQuestionActivity
com.transsion.applock.activity.AnswerVerificationActivity
com.transsion.applock.activity.SinglePixelActivity
com.transsion.chargescreen.view.activity.SmartChargeActivity
com.transsion.chargescreen.view.activity.ChargeScreenActivity
com.transsion.chargescreen.view.activity.ChargingTipActivity
com.transsion.phonemaster.supercharge.view.activity.SuperChargeSettingActivity
com.transsion.phonemaster.supercharge.view.activity.SuperChargeActivity
com.transsion.reinstallapp.view.AppReInstallActivity
com.cyin.himgr.applicationmanager.view.activities.AppUninstallActivity
com.cyin.himgr.harassmentintercept.view.HarassmentInterceptActivity
com.cyin.himgr.harassmentintercept.view.ManualAddListActivity
com.cyin.himgr.harassmentintercept.view.ContactAddListActivity
com.cyin.himgr.applicationmanager.view.activities.AddFreezeAppActivity
com.cyin.himgr.applicationmanager.view.activities.DisableActivity
com.cyin.himgr.applicationmanager.view.activities.DisableSettingsActivity
com.cyin.himgr.applicationmanager.view.activities.FreezePermissionActivity
com.cyin.himgr.applicationmanager.view.activities.FreezePermissionActivityForLauncher
com.cyin.himgr.payment.view.PaymentAppsActivity
com.cyin.himgr.payment.view.PaymentMainActivity
com.transsion.wifimanager.activity.WifiProtectorMainActivity
com.transsion.wifimanager.activity.WifiListActivity
com.transsion.wifimanager.activity.WifiProtectorAnimActivity
com.cyin.himgr.powermanager.views.activity.OsPowerActivity
com.transsion.notificationmanager.view.NotificationManagementNewActivity
com.cyin.himgr.smartclean.view.SmartCleanReportActivity
com.transsion.webview.view.WebViewActivity
com.transsion.webview.view.CustomWebViewActivity
com.transsion.resultrecommendfunction.view.ResultShowOldActivity
com.cyin.himgr.widget.activity.PreAuthorizedActivity
com.transsion.base.ui.RuntimePermissionActivity
com.transsion.antivirus.view.activity.SecurityScanActivity
com.transsion.bering.CollectActivity
com.transsion.bering.BeringPermissionRequestActivity
com.cyin.gamelib.ui.gameCenter.GameCentreActivity
com.cyin.paopaolib.LoadingActivity
com.cyin.paopaolib.StartGameActivity
com.cyin.paopaolib.PaoPaoGameActivity
com.talpa.planelib.DetailRinkingActivity
com.talpa.planelib.GameGuideActivity
com.talpa.planelib.GameActivity
com.talpa.planelib.StartPlaneGameActivity
com.zero.ta.common.activity.TAdActivity
com.zero.ta.common.activity.TAdExposureActivity
com.google.android.gms.common.api.GoogleApiActivity

Receivers

Information computed with AndroGuard.

com.cyin.himgr.networkmanager.view.TrafficBootReceiver
com.cyin.himgr.filemove.receiver.SdcardReceiver
com.transsion.phonemaster.InstallReceiver
com.cyin.himgr.smartclean.SmartCleanJob
com.transsion.common.AlarmTimeBroadcast
com.cyin.himgr.launcherinstall.ObtainWhiteListJob
com.cyin.himgr.firebase.fcm.impl.FirebaseNotificationPushHandle$NotifyClickReceiver
com.cyin.himgr.firebase.fcm.impl.FirebaseNotificationPushHandle$LabidaClickReceiver
com.cyin.himgr.applicationmanager.receiver.SilentInstallReceiver
com.transsion.utils.MainShortCutReceiver
com.transsion.push.broadcast.HandlerBroadcastReceiver
com.transsion.push.broadcast.TimerBroadcastReceiver
com.transsion.push.broadcast.FCMMessageReceiver
com.transsion.applock.receiver.BootReceiver
com.transsion.applock.receiver.AfterTimerReceiver
com.transsion.applock.receiver.DebugReceiver
com.cyin.himgr.harassmentintercept.receiver.PhoneStateReceiver
com.cyin.himgr.payment.view.MyReceiver
com.transsion.utils.NotificationBroadcastReceiver
com.transsion.utils.CreateShortCutReceiver
com.transsion.bering.manager.BeringNotifyClickReceiver
androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy
androidx.work.impl.background.systemalarm.RescheduleReceiver
androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver
com.transsion.labida.LabidaPushReceiver
com.google.firebase.iid.FirebaseInstanceIdReceiver
com.google.android.gms.measurement.AppMeasurementReceiver
com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver
com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver

Services

Information computed with AndroGuard.

com.transsion.common.MasterCoreService
com.cyin.himgr.networkmanager.service.NetworkManagerService
com.cyin.himgr.service.ScheduledScanTrashService
com.cyin.himgr.networkmanager.service.TrafficSpeedService
com.example.notification.service.MessageNotificationListenerService
com.transsion.common.InitializeService
com.cyin.himgr.filemove.service.DeleteInvalidFileService
com.cyin.himgr.filemove.service.UpdateMediaStorgeService
com.cyin.himgr.firebase.fcm.FirebaseJobService
com.cyin.himgr.gamemode.view.GameModeTile
com.transsion.phonemaster.jobscheduler.CommonJobService
com.cyin.himgr.zerosceen.view.PhoneInfoManagerService
com.cyin.himgr.firebase.fcm.MyFirebaseMessagingService
com.cyin.himgr.clean.service.TrashService
com.transsion.push.service.JobHandleService
com.transsion.push.service.PushJobIntentService
com.transsion.push.service.PushIntentService
com.transsion.applock.service.AppLockService
com.transsion.applock.service.AppLockJobService
com.cyin.himgr.harassmentintercept.service.MobileAddressQueryService
com.cyin.himgr.harassmentintercept.service.InterceptSercice
com.transsion.common.DelegateService
com.google.firebase.components.ComponentDiscoveryService
com.trustlook.sdk.job.TlJobService
com.google.android.gms.ads.AdService
androidx.work.impl.background.systemalarm.SystemAlarmService
androidx.work.impl.background.systemjob.SystemJobService
androidx.room.MultiInstanceInvalidationService
com.firebase.jobdispatcher.GooglePlayReceiver
com.google.firebase.messaging.FirebaseMessagingService
com.google.android.gms.measurement.AppMeasurementService
com.google.android.gms.measurement.AppMeasurementJobService
com.google.android.datatransport.runtime.backends.TransportBackendDiscovery
com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService

Sample timeline

Certificate valid not before Feb. 28, 2017, 2:30 a.m.
First submission on VT Sept. 23, 2021, 7:57 a.m.
Last submission on VT Sept. 27, 2021, 8:22 a.m.
Upload on Pithus Sept. 29, 2021, 11:10 a.m.
Certificate valid not after Feb. 22, 2042, 2:30 a.m.

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application invoke platform-provided DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application implement asymmetric key generation.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['location', 'bluetooth', 'network connectivity'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to ['address book'].
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application implement functionality to encrypt sensitive data in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit
FCS_RBG_EXT.2.1
FCS_RBG_EXT.2.2
The application perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using Hash_DRBG. The deterministic RBG is seeded by an entropy source that accumulates entropy from a platform-based DRBG and a software-based noise source, with a minimum of 256 bits of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate.
Random Bit Generation from Application
FCS_CKM.1.1(1) The application generate asymmetric cryptographic keys not in accordance with FCS_CKM.1.1(1) using key generation algorithm RSA schemes and cryptographic key sizes of 1024-bit or lower.
Cryptographic Asymmetric Key Generation
FCS_COP.1.1(1) The application perform encryption/decryption in accordance with a specified cryptographic algorithm AES-CBC (as defined in NIST SP 800-38A) mode or AES-GCM (as defined in NIST SP 800-38D) and cryptographic key sizes 256-bit/128-bit.
Cryptographic Operation - Encryption/Decryption
FCS_COP.1.1(2) The application perform cryptographic hashing services not in accordance with FCS_COP.1.1(2) and uses the cryptographic algorithm RC2/RC4/MD4/MD5.
Cryptographic Operation - Hashing
FCS_COP.1.1(3) The application perform cryptographic signature services (generation and verification) in accordance with a specified cryptographic algorithm RSA schemes using cryptographic key sizes of 2048-bit or greater.
Cryptographic Operation - Signing
FCS_HTTPS_EXT.1.1 The application implement the HTTPS protocol that complies with RFC 2818.
HTTPS Protocol
FCS_HTTPS_EXT.1.2 The application implement HTTPS using TLS.
HTTPS Protocol
FCS_HTTPS_EXT.1.3 The application notify the user and not establish the connection or request application authorization to establish the connection if the peer certificate is deemed invalid.
HTTPS Protocol
FIA_X509_EXT.1.1 The application invoked platform-provided functionality to validate certificates in accordance with the following rules: ['The certificate path must terminate with a trusted CA certificate'].
X.509 Certificate Validation
FIA_X509_EXT.2.1 The application use X.509v3 certificates as defined by RFC 5280 to support authentication for HTTPS , TLS.
X.509 Certificate Authentication
FIA_X509_EXT.2.2 When the application cannot establish a connection to determine the validity of a certificate, the application allow the administrator to choose whether to accept the certificate in these cases or accept the certificate ,or not accept the certificate.
X.509 Certificate Authentication
FPT_TUD_EXT.2.1 The application shall be distributed using the format of the platform-supported package manager.
Integrity for Installation and Update

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 d/j/c/e.java
d/j/l/A.java
e/d/c/j/g/a/u.java
e/i/d/k/a/c.java
e/i/d/i/ServiceConnectionC4522e.java
e/k/e/a/C4615g.java
e/k/l/C4670b.java
com/transsion/applock/activity/GPSettingsActivity.java
e/k/e/a/S.java
com/zero/admoblibrary/excuter/AdmobNative.java
e/a/a/e/C1424c.java
org/greenrobot/greendao/async/AsyncOperationExecutor.java
com/zero/admoblibrary/excuter/AdmobBanner.java
d/b/d/a/m.java
com/transsion/common/MasterCoreService$1$1.java
d/r/a/b.java
e/d/d/f/b.java
com/cyin/himgr/clean/ctl/scan/SysCacheScan.java
e/h/a/a/k/k.java
com/cyin/himgr/filemove/receiver/SdcardReceiver.java
e/k/p/c/a.java
e/i/d/m/t.java
com/cyin/himgr/networkmanager/view/TrafficSetActivity.java
com/zero/admoblibrary/check/ExistsCheck.java
e/i/b/b/f/a/C3103lg.java
com/github/mikephil/charting/charts/Chart.java
e/c/a/c/c/y.java
e/g/a/q.java
e/i/b/b/f/g/U.java
e/i/b/b/f/f/Za.java
e/d/d/e/a.java
d/b/e/la.java
e/i/b/b/c/q.java
org/greenrobot/greendao/internal/LongHashMap.java
e/k/g/a/a/a/g.java
e/i/b/c/w/c.java
e/c/a/c/b/a/j.java
d/j/m/g.java
com/trustlook/sdk/database/SimplifiedAppDAO.java
d/m/a/b.java
d/j/h/b.java
d/j/b/a/b.java
e/i/b/b/f/a/ZF.java
com/transsion/applock/activity/ConfirmLockPassword$1.java
com/cyin/himgr/networkmanager/service/NetworkManagerService.java
e/i/b/b/f/g/BinderC4269sd.java
com/zero/common/base/BaseInterstitial.java
e/d/c/b/e/g.java
e/k/e/i/e.java
com/cyin/himgr/advancedclean/views/activities/MediaDisplayActivity.java
e/l/a/a/d.java
e/k/e/b/c.java
d/o/a/C1374a.java
com/zero/mediation/config/ServerManager.java
e/k/Q/a/l.java
e/k/H/a.java
e/i/b/b/f/a/C2974jga.java
e/k/e/a/za.java
com/cyin/himgr/service/ScheduledScanTrashService.java
e/a/a/m.java
e/c/a/d/g.java
d/b/e/K.java
d/b/e/ja.java
e/e/a/e/w.java
e/c/a/c/c/f.java
e/i/b/c/v/f.java
e/i/b/b/c/d/AbstractDialogInterface$OnClickListenerC1631f.java
com/cyin/himgr/advancedclean/presenters/MediaPresenter$1.java
e/k/G/h/d.java
d/e/a/j.java
android/hardware/fingerprint/Fingerprint.java
com/transsion/updater/Updater.java
e/d/c/j/b/C1537a.java
com/trustlook/sdk/cloudscan/CloudScanClient.java
e/i/b/b/f/a/C3306ok.java
e/i/b/b/f/a/C2911iha.java
e/d/c/A/a.java
e/i/d/i/C4532o.java
com/transsion/utils/ReflexUtil.java
e/i/b/b/f/a/Cda.java
d/A/Ba.java
e/k/G/a/a.java
e/i/b/b/g/b/Jb.java
e/k/v/h/c.java
org/greenrobot/greendao/test/AbstractDaoTestSinglePk.java
e/i/b/b/c/a/a/C1609b.java
com/cyin/himgr/ads/AdUtils.java
e/k/J/j.java
com/cyin/himgr/advancedclean/views/activities/MediaDisplayActivity$1$1.java
d/o/a/LayoutInflater$Factory2C1388o.java
d/F/d.java
e/c/a/c/b/j.java
e/i/d/i/A.java
d/b/e/D.java
e/i/b/b/f/a/Vea.java
e/e/a/a/a.java
e/i/d/i/C4536t.java
com/cyin/himgr/advancedclean/presenters/MediaPresenter$2.java
com/transsion/wifimanager/activity/WifiProtectorAnimActivity.java
e/i/b/b/f/a/Qba.java
e/a/a/H.java
com/airbnb/lottie/LottieAnimationView.java
com/transsion/wifimanager/util/DownloadExecutor.java
com/zero/mediation/ad/TBaseAd.java
e/c/a/b/e.java
com/cyin/himgr/filemove/service/DeleteInvalidFileService.java
d/h/b/b.java
e/h/a/a/e/m.java
com/transsion/applock/utils/LockPatternUtils.java
e/i/d/i/S.java
com/transsion/push/service/JobIntentService.java
org/greenrobot/greendao/test/DbTest.java
com/cyin/himgr/clean/ctl/scan/OtherScan.java
e/c/a/c/d/a/i.java
com/firebase/jobdispatcher/GooglePlayReceiver.java
e/k/o/b/b.java
com/github/mikephil/charting/charts/PieRadarChartBase.java
e/h/a/a/i/a.java
e/c/a/d.java
d/t/n.java
e/c/a/c/d/e/i.java
d/j/c/f.java
d/b/a/v.java
d/o/a/E.java
e/c/a/c/a/m.java
e/k/e/a/T.java
e/c/a/g/k.java
e/c/a/c/d/a/v.java
com/example/notification/view/MessageSetting.java
org/greenrobot/greendao/DaoLog.java
e/c/a/c/b/G.java
com/transsion/core/log/ObjectLogUtils$1.java
com/bumptech/glide/load/engine/DecodeJob.java
com/transsion/athena/data/a.java
e/k/j/d/k.java
e/l/a/c/c.java
e/i/d/m/f.java
com/cyin/himgr/filemove/views/activities/ImageReviewActivity.java
d/b/e/oa.java
e/i/d/m/d.java
e/c/a/c/c/i.java
com/github/mikephil/charting/charts/CombinedChart.java
com/transsion/view/CYListView.java
e/i/d/d/a/b.java
e/e/a/d/b.java
d/j/k/b.java
e/c/a/c/a/a/e.java
e/d/a/e.java
d/o/a/u.java
e/k/K/C4562ha.java
e/i/b/b/f/g/Z.java
e/k/e/g/a.java
d/l/b/e.java
d/m/a/c.java
e/l/a/a/g.java
e/d/c/j/g/a/t.java
com/transsion/applock/activity/ChooseLockPassword.java
e/f/a/f/a/e.java
e/k/x/g.java
e/c/a/d/e.java
com/zero/mediation/handler/CacheHandler.java
e/i/b/b/c/i/u.java
e/d/c/r/s.java
e/k/M/e.java
d/y/a/c.java
com/zero/mediation/config/TAdManager.java
com/cyin/himgr/widget/activity/MainSettingGpActivity.java
com/trustlook/sdk/data/AppCertificate.java
e/i/b/b/f/a/C3037kfa.java
b/a/a/a.java
com/cyin/himgr/networkmanager/view/CustomSeekbar.java
e/d/c/f/c/b/c.java
e/i/b/b/f/a/C2389afa.java
com/transsion/wifimanager/util/DownloadTask.java
e/c/a/c/d/a/z.java
e/j/a/D.java
com/zero/adxlibrary/excuter/AdxInterstitia.java
com/zero/common/base/BaseNative.java
e/i/b/b/c/i.java
com/zero/tanlibrary/excuter/TanSplash.java
e/k/e/i/d.java
com/firebase/jobdispatcher/JobService.java
k/a/a/a/b/c.java
e/i/b/b/f/a/C3747vfa.java
e/i/b/b/f/f/C4145xb.java
com/github/mikephil/charting/charts/HorizontalBarChart.java
e/i/b/b/c/d/AbstractC1628c.java
e/i/b/b/c/h/d.java
com/transsion/wifimanager/view/SpeedometerView.java
e/i/d/m/w.java
e/c/a/g/a/i.java
com/cyin/himgr/applicationmanager/receiver/AppReceiver.java
org/greenrobot/greendao/DaoException.java
d/j/c/a/a.java
e/i/d/k/c.java
e/i/b/b/f/a/Bfa.java
com/zero/common/toolbox/AdImageLoadHelper.java
e/c/a/c/b/r.java
e/g/a/c.java
e/k/G/f/r.java
com/bumptech/glide/module/ManifestParser.java
com/cyin/himgr/networkmanager/model/NetworkControlModel.java
e/k/r/g.java
com/cyin/himgr/clean/ctl/clean/RAMClean.java
e/d/c/c/c/C1471a.java
e/k/d/c/b/c.java
e/c/a/d/o.java
e/i/b/b/c/b.java
e/i/b/b/f/a/OY.java
d/j/c/m.java
d/j/j/b.java
com/zero/common/base/BaseBanner.java
com/transsion/antivirus/view/activity/SecurityScanActivity.java
com/zero/adxlibrary/excuter/AdxSplash.java
e/i/b/b/f/g/S.java
e/i/b/b/c/d/C1627b.java
e/i/b/b/f/f/C4041cb.java
e/i/b/b/c/i/g.java
d/o/a/C.java
d/j/m/h.java
com/transsion/core/pool/TranssionPoolExecutor.java
d/t/e.java
e/k/k/c/b/q.java
com/zero/mediation/config/MediaSync.java
e/i/b/b/f/a/LT.java
com/zero/mediation/http/request/MediaConfigRequest.java
e/i/b/b/f/g/C4249pa.java
com/zero/mediation/util/PlfmExistsUtil.java
d/F/f.java
d/o/a/D.java
uk/co/senab/photoview/PhotoViewAttacher.java
e/i/b/b/c/a/a/E.java
com/zero/mediation/http/request/DownLoadRequest.java
com/transsion/common/MasterCoreService.java
e/c/a/d/m.java
d/b/a/u.java
com/zero/mediation/http/request/AdServerRequest.java
com/zero/adx/config/AdxManager.java
e/i/b/b/c/i/t.java
com/transsion/applock/receiver/AfterTimerReceiver.java
e/i/d/m/r.java
e/i/d/m/g.java
d/v/m.java
com/zero/tanlibrary/excuter/TanInterstitia.java
d/j/a/e.java
d/A/D.java
e/d/c/l/e.java
com/transsion/virustool/db/VirusDataDao.java
d/v/x.java
e/i/d/i/r.java
e/k/e/h/j.java
e/i/b/b/f/g/W.java
d/B/a/a/k.java
com/example/notification/view/MessagesShowActivity.java
com/cyin/himgr/filemove/views/activities/ImageFolderActivity.java
com/cyin/paopaolib/view/PaoPaoGameView.java
d/j/l/C1368e.java
d/j/l/C.java
e/l/a/d/a.java
d/j/l/z.java
com/example/notification/view/LockPasswordActivity.java
e/k/e/a/U.java
d/j/c/g.java
e/a/a/e/v.java
com/cyin/himgr/clean/ctl/scan/ResidualScan.java
e/c/a/b/d.java
d/j/l/J.java
com/zero/adxlibrary/excuter/AdxNative.java
e/g/a/d.java
e/i/b/b/f/a/Fga.java
org/greenrobot/greendao/DbUtils.java
com/bumptech/glide/load/engine/GlideException.java
e/c/a/c/b/c/c.java
e/i/d/i/X.java
com/zero/adxlibrary/excuter/AdxBanner.java
e/a/a/b/a.java
com/transsion/applock/activity/SinglePixelActivity.java
com/github/mikephil/charting/data/PieEntry.java
d/j/a/i.java
com/github/mikephil/charting/charts/BarLineChartBase.java
e/i/b/b/c/d/V.java
e/d/c/j/g/b/e.java
e/k/G/h/e.java
e/k/d/f/d.java
e/d/c/b/f/b/n.java
e/i/b/b/f/a/C3997zca.java
e/i/d/i/B.java
e/i/b/b/f/g/E.java
e/c/a/c/d/a/q.java
com/zero/admoblibrary/excuter/AdmobRewardedVideo.java
e/i/d/m/y.java
d/j/l/C1370g.java
com/cyin/himgr/filemove/views/activities/BaseMoveActivity.java
e/i/d/d/a/c/K.java
e/d/c/A/a/b.java
e/i/b/b/c/d.java
e/c/a/c/d/a/c.java
com/bumptech/glide/manager/RequestManagerFragment.java
d/b/e/ma.java
e/i/d/i/AbstractC4527j.java
com/zero/mediation/ad/TBannerAd.java
com/zero/fblibrary/excuter/FanInterstitial.java
e/l/a/a/i.java
e/f/a/f/a/d.java
e/j/a/E.java
com/zero/ta/common/activity/TAdExposureActivity.java
e/k/e/a/View$OnClickListenerC4616h.java
e/c/a/d/f.java
com/bumptech/glide/load/engine/cache/MemorySizeCalculator.java
e/i/d/i/C4533p.java
com/transsion/applock/service/AppLockService.java
e/i/b/b/c/d/J.java
e/i/d/i/T.java
e/i/b/b/c/h/a.java
e/g/a/l.java
e/h/a/a/j/s.java
d/j/a/m.java
e/d/c/b/b/BinderC1462d.java
e/k/x/b.java
com/example/notification/view/LockPatterActivity.java
com/zero/admoblibrary/excuter/AdmobInterstitia.java
com/zero/mediation/server/ConfigDataServer.java
e/i/b/b/f/g/O.java
e/k/G/a/b.java
e/d/c/b/d/C1465b.java
e/k/s/a.java
e/i/b/a/b/a/k.java
org/greenrobot/greendao/AbstractDao.java
e/i/b/b/c/d/C1630e.java
e/i/b/b/f/a/C3297ofa.java
d/v/j.java
e/i/b/b/f/e/l.java
d/j/a/h.java
e/k/v/h/i.java
d/j/a/b.java
d/j/c/c.java
e/d/c/l/a.java
org/greenrobot/greendao/test/AbstractDaoTest.java
com/transsion/applock/activity/GPMainActivity.java
e/c/a/c/c/z.java
e/c/a/i/a/d.java
e/i/d/k/b/e.java
com/zero/common/utils/TimeUtil.java
e/i/b/b/h/a/a.java
d/j/c/a/e.java
com/trustlook/sdk/database/DBHelper.java
e/a/a/e/C1428g.java
com/cyin/himgr/filemove/views/activities/FileMoveActivity.java
org/greenrobot/greendao/test/AbstractDaoTestLongPk.java
e/k/e/h/c.java
e/d/b/d/e.java
e/a/a/B.java
com/zero/mediation/bean/AdCache.java
org/greenrobot/greendao/query/QueryBuilder.java
e/k/K/g/a.java
e/i/b/c/s/C4475e.java
e/d/c/j/g/a/i.java
com/example/notification/view/MessageSecurityActivity.java
e/f/a/g/b.java
com/cyin/himgr/ads/AnalysisUtil.java
e/c/a/c/a/a/c.java
com/transsion/applock/AppLockApplication.java
e/i/d/i/C4519b.java
d/j/l/a/c.java
d/b/d/a/n.java
b/b/a/g/a.java
e/g/a/g.java
com/zero/tanlibrary/excuter/TanBanner.java
com/zero/mediation/ad/view/TAdNativeView.java
e/i/b/b/c/e.java
e/i/d/i/C4521d.java
e/l/a/b/b.java
com/transsion/applock/activity/ConfirmLockPattern$1.java
e/i/d/c/h.java
com/transsion/applock/activity/ConfirmLockPasswordActivity.java
e/i/d/i/C4538v.java
com/zero/tanlibrary/excuter/TanNative.java
e/i/d/m/q.java
e/k/c/a.java
com/cyin/himgr/advancedclean/managers/ThirdAppScanner.java
com/zero/fblibrary/excuter/FanRewardedVideo.java
e/c/a/c/a/k.java
com/trustlook/sdk/database/DataSource.java
e/i/b/a/b/b/a.java
d/s/a/b.java
d/j/a/d.java
e/c/a/c/b/a/k.java
e/c/a/c/a/b.java
com/zero/mediation/receive/NetworkBroadcastReceive.java
com/github/mikephil/charting/charts/BarChart.java
e/i/b/b/f/g/T.java
e/i/d/i/C4526i.java
com/transsion/codetabletranslator/CodeTable.java
d/j/b/a/a.java
com/bumptech/glide/load/resource/gif/ByteBufferGifDecoder.java
e/k/J/i.java
com/transsion/utils/NotificationUtil.java
com/transsion/applock/activity/ChooseLockPattern.java
e/i/b/b/c/d/AbstractC1634i.java
e/d/b/b.java
e/c/a/c/d/a/k.java
com/trustlook/sdk/cloudscan/OfflineDbUtils.java
a/b/a/h/b.java
e/i/b/b/f/a/Dda.java
e/i/b/b/c/i/o.java
d/b/e/X.java
e/i/d/i/BinderC4539w.java
e/c/a/c/b/b/e.java
e/i/b/b/c/d/BinderC1626a.java
d/v/g.java
e/i/b/c/a/C4433h.java
com/trustlook/sdk/data/AppInfo.java
com/cyin/himgr/clean/ctl/scan/ScanHelper$1.java
d/o/a/y.java
e/i/b/b/c/j.java
e/i/b/b/f/a/Zda.java
e/i/b/b/f/g/F.java
com/zero/fblibrary/excuter/FanBanner.java
e/k/B/c/b.java
e/k/e/a/X.java
e/c/a/c/d/e/c.java
com/cyin/himgr/clean/ctl/scan/CacheScan.java
d/b/b/a/a.java
com/zero/fblibrary/excuter/FanNative.java
d/b/a/z.java
d/b/e/C1331g.java
e/d/c/J/c/u.java
e/a/a/C1435h.java
com/transsion/core/log/LogUtils$1.java
d/j/c/l.java
e/i/d/o/a.java
e/c/a/c/d/a/m.java
e/i/b/b/f/a/Eda.java
com/cyin/himgr/advancedclean/tasks/scan/ScanThirdAppTask.java
e/l/a/a/f.java
e/d/c/v/h/W.java
e/k/d/c/b/d.java
com/zero/mediation/ad/TRewardedVideoAd.java
e/i/b/b/f/f/C4111qb.java
e/c/a/c/c/e.java
d/b/e/Z.java
e/k/x/f.java
d/A/pa.java
com/bumptech/glide/GeneratedAppGlideModuleImpl.java
e/k/G/h/f.java
e/i/b/b/f/a/C3161mca.java
com/cyin/himgr/filemove/views/widget/ArcProgress.java
d/j/b/b.java
e/i/b/b/f/f/C4101ob.java
com/zero/mediation/util/DeviceUtil.java
d/j/m/b.java
e/i/b/b/f/g/Wb.java
e/a/a/C1419c.java
com/cyin/himgr/networkmanager/provider/NetworkProvider.java
e/c/a/d/p.java
e/f/a/f/a/a.java
com/cyin/himgr/clean/ctl/scan/RAMScan.java
e/k/o/b/a.java
e/d/c/m/d/o.java
d/b/e/G.java
e/i/d/m/e.java
e/i/b/b/f/g/Y.java
e/i/b/b/c/a/a/C.java
e/i/b/b/f/a/Tga.java
e/a/a/b/b.java
com/transsion/applock/receiver/AppLockCheckReceiver.java
com/cyin/himgr/superclear/view/frameview/FrameAnimationView.java
com/example/notification/presenter/ProtectPresenter$1.java
e/i/b/b/i/a.java
d/j/b/a/f.java
e/d/c/G/c.java
High
CVSS:5.5
App can read/write to External Storage. Any App can read data written to External Storage.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 com/cyin/himgr/filemove/tasks/ScanBigFilesTask.java
com/cyin/himgr/ads/OperateConfigFetcher.java
e/k/O/s.java
com/cyin/himgr/clean/ctl/clean/CacheClean.java
com/cyin/himgr/advancedclean/managers/MusicScanner.java
e/k/o/b/b.java
e/k/v/h/i.java
d/j/b/b.java
com/cyin/himgr/advancedclean/managers/BigFileAndApkScanner.java
com/cyin/himgr/launcherinstall/LauncherInstallUtil$1.java
e/k/K/G.java
com/cyin/himgr/ads/AdUtils.java
com/cyin/himgr/whatsappmanager/manager/WhatsAppManager.java
com/cyin/himgr/clean/ctl/scan/CacheScan.java
com/cyin/himgr/whatsappmanager/views/activities/FileInfoActivity.java
com/transsion/reinstallapp/ReinstallFileProvider.java
com/cyin/himgr/clean/ctl/scan/SysCacheScan.java
com/cyin/himgr/clean/ctl/scan/UselessApkScan.java
e/i/b/b/f/a/CallableC3064l.java
e/k/j/C4647g.java
e/d/c/A/a.java
com/transsion/wifimanager/activity/WifiProtectorAnimActivity.java
com/cyin/himgr/applicationmanager/util/APKScanHelp$2.java
com/cyin/himgr/clean/ctl/clean/SysCacheClean.java
com/github/mikephil/charting/charts/Chart.java
com/cyin/himgr/advancedclean/managers/PictureScanner.java
com/cyin/himgr/applicationmanager/receiver/AppReceiver.java
e/d/c/f/a/AbstractC1499a.java
com/zero/tan/utils/a.java
e/i/b/b/f/a/Hia.java
e/d/c/I/e/e.java
e/k/k/c/b/q.java
com/cyin/himgr/advancedclean/managers/VideoScanner.java
e/d/c/f/a/a/b.java
e/i/b/b/f/a/E.java
e/k/j/e/b.java
com/cyin/himgr/advancedclean/tasks/scan/ScanBigFilesAndApkTask.java
Medium
CVSS:4.3
IP Address disclosure
MASVS: MSTG-CODE-2
CWE-200 Information Exposure
Files:
 e/k/q/C4699a.java
a/b/a/g/j.java
com/zero/tan/data/a/b.java
b/b/a/b/b.java
com/zero/tan/ad/base/TanBaseAd.java
com/zero/tan/ad/base/TanAdFactory.java
b/b/a/g/a.java
com/transsion/push/tracker/Tracker.java
g/a/a/e.java
com/zero/adx/ad/base/AdxAdFactory.java
a/b/a/g/g.java
e/d/c/i/b/C1531b.java
com/cyin/himgr/filemove/manager/MoveManager.java
b/b/a/b/m.java
com/transsion/push/tracker/PushTracker.java
e/k/B/b/d.java
com/zero/adxlibrary/check/ExistsCheck.java
com/trustlook/sdk/cloudscan/CloudScanClient.java
com/zero/tan/data/remote/a.java
com/transsion/wifimanager/activity/WifiProtectorAnimActivity.java
com/transsion/athena/data/AppIdData.java
e/d/c/j/d/a.java
com/zero/adx/ad/base/PostBody.java
e/d/c/h/C1528a.java
e/k/B/d/o.java
com/zero/tan/utils/a.java
com/zero/common/BuildConfig.java
b/a/a/e.java
com/zero/adx/ad/base/PlatformUtil.java
High
CVSS:7.5
The App uses an insecure Random Number Generator.
MASVS: MSTG-CRYPTO-6
CWE-330 Use of Insufficiently Random Values
M5: Insufficient Cryptography
Files:
 e/i/b/b/f/f/Sb.java
e/i/b/b/f/f/Ec.java
e/i/b/b/f/g/Ra.java
e/i/b/b/f/a/C2444baa.java
e/i/b/b/f/g/C4279ub.java
e/k/j/f/g.java
e/i/b/b/f/a/MZ.java
e/i/b/b/f/a/HZ.java
e/i/b/b/f/a/C3991zZ.java
e/i/b/b/f/g/AbstractC4290wa.java
e/i/b/b/f/a/TZ.java
com/transsion/chargescreen/widget/ChargingProgress.java
e/i/d/d/a/e/O.java
e/i/b/b/f/f/C4132ud.java
e/k/a/c/b.java
e/i/b/b/f/f/C4087lc.java
e/i/d/o/c.java
e/i/b/b/f/a/_R.java
e/i/b/b/f/g/Aa.java
e/d/d/g/a.java
e/i/b/b/f/a/Oaa.java
e/i/b/b/f/g/C4202hb.java
e/i/b/b/f/a/Eaa.java
com/cyin/himgr/ads/AdManager.java
e/i/b/b/f/g/C4280uc.java
e/i/b/b/f/f/Bc.java
e/k/F/k.java
e/i/b/b/f/f/Jc.java
e/i/b/b/f/a/C2442bZ.java
e/i/b/b/f/f/Qc.java
e/i/b/b/f/g/Bb.java
e/i/b/b/f/f/C4101ob.java
e/i/b/b/f/g/AbstractC4232mb.java
com/cyin/himgr/widget/SpeedClearView.java
e/i/b/b/f/f/Id.java
e/d/c/J/c/q.java
e/i/b/b/f/a/YY.java
e/i/b/b/f/g/C4178db.java
e/i/b/b/f/g/Zb.java
e/i/b/b/f/a/C2833haa.java
com/cyin/himgr/clean/ctl/scan/RAMScan.java
e/i/b/b/f/g/C4161ac.java
e/i/b/b/f/a/C2900iba.java
e/i/b/b/f/f/C4151yc.java
e/i/b/b/f/f/Ob.java
okio/Options.java
e/k/k/d/C4666e.java
a/b/a/h/b.java
e/i/b/b/g/b/bd.java
e/d/d/f/a.java
io/reactivex/internal/util/VolatileSizeArrayList.java
e/i/b/b/f/a/C3307oka.java
org/greenrobot/greendao/test/DbTest.java
High
CVSS:5.9
App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
M7: Client Code Quality
Files:
 d/v/g.java
e/d/c/g/C1527d.java
e/k/B/a/b.java
e/f/a/g/d.java
com/cyin/himgr/service/dao/ResidDao.java
d/y/a/a/c.java
com/cyin/himgr/clean/model/CleanModel.java
com/transsion/bering/db/CollectDao.java
e/i/b/b/g/b/Wc.java
com/trustlook/sdk/database/SimplifiedAppDAO.java
e/i/b/b/g/b/C4321c.java
com/cyin/himgr/filemove/database/FileMoveDbHelper.java
com/cyin/himgr/harassmentintercept/dao/DataBaseHelper.java
e/i/b/b/g/b/kd.java
org/greenrobot/greendao/DbUtils.java
com/transsion/virustool/db/StudentBaseHelper.java
e/i/b/b/f/a/C3586tE.java
com/transsion/virustool/db/VirusDataDao.java
e/i/b/a/b/d/b/H.java
e/i/b/b/g/b/Fb.java
com/cyin/himgr/networkmanager/provider/NetworkProvider.java
e/k/B/a/a.java
e/d/c/j/b/C1537a.java
e/i/b/b/f/a/C3069lE.java
com/cyin/himgr/folderscan/ScanPathInfoDao.java
com/example/notification/bean/MessageInfoDao.java
e/d/c/m/a/a.java
e/i/b/a/b/d/b/J.java
e/i/b/a/b/d/b/D.java
com/cyin/himgr/service/dao/CacheBeanDao.java
com/transsion/athena/data/a.java
com/trustlook/sdk/database/SimplifiedAppDBHelper.java
com/cyin/himgr/service/dao/LetsSwitchPkgBeanDao.java
com/example/notification/bean/ProtectAppDao.java
e/i/b/b/g/b/Ib.java
com/trustlook/sdk/database/DBHelper.java
e/i/b/b/g/b/C4337g.java
org/greenrobot/greendao/AbstractDao.java
e/k/j/b/e.java
org/greenrobot/greendao/database/StandardDatabase.java
High
CVSS:7.4
MD5 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 e/k/K/C4564ia.java
a/b/a/g/j.java
e/k/j/d/l.java
e/k/M/f.java
b/b/a/g/a.java
e/i/b/b/f/a/Lha.java
e/k/p/b/C4697c.java
com/cyin/gamelib/http/GameHttpBuilder.java
e/e/a/d/b.java
e/k/v/h/e.java
e/d/c/r/s.java
e/k/e/h/c.java
e/i/b/b/g/b/bd.java
e/i/b/b/f/a/C2722fk.java
High
CVSS:7.4
Files may contain hardcoded sensitive informations like usernames, passwords, keys etc.
MASVS: MSTG-STORAGE-14
CWE-312 Cleartext Storage of Sensitive Information
M9: Reverse Engineering
Files:
 e/i/d/d/a/e/C4507e.java
com/transsion/push/PushConstants.java
com/transsion/push/bean/PushAppInfo.java
e/c/a/c/e.java
e/c/a/c/b/E.java
e/k/Q/c/a.java
e/c/a/c/b/C1443e.java
com/zero/ta/common/util/CacheUtil.java
e/c/a/c/b/w.java
com/transsion/push/bean/PushRequest.java
Low
CVSS:0
This App uses SQL Cipher. SQLCipher provides 256-bit AES encryption to sqlite database files.
MASVS: MSTG-CRYPTO-1
Files:
 org/greenrobot/greendao/database/DatabaseOpenHelper.java
Info
CVSS:0
This App uses SSL certificate pinning to detect or prevent MITM attacks in secure communication channel.
MASVS: MSTG-NETWORK-4
Files:
 com/zero/ta/common/http/HttpsConfigUtil.java
e/d/c/q/g.java
e/j/a/a/a/a.java
b/b/a/g/a.java
g/a/a/e.java
e/d/c/i/b/f.java
com/cyin/gamelib/http/GameHttpManager.java
High
CVSS:5.9
SHA-1 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 e/i/d/k/a/c.java
e/l/a/b/b.java
e/i/d/i/S.java
com/trustlook/sdk/cloudscan/CloudScanClient.java
e/l/a/a/i.java
Info
CVSS:0
This App may have root detection capabilities.
MASVS: MSTG-RESILIENCE-1
Files:
 e/i/d/d/a/c/C4484g.java
e/i/b/b/f/g/T.java
Medium
CVSS:8.8
Insecure WebView Implementation. Execution of user controlled code in WebView is a critical Security Hole.
MASVS: MSTG-PLATFORM-7
CWE-749 Exposed Dangerous Method or Function
M1: Improper Platform Usage
Files:
 com/zero/ta/api/view/MediaView.java
High
CVSS:5.5
App creates temp file. Sensitive information should never be written into a temp file.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 d/v/x.java
Pygal China: 700 Germany: 700 Ireland: 1700 Singapore: 700 United States: 2500

Map computed by Pithus.

Network analysis

Information computed with MobSF.

High Base config is insecurely configured to permit clear text traffic to all domains.
Scope: ['*']

Domains analysis

Information computed with MobSF.

US file.trustlook.com 52.8.162.100
IE api.twibida.com 63.32.18.252
DE res.toolmatrix.plus 13.225.87.105
IE ssp-api.mobadvent.com 54.228.253.216
US policies.google.com 142.250.186.142
DE cdn.shalltry.com 13.225.87.86
US google.com 142.250.184.238
CN queryapi-1431840856.bceapp.com 182.61.137.100
file.luweitech.com
api.mobadvent.com
IE gslb.shalltry.com 34.247.130.170
IE adx-api.mobadvent.com 63.32.18.252
DE apps.shalltry.com 13.225.87.86
IE api.galileoab.com 18.200.231.51
IE pre-api-accel.shalltry.com 52.48.90.232
IE ds.mobadvent.com 52.211.119.30
IE mi-pre.shalltry.com 52.31.155.215
api.luweitech.com
US googleads.g.doubleclick.net 142.250.184.194
reports.crashlytics.com
DE an.facebook.com 157.240.20.15
US www.google.com 142.250.185.228
DE www.facebook.com 157.240.20.35
SG test-api-accel.shalltry.com 52.221.37.0
SG pre-ssp-api.mobadvent.com 52.77.77.98
test-tracking.twibida.com
CN test2.mobadvent.com 27.115.104.118
IE ads.mobadvent.com 176.34.147.32
US googlemobileadssdk.page.link 216.58.212.142
IE pre-ds.mobadvent.com 54.229.252.206
IE adx-test.mobadvent.com 108.128.108.193
SG apitm-test.toolmatrix.plus 52.76.190.185
CN fileservice-1431840856.bceapp.com 106.13.9.62
US firebaseremoteconfig.googleapis.com 142.250.185.234
US ip-api.com 208.95.112.1
US imasdk.googleapis.com 142.250.185.170
SG test-ssp-api.mobadvent.com 52.220.147.208
US update.crashlytics.com 142.250.184.195
CN test.shtranssion.com 27.115.104.118
SG apifb-test.toolmatrix.plus 52.77.147.232
CN dev.mobadvent.com 27.115.104.118