0/63

Threat

com.samsung.android.spayfw

Samsung PaymentFramework

Analyzed on 2022-01-21T16:07:43.603860

21

permissions

1

activities

2

services

3

receivers

0

domains

File sums

MD5 d2a6e6437d2b9e85c492246fabd132eb
SHA1 23e1798824ce184eff95f94223442dde18a3911c
SHA256 bcb2573d699240ec3d67227697576f74fa4c2799ab89525664cfb263daa36aaa
Size 0.07MB

APKiD

Information computed with APKiD.

/tmp/tmp_v0lf37n!classes.dex
compiler
  • dx

SSdeep

Information computed with ssdeep.

APK file 1536:Zx5Hqzuoj0gehTBizu/ujUmyK7ehTBizu/ujUmVehTBizu/ujUmMIus/zZKE7XK6:Zx5H7ojm0aGYmyK00aGYmu0aGYmZZT7j
Manifest 192:RgSHw9oARRFyn+RgNapoAsw7S6F1hh3PetE9MvJrSTuz1zO4q1B41cDbeErst:RgS…
classes.dex 384:7ukO5z9hhjT45L5Q9jK8JrsC/8ZYV5YD3AWIFpKsCVU3ctwEo7dc:7ujRn+5L5AMw…

Dexofuzzy

Information computed with Dexofuzzy.

APK file 12:82EIILLLLLLS/kj0l23GLoM/J4vjAZd4N1G:rELLLLLLLSHQWLRJ4MZd4O
classes.dex 12:82EIILLLLLLS/kj0l23GLoM/J4vjAZd4N1G:rELLLLLLLSHQWLRJ4MZd4O

APK details

Information computed with AndroGuard and Pithus.

Package com.samsung.android.spayfw
App name Samsung PaymentFramework
Version name 2.7.91
Version code 279100000
SDK 22 - 26
UAID 0235bc3d15ba9b9739a256b83f0b3602d44326ae
Signature Signature V1 Signature V2
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown

Certificate details

Information computed with AndroGuard.

MD5 d087e72912fba064cafa78dc34aea839
SHA1 9ca5170f381919dfe0446fcdab18b19a143b3163
SHA256 34df0e7a9f1cf1892e45c056b4973cd81ccf148a4050d11aea4ac5a65f900a42
Issuer Email Address: android.os@samsung.com, Common Name: Samsung Cert, Organizational Unit: DMC, Organization: Samsung Corporation, Locality: Suwon City, State/Province: South Korea, Country: KR
Not before 2011-06-22T12:25:12+00:00
Not after 2038-11-07T12:25:12+00:00

File Analysis

Information computed with MobSF.

Findings Files
Certificate/Key files hardcoded inside the app. SEC-INF/buildConfirm.crt

Manifest analysis

Information computed with MobSF.

High Broadcast Receiver (com.samsung.android.spayfw.fraud.FraudReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.samsung.android.spayfw.core.PaymentFrameworkService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.samsung.android.spayauth.AuthFrameworkService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.

Activities

Information computed with AndroGuard.

com.samsung.android.spayfw.core.PaymentFrameworkStoreManage

Receivers

Information computed with AndroGuard.

com.samsung.android.spayfw.core.FactoryResetDetector
com.samsung.android.spayfw.fraud.FraudReceiver
com.samsung.android.spayfw.core.PackageStateReceiver

Services

Information computed with AndroGuard.

com.samsung.android.spayfw.core.PaymentFrameworkService
com.samsung.android.spayauth.AuthFrameworkService

Sample timeline

Oldest file found in APK Jan. 1, 2009, midnight
Latest file found in APK Jan. 1, 2009, midnight
Certificate valid not before June 22, 2011, 12:25 p.m.
First submission on VT April 27, 2021, 3:58 a.m.
Last submission on VT April 27, 2021, 3:58 a.m.
Upload on Pithus Jan. 21, 2022, 4:07 p.m.
Certificate valid not after Nov. 7, 2038, 12:25 p.m.

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['location', 'bluetooth', 'network connectivity', 'NFC'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FTP_DIT_EXT.1.1 The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product.
Protection of Data in Transit

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 com/samsung/android/spayfw/core/hce/SPayHCEService.java
com/samsung/android/spayfw/core/PaymentFrameworkService.java
com/samsung/android/spayfw/core/PackageStateReceiver.java
com/samsung/android/spayauth/AuthFrameworkService.java
com/samsung/android/spayfw/payprovider/TokenReplenishReceiver.java
com/samsung/android/spayfw/core/FactoryResetDetector.java
com/samsung/android/spayfw/fraud/FraudReceiver.java

Permissions analysis

Information computed with MobSF.

High android.permission.READ_EXTERNAL_STORAGE read external storage contents
Allows an application to read from external storage.
High android.permission.READ_PHONE_STATE read phone state and identity
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on.
High android.permission.ACCESS_FINE_LOCATION fine (GPS) location
Access fine location sources, such as the Global Positioning System on the phone, where available. Malicious applications can use this to determine where you are and may consume additional battery power.
High android.permission.WRITE_SETTINGS modify global system settings
Allows an application to modify the system's settings data. Malicious applications can corrupt your system's configuration.
Low android.permission.INTERNET full Internet access
Allows an application to create network sockets.
Low android.permission.ACCESS_NETWORK_STATE view network status
Allows an application to view the status of all networks.
Low android.permission.RECEIVE_BOOT_COMPLETED automatically start at boot
Allows an application to start itself as soon as the system has finished booting. This can make it take longer to start the phone and allow the application to slow down the overall phone by always running.
Low android.permission.BLUETOOTH create Bluetooth connections
Allows applications to connect to paired bluetooth devices.
Low android.permission.NFC control Near-Field Communication
Allows an application to communicate with Near-Field Communication (NFC) tags, cards and readers.
Low android.permission.ACCESS_WIFI_STATE view Wi-Fi status
Allows an application to view the information about the status of Wi-Fi.
Low android.permission.CHANGE_WIFI_STATE change Wi-Fi status
Allows an application to connect to and disconnect from Wi-Fi access points and to make changes to configured Wi-Fi networks.
Medium android.permission.WRITE_SECURE_SETTINGS modify secure system settings
Allows an application to modify the system's secure settings data. Not for use by common applications.
Medium android.permission.INSTALL_PACKAGES directly install applications
Allows an application to install new or updated Android packages. Malicious applications can use this to add new applications with arbitrarily powerful permissions.
com.samsung.android.knox.permission.KNOX_ATTESTATION Unknown permission
Unknown permission from android reference
com.sec.enterprise.knox.permission.KNOX_ATTESTATION Unknown permission
Unknown permission from android reference
android.permission.sec.ENTERPRISE_DEVICE_ADMIN Unknown permission
Unknown permission from android reference
android.permission.READ_PRIVILEGED_PHONE_STATE Unknown permission
Unknown permission from android reference
com.samsung.android.knox.permission.KNOX_KEYSTORE Unknown permission
Unknown permission from android reference
com.sec.enterprise.knox.permission.KNOX_KEYSTORE Unknown permission
Unknown permission from android reference
android.permission.REAL_GET_TASKS Unknown permission
Unknown permission from android reference
com.samsung.android.spayfw.permission.UPDATE_NOTIFICATION Unknown permission
Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Behavior analysis

Information computed with MobSF.

Inter process communication
       com/samsung/android/spayfw/core/PaymentFrameworkService.java
com/samsung/android/spayfw/core/PackageStateReceiver.java
com/samsung/android/spayauth/AuthFrameworkService.java
com/samsung/android/spayfw/payprovider/TokenReplenishReceiver.java
com/samsung/android/spayfw/core/FactoryResetDetector.java
com/samsung/android/spayfw/fraud/FraudReceiver.java

Control flow graphs analysis

Information computed by Pithus.