Moderate Risk

Threat level

be.casperverswijvelt.unifiedinternetqs

Better Internet Tiles

Analyzed on 2022-09-22T17:44:23.024084

8

permissions

3

activities

5

services

0

receivers

2

domains

File sums

MD5 19936230d270f1ce0940103224eb7a0a
SHA1 5b3d547c34ecf0c1b2547af4e691ba997d5167a3
SHA256 d3c54d76f5c0cf6a2fd25f56134becd4fd293a5e9757d16bc20f860ae26ee075
Size 2.56MB

APKiD

Information computed with APKiD.

/tmp/tmpbkb5a02u!classes.dex
yara_issue
  • yara issue - dex file recognized by apkid but not yara module
anti_vm
  • Build.FINGERPRINT check
  • Build.MODEL check
  • Build.MANUFACTURER check
compiler
  • unknown (please file detection issue!)

SSdeep

Information computed with ssdeep.

APK file 24576:e6eoSrmeH9Mu0It0feGoYpN4wgEsjPxEHg1B1d2ZrnOnfosfW8bv/+eCLZtFIYsF:heHrmeH9M4YNtsTxEHg1B1d2Zrnfpil
Manifest 192:pZIeDzOW+o3KL3yUSCDCiaFlRVXYSJMR5JSMxRyJYQ1SNm4LCQJWT:pZIeDzOW53K…
classes.dex 12288:XZ6l8JWVhOZRrZySzhd5HdEC8SIATrzxWxZqKUOHbC0CFt0LzdodtRO:J6eoSrm…

Dexofuzzy

Information computed with Dexofuzzy.

classes.dex None

APK details

Information computed with AndroGuard and Pithus.

Package be.casperverswijvelt.unifiedinternetqs
App name Better Internet Tiles
Version name 2.4.1-fdroid
Version code 2040100
SDK 29 - 33
UAID 36ddc334f3b836ee46bcbd176619f4cfea054de0
Signature Signature V2
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0x504b4453: Dependency metadata
  • 0x42726577: Verity padding

Certificate details

Information computed with AndroGuard.

MD5 0e14c2e1854c1f913929e2df36fb661f
SHA1 c4fb2fb906653df8b30d4ff069f4331785779211
SHA256 a5d746ad65ece2504455841c05270c248c5b7e384f3deed5ab53b937f4e50651
Issuer Common Name: Casper Verswijvelt, Locality: Ghent, State/Province: 9050, Country: BE
Not before 2021-12-11T21:59:45+00:00
Not after 2046-12-05T21:59:45+00:00

Manifest analysis

Information computed with MobSF.

High Clear text traffic is Enabled For App[android:usesCleartextTraffic=true]
The app intends to use cleartext network traffic, such as cleartext HTTP, FTP stacks, DownloadManager, and MediaPlayer. The default value for apps that target API level 27 or lower is "true". Apps that target API level 28 or higher default to "false". The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering; a network attacker can eavesdrop on transmitted data and also modify it without being detected.
Medium Application Data can be Backed up[android:allowBackup=true]
This flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
High Content Provider (rikka.shizuku.ShizukuProvider) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INTERACT_ACROSS_USERS_FULL [android:exported=true]
A Content Provider is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (be.casperverswijvelt.unifiedinternetqs.tiles.InternetTileService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (be.casperverswijvelt.unifiedinternetqs.tiles.WifiTileService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (be.casperverswijvelt.unifiedinternetqs.tiles.MobileDataTileService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (be.casperverswijvelt.unifiedinternetqs.tiles.NFCTileService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (be.casperverswijvelt.unifiedinternetqs.ui.LongPressReceiverActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.

Main Activity

Information computed with AndroGuard.

be.casperverswijvelt.unifiedinternetqs.ui.MainActivity

Activities

Information computed with AndroGuard.

be.casperverswijvelt.unifiedinternetqs.ui.MainActivity
be.casperverswijvelt.unifiedinternetqs.ui.LongPressReceiverActivity
com.jakewharton.processphoenix.ProcessPhoenix

Services

Information computed with AndroGuard.

be.casperverswijvelt.unifiedinternetqs.ShizukuDetectService
be.casperverswijvelt.unifiedinternetqs.tiles.InternetTileService
be.casperverswijvelt.unifiedinternetqs.tiles.WifiTileService
be.casperverswijvelt.unifiedinternetqs.tiles.MobileDataTileService
be.casperverswijvelt.unifiedinternetqs.tiles.NFCTileService

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application use no DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['network connectivity'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 be/casperverswijvelt/unifiedinternetqs/tiles/MobileDataTileService.java
z2/c.java
f0/o.java
f0/i.java
z2/f.java
v/a.java
w0/a.java
be/casperverswijvelt/unifiedinternetqs/tiles/NFCTileService.java
p/e.java
r/b.java
be/casperverswijvelt/unifiedinternetqs/tiles/WifiTileService.java
d/b.java
a1/k.java
c1/g.java
d/e.java
j0/b.java
x/b.java
f0/c0.java
be/casperverswijvelt/unifiedinternetqs/TileApplication.java
f0/b.java
z2/e.java
r1/e.java
v/f.java
f0/a.java
h/f.java
d/f.java
rikka/shizuku/ShizukuProvider.java
s0/a.java
x1/f.java
p0/e.java
u1/d.java
l0/c.java
be/casperverswijvelt/unifiedinternetqs/tiles/InternetTileService.java
y/c.java
Medium
CVSS:7.5
The App uses an insecure Random Number Generator.
MASVS: MSTG-CRYPTO-6
CWE-330 Use of Insufficiently Random Values
M5: Insufficient Cryptography
Files:
 o2/a.java
o2/b.java
p2/a.java
Pygal United States: 200

Map computed by Pithus.

Domains analysis

Information computed with MobSF.

US shizuku.rikka.app 104.21.17.67
US bitanalytics.casperverswijvelt.be 104.21.55.239

URL analysis

Information computed with MobSF.

https://bitanalytics.casperverswijvelt.be/api/report
Defined in v/a.java
https://shizuku.rikka.app
Defined in Android String Resource

Permissions analysis

Information computed with MobSF.

High android.permission.READ_PHONE_STATE read phone state and identity
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on.
Low android.permission.ACCESS_NETWORK_STATE view network status
Allows an application to view the status of all networks.
Low android.permission.ACCESS_WIFI_STATE view Wi-Fi status
Allows an application to view the information about the status of Wi-Fi.
Low android.permission.CHANGE_WIFI_STATE change Wi-Fi status
Allows an application to connect to and disconnect from Wi-Fi access points and to make changes to configured Wi-Fi networks.
Low android.permission.FOREGROUND_SERVICE Allows a regular application to use Service.startForeground.
Low android.permission.INTERNET full Internet access
Allows an application to create network sockets.
be.casperverswijvelt.unifiedinternetqs.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION Unknown permission
Unknown permission from android reference
moe.shizuku.manager.permission.API_V23 Unknown permission
Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Find a method from given class name, usually for reflection
Confidence:
100%
Method reflection
Confidence:
100%
Read sensitive data(SMS, CALLLOG, etc)
Confidence:
100%
Implicit intent(view a web page, make a phone call, etc.) via setData
Confidence:
100%
Connect to a URL and get the response code
Confidence:
100%
Return dynamic information about the current Wi-Fi connection
Confidence:
100%
Get the current WIFI information
Confidence:
100%
Get location of the device
Confidence:
100%
Method reflection
Confidence:
100%
Get the time of current location
Confidence:
100%
Initialize class object dynamically
Confidence:
100%
Connect to a URL and set request method
Confidence:
80%
Start another application from current application
Confidence:
80%
Get declared method from given method name
Confidence:
80%
Monitor the broadcast action events (BOOT_COMPLETED)
Confidence:
80%
Get last known location of the device
Confidence:
80%
Get the current WiFi information and put it into JSON
Confidence:
80%
Calculate WiFi signal strength
Confidence:
80%
Get resource file from res/raw directory

Behavior analysis

Information computed with MobSF.

Base64 decode
       x/a.java
Base64 encode
       c0/f.java
Content provider
       rikka/shizuku/ShizukuProvider.java
Execute os command
       e2/a.java
Gps location
       d/e.java
Get system service
       r1/p.java
f0/o.java
l0/a.java
w0/a.java
j0/c.java
v/d.java
x0/d.java
v/g.java
p0/a.java
x0/a.java
w/a.java
a1/k.java
a2/p.java
be/casperverswijvelt/unifiedinternetqs/ShizukuDetectService.java
d/e.java
h/c.java
v/c.java
Get wifi details
       a1/k.java
Http connection
       v/a.java
Inter process communication
       a1/d.java
be/casperverswijvelt/unifiedinternetqs/tiles/MobileDataTileService.java
y2/c.java
i/e.java
z2/c.java
moe/shizuku/api/BinderContainer.java
w0/a.java
be/casperverswijvelt/unifiedinternetqs/ui/LongPressReceiverActivity.java
be/casperverswijvelt/unifiedinternetqs/tiles/NFCTileService.java
x0/d.java
com/jakewharton/processphoenix/ProcessPhoenix.java
i/a.java
d/b.java
b/b.java
w/a.java
a1/k.java
be/casperverswijvelt/unifiedinternetqs/ShizukuDetectService.java
z2/a.java
d/e.java
y2/a.java
z0/d.java
v/b.java
b/a.java
y2/b.java
z2/e.java
v/f.java
rikka/shizuku/ShizukuProvider.java
i/c.java
p0/e.java
x/c.java
Java reflection
       j2/a.java
f0/c0.java
z2/f.java
n2/c.java
v0/a.java
h/f.java
d/f.java
a1/k.java
i/c.java
s0/a.java
d/k.java
d/e.java
p0/e.java
v0/b.java
j2/b.java
Kill process
       com/jakewharton/processphoenix/ProcessPhoenix.java
Local file i/o operations
       be/casperverswijvelt/unifiedinternetqs/tiles/MobileDataTileService.java
be/casperverswijvelt/unifiedinternetqs/tiles/WifiTileService.java
be/casperverswijvelt/unifiedinternetqs/TileApplication.java
y0/h.java
v/a.java
a1/k.java
be/casperverswijvelt/unifiedinternetqs/tiles/NFCTileService.java
z0/d.java
be/casperverswijvelt/unifiedinternetqs/tiles/InternetTileService.java
Query database of sms, contacts etc
       c0/e.java
Starting activity
       v/b.java
w/a.java
a1/k.java
be/casperverswijvelt/unifiedinternetqs/ui/LongPressReceiverActivity.java
z0/d.java
Url connection to file/http/https/ftp/jar
       v/a.java

Control flow graphs analysis

Information computed by Pithus.

The application probably gets the location based on GPS and/or Wi-Fi

The application probably scans the Wi-Fi network

The application probably gets the Wi-Fi connection information

The application probably plays sound

The application probably sends data over HTTP/S

The application probably starts another application

The application probably executes OS commands

The application probably gets memory and CPU information