Low Risk

Threat level

com.systoon.dongaotoon

My 2022

Analyzed on 2022-01-29T12:13:34.667657

64

permissions

193

activities

15

services

16

receivers

66

domains

File sums

MD5 46edd058b8d2d1dc11b5805a1ba87d91
SHA1 8f68208580694f0d05921504d2c8608caab5fd34
SHA256 d5462ccd3bc9e66270c38cf1cfc8d683e26154966cbd4b9e82b822458396167b
Size 96.15MB

APKiD

Information computed with APKiD.

/tmp/tmpfxsoeukd
packer
  • SecNeo.B
/tmp/tmpfxsoeukd!assets/resthird.data!classes.dex
compiler
  • dexlib 2.x
/tmp/tmpfxsoeukd!classes.dex
anti_vm
  • Build.FINGERPRINT check
  • Build.MODEL check
  • Build.MANUFACTURER check
  • Build.PRODUCT check
  • Build.HARDWARE check
  • Build.BOARD check
  • possible Build.SERIAL check
  • Build.TAGS check
  • SIM operator check
  • network operator name check
  • device ID check
  • subscriber ID check
  • network interface name check
  • possible ro.secure check
  • emulator file check
  • possible VM check
compiler
  • dexlib 2.x

SSdeep

Information computed with ssdeep.

APK file 3145728:T3I4uxnAsrtBXmT3JrQswcNdu56f1qSvI:X+ntbXq3dfqSw
Manifest 768:n5KvESkjMtFywO3Yj2u9mgOmS63ppPp1iXHKpuob7Lm3ekcEC+7ylgoSrg3TBiiG:…
classes.dex 393216:YM9V6oYF5rdXB/aTW7yj43gZY7pGqCpPP32qp747WHcPRU7XPU1/rMS65Y9dSa…

Dexofuzzy

Information computed with Dexofuzzy.

APK file 24:yC/xyxxxxiL5muBJBobKF3AIL9B4uHBPR1lgsiJBI7qRRRSgjwyKBPB+4RGLmjkS:d…
classes.dex 24:yC/xyxxxxiL5muBJBobKF3AIL9B4uHBPR1lgsiJBI7qRRRSgjwyKBPB+4RGLmjkS:d…

APK details

Information computed with AndroGuard and Pithus.

Package com.systoon.dongaotoon
App name My 2022
Version name 2.0.7
Version code 2122054203
SDK 21 - 28
UAID 9e136b898f1451bcb44d5686ccebdbd042fc804b
Signature Signature V1
Frosting Not frosted

Certificate details

Information computed with AndroGuard.

MD5 d643c600be9f66e5f53c6e971dccf9f9
SHA1 c07d3450929559fb6e90f45154d2a76f12f7447f
SHA256 1120833c2f2790232975213d53294b662565fa5a85f50f662e88fddbbf3e2468
Issuer Organization: Beijing Syswin Zhengwutoon Technology Co. Ltd., Locality: Beijing, State/Province: Beijing, Country: 86
Not before 2018-02-06T01:12:11+00:00
Not after 2043-01-31T01:12:11+00:00

File Analysis

Information computed with MobSF.

Findings Files
Certificate/Key files hardcoded inside the app. res/raw/cfca_ov_oca.cer
okhttp3/internal/publicsuffix/NOTICE
assets/toon.cer
assets/WoTrus DV Server CA.cer
assets/Apple IST CA 2 - G1.cer
assets/my2022r.pem
assets/Sectigo RSA Organization Validation Secure Server CA.cer
assets/Cloudflare Inc ECC CA-3.cer
assets/DigiCert CN RSA CA G1.cer
assets/TrustAsia TLS RSA CA.cer
assets/GTS CA 1C3.cer
assets/Apple Public Server RSA CA 12 - G1.cer
assets/secondary_vrlab-public.ljcdn.com.cer
assets/my2022.pem
assets/secondary_vrlab-image.ljcdn.com.cer
assets/Encryption Everywhere DV TLS CA - G1.cer
assets/secondary_bj2022-image4.realsee-cdn.com.cer
assets/R3.cer
assets/ca.crt
assets/GeoTrust CN RSA CA G1.cer
assets/secondary_bj2022-image1.realsee-cdn.com.cer
assets/DigiCert Secure Site CN CA G3.cer
assets/TrustAsia OV TLS Pro CA G3.cer
assets/secondary_bj2022-public.realsee-cdn.com.cer
assets/secondary_s1.ljcdn.com.cer
assets/DigiCert SHA2 Secure Server CA.cer
assets/Secure Site CA G2.cer
assets/secondary_bj2022-image3.realsee-cdn.com.cer
assets/Entrust Certification Authority - L1M.cer
assets/flutter_assets/packages/flutter_common/assets/certs/*.beijing2022.cn.pem
assets/flutter_assets/packages/flutter_common/assets/certs/*.beijing2022.cn1.pem
assets/secondary_bj2022-image2.realsee-cdn.com.cer
assets/GeoTrust RSA CA 2018.cer
assets/secondary_s4.ljcdn.com.cer
assets/secondary_dig.lianjia.com.cer
assets/WoTrus OV SSL Pro CA.cer
assets/RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1.cer
assets/secondary_dongaostatic.beijing2022.cn.cer
assets/GlobalSign RSA OV SSL CA 2018.cer
assets/meta-data/rsa.pub
assets/secondary_safebrowsing.googleapis.com.cer
assets/DigiCert TLS RSA SHA256 2020 CA1.cer
assets/GeoTrust RSA CN CA G2.cer
assets/Apple Public EV Server RSA CA 2 - G1.cer
assets/Apple Server Authentication CA.cer
assets/toon.chain.cer
assets/GlobalSign Organization Validation CA - SHA256 - G2.cer
Findings Files
Hardcoded Keystore found. assets/updatesdkcas.bks
assets/grs_sp.bks
assets/hmsincas.bks
assets/client2.bks
assets/client.bks
assets/hmsrootcas.bks

Manifest analysis

Information computed with MobSF.

High Clear text traffic is Enabled For App[android:usesCleartextTraffic=true]
The app intends to use cleartext network traffic, such as cleartext HTTP, FTP stacks, DownloadManager, and MediaPlayer. The default value for apps that target API level 27 or lower is "true". Apps that target API level 28 or higher default to "false". The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering; a network attacker can eavesdrop on transmitted data and also modify it without being detected.
Low App has a Network Security Configuration[android:networkSecurityConfig=@xml/network_security_config]
The Network Security Configuration feature lets apps customize their network security settings in a safe, declarative configuration file without modifying app code. These settings can be configured for specific domains and for a specific app.
High Activity (com.systoon.tshare.third.share.view.OutSideShareActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.systoon.phoenix.wxapi.WXPayEntryActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.systoon.foshantoon.wxapi.WXEntryActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.systoon.toon.wxapi.WXEntryActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.tencent.tauth.AuthActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Broadcast Receiver (com.systoon.tnoticebox.receiver.MyTPushReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Activity (com.sina.weibo.sdk.share.ShareResultActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.ccb.ccbnetpay.activity.appresult.ResultActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Broadcast Receiver (com.systoon.customhomepage.receiver.NetChangeReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Activity (com.msgseal.module.view.TmailTransitActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.systoon.toongine.adapter.ToongineActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Broadcast Receiver (com.moor.imkf.receiver.NetWorkReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Broadcast Receiver (com.m7.imkfsdk.receiver.NewMsgReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Service (com.vivo.push.sdk.service.CommandClientService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.xiaomi.mipush.sdk.PushMessageHandler) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.systoon.push.XiaomiReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.xiaomi.push.service.receivers.NetworkStatusReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.systoon.push.MeizuReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Service (com.heytap.msp.push.service.CompatibleDataMessageCallbackService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.coloros.mcs.permission.SEND_MCS_MESSAGE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (com.heytap.msp.push.service.DataMessageCallbackService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.heytap.mcs.permission.SEND_PUSH_MESSAGE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (com.zhuanche.winterolympic.receiver.LanguageReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Service (com.meizu.cloud.pushsdk.NotificationService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
Low Broadcast Receiver (com.huawei.hms.support.api.push.PushMsgReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.systoon.dongaotoon.permission.PROCESS_PUSH_MSG
protectionLevel: signatureOrSystem [android:exported=true]
A Broadcast Receiver is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
Low Broadcast Receiver (com.huawei.hms.support.api.push.PushReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.systoon.dongaotoon.permission.PROCESS_PUSH_MSG
protectionLevel: signatureOrSystem [android:exported=true]
A Broadcast Receiver is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
High Service (com.huawei.hms.support.api.push.service.HmsMsgService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
Low Content Provider (com.huawei.hms.support.api.push.PushProvider) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.systoon.dongaotoon.permission.PUSH_PROVIDER
protectionLevel: signatureOrSystem [android:exported=true]
A Content Provider is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
Medium High Intent Priority (10000)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.
Medium High Intent Priority (2147483647)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.
Medium High Intent Priority (1000)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.

Browsable activities

Information computed with MobSF.

com.systoon.tshare.third.share.view.OutSideShareActivity

Schemes: toon137://

Mime types: */* image/*

com.tencent.tauth.AuthActivity

Schemes: tencent1105636982://

Main Activity

Information computed with AndroGuard. 

com.systoon.launcher.business.activity.SplashActivity

Activities

Information computed with AndroGuard. 

com.systoon.launcher.business.activity.SplashActivity
com.systoon.tshare.third.share.view.OutSideShareActivity
com.idlefish.flutterboost.containers.BoostFlutterActivity
com.systoon.flutter.BoostFlutterDialogActivity
com.systoon.business.webpage.SubWebViewActivity
com.systoon.business.match.SubMatchActivity
com.fineway.uimaplocator.activity.XHListMapWebActivity
com.fineway.uimaplocator.activity.XHMapActivity
com.systoon.phoenix.wxapi.WXPayEntryActivity
com.systoon.foshantoon.wxapi.WXEntryActivity
com.systoon.toon.wxapi.WXEntryActivity
com.tencent.tauth.AuthActivity
com.sina.weibo.sdk.web.WebActivity
com.sina.weibo.sdk.share.ShareTransActivity
com.sina.weibo.sdk.share.ShareStoryActivity
com.sina.weibo.sdk.share.ShareChatActivity
com.sina.weibo.sdk.share.ShareResultActivity
com.systoon.interactive.view.ChannelManagerActivity
com.systoon.interactive.view.InteractiveSearchActivity
com.ui.template.bottom.tab.WindowTemplateActivity
com.zhengtoon.tuser.login.view.UserLoginByPwdActivity
com.zhengtoon.tuser.login.view.UserLoginByCodeActivity
com.zhengtoon.tuser.login.view.UserLoginByCardActivity
com.zhengtoon.tuser.login.view.UserRegisterActivity
com.zhengtoon.tuser.login.view.ForgetPwdInputPhoneNumActivity
com.zhengtoon.tuser.login.view.SettingPasswordActivity
com.zhengtoon.tuser.setting.view.AccountSettingActivity
com.zhengtoon.tuser.setting.view.SettingActivity
com.zhengtoon.tuser.setting.view.LanguageSettingActivity
com.zhengtoon.tuser.setting.view.EasyModeActivity
com.zhengtoon.tuser.setting.view.SetNameActivity
com.zhengtoon.tuser.setting.view.ChangePhoneWaysActivity
com.zhengtoon.tuser.setting.view.ChangePasswordActivity
com.zhengtoon.tuser.setting.view.SetEmailActivity
com.zhengtoon.tuser.setting.view.VerifyCodeActivity
com.zhengtoon.tuser.setting.view.ChangePhoneNumActivity
com.zhengtoon.tuser.setting.view.SetQuestionActivity
com.zhengtoon.tuser.setting.view.SelectQuestionActivity
com.zhengtoon.tuser.common.base.view.camera.CCameraActivity
com.zhengtoon.tuser.setting.view.ShowAvatarActivity
com.zhengtoon.tuser.setting.view.AboutToonActivity
com.zhengtoon.tuser.setting.view.ProtocolToonActivity
com.zhengtoon.tuser.setting.view.LogoutActivity
com.zhengtoon.tuser.setting.view.LogoutVerifyCodeActivity
com.zhengtoon.tuser.setting.view.UserCommonSettingActivity
com.zhengtoon.tuser.setting.view.NewFeatureIntroActivity
com.zhengtoon.tuser.setting.view.HelpAndFeedBackActivity
com.zhengtoon.tuser.setting.view.PersonalFeedBackActivity
com.zhengtoon.tuser.setting.view.InformationManagerActivity
com.zhengtoon.tuser.setting.view.AddressManagerActivity
com.zhengtoon.tuser.setting.view.AddOrEditAddressActivity
com.zhengtoon.tuser.setting.view.AddOrEditInformationActivity
com.zhengtoon.tuser.login.view.ForgetPwdInputCardNumActivity
com.zhengtoon.tuser.login.view.ChangeCardNumPwdActivity
com.zhengtoon.tuser.login.view.ResetCardNumPwdActivity
com.zhengtoon.tuser.setting.view.CommonQuestionActivity
com.zhengtoon.tuser.login.view.PCToLoginActivity
com.zhengtoon.tuser.login.view.RegisterProtocolActivity
com.zhengtoon.tuser.login.view.LoginSetFingerPrintActivity
com.zhengtoon.tuser.login.view.LoginByFingerPrintActivity
com.zhengtoon.tuser.setting.view.SetFingerPrintActivity
com.zhengtoon.tuser.login.view.UserKickOutDialogActivity
com.zhengtoon.tuser.foreigner.view.ForeignersLoginActivity
com.zhengtoon.tuser.foreigner.view.ForeignerRegistrationActivity
com.zhengtoon.tuser.foreigner.view.ForeignerRetrievePasswordActivity
com.zhengtoon.tuser.foreigner.view.ForeignerSetPasswordActivity
com.systoon.customhomepage.view.ServeSearchActivity
com.systoon.customhomepage.view.CustomManagerAppActivity
com.systoon.customhomepage.view.NoticeListActivity
com.systoon.customhomepage.view.ServiceMapShowActivity
com.systoon.customhomepage.affair.view.AffairNoticeListActivity
com.systoon.customhomepage.affair.view.AffairServeSearchActivity
com.ccb.ccbnetpay.activity.CcbH5PayActivity
com.ccb.ccbnetpay.activity.appresult.ResultActivity
com.ccb.ccbnetpay.activity.CcbUnionPayActivity
android.ccb.llbt.ynccbpaylibrary.bIllPay.PayDetaileActivity
android.ccb.llbt.ynccbpaylibrary.bIllPay.CheckDeskActivity
android.ccb.llbt.ynccbpaylibrary.SDKWebViewActivity
com.systoon.interact.interactive.view.InteractiveSearchActivity
com.systoon.toonauth.authentication.view.activity.AuthProtocolActivity
com.systoon.toonauth.authentication.view.activity.PrimaryAuthenticationActivity
com.systoon.toonauth.authentication.view.activity.BJCameraActivity
com.systoon.toonauth.authentication.view.activity.AuthenticationIntroduceActivity
com.systoon.toonauth.authentication.view.activity.AuthenticationSelectActivity
com.systoon.toonauth.authentication.view.activity.AuthCheckFaceSuccessActivity
com.systoon.toonauth.authentication.view.activity.AuthSuccessActivity
com.systoon.toonauth.authentication.view.activity.AuthLevelActivity
com.systoon.toonauth.authentication.view.activity.PhoneVerifyActivity
com.systoon.toonauth.authentication.view.activity.SetPwdActivity
com.systoon.toonauth.authentication.view.activity.SetPwdAgainActivity
com.systoon.toonauth.authentication.view.activity.PwdManagerActivity
com.systoon.toonauth.authentication.view.activity.CropImgActivity
com.systoon.toonauth.authentication.view.activity.AuthenticationBankCardActivity
com.systoon.toonauth.authentication.view.activity.HaiXinActivity
com.systoon.toonauth.authentication.view.activity.HaiXinStartActivity
com.livedetect.LiveDetectActivity
com.systoon.toonauth.authentication.view.activity.AuthResponseDialogActivity
com.systoon.toonauth.authentication.view.activity.RegisterProtocolActivity
com.msgseal.card.vcardedit.VCardSettingActivity
com.msgseal.user.init.TmailInitActivity
com.msgseal.chat.common.chatRelate.ChatReportActivity
com.msgseal.chat.utils.video.PhotoRecorderActivity
com.msgseal.chat.common.chatRelate.ChatFilePreviewActivity
com.msgseal.chat.common.chatRelate.ChatVideoPlayActivity
com.msgseal.chat.common.chatRelate.ChatBurnActivity
com.msgseal.chat.common.chatRelate.ChatTextMessageActivity
com.msgseal.chat.receiverpage.ReceiverViewActivity
com.msgseal.card.vcardcreate.VCardCreateinfoActivity
com.msgseal.card.vcardedit.VCardEditInfoActivity
com.msgseal.card.vcardphotopreview.CardPhotoPreviewActivity
com.msgseal.card.qr.selectqr.TmailQRCodeListActivity
com.msgseal.card.qr.myqr.QRCodeTmailActivity
com.msgseal.card.qr.mylistqr.TmailQRListActivity
com.msgseal.card.base.view.CCameraActivity
com.msgseal.card.vcardphotopreview.PhotoPreViewActivity
com.msgseal.card.vcardread.VcardReaderActivity
com.msgseal.module.view.TmailTransitActivity
com.msgseal.base.ui.filebrowser.FileBrowserActivity
com.msgseal.performance.activity.FuncPerformanceActivity
com.msgseal.performance.activity.FuncDetailActivity
com.msgseal.performance.activity.FuncSettingActivity
com.msgseal.email.share.ShareNewTemailActivity
com.msgseal.chatapp.inputapp.ChooseFileFragmentActivity
com.msgseal.base.ui.SingleFragmentActivity
com.msgseal.card.operator.SetRemarkNameActivity
com.msgseal.card.operator.CardOperatorActivity
com.msgseal.chat.report.view.ReportListActivity
com.msgseal.chat.report.view.ReportIntroduceActivity
com.systoon.tconfigcenter.view.RegisterProtocolActivity
com.systoon.toongine.adapter.ToongineActivity
com.systoon.toongine.nativeapi.common.previewImage.PreviewImgActivity
com.systoon.toongine.nativeapi.common.media.audio.play.AudioMediaActivity
com.systoon.toongine.nativeapi.common.media.video.play.VideoMediaActivity
com.systoon.toongine.nativeapi.common.media.audio.record.AudioRecordActivity
com.systoon.toongine.nativeapi.common.media.video.record.VideoRecorderActivity
com.systoon.toongine.nativeapi.common.qrcode.view.ScannerActivity
com.systoon.toongine.common.utils.camera.CCameraActivity
com.tencent.connect.common.AssistActivity
com.systoon.tshare.third.share.view.BlankActivity
com.systoon.tskin.view.SkinShowActivity
com.systoon.st.ChatActivity
com.systoon.taccount.AccountManagerActivity
com.systoon.taccount.AccountBrowserActivity
com.systoon.toon.scan.view.ScannerActivity
com.systoon.toon.scan.view.ScanResultActivity
com.systoon.toon.scan.view.AppQRCodeActivity
com.systoon.tebackup.activity.BackupActivity
com.systoon.tebackup.activity.BackupNextActivity
com.systoon.tebackup.activity.RecoverActivity
com.systoon.tebackup.activity.SelectImportActivity
com.systoon.tebackup.activity.SelectBackupActivity
com.systoon.tebackup.activity.RecoverCPListActivity
com.systoon.tebackup.activity.BackupCPListActivity
com.systoon.tebackup.activity.KeyManagerPromptActivity
com.systoon.tebackup.activity.CPManagerActivity
com.systoon.tebackup.activity.RegisterBackupActivity
com.systoon.tebackup.activity.RegisterBackupNextActivity
com.systoon.tcloud.view.TCloudLoginActivity
com.systoon.tcloud.view.TCloudPhoneVerifyActivity
com.systoon.tcloud.view.SelectCountryActivity
com.zhengtoon.toon.common.utils.cameras.CCameraActivity
com.zhengtoon.toon.common.base.SingleFragmentActivity
com.zhengtoon.toon.common.base.SinglePanFragmentActivity
com.m7.imkfsdk.chat.ChatActivity
com.m7.imkfsdk.chat.OfflineMessageActicity
com.m7.imkfsdk.chat.ImageViewLookActivity
com.systoon.tmap.GPSNaviActivity
com.systoon.tmap.MapDrivePlanActivity
com.systoon.tmap.MapShowActivity
com.systoon.tmap.MapFragmentLoadActivity
com.amap.api.navi.AmapRouteActivity
com.systoon.inputapps.base.InputAppBaseActivity
com.systoon.inputapps.translate.TranslateActivity
com.systoon.inputapps.translate.TranslateListActivity
com.systoon.toon.photo.gallery.GalleryActivity
com.systoon.toon.photo.gallery.VideoEditActivity
com.systoon.tutils.cropimage.TCropImageActivity
com.vivo.push.sdk.LinkProxyClientActivity
com.zhuanche.winterolympic.home.HomeActivity
com.zhuanche.winterolympic.home.WalkRouteActivity
com.zhuanche.winterolympic.dispatchorder.DispatchOrderActivity
com.zhuanche.winterolympic.chooseaddress.ChooseAddressActivity
com.zhuanche.winterolympic.scan.SyCaptureActivity
com.zhuanche.winterolympic.trip.CurrentTripActivity
com.zhuanche.winterolympic.trip.CompleteTripActivity
com.zhuanche.winterolympic.trip.DailyTripActivity
com.zhuanche.winterolympic.trip.BusTripActivity
com.zhuanche.winterolympic.trip.TripListActivity
com.zhuanche.winterolympic.home.scanchooseaddr.ScanNowOderCommitActivity
com.huawei.hms.activity.BridgeActivity
com.huawei.hms.activity.EnableServiceActivity
com.huawei.updatesdk.service.otaupdate.AppUpdateActivity
com.huawei.updatesdk.support.pm.PackageInstallerActivity

Receivers

Information computed with AndroGuard. 

com.systoon.tnoticebox.receiver.MyTPushReceiver
com.systoon.customhomepage.receiver.NetChangeReceiver
com.msgseal.module.utils.PushReceiver
com.msgseal.module.TmailSyncCenterManager
com.moor.imkf.receiver.NetWorkReceiver
com.m7.imkfsdk.receiver.NewMsgReceiver
com.systoon.tutils.Multilingual.LanguageReceiver
com.systoon.push.VivoReceiver
com.systoon.push.XiaomiReceiver
com.xiaomi.push.service.receivers.NetworkStatusReceiver
com.xiaomi.push.service.receivers.PingReceiver
com.systoon.push.MeizuReceiver
com.zhuanche.winterolympic.receiver.LanguageReceiver
com.meizu.cloud.pushsdk.SystemReceiver
com.huawei.hms.support.api.push.PushMsgReceiver
com.huawei.hms.support.api.push.PushReceiver

Services

Information computed with AndroGuard. 

com.msgseal.module.utils.ChatHeadService
com.moor.imkf.tcpservice.service.IMService
com.amap.api.location.APSService
com.vivo.push.sdk.service.CommandClientService
com.xiaomi.push.service.XMJobService
com.xiaomi.push.service.XMPushService
com.xiaomi.mipush.sdk.PushMessageHandler
com.xiaomi.mipush.sdk.MessageHandleService
com.systoon.push.HuaweiService
com.heytap.msp.push.service.CompatibleDataMessageCallbackService
com.heytap.msp.push.service.DataMessageCallbackService
com.sitech.migurun.service.AudioPlayService
com.meizu.cloud.pushsdk.NotificationService
com.huawei.hms.support.api.push.service.HmsMsgService
com.huawei.agconnect.core.ServiceDiscovery

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['NFC', 'network connectivity', 'camera', 'location', 'bluetooth', 'microphone'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to ['calender', 'system logs', 'address book'].
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FTP_DIT_EXT.1.1 The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product.
Protection of Data in Transit
Pygal Canada: 100 Chile: 100 China: 1900 Germany: 1300 Denmark: 100 Hong Kong: 200 Ireland: 100 Russian Federation: 100 United States: 2100

Map computed by Pithus.

Network analysis

Information computed with MobSF.

High Base config is insecurely configured to permit clear text traffic to all domains.
Scope: ['*']
Medium Base config is configured to trust system certificates.
Scope: ['*']

Domains analysis

Information computed with MobSF.

US www.chilkatsoft.com 107.180.46.206
CN tsapi.amap.com 203.119.191.210
CN developt600.systoon.com 39.106.83.175
affinix.com
US docs.oasis-open.org 148.62.4.174
DE www.beijing2022.cn 2.16.186.34
US mpsapi.amap.com 198.11.189.27
CN contentt600.systoon.com 39.106.83.175
US purl.org 207.241.239.242
CN da.systoon.com 124.251.88.88
US www.mailpass.com 216.154.209.196
US spamarrest.com 75.126.8.202
CN msgseal.com 47.93.63.131
CN noticeappt600.systoon.com 39.106.83.175
CN log.iflytek.com 220.248.230.134
DE store-at-dre.hispace.dbankcloud.com 80.158.5.6
HK www.baidu.com 103.235.46.39
CN bigdata.beijing2022.cn 203.107.54.113
DE store.hispace.hicloud.com 160.44.202.202
IE login.microsoftonline.com 40.126.31.1
US m5.amap.com 198.11.189.26
CN nls-wave.aliyuncs.com 106.15.18.5
US cknotes.com 69.163.225.75
DE schemas.microsoft.com 104.111.237.228
DE www.zetetic.net 99.86.3.120
DE docs.microsoft.com 104.111.246.93
HK restsdk.amap.com 47.246.109.112
US www.anything.com 151.101.13.84
CN realsee.com 101.42.124.213
US accounts.google.com 142.250.186.45
US www.googleapis.com 172.217.16.138
DE appgallery.cloud.huawei.com 80.158.41.227
US etherx.jabber.org 208.68.163.210
DE iptc.org 3.64.29.21
CA www.winimage.com 198.50.170.91
ns.adobe.com
CN cardt600.systoon.com 39.106.83.175
US www.cknotes.com 69.163.225.75
RU dongaostatic.beijing2022.cn 79.133.177.188
CN hdns.openspeech.cn 42.62.116.34
us.rd.yahoo.com
schemas.alibaba-inc.com
DE www.solve360.com 143.204.215.128
DK pddstudio.com 46.30.215.43
CN tmailc.huairoutoon.com 39.105.61.169
US www.example.com 93.184.216.34
US support.google.com 142.250.184.238
CL www.sii.cl 200.10.252.208
CN nls-log-gather.aliyuncs.com 203.119.207.242
US www.w3.org 128.30.52.100
DE camaya.net 5.9.102.207
US www.boxbe.com 18.204.73.86
US play.google.com 142.250.185.238
DE www.openssl.org 23.45.99.93
CN aiui-ipv6.openspeech.cn 42.62.116.27
DE support.microsoft.com 2.18.233.31
us.ard.yahoo.com
CN pre-nls-gateway-inner.aliyuncs.com 140.205.215.168
US jabber.org 208.68.163.218
CN my2022.beijing2022.cn 203.107.54.113
CN dongaoserver.beijing2022.cn 203.107.54.113
DE schemas.xmlsoap.org 104.111.237.228
CN tmail.beijing2022.cn 203.107.54.113
US github.com 140.82.121.4
ns.microsoft.com
US lame.sf.net 204.68.111.100

URL analysis

Information computed with MobSF.

https://my2022.beijing2022.cn/org-contact-api
https://my2022.beijing2022.cn/content-report
http://contentt600.systoon.com/groupapi
https://my2022.beijing2022.cn/admanage/
http://contentt600.systoon.com/support
http://contentt600.systoon.com/headline
https://my2022.beijing2022.cn/org-tproxy
http://cardt600.systoon.com/dfs
https://my2022.beijing2022.cn/uias
https://my2022.beijing2022.cn/cytflinteraction-interaction-app/
http://cardt600.systoon.com/card
https://my2022.beijing2022.cn/uias/auth/authorize?clientId=
http://developt600.systoon.com/applib
https://my2022.beijing2022.cn/content-operating
https://my2022.beijing2022.cn/content-audit
https://my2022.beijing2022.cn/org-contacts-sync
https://bigdata.beijing2022.cn/sa?project=production
https://my2022.beijing2022.cn/org-workbench-api
https://dongaoserver.beijing2022.cn/medal-table
http://noticeappt600.systoon.com
https://my2022.beijing2022.cn/homepage-api
http://tmailc.huairoutoon.com
http://cardt600.systoon.com/tcard
https://my2022.beijing2022.cn/search
https://my2022.beijing2022.cn/toonuser
https://my2022.beijing2022.cn/app-config-api
https://tmail.beijing2022.cn/pushgw/
https://tmail.beijing2022.cn/otm/public
https://tmail.beijing2022.cn
https://tmail.beijing2022.cn/
https://tmail.beijing2022.cn/mediabank/
https://tmail.beijing2022.cn/avatartmail/
https://appgallery.cloud.huawei.com/app/
https://play.google.com/store/apps/details?id=
https://appgallery.cloud.huawei.com
http://pddstudio.com/
https://github.com/PDDStudio/highlightjs-android
https://www.zetetic.net/sqlcipher/
https://www.zetetic.net/sqlcipher/license/
https://github.com/sqlcipher/android-database-sqlcipher
https://github.com/vinc3m1
https://github.com/vinc3m1/RoundedImageView
https://github.com/vinc3m1/RoundedImageView.git
file:///android_asset/private_protocol.html
https://dongaostatic.beijing2022.cn/notice-reporting/index.html?language=zh
https://dongaostatic.beijing2022.cn/download/index.html
https://da.systoon.com/config/?project=production
https://da.systoon.com/config/?project=default
https://da.systoon.com/sa/?project=production
https://da.systoon.com/sa/?project=default
https://msgseal.com/download/
file:///android_asset/protocol/save.html
file:///android_asset/protocol/use.html
https://store-at-dre.hispace.dbankcloud.com/hwmarket/api/
https://store.hispace.hicloud.com/hwmarket/api/
https://realsee.com/ke/kjZwe3qA4nY37dBG/74Lqjm4uxhq9b06zRxdEfqTgApR6Hr89/#lianjia
https://www.beijing2022.cn/wap_cn/headlines.htm
file:///android_asset/private_protocol_en.html
https://dongaostatic.beijing2022.cn/notice-reporting/index.html?language=en
file:///android_asset/protocol/save-en.html
file:///android_asset/protocol/use-en.html
https://www.beijing2022.cn/wap_en/headlines.htm
Defined in Android String Resource