0/62

Threat

com.sec.android.app.setupwizard

Setup Wizard

Analyzed on 2022-05-27T12:03:42.545417

35

permissions

54

activities

12

services

10

receivers

12

domains

File sums

MD5 e492cbb348ff55063c0819fff0a06f37
SHA1 660fabbb5e96a77c46a9c2b6cb16e0c69d47e62f
SHA256 dd4ed9886733d6a7bede966c2ea11b0beb898c41c05555de8e89b65dc306cf59
Size 11.16MB

APKiD

Information computed with APKiD.

/tmp/tmpwcyzsjcq!classes.dex
anti_vm
  • Build.FINGERPRINT check
  • Build.PRODUCT check
  • SIM operator check
  • device ID check
  • subscriber ID check
  • ro.build.type check
manipulator
  • dexmerge
compiler
  • dx (possible dexmerge)

SSdeep

Information computed with ssdeep.

APK file 196608:cjwC5GsMbDxEMLZHg9OFR/2v2lRHe5EWtI1HrC9yK86SJF:cEHsS1vFA4vTRHe5E31LC9yK86SJF
Manifest 768:1FpwoH/R6MM/sO/NgQBzDEOd8Z63KJ3yw2MAZMAaz+XCzBmpOSVhEwoxeXlDL7h1:…
classes.dex 49152:UWr3hWnt/sAzEtBUSJdu0wLY/H9xzK62ix1Gxv4zU/IJ32My3pcLfFYvmqekJgB…

Dexofuzzy

Information computed with Dexofuzzy.

APK file 3072:QAp+UwTOxHJwyuzWg6tXHxTIQksAhiFtMUDTxejoVD:QkCOxpwyaWgyTNko3/j
classes.dex 3072:QAp+UwTOxHJwyuzWg6tXHxTIQksAhiFtMUDTxejoVD:QkCOxpwyaWgyTNko3/j

APK details

Information computed with AndroGuard and Pithus.

Package com.sec.android.app.setupwizard
App name Setup Wizard
Version name 6.1.36
Version code 613622110
SDK 28 - 28
UAID ad31cf4f0bc540fc341ccd8d6ca1d9b967a60a71
Signature Signature V1 Signature V2
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown

Certificate details

Information computed with AndroGuard.

MD5 d087e72912fba064cafa78dc34aea839
SHA1 9ca5170f381919dfe0446fcdab18b19a143b3163
SHA256 34df0e7a9f1cf1892e45c056b4973cd81ccf148a4050d11aea4ac5a65f900a42
Issuer Email Address: android.os@samsung.com, Common Name: Samsung Cert, Organizational Unit: DMC, Organization: Samsung Corporation, Locality: Suwon City, State/Province: South Korea, Country: KR
Not before 2011-06-22T12:25:12+00:00
Not after 2038-11-07T12:25:12+00:00

File Analysis

Information computed with MobSF.

Findings Files
Certificate/Key files hardcoded inside the app. SEC-INF/buildConfirm.crt

Manifest analysis

Information computed with MobSF.

Low App is direct-boot aware [android:directBootAware=true]
This app can run before the user unlocks the device. If you're using a custom subclass of Application, and if any component inside your application is direct - boot aware, then your entire custom application is considered to be direct - boot aware.During Direct Boot, your application can only access the data that is stored in device protected storage.
Low App has a Network Security Configuration[android:networkSecurityConfig=@xml/network_security_config]
The Network Security Configuration feature lets apps customize their network security settings in a safe, declarative configuration file without modifying app code. These settings can be configured for specific domains and for a specific app.
High TaskAffinity is set for Activity
(com.sec.android.app.setupwizard.OemPreSetupActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Activity (com.sec.android.app.setupwizard.OemPreSetupActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High TaskAffinity is set for Activity
(com.sec.android.app.setupwizard.google.GoogleBixbyIntroActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Activity (com.sec.android.app.setupwizard.google.GoogleBixbyIntroActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High TaskAffinity is set for Activity
(com.sec.android.app.setupwizard.google.GooglePreSetupActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Activity (com.sec.android.app.setupwizard.google.GooglePreSetupActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High TaskAffinity is set for Activity
(com.sec.android.app.setupwizard.system.StartActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Activity (com.sec.android.app.setupwizard.system.StartActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.vzw.activation.InitActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.language.LanguageActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity-Alias (com.sec.android.app.setupwizard.language.LanguageActivityAfterPortal) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.eula.TermsAndConditionsActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity-Alias (com.sec.android.app.setupwizard.eula.TermsAndConditionsAfterAFW) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.eula.EulaCheckActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.eula.EulaActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.eula.ExternalEulaActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.eula.DiagnosticActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.eula.ExternalDiagnosticActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.vzw.activation.ExternalNoSimDialogActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.vzw.activation.GlobalModeDialogActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.system.ConnectivityCheckActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High TaskAffinity is set for Activity
(com.sec.android.app.setupwizard.vzw.activation.ActivationActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Activity (com.sec.android.app.setupwizard.vzw.activation.ActivationActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High TaskAffinity is set for Activity
(com.sec.android.app.setupwizard.vzw.activation.poa.PoaDialogActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Activity (com.sec.android.app.setupwizard.wifi.WiFiActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity-Alias (com.sec.android.app.setupwizard.wifi.WiFiActivityPrepaid) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.wifi.NoNetworkActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.wifi.NoNetworkLockedActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.wifi.NoNetworkTabletActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.wifi.DataDisclaimerActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.vzw.prepaid.VerizonPortalActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.samsung.restore.FastTrackActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.samsung.SamsungAccountActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.vzw.cloud.CloudActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.email.EmailActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.vzw.snp.SnpActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.google.GoogleSetupLockScreenActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.google.GoogleFrpVerificationActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.google.GooglePaiActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.kme.B2bDeviceCheckActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.kme.KmeActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.kme.PostB2bSetup) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.summary.ReadyToGoActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.summary.PersonalizeYourDeviceActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High TaskAffinity is set for Activity
(com.sec.android.app.setupwizard.system.ExitActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Activity (com.sec.android.app.setupwizard.system.ExitActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity-Alias (com.sec.android.app.setupwizard.system.ExitHomeActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.OemPostSetupActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.language.WelcomeActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.cct.ComcastSetupActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (com.samsung.vzw.activationagent.ActivationAgentService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (com.samsung.vzw.activationagent.pco.PortalSupportService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (com.sec.android.app.setupwizard.kme.KmeService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (com.samsung.vzw.activationagent.receiver.LaunchBroadcastReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Broadcast Receiver (com.samsung.vzw.activationagent.receiver.LocaleBroadcastReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Broadcast Receiver (com.samsung.vzw.activationagent.receiver.MobileDataBroadcastReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (com.samsung.vzw.activationagent.receiver.PcoBroadcastReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Broadcast Receiver (com.samsung.vzw.activationagent.receiver.SimStateBroadcastReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Broadcast Receiver (com.sec.android.app.setupwizard.system.OnBootBroadcastReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Broadcast Receiver (com.sec.android.app.setupwizard.language.LanguageShutdownReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.cct.ComcastActivationActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (com.samsung.vzw.activationagent.call.OutgoingCallReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Activity (com.sec.android.app.setupwizard.system.SecurityInterceptActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Service (com.sec.android.app.setupwizard.vzw.dep.CheckDepJobService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.vzw.dep.DepActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (com.samsung.vzw.activationagent.receiver.EmmCauseCodeReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Activity (com.sec.android.app.setupwizard.cha.CharterActivationActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.cha.CharterWifiSetupActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.sec.android.app.setupwizard.gizmo.GizmoSetLauncherActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.sec.android.app.setupwizard.vzw.privacy.ServicePrivacyActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INVOKE_CARRIER_SETUP [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.

Browsable activities

Information computed with MobSF.

com.sec.android.app.setupwizard.system.SecurityInterceptActivity

Schemes: http:// https:// ftp:// file:// data:// info:// smb:// nfs://

Mime types: text/plain

Activities

Information computed with AndroGuard.

com.sec.android.app.setupwizard.OemPreSetupActivity
com.sec.android.app.setupwizard.google.GoogleBixbyIntroActivity
com.sec.android.app.setupwizard.google.GooglePreSetupActivity
com.sec.android.app.setupwizard.system.StartActivity
com.sec.android.app.setupwizard.vzw.activation.InitActivity
com.sec.android.app.setupwizard.language.LanguageActivity
com.sec.android.app.setupwizard.eula.TermsAndConditionsActivity
com.sec.android.app.setupwizard.eula.EulaCheckActivity
com.sec.android.app.setupwizard.eula.EulaActivity
com.sec.android.app.setupwizard.eula.ExternalEulaActivity
com.sec.android.app.setupwizard.eula.DiagnosticActivity
com.sec.android.app.setupwizard.eula.ExternalDiagnosticActivity
com.sec.android.app.setupwizard.vzw.activation.ExternalNoSimDialogActivity
com.sec.android.app.setupwizard.vzw.activation.GlobalModeDialogActivity
com.sec.android.app.setupwizard.system.ConnectivityCheckActivity
com.sec.android.app.setupwizard.vzw.activation.ActivationActivity
com.sec.android.app.setupwizard.vzw.activation.poa.PoaDialogActivity
com.sec.android.app.setupwizard.vzw.activation.ActivationSuccessDialogActivity
com.sec.android.app.setupwizard.wifi.WiFiActivity
com.sec.android.app.setupwizard.wifi.NoNetworkActivity
com.sec.android.app.setupwizard.wifi.NoNetworkLockedActivity
com.sec.android.app.setupwizard.wifi.NoNetworkTabletActivity
com.sec.android.app.setupwizard.wifi.DataDisclaimerActivity
com.sec.android.app.setupwizard.vzw.prepaid.VerizonPortalActivity
com.sec.android.app.setupwizard.samsung.restore.FastTrackActivity
com.sec.android.app.setupwizard.samsung.SamsungAccountActivity
com.sec.android.app.setupwizard.vzw.cloud.CloudActivity
com.sec.android.app.setupwizard.email.EmailActivity
com.sec.android.app.setupwizard.vzw.snp.SnpActivity
com.sec.android.app.setupwizard.google.GoogleSetupLockScreenActivity
com.sec.android.app.setupwizard.google.GoogleFrpVerificationActivity
com.sec.android.app.setupwizard.google.GooglePaiActivity
com.sec.android.app.setupwizard.kme.B2bDeviceCheckActivity
com.sec.android.app.setupwizard.kme.KmeActivity
com.sec.android.app.setupwizard.kme.KmeErrorActivity
com.sec.android.app.setupwizard.kme.PostB2bSetup
com.sec.android.app.setupwizard.summary.ReadyToGoActivity
com.sec.android.app.setupwizard.summary.PersonalizeYourDeviceActivity
com.sec.android.app.setupwizard.system.ExitActivity
com.sec.android.app.setupwizard.OemPostSetupActivity
com.sec.android.app.setupwizard.language.WelcomeActivity
com.sec.android.app.setupwizard.cct.ComcastSetupActivity
com.samsung.vzw.activationagent.call.CallActivity
com.sec.android.app.setupwizard.cct.ComcastActivationActivity
com.sec.android.app.setupwizard.system.SecurityInterceptActivity
com.sec.android.app.setupwizard.vzw.dep.DepActivity
com.sec.android.app.setupwizard.vzw.activation.poa.test.PoaTestConfigurationActivity
com.sec.android.app.setupwizard.debug.prepay.PrepayTestConfigurationActivity
com.sec.android.app.setupwizard.debug.vzselect.VzSelectTestConfigurationActivity
com.sec.android.app.setupwizard.cha.CharterActivationActivity
com.sec.android.app.setupwizard.cha.CharterWifiSetupActivity
com.sec.android.app.setupwizard.gizmo.GizmoSetLauncherActivity
com.sec.android.app.setupwizard.vzw.privacy.ServicePrivacyActivity
com.samsung.android.maspolicy.PrivacyPolicy

Receivers

Information computed with AndroGuard.

com.samsung.vzw.activationagent.receiver.LaunchBroadcastReceiver
com.samsung.vzw.activationagent.receiver.LocaleBroadcastReceiver
com.samsung.vzw.activationagent.receiver.MobileDataBroadcastReceiver
com.samsung.vzw.activationagent.receiver.NotificationBroadcastReceiver
com.samsung.vzw.activationagent.receiver.PcoBroadcastReceiver
com.samsung.vzw.activationagent.receiver.SimStateBroadcastReceiver
com.sec.android.app.setupwizard.system.OnBootBroadcastReceiver
com.sec.android.app.setupwizard.language.LanguageShutdownReceiver
com.samsung.vzw.activationagent.call.OutgoingCallReceiver
com.samsung.vzw.activationagent.receiver.EmmCauseCodeReceiver

Services

Information computed with AndroGuard.

com.samsung.vzw.activationagent.ActivationAgentService
com.sec.android.app.setupwizard.google.GoogleObserverService
com.samsung.vzw.activationagent.pco.PortalSupportService
com.sec.android.app.setupwizard.kme.KmeService
com.samsung.vzw.activationagent.utils.notifications.cct.CctActivationFailedActionService
com.samsung.vzw.activationagent.call.PhoneStateService
com.samsung.vzw.activationagent.call.CallService
com.sec.android.app.setupwizard.vzw.dep.CheckDepJobService
com.sec.android.app.setupwizard.vzw.activation.poa.test.PoaTestIndicatorService
com.sec.android.app.setupwizard.debug.prepay.PrepayTestIndicatorService
com.sec.android.app.setupwizard.contentobserver.ContentObserverService
com.sec.android.app.setupwizard.debug.vzselect.VzSelectTestIndicatorService

Sample timeline

Oldest file found in APK Jan. 1, 2009, midnight
Latest file found in APK Jan. 1, 2009, midnight
Certificate valid not before June 22, 2011, 12:25 p.m.
First submission on VT April 27, 2021, 4 a.m.
Last submission on VT April 27, 2021, 4 a.m.
Upload on Pithus May 27, 2022, 12:03 p.m.
Certificate valid not after Nov. 7, 2038, 12:25 p.m.

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application use no DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['network connectivity'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application implement functionality to encrypt sensitive data in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit
FCS_HTTPS_EXT.1.1 The application implement the HTTPS protocol that complies with RFC 2818.
HTTPS Protocol
FCS_HTTPS_EXT.1.2 The application implement HTTPS using TLS.
HTTPS Protocol
FCS_HTTPS_EXT.1.3 The application notify the user and not establish the connection or request application authorization to establish the connection if the peer certificate is deemed invalid.
HTTPS Protocol
FIA_X509_EXT.2.1 The application use X.509v3 certificates as defined by RFC 5280 to support authentication for HTTPS , TLS.
X.509 Certificate Authentication

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 com/sec/android/app/setupwizard/vzw/activation/fragment/ActivationResultFragment.java
com/sec/android/app/setupwizard/system/ConnectivityCheckActivity.java
com/sec/android/app/setupwizard/log/Log.java
com/sec/android/app/setupwizard/language/util/PlusGestureDetector.java
com/samsung/vzw/activationagent/statemachine/poa/ActionPoaNoLteConnectivity.java
com/samsung/vsf/SDKConnectionManager.java
com/samsung/vzw/activationagent/statemachine/poa/eas/ValidateCustomerRequestImplV2.java
com/samsung/vzw/activationagent/statemachine/activation/ActionOtaspStillInProgress.java
com/airbnb/lottie/parser/MaskParser.java
com/samsung/vzw/activationagent/statemachine/pco/ActionCheckForPersistentPco.java
com/samsung/vzw/activationagent/statemachine/pco/ActionPcoTimeoutNotRedirected.java
com/samsung/vzw/activationagent/statemachine/pco/ActionPcoZeroBalance.java
com/sec/android/app/setupwizard/wifi/WiFiActivity.java
com/sec/android/app/setupwizard/bixby/hq/VoiceCommandHelper.java
com/samsung/vzw/activationagent/manager/ModemUtil.java
com/samsung/vzw/activationagent/statemachine/poa/ActionPoaUpgradeOrderValidationDone.java
com/sec/android/app/setupwizard/bixby/util/BixbyScriptPlayer.java
com/samsung/vzw/activationagent/statemachine/pco/ActionPcoPrepayMvno.java
com/samsung/vzw/activationagent/receiver/EmmCauseCodeReceiver.java
com/sec/android/app/setupwizard/vzw/mvs/Mvs.java
com/sec/android/app/setupwizard/cha/activation/CharterResultFragment.java
com/sec/android/app/setupwizard/gizmo/GizmoSetLauncherActivity.java
com/sec/android/app/setupwizard/bixby/hq/vi/SolidBounceEffect.java
com/samsung/vzw/activationagent/statemachine/sim/ActionSimUnknown.java
com/sec/android/app/setupwizard/language/DebugKeySequenceDetector.java
com/samsung/vzw/activationagent/statemachine/cha/sim/ActionSimEmm.java
com/sec/android/app/setupwizard/kme/B2bDeviceCheckActivity.java
com/samsung/vzw/activationagent/call/CallActivity.java
com/samsung/vzw/activationagent/statemachine/sim/ActionSimAirplane.java
com/sec/android/vzwswlibrary/util/Utils.java
com/samsung/vzw/activationagent/statemachine/pco/ActionProcessPersistentPco.java
com/sec/android/app/setupwizard/google/LegacyAfwUtils.java
com/airbnb/lottie/manager/ImageAssetManager.java
com/airbnb/lottie/LottieDrawable.java
com/sec/android/app/setupwizard/bixby/hq/vi/logoparticle/BixbyUserSayingView.java
com/sec/android/app/setupwizard/vzw/activation/poa/fragment/PoaValidationFragmentV2.java
com/samsung/vzw/activationagent/carrier/cha/AutoConnectController.java
com/samsung/vzw/activationagent/statemachine/cct/sim/ActionSimVzw.java
com/samsung/vzw/activationagent/statemachine/StateMachine.java
com/sec/android/app/setupwizard/bixby/hq/vi/BixbyUserSayingView.java
com/samsung/vzw/activationagent/statemachine/tfn/sim/ActionSimEmm.java
com/samsung/vzw/activationagent/statemachine/poa/ActionPoaModemReset.java
com/samsung/vzw/activationagent/statemachine/poa/eas/LookupOrderResponseImplV1.java
com/sec/android/app/setupwizard/email/EmailActivity.java
com/sec/android/app/setupwizard/SetupWizardActivity.java
com/airbnb/lottie/parser/AnimatableTransformParser.java
com/sec/android/app/setupwizard/flow/Module.java
com/samsung/vzw/activationagent/statemachine/poa/eas/ReleaseOrderRequestImplV1.java
com/samsung/vzw/activationagent/manager/ActivationManager.java
com/samsung/vzw/activationagent/statemachine/poa/ActionPoaUpgradeOrderReleaseSuccess.java
com/samsung/vzw/activationagent/statemachine/vzw/sim/ActionSimEmm.java
com/samsung/vzw/activationagent/statemachine/sim/ActionSimNonReadable.java
com/airbnb/lottie/LottieComposition.java
com/samsung/vzw/activationagent/statemachine/generic/sim/ActionGenericSim.java
com/sec/android/app/setupwizard/google/GooglePaiActivity.java
com/sec/android/app/setupwizard/kme/KmeService.java
com/samsung/vzw/activationagent/statemachine/cct/sim/ActionSimCold.java
com/sec/android/app/setupwizard/language/LocaleSpinnerFragment.java
com/samsung/vzw/activationagent/statemachine/pco/ActionVzwPcoOdiCarrier.java
com/airbnb/lottie/L.java
com/samsung/vzw/activationagent/statemachine/poa/ActionPoaAuthenticationNeeded.java
com/sec/android/app/setupwizard/system/ReactivationUtils.java
com/samsung/vzw/activationagent/statemachine/cct/sim/ActionSimNonCct.java
com/sec/android/app/setupwizard/kme/KmeActivity.java
com/samsung/vzw/activationagent/statemachine/activation/ActionOtaspUninitializedTimeout.java
com/sec/android/app/setupwizard/OemPostSetupActivity.java
com/sec/android/app/setupwizard/platform/reflection/LocalePicker.java
com/samsung/vzw/activationagent/monitor/ConnectivityChangeReceiver.java
com/samsung/vzw/activationagent/statemachine/pco/ActionPcoTimeoutRestrictedAccess.java
com/samsung/vzw/activationagent/statemachine/sim/ActionSimNonCarrierEmm.java
com/samsung/vzw/activationagent/statemachine/cct/sim/ActionSimEmm.java
com/samsung/vzw/activationagent/receiver/SimStateBroadcastReceiver.java
com/airbnb/lottie/PerformanceTracker.java
com/samsung/vzw/activationagent/statemachine/pco/ActionPcoOdiCarrier.java
com/sec/android/app/setupwizard/system/ExitActivity.java
com/samsung/vzw/activationagent/statemachine/poa/ActionPoaNewOrderValidationDone.java
com/samsung/vzw/activationagent/statemachine/activation/ActionOtaspInProgress.java
com/sec/android/app/setupwizard/eula/TermsAndConditionsActivity.java
com/samsung/vzw/activationagent/statemachine/pco/ActionPcoTimeout.java
com/samsung/vzw/activationagent/receiver/MobileDataBroadcastReceiver.java
com/sec/android/vzwswlibrary/ui/VoiceGuideButton.java
com/samsung/vzw/activationagent/monitor/VerizonRedirectionCheck.java
com/sec/android/app/setupwizard/vzw/activation/ActivationSuccessDialogActivity.java
com/samsung/vzw/activationagent/statemachine/poa/eas/EasRequest.java
com/sec/android/app/setupwizard/vzw/activation/InitActivity.java
com/samsung/vzw/activationagent/statemachine/pco/ActionPersistentPco5.java
com/airbnb/lottie/parser/ContentModelParser.java
com/samsung/vzw/activationagent/statemachine/pco/ActionPcoRestricted.java
com/sec/android/app/setupwizard/vzw/privacy/ServicePrivacyActivity.java
com/samsung/vzw/activationagent/receiver/NotificationBroadcastReceiver.java
com/sec/android/app/setupwizard/samsung/restore/FastTrackActivity.java
com/sec/android/app/setupwizard/vzw/activation/poa/fragment/PoaValidationSsnFragment.java
com/samsung/vzw/activationagent/statemachine/cha/sim/ActionSimCold.java
com/sec/android/app/setupwizard/platform/reflection/IActivityManager.java
com/samsung/vzw/activationagent/pco/PcoUtil.java
com/sec/android/app/setupwizard/language/AccessibilityEnabler.java
com/sec/android/app/setupwizard/google/GoogleSetupLockScreenActivity.java
com/sec/android/app/setupwizard/platform/reflection/ServiceState.java
com/airbnb/lottie/LottieAnimationView.java
com/sec/android/app/setupwizard/system/OnBootBroadcastReceiver.java
com/sec/android/app/setupwizard/debug/prepay/PrepayTestConfigurationFragment.java
com/sec/android/app/setupwizard/system/StartActivity.java
com/samsung/vzw/activationagent/statemachine/sim/ActionSimPresent.java
com/samsung/vzw/activationagent/manager/ReusedSimManager.java
com/sec/android/app/setupwizard/language/LanguageActivity.java
com/samsung/vzw/activationagent/monitor/HttpRedirectionCheck.java
com/sec/android/app/setupwizard/summary/PersonalizeYourDeviceActivity.java
com/sec/android/app/setupwizard/vzw/activation/ActivationActivity.java
com/samsung/vzw/activationagent/statemachine/poa/ActionPoaLostOrStolen.java
com/sec/android/app/setupwizard/DeviceInfo.java
com/sec/android/app/setupwizard/cha/activation/CharterInProgressFragment.java
com/samsung/vzw/activationagent/call/PhoneStateService.java
com/samsung/vzw/activationagent/statemachine/poa/ActionPoaTryAgainValidate.java
com/sec/android/vzwswlibrary/util/WizardSystemBarHelper.java
com/samsung/vzw/activationagent/statemachine/poa/ActionPoaValidateOrder.java
com/samsung/vzw/activationagent/statemachine/cha/activation/ActionActivationCompleted.java
com/samsung/vzw/activationagent/receiver/PcoBroadcastReceiver.java
com/samsung/vzw/activationagent/statemachine/pco/ActionWaitForPco.java
com/sec/android/app/setupwizard/vzw/cloud/CloudActivity.java
com/samsung/vzw/activationagent/statemachine/StateMachineManager.java
com/sec/android/app/setupwizard/google/GoogleBixbyIntroActivity.java
com/samsung/vzw/activationagent/statemachine/poa/ActionPoaBusinessRestricted.java
com/samsung/vzw/activationagent/statemachine/pco/ActionPcoSelfActivation.java
com/sec/android/app/setupwizard/SetupWizardApplication.java
com/samsung/vzw/activationagent/statemachine/cha/sim/ActionSimNonCha.java
com/samsung/vzw/activationagent/statemachine/poa/eas/LookupOrderRequestImplV2.java
com/samsung/vzw/activationagent/statemachine/poa/ActionPoaNonPendingOrder.java
com/sec/android/app/setupwizard/system/SecurityInterceptActivity.java
com/sec/android/app/setupwizard/OemPreSetupActivity.java
com/sec/android/app/setupwizard/contentobserver/AirplaneMode.java
com/sec/android/app/setupwizard/bixby/hq/vi/ParticleViewAnimation.java
com/sec/android/app/setupwizard/vzw/activation/GlobalModeDialogActivity.java
com/samsung/vzw/activationagent/statemachine/pco/ActionPcoPostpayMvno.java
com/sec/android/app/setupwizard/cha/CharterActivationActivity.java
com/samsung/vzw/activationagent/statemachine/sim/ActionSimNotDetermined.java
com/samsung/vzw/activationagent/statemachine/poa/eas/LookupOrderResponseImplV2.java
com/samsung/vzw/activationagent/statemachine/poa/ActionPoaReleaseOrder.java
com/sec/android/app/setupwizard/debug/prepay/PrepayTestIndicatorService.java
com/samsung/vzw/activationagent/utils/HttpRequest.java
com/sec/android/app/setupwizard/samsung/SamsungAccountActivity.java
com/sec/android/app/setupwizard/summary/ReadyToGoActivity.java
com/samsung/vzw/activationagent/statemachine/State.java
com/sec/android/app/setupwizard/vzw/dep/CheckDepJobService.java
com/samsung/vzw/activationagent/statemachine/vzw/sim/ActionSimVzw.java
com/samsung/vzw/activationagent/statemachine/activation/ActionOtaspAlreadyActivated.java
com/samsung/vzw/activationagent/statemachine/poa/ActionPoaOrderReleaseFailed.java
com/sec/android/app/setupwizard/cct/fragment/ComcastBaseFragment.java
com/samsung/vzw/activationagent/monitor/SequentialPoller.java
com/sec/android/app/setupwizard/flow/Flow.java
com/samsung/vzw/activationagent/statemachine/poa/ActionPoaOngoingCallCheck.java
com/sec/android/app/setupwizard/google/GoogleObserverService.java
com/sec/android/app/setupwizard/vzw/activation/fragment/ActivationSuccessFragment.java
com/samsung/vzw/activationagent/ActivationAgentService.java
com/sec/android/app/setupwizard/cct/ComcastActivationActivity.java
com/samsung/vzw/activationagent/statemachine/vzw/sim/ActionSimModemReset.java
com/sec/android/vzwswlibrary/SetupWizardBaseActivity.java
com/samsung/vzw/activationagent/statemachine/pco/ActionPco5Check.java
com/samsung/vzw/activationagent/carrier/cha/AirSense.java
com/sec/android/app/setupwizard/vzw/vzselects/VzSelectsApi.java
com/sec/android/app/setupwizard/vzw/snp/SnpActivity.java
com/samsung/vzw/activationagent/statemachine/activation/ActionOtaspNoService.java
com/samsung/vzw/activationagent/receiver/LocaleBroadcastReceiver.java
com/sec/android/app/setupwizard/eula/EulaActivity.java
com/samsung/vzw/activationagent/statemachine/poa/ActionPoaValidationFailedNoRetry.java
com/samsung/vzw/activationagent/statemachine/pco/ActionPcoTimeoutRedirected.java
com/samsung/vzw/activationagent/statemachine/tfn/sim/ActionSimCold.java
com/sec/android/app/setupwizard/vzw/dep/DepManager.java
com/sec/android/app/setupwizard/system/SystemActivity.java
com/sec/android/app/setupwizard/vzw/activation/ExternalNoSimDialogActivity.java
com/airbnb/lottie/LottieTask.java
com/samsung/vzw/activationagent/statemachine/poa/ActionPoaLookupOrder.java
com/sec/android/app/setupwizard/vzw/activation/poa/fragment/PoaBaseFragment.java
com/samsung/vzw/activationagent/utils/ActivationAgentUtils.java
com/sec/android/app/setupwizard/bixby/view/ParticleViewLayout.java
com/samsung/vzw/activationagent/statemachine/activation/ActionOtaspNewlyActivated.java
com/samsung/vzw/activationagent/statemachine/activation/ActionOtaspTimeout.java
com/samsung/vzw/activationagent/call/CallService.java
com/airbnb/lottie/manager/FontAssetManager.java
com/samsung/vzw/activationagent/monitor/Monitor.java
com/sec/android/app/setupwizard/vzw/cloud/CloudUtils.java
com/samsung/vzw/activationagent/statemachine/cha/sim/ActionSimVzw.java
com/sec/android/app/setupwizard/bixby/util/BixbyUtils.java
com/samsung/vzw/activationagent/statemachine/poa/ActionPoaValidationFailedRetry.java
com/samsung/vsf/SpeechRecognizer.java
com/sec/android/app/setupwizard/ExternalSetupActivity.java
com/samsung/vzw/activationagent/monitor/ModemResetPoller.java
com/samsung/vzw/activationagent/statemachine/pco/ActionPcoPostpay.java
com/samsung/vzw/activationagent/manager/ActivationManagerMock.java
com/samsung/vzw/activationagent/monitor/Poller.java
com/samsung/vzw/activationagent/call/OutgoingCallReceiver.java
com/samsung/vzw/activationagent/statemachine/vzw/sim/ActionSimMvno.java
com/sec/android/app/setupwizard/cct/xfinity/NWDManager.java
com/samsung/vzw/activationagent/statemachine/poa/ActionPoaOrderReleaseFailedPendingProvision.java
com/sec/android/app/setupwizard/bixby/BixbyView.java
com/sec/android/app/setupwizard/kme/KmeManager.java
com/sec/android/app/setupwizard/vzw/activation/poa/fragment/PoaValidationAccountPinFragment.java
com/samsung/vzw/activationagent/statemachine/sim/ActionSimLocked.java
com/samsung/vzw/activationagent/statemachine/activation/ActionCheckForPrepay.java
com/sec/android/app/setupwizard/cct/ComcastSetupStateManager.java
com/samsung/vzw/activationagent/statemachine/sim/ActionSimLoaded.java
com/samsung/vzw/activationagent/monitor/WifiConnectionTimeoutPoller.java
com/samsung/vzw/activationagent/receiver/LaunchBroadcastReceiver.java
com/sec/android/app/setupwizard/vzw/activation/poa/fragment/PoaUserActivateSelectionFragment.java
com/samsung/vzw/activationagent/statemachine/poa/ActionPoaEas.java
com/samsung/vzw/activationagent/statemachine/vzw/sim/ActionSimNonVzw.java
com/samsung/vzw/activationagent/statemachine/pco/ActionPersistentPco3.java
com/samsung/vzw/activationagent/statemachine/activation/ActionOtaspActivatedUserSkipped.java
com/samsung/vzw/activationagent/statemachine/poa/ActionPoaNewOrderReleaseSuccess.java
com/sec/android/app/setupwizard/language/util/Line.java
com/samsung/vzw/activationagent/monitor/CheckConnectivity.java
com/sec/android/app/setupwizard/cct/ComcastSetupActivity.java
com/samsung/vzw/activationagent/statemachine/poa/eas/ValidateCustomerRequestImplV1.java
com/sec/android/app/setupwizard/bixby/hq/vi/logoparticle/LogoButton.java
com/sec/android/app/setupwizard/vzw/activation/poa/fragment/PoaReadyToActivateFragment.java
com/samsung/vzw/activationagent/statemachine/poa/ActionPoaGeneralError.java
com/samsung/vzw/activationagent/statemachine/vzw/sim/ActionSimCold.java
com/samsung/vzw/activationagent/statemachine/poa/eas/LookupOrderRequestImplV1.java
com/samsung/android/maspolicy/AdPolicyManager.java
com/sec/android/app/setupwizard/vzw/activation/poa/PoaDialogActivity.java
com/samsung/vzw/activationagent/statemachine/tfn/sim/ActionSimNonTfn.java
com/samsung/vzw/activationagent/statemachine/sim/ActionSimAbsent.java
com/sec/android/app/swlpcontract/SWLPContract.java
Info
CVSS:0
This App uses SSL certificate pinning to detect or prevent MITM attacks in secure communication channel.
MASVS: MSTG-NETWORK-4
Files:
 com/sec/android/app/setupwizard/vzw/vzselects/VzSelectsApi.java
com/samsung/vzw/activationagent/statemachine/poa/eas/EasRequest.java
High
CVSS:5.5
App can read/write to External Storage. Any App can read data written to External Storage.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 com/sec/android/app/setupwizard/SetupWizardActivity.java
com/samsung/vzw/activationagent/manager/ActivationManagerMock.java
Medium
CVSS:7.4
Files may contain hardcoded sensitive information like usernames, passwords, keys etc.
MASVS: MSTG-STORAGE-14
CWE-312 Cleartext Storage of Sensitive Information
M9: Reverse Engineering
Files:
 com/airbnb/lottie/LottieCompositionFactory.java
com/sec/android/app/setupwizard/vzw/activation/poa/test/PoaTestConfigurationActivity.java
com/sec/android/app/setupwizard/vzw/privacy/ServicePrivacyActivity.java
com/sec/android/app/setupwizard/debug/vzselect/VzSelectTestConfigurationActivity.java
com/samsung/vzw/activationagent/statemachine/poa/eas/Eas.java
com/samsung/vzw/activationagent/receiver/PcoBroadcastReceiver.java
com/samsung/vzw/activationagent/call/CallActivity.java
Medium
CVSS:7.5
The App uses an insecure Random Number Generator.
MASVS: MSTG-CRYPTO-6
CWE-330 Use of Insufficiently Random Values
M5: Insufficient Cryptography
Files:
 com/sec/android/app/setupwizard/vzw/vzselects/VzSelectsApi.java
com/sec/android/app/setupwizard/bixby/hq/vi/logoparticle/particles/SmallBall.java
com/samsung/vzw/activationagent/statemachine/poa/eas/Eas.java
Pygal Australia: 100 Germany: 100 Ireland: 100 United States: 900

Map computed by Pithus.

Network analysis

Information computed with MobSF.

High Domain config is insecurely configured to permit clear text traffic to these domains in scope.
Scope: ['google.com', 'yahoo.com', 'samsung.com', 'android.com']

Domains analysis

Information computed with MobSF.

US xfinitymobile.com 96.99.227.163
US eas.verizonwireless.com 162.115.16.59
US www.vzw.com 162.115.16.90
DE www.spectrummobile.com 23.205.244.168
US easpreprod.verizonwireless.com 162.115.218.59
US www.xfinitymobile.com 96.16.154.169
AU www.specturm.net 103.224.182.210
US www.samsung.com 69.192.160.55
US poa-iot.vzw.com 152.199.150.89
US www.google.com 142.250.185.164
US connectivitycheck.android.com 142.250.181.238
IE www.yahoo.com 87.248.100.216

URL analysis

Information computed with MobSF.

http://www.google.com
http://www.yahoo.com
Defined in com/samsung/vzw/activationagent/manager/ModemUtil.java
http://www.google.com
http://www.yahoo.com
Defined in com/samsung/vzw/activationagent/manager/ModemUtil.java
https://easpreprod.verizonwireless.com/vzw-eas-ws/EASSelfActivation/ValidateCustomer
https://eas.verizonwireless.com/vzw-eas-ws/EASSelfActivation/ValidateCustomer
Defined in com/samsung/vzw/activationagent/statemachine/poa/eas/ValidateCustomerRequestImplV1.java
https://easpreprod.verizonwireless.com/vzw-eas-ws/EASSelfActivation/ValidateCustomer
https://eas.verizonwireless.com/vzw-eas-ws/EASSelfActivation/ValidateCustomer
Defined in com/samsung/vzw/activationagent/statemachine/poa/eas/ValidateCustomerRequestImplV1.java
http://connectivitycheck.android.com/generate_204
Defined in com/samsung/vzw/activationagent/monitor/CheckConnectivity.java
http://www.samsung.com
Defined in com/samsung/vzw/activationagent/monitor/HttpRedirectionCheck.java
http://connectivitycheck.android.com/generate_204
Defined in com/samsung/vzw/activationagent/monitor/ConnectivityChangeReceiver.java
http://www.vzw.com/namespaces/scmplus
Defined in com/sec/android/app/setupwizard/vzw/vzselects/VzSelectsTCRequest.java
http://www.vzw.com/namespaces/scmplus
Defined in com/sec/android/app/setupwizard/vzw/vzselects/VzSelectsSubscriberProfileRequest.java
http://connectivitycheck.android.com/generate_204
Defined in com/sec/android/app/setupwizard/kme/KmeManager.java
www.specturm.net/mobiletrial
https://www.samsung.com/us/account/privacy-policy.
https://poa-iot.vzw.com
https://easpreprod.verizonwireless.com/vzw-eas-ws/EASSelfActivation/LookupOrder
https://eas.verizonwireless.com/vzw-eas-ws/EASSelfActivation/LookupOrder
https://easpreprod.verizonwireless.com/vzw-eas-ws/EASSelfActivation/ReleaseOrder
https://eas.verizonwireless.com/vzw-eas-ws/EASSelfActivation/ReleaseOrder
https://www.samsung.com/us/account/privacy-policy,
http://xfinitymobile.com/activate
www.xfinitymobile.com/activate
www.spectrummobile.com/activateにアクセスしてください
www.xfinitymobile.com/activateにアクセスしてください
www.xfinitymobile.com/activate.
www.spectrummobile.com/activate.
www.xfinitymobile.com/activate에
www.spectrummobile.com/activate
www.xfinitymobile.com/activateम
www.spectrummobile.com/activate-a
www.xfinitymobile.com/activateକ
https://www.samsung.com/us/account/privacy-policy),
www.spectrummobile.com/activate:
www.xfinitymobile.com/activate:
www.xfinitymobile.com/activateన
www.spectrummobile.com/activateన
www.xfinitymobile.com/activate-এ
www.spectrummobile.com/activate-এ
www.spectrummobile.com/activateಗ
www.xfinitymobile.com/activateન
Defined in Android String Resource
www.specturm.net/mobiletrial
https://www.samsung.com/us/account/privacy-policy.
https://poa-iot.vzw.com
https://easpreprod.verizonwireless.com/vzw-eas-ws/EASSelfActivation/LookupOrder
https://eas.verizonwireless.com/vzw-eas-ws/EASSelfActivation/LookupOrder
https://easpreprod.verizonwireless.com/vzw-eas-ws/EASSelfActivation/ReleaseOrder
https://eas.verizonwireless.com/vzw-eas-ws/EASSelfActivation/ReleaseOrder
https://www.samsung.com/us/account/privacy-policy,
http://xfinitymobile.com/activate
www.xfinitymobile.com/activate
www.spectrummobile.com/activateにアクセスしてください
www.xfinitymobile.com/activateにアクセスしてください
www.xfinitymobile.com/activate.
www.spectrummobile.com/activate.
www.xfinitymobile.com/activate에
www.spectrummobile.com/activate
www.xfinitymobile.com/activateम
www.spectrummobile.com/activate-a
www.xfinitymobile.com/activateକ
https://www.samsung.com/us/account/privacy-policy),
www.spectrummobile.com/activate:
www.xfinitymobile.com/activate:
www.xfinitymobile.com/activateన
www.spectrummobile.com/activateన
www.xfinitymobile.com/activate-এ
www.spectrummobile.com/activate-এ
www.spectrummobile.com/activateಗ
www.xfinitymobile.com/activateન
Defined in Android String Resource
www.specturm.net/mobiletrial
https://www.samsung.com/us/account/privacy-policy.
https://poa-iot.vzw.com
https://easpreprod.verizonwireless.com/vzw-eas-ws/EASSelfActivation/LookupOrder
https://eas.verizonwireless.com/vzw-eas-ws/EASSelfActivation/LookupOrder
https://easpreprod.verizonwireless.com/vzw-eas-ws/EASSelfActivation/ReleaseOrder
https://eas.verizonwireless.com/vzw-eas-ws/EASSelfActivation/ReleaseOrder
https://www.samsung.com/us/account/privacy-policy,
http://xfinitymobile.com/activate
www.xfinitymobile.com/activate
www.spectrummobile.com/activateにアクセスしてください
www.xfinitymobile.com/activateにアクセスしてください
www.xfinitymobile.com/activate.
www.spectrummobile.com/activate.
www.xfinitymobile.com/activate에
www.spectrummobile.com/activate
www.xfinitymobile.com/activateम
www.spectrummobile.com/activate-a
www.xfinitymobile.com/activateକ
https://www.samsung.com/us/account/privacy-policy),
www.spectrummobile.com/activate:
www.xfinitymobile.com/activate:
www.xfinitymobile.com/activateన
www.spectrummobile.com/activateన
www.xfinitymobile.com/activate-এ
www.spectrummobile.com/activate-এ
www.spectrummobile.com/activateಗ
www.xfinitymobile.com/activateન
Defined in Android String Resource
www.specturm.net/mobiletrial
https://www.samsung.com/us/account/privacy-policy.
https://poa-iot.vzw.com
https://easpreprod.verizonwireless.com/vzw-eas-ws/EASSelfActivation/LookupOrder
https://eas.verizonwireless.com/vzw-eas-ws/EASSelfActivation/LookupOrder
https://easpreprod.verizonwireless.com/vzw-eas-ws/EASSelfActivation/ReleaseOrder
https://eas.verizonwireless.com/vzw-eas-ws/EASSelfActivation/ReleaseOrder
https://www.samsung.com/us/account/privacy-policy,
http://xfinitymobile.com/activate
www.xfinitymobile.com/activate
www.spectrummobile.com/activateにアクセスしてください
www.xfinitymobile.com/activateにアクセスしてください
www.xfinitymobile.com/activate.
www.spectrummobile.com/activate.
www.xfinitymobile.com/activate에
www.spectrummobile.com/activate
www.xfinitymobile.com/activateम
www.spectrummobile.com/activate-a
www.xfinitymobile.com/activateକ
https://www.samsung.com/us/account/privacy-policy),
www.spectrummobile.com/activate:
www.xfinitymobile.com/activate:
www.xfinitymobile.com/activateన
www.spectrummobile.com/activateన
www.xfinitymobile.com/activate-এ
www.spectrummobile.com/activate-এ
www.spectrummobile.com/activateಗ
www.xfinitymobile.com/activateન
Defined in Android String Resource
www.specturm.net/mobiletrial
https://www.samsung.com/us/account/privacy-policy.
https://poa-iot.vzw.com
https://easpreprod.verizonwireless.com/vzw-eas-ws/EASSelfActivation/LookupOrder
https://eas.verizonwireless.com/vzw-eas-ws/EASSelfActivation/LookupOrder
https://easpreprod.verizonwireless.com/vzw-eas-ws/EASSelfActivation/ReleaseOrder
https://eas.verizonwireless.com/vzw-eas-ws/EASSelfActivation/ReleaseOrder
https://www.samsung.com/us/account/privacy-policy,
http://xfinitymobile.com/activate
www.xfinitymobile.com/activate
www.spectrummobile.com/activateにアクセスしてください
www.xfinitymobile.com/activateにアクセスしてください
www.xfinitymobile.com/activate.
www.spectrummobile.com/activate.
www.xfinitymobile.com/activate에
www.spectrummobile.com/activate
www.xfinitymobile.com/activateम
www.spectrummobile.com/activate-a
www.xfinitymobile.com/activateକ
https://www.samsung.com/us/account/privacy-policy),
www.spectrummobile.com/activate:
www.xfinitymobile.com/activate:
www.xfinitymobile.com/activateన
www.spectrummobile.com/activateన
www.xfinitymobile.com/activate-এ
www.spectrummobile.com/activate-এ
www.spectrummobile.com/activateಗ
www.xfinitymobile.com/activateન
Defined in Android String Resource
www.specturm.net/mobiletrial
https://www.samsung.com/us/account/privacy-policy.
https://poa-iot.vzw.com
https://easpreprod.verizonwireless.com/vzw-eas-ws/EASSelfActivation/LookupOrder
https://eas.verizonwireless.com/vzw-eas-ws/EASSelfActivation/LookupOrder
https://easpreprod.verizonwireless.com/vzw-eas-ws/EASSelfActivation/ReleaseOrder
https://eas.verizonwireless.com/vzw-eas-ws/EASSelfActivation/ReleaseOrder
https://www.samsung.com/us/account/privacy-policy,
http://xfinitymobile.com/activate
www.xfinitymobile.com/activate
www.spectrummobile.com/activateにアクセスしてください
www.xfinitymobile.com/activateにアクセスしてください
www.xfinitymobile.com/activate.
www.spectrummobile.com/activate.
www.xfinitymobile.com/activate에
www.spectrummobile.com/activate
www.xfinitymobile.com/activateम
www.spectrummobile.com/activate-a
www.xfinitymobile.com/activateକ
https://www.samsung.com/us/account/privacy-policy),
www.spectrummobile.com/activate:
www.xfinitymobile.com/activate:
www.xfinitymobile.com/activateన
www.spectrummobile.com/activateన
www.xfinitymobile.com/activate-এ
www.spectrummobile.com/activate-এ
www.spectrummobile.com/activateಗ
www.xfinitymobile.com/activateન
Defined in Android String Resource
www.specturm.net/mobiletrial
https://www.samsung.com/us/account/privacy-policy.
https://poa-iot.vzw.com
https://easpreprod.verizonwireless.com/vzw-eas-ws/EASSelfActivation/LookupOrder
https://eas.verizonwireless.com/vzw-eas-ws/EASSelfActivation/LookupOrder
https://easpreprod.verizonwireless.com/vzw-eas-ws/EASSelfActivation/ReleaseOrder
https://eas.verizonwireless.com/vzw-eas-ws/EASSelfActivation/ReleaseOrder
https://www.samsung.com/us/account/privacy-policy,
http://xfinitymobile.com/activate
www.xfinitymobile.com/activate
www.spectrummobile.com/activateにアクセスしてください
www.xfinitymobile.com/activateにアクセスしてください
www.xfinitymobile.com/activate.
www.spectrummobile.com/activate.
www.xfinitymobile.com/activate에
www.spectrummobile.com/activate
www.xfinitymobile.com/activateम
www.spectrummobile.com/activate-a
www.xfinitymobile.com/activateକ
https://www.samsung.com/us/account/privacy-policy),
www.spectrummobile.com/activate:
www.xfinitymobile.com/activate:
www.xfinitymobile.com/activateన
www.spectrummobile.com/activateన
www.xfinitymobile.com/activate-এ
www.spectrummobile.com/activate-এ
www.spectrummobile.com/activateಗ
www.xfinitymobile.com/activateન
Defined in Android String Resource
www.specturm.net/mobiletrial
https://www.samsung.com/us/account/privacy-policy.
https://poa-iot.vzw.com
https://easpreprod.verizonwireless.com/vzw-eas-ws/EASSelfActivation/LookupOrder
https://eas.verizonwireless.com/vzw-eas-ws/EASSelfActivation/LookupOrder
https://easpreprod.verizonwireless.com/vzw-eas-ws/EASSelfActivation/ReleaseOrder
https://eas.verizonwireless.com/vzw-eas-ws/EASSelfActivation/ReleaseOrder
https://www.samsung.com/us/account/privacy-policy,
http://xfinitymobile.com/activate
www.xfinitymobile.com/activate
www.spectrummobile.com/activateにアクセスしてください
www.xfinitymobile.com/activateにアクセスしてください
www.xfinitymobile.com/activate.
www.spectrummobile.com/activate.
www.xfinitymobile.com/activate에
www.spectrummobile.com/activate
www.xfinitymobile.com/activateम
www.spectrummobile.com/activate-a
www.xfinitymobile.com/activateକ
https://www.samsung.com/us/account/privacy-policy),
www.spectrummobile.com/activate:
www.xfinitymobile.com/activate:
www.xfinitymobile.com/activateన
www.spectrummobile.com/activateన
www.xfinitymobile.com/activate-এ
www.spectrummobile.com/activate-এ
www.spectrummobile.com/activateಗ
www.xfinitymobile.com/activateન
Defined in Android String Resource
www.specturm.net/mobiletrial
https://www.samsung.com/us/account/privacy-policy.
https://poa-iot.vzw.com
https://easpreprod.verizonwireless.com/vzw-eas-ws/EASSelfActivation/LookupOrder
https://eas.verizonwireless.com/vzw-eas-ws/EASSelfActivation/LookupOrder
https://easpreprod.verizonwireless.com/vzw-eas-ws/EASSelfActivation/ReleaseOrder
https://eas.verizonwireless.com/vzw-eas-ws/EASSelfActivation/ReleaseOrder
https://www.samsung.com/us/account/privacy-policy,
http://xfinitymobile.com/activate
www.xfinitymobile.com/activate
www.spectrummobile.com/activateにアクセスしてください
www.xfinitymobile.com/activateにアクセスしてください
www.xfinitymobile.com/activate.
www.spectrummobile.com/activate.
www.xfinitymobile.com/activate에
www.spectrummobile.com/activate
www.xfinitymobile.com/activateम
www.spectrummobile.com/activate-a
www.xfinitymobile.com/activateକ
https://www.samsung.com/us/account/privacy-policy),
www.spectrummobile.com/activate:
www.xfinitymobile.com/activate:
www.xfinitymobile.com/activateన
www.spectrummobile.com/activateన
www.xfinitymobile.com/activate-এ
www.spectrummobile.com/activate-এ
www.spectrummobile.com/activateಗ
www.xfinitymobile.com/activateન
Defined in Android String Resource

Permissions analysis

Information computed with MobSF.

High android.permission.READ_EXTERNAL_STORAGE read external storage contents
Allows an application to read from external storage.
High android.permission.AUTHENTICATE_ACCOUNTS act as an account authenticator
Allows an application to use the account authenticator capabilities of the Account Manager, including creating accounts as well as obtaining and setting their passwords.
High android.permission.GET_ACCOUNTS list accounts
Allows access to the list of accounts in the Accounts Service.
High android.permission.MANAGE_ACCOUNTS manage the accounts list
Allows an application to perform operations like adding and removing accounts and deleting their password.
High android.permission.READ_PHONE_STATE read phone state and identity
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on.
High android.permission.SYSTEM_ALERT_WINDOW display system-level alerts
Allows an application to show system-alert windows. Malicious applications can take over the entire screen of the phone.
High android.permission.WRITE_EXTERNAL_STORAGE read/modify/delete external storage contents
Allows an application to write to external storage.
High android.permission.WRITE_SETTINGS modify global system settings
Allows an application to modify the system's settings data. Malicious applications can corrupt your system's configuration.
High android.permission.PROCESS_OUTGOING_CALLS intercept outgoing calls
Allows application to process outgoing calls and change the number to be dialled. Malicious applications may monitor, redirect or prevent outgoing calls.
High android.permission.CALL_PHONE directly call phone numbers
Allows the application to call phone numbers without your intervention. Malicious applications may cause unexpected calls on your phone bill. Note that this does not allow the application to call emergency numbers.
Low android.permission.ACCESS_WIFI_STATE view Wi-Fi status
Allows an application to view the information about the status of Wi-Fi.
Low android.permission.CHANGE_WIFI_STATE change Wi-Fi status
Allows an application to connect to and disconnect from Wi-Fi access points and to make changes to configured Wi-Fi networks.
Low android.permission.ACCESS_NETWORK_STATE view network status
Allows an application to view the status of all networks.
Low android.permission.INTERNET full Internet access
Allows an application to create network sockets.
Low android.permission.READ_SYNC_SETTINGS read sync settings
Allows an application to read the sync settings, such as whether sync is enabled for Contacts.
Low android.permission.RECEIVE_BOOT_COMPLETED automatically start at boot
Allows an application to start itself as soon as the system has finished booting. This can make it take longer to start the phone and allow the application to slow down the overall phone by always running.
Low android.permission.WRITE_SYNC_SETTINGS write sync settings
Allows an application to modify the sync settings, such as whether sync is enabled for Contacts.
Low android.permission.FOREGROUND_SERVICE Allows a regular application to use Service.startForeground.
Medium android.permission.STATUS_BAR disable or modify status bar
Allows application to disable the status bar or add and remove system icons.
Medium android.permission.WRITE_SECURE_SETTINGS modify secure system settings
Allows an application to modify the system's secure settings data. Not for use by common applications.
Medium android.permission.REBOOT force phone reboot
Allows the application to force the phone to reboot.
com.samsung.android.svoice.ACCESS_ASR_SERVICE Unknown permission
Unknown permission from android reference
android.permission.INVOKE_CARRIER_SETUP Unknown permission
Unknown permission from android reference
android.permission.MANAGE_NETWORK_POLICY Unknown permission
Unknown permission from android reference
com.vcast.mediamanager.CLOUD_PERMISSION Unknown permission
Unknown permission from android reference
com.verizon.ACCESS_VZW_ACCOUNT Unknown permission
Unknown permission from android reference
com.verizon.mips.services.sku_launch Unknown permission
Unknown permission from android reference
com.verizon.mips.services.RECEIVE_SUW_CARRIER_SCREENS_UPDATE Unknown permission
Unknown permission from android reference
com.samsung.android.scloud.app.ui Unknown permission
Unknown permission from android reference
com.sec.android.app.reactive.permission.ACCESS_REACTIVE_SERVICE Unknown permission
Unknown permission from android reference
com.smithmicro.netwise.director.comcast.oem.NWD_SDK Unknown permission
Unknown permission from android reference
com.sec.enterprise.knox.cloudmdm.smdms.provider.permission.READ Unknown permission
Unknown permission from android reference
com.samsung.permission.READ_SM_DATA Unknown permission
Unknown permission from android reference
com.sec.android.app.setupwizardlegalprovider.GETDOCUMENT Unknown permission
Unknown permission from android reference
com.verizon.mips.services.FILE_ACCESS Unknown permission
Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Confidence: