0/64

Threat

com.jarsilio.android.scrambledeggsif

Scrambled Exif

Analyzed on 2022-09-24T10:27:21.987272

1

permissions

11

activities

2

services

2

receivers

150

domains

File sums

MD5 0d51739f5d606ef3d7e5c909a87bfa13
SHA1 a8888f16d6ec148040705df8840248ff5661e2fc
SHA256 ded876d33e1901ae1d11c3b289d45a27f90d08055b4704ddf5793dd7035947e8
Size 4.84MB

APKiD

Information computed with APKiD.

/tmp/tmpn9xp9ntk!classes.dex
anti_vm
  • Build.FINGERPRINT check
  • Build.MANUFACTURER check
  • possible Build.SERIAL check
anti_debug
  • Debug.isDebuggerConnected() check
compiler
  • r8 without marker (suspicious)

SSdeep

Information computed with ssdeep.

APK file 98304:vRPUYADvmhTISOhLl9q2ofrbkAzYB3VAl:vRcijOhLNVAl
Manifest 384:czVIFNy5I8UtMD0a17CUdXt4FAFIEteGSGT/sNvFo8U5BVJdSC+r0Z7e1:chIFNy5…
classes.dex 49152:sKHD2Rf7NX2PFohy+NFRVV5yKKN88p6SAhTWbo7e3fy2hY10o:sKHD21MtqDQwS…

Dexofuzzy

Information computed with Dexofuzzy.

APK file 3072:h2bDtrc86+JjuQU7D29zHZeF4W3JB5gAuiFE7A28My18y/:hG7ruR7Da5lW3Vru1…
classes.dex 3072:h2bDtrc86+JjuQU7D29zHZeF4W3JB5gAuiFE7A28My18y/:hG7ruR7Da5lW3Vru1…

APK details

Information computed with AndroGuard and Pithus.

Package com.jarsilio.android.scrambledeggsif
App name Scrambled Exif
Version name 1.7.10
Version code 73
SDK 15 - 31
UAID 0baa64d53e238aace1c511661efc9a67a23bfbb7
Signature Signature V1 Signature V2 Signature V3
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0xf05368c0: Unknown
  • 0x42726577: Verity padding

Certificate details

Information computed with AndroGuard.

MD5 fb65a27317310630aa70587c72ae5049
SHA1 f913c1d08026142510c0cad788cf4a9cad83d0bc
SHA256 3cdf1622c37d212be586b22928f28ccadbd7cb954f1005fce13e81850beb1d73
Issuer Common Name: FDroid, Organizational Unit: FDroid, Organization: fdroid.org, Locality: ORG, State/Province: ORG, Country: UK
Not before 2018-02-01T08:58:34+00:00
Not after 2045-06-19T08:58:34+00:00

File Analysis

Information computed with MobSF.

Findings Files
Certificate/Key files hardcoded inside the app. META-INF/services/org.acra.sender.ReportSenderFactory

Manifest analysis

Information computed with MobSF.

High Activity (com.jarsilio.android.scrambledeggsif.panic.PanicSettingsActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.jarsilio.android.scrambledeggsif.HandleImageActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.jarsilio.android.scrambledeggsif.ContentProxyActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Launch Mode of Activity (com.jarsilio.android.scrambledeggsif.panic.PanicResponderActivity) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High Activity (com.jarsilio.android.scrambledeggsif.panic.PanicResponderActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Launch Mode of Activity (org.acra.dialog.CrashReportDialog) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.

Main Activity

Information computed with AndroGuard.

com.jarsilio.android.scrambledeggsif.MainActivity

Activities

Information computed with AndroGuard.

com.jarsilio.android.scrambledeggsif.MainActivity
com.jarsilio.android.scrambledeggsif.SettingsActivity
com.jarsilio.android.scrambledeggsif.panic.PanicSettingsActivity
com.jarsilio.android.scrambledeggsif.HandleImageActivity
com.jarsilio.android.scrambledeggsif.ContentProxyActivity
com.jarsilio.android.scrambledeggsif.panic.PanicResponderActivity
com.mikepenz.aboutlibraries.ui.LibsActivity
org.acra.dialog.CrashReportDialog
com.jarsilio.android.common.privacypolicy.PrivacyPolicyActivity
com.jarsilio.android.common.impressum.ImpressumActivity
com.jarsilio.android.common.cookies.FortuneCookiesActivity

Receivers

Information computed with AndroGuard.

com.jarsilio.android.scrambledeggsif.CleanUpAlarmReceiver
org.acra.receiver.NotificationBroadcastReceiver

Services

Information computed with AndroGuard.

org.acra.sender.LegacySenderService
org.acra.sender.JobSenderService

Sample timeline

Oldest file found in APK Jan. 1, 1981, 1:01 a.m.
Latest file found in APK Jan. 1, 1981, 1:01 a.m.
Certificate valid not before Feb. 1, 2018, 8:58 a.m.
First submission on VT Aug. 7, 2022, 4:49 p.m.
Last submission on VT Sept. 19, 2022, 5:56 a.m.
Upload on Pithus Sept. 24, 2022, 10:27 a.m.
Certificate valid not after June 19, 2045, 8:58 a.m.

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application invoke platform-provided DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to no hardware resources.
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has no network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit
FCS_RBG_EXT.2.1
FCS_RBG_EXT.2.2
The application perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using Hash_DRBG. The deterministic RBG is seeded by an entropy source that accumulates entropy from a platform-based DRBG and a software-based noise source, with a minimum of 256 bits of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate.
Random Bit Generation from Application
FPT_TUD_EXT.2.1 The application shall be distributed using the format of the platform-supported package manager.
Integrity for Installation and Update

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 android/mediautil/image/jpeg/maker/MakerNoteHandlerFactory.java
org/acra/util/Installation.java
com/mikepenz/fastadapter/listeners/OnBindViewHolderListenerImpl.java
org/acra/file/BulkReportDeleter.java
org/acra/attachment/DefaultAttachmentProvider.java
org/acra/data/CrashReportData.java
com/mikepenz/aboutlibraries/LibsFragmentCompat.java
org/acra/receiver/NotificationBroadcastReceiver.java
org/acra/attachment/AcraContentProvider.java
org/acra/builder/LastActivityManager.java
com/mikepenz/aboutlibraries/LibsBuilder.java
org/acra/data/CrashReportDataFactory.java
org/acra/util/PackageManagerWrapper.java
org/acra/util/ProcessFinisher.java
org/acra/dialog/CrashReportDialogHelper.java
org/acra/collector/DropBoxCollector.java
org/acra/util/IOUtils.java
org/acra/sender/NullSender.java
org/acra/reporter/ErrorReporterImpl.java
android/mediautil/image/jpeg/Exif.java
com/mikepenz/aboutlibraries/Libs.java
android/mediautil/image/jpeg/LLJTran.java
org/acra/interaction/ReportInteractionExecutor.java
com/jarsilio/android/common/logging/LogWriter.java
com/mikepenz/fastadapter/FastAdapter.java
org/acra/ACRA.java
org/acra/collector/LogCatCollector.java
org/acra/interaction/DialogInteraction.java
org/acra/config/ConfigUtils.java
org/acra/util/InstanceCreator.java
org/acra/plugins/ServicePluginLoader.java
timber/log/Timber.java
org/acra/sender/ReportDistributor.java
org/acra/sender/SendingConductor.java
android/mediautil/image/jpeg/JFXX.java
org/acra/collector/ConfigurationCollector.java
org/acra/builder/ReportExecutor.java
org/acra/scheduler/SchedulerStarter.java
org/acra/util/StubCreator.java
com/mikepenz/fastadapter/VerboseLogger.java
org/acra/log/AndroidLogDelegate.java
Low
CVSS:3.9
App can write to App Directory. Sensitive Information should be encrypted.
MASVS: MSTG-STORAGE-14
CWE-276 Incorrect Default Permissions
Files:
 org/acra/prefs/SharedPreferencesFactory.java
org/acra/file/ReportLocator.java
org/acra/collector/SharedPreferencesCollector.java
High
CVSS:5.5
App can read/write to External Storage. Any App can read data written to External Storage.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 org/acra/file/Directory.java
Pygal Australia: 200 Canada: 100 Switzerland: 200 China: 100 Czech Republic: 100 Germany: 1100 Spain: 600 Finland: 100 France: 300 United Kingdom: 200 Italy: 100 Korea, Republic of: 200 Lithuania: 100 Netherlands: 300 Poland: 100 Russian Federation: 100 Sweden: 100 Singapore: 200 United States: 10200

Map computed by Pithus.

Domains analysis

Information computed with MobSF.

US joda-time.sourceforge.net 172.64.153.13
US mozilla.org 44.235.246.155
US creativecommons.org 104.20.151.16
US moove-it.com 54.148.64.88
US google.com 142.250.184.238
US wasabeef.jp 151.101.1.195
US reactivex.io 185.199.110.153
US google.github.io 185.199.111.153
DE www.wix.com 35.242.251.130
US aidanfollestad.com 216.239.32.21
US wiresareobsolete.com 151.101.1.195
US jeffgilfelt.com 3.130.253.23
US inthecheesefactory.com 104.21.5.227
US libphonenumber.googlecode.com 142.250.13.82
GB www.jetbrains.org 52.222.236.63
US mixpanel.com 35.188.216.35
US commons.apache.org 151.101.2.132
US gitlab.com 172.65.251.78
US satyan.github.io 185.199.110.153
US ksoichiro.blogspot.pt 216.58.212.161
US www.akexorcist.com 142.250.203.115
www.daniel-stone.uk
US apache.org 151.101.2.132
ES jaredrummler.com 188.114.97.3
DE axelrindle.de 91.216.248.21
US www.threeten.org 185.199.109.153
US android.googlesource.com 74.125.140.82
FR jscience.org 109.234.160.142
US devbrackets.com 208.113.196.188
US airbnb.com 52.23.57.177
NL trello.com 185.166.143.24
US www.fabric.io 216.239.32.29
US about.me 172.67.22.49
PL wittchen.biz.pl 91.237.52.33
US www.javadude.nl 216.239.34.21
SE emilsjolander.se 185.76.64.185
SG 2359media.com 54.251.229.160
US www.facebook.com 185.60.216.35
US roomorama.com 199.59.243.222
chris.banes.me
US uber.github.io 185.199.111.153
US www.kunzisoft.com 185.199.108.153
US mixpanel.github.io 185.199.111.153
US code.google.com 172.217.168.14
wiki.fasterxml.com
US saket.me 66.85.47.200
paymill.com
US www.activeandroid.com 107.170.99.102
US www.michaelpardo.com 185.199.110.153
US yalantis.com 18.155.181.84
AU www.bouncycastle.org 203.32.61.103
US fasterxml.com 52.217.107.75
US www.apache.org 151.101.2.132
US ksoichiro.github.io 185.199.108.153
US luke.klinker.xyz 185.199.108.153
US actionbarsherlock.com 192.30.252.154
US blog.wiresareobsolete.com 142.250.203.115
US source.android.com 142.250.186.142
US xipdev.wordpress.com 192.0.78.13
US markusamshove.github.io 185.199.109.153
US relex.me 69.49.234.166
CH www.qos.ch 83.173.251.158
CN baoyz.com 118.24.62.125
US kingja.github.io 185.199.111.153
US bluelinelabs.com 104.236.238.202
US robolectric.org 192.30.252.153
KR path.com 27.0.237.47
RU daimajia.com 79.133.177.218
ES code-troopers.com 188.114.97.3
US www.williammora.com 185.199.110.153
DE siyamed.com 185.53.178.51
DE www.microsoft.com 2.18.233.62
US danlew.net 216.239.34.21
US jhy.io 104.21.25.4
US mina.apache.org 151.101.2.132
US scripts.sil.org 104.22.11.254
US blog.zhanghai.me 185.199.110.153
ES www.joanzapata.com 188.114.96.3
US jakewharton.github.io 185.199.110.153
US www.npgall.com 142.250.185.211
US jakewharton.com 52.222.214.34
US orhanobut.com 107.148.137.94
US amlcurran.github.io 185.199.108.153
DE stfalcon.com 167.233.14.214
NL su.chainfire.eu 5.79.66.53
IT www.gotev.net 217.64.195.207
DE realm.io 13.225.78.96
US airbnb.io 185.199.110.153
US developer.android.com 142.250.185.142
US www.jetbrains.com 18.66.97.10
US square.github.io 185.199.109.153
US rtyley.github.io 185.199.110.153
US opensource.org 104.21.84.214
US gmariotti.blogspot.it 142.250.184.225
DE cloudrail.com 18.185.63.54
CA www.eclipse.org 198.41.30.198
US mikepenz.com 104.21.27.65
NL hockeyapp.net 40.68.213.90
GB www.linkedin.com 13.107.42.14
US tozny.com 104.196.169.139
US www.raizlabs.com 52.173.76.33
CZ www.mozilla.org 13.32.119.185
LT www.eduardereza.com 212.24.98.106
US plus.google.com 142.250.185.174
US twitter.com 104.244.42.129
DE viewpagerindicator.com 64.190.63.111
US androidannotations.org 151.101.16.133
US www.acra.ch 185.199.110.153
US facebook.github.io 185.199.111.153
US nineoldandroids.com 192.30.252.153
ES jsoup.org 188.114.97.3
US jcifs.samba.org 173.230.137.181
US www.twitter.com 104.244.42.193
DE www.bitfire.at 88.198.106.204
CH www.slf4j.org