0/63

Threat

com.sec.android.app.magnifier

Magnifier

Analyzed on 2022-05-23T23:06:21.387157

13

permissions

4

activities

0

services

0

receivers

0

domains

File sums

MD5 edee34384a20f1b73a03a15c6ebf650e
SHA1 77d0bb786b1b53327c924db85b0b945f1b89a47b
SHA256 df7d0b15d50a96bbf57d0aa5b812569132a8053e85dcd9fa6584460e3ef61042
Size 0.81MB

APKiD

Information computed with APKiD.

/tmp/tmpexc2p9o4!classes.dex
manipulator
  • dexmerge
compiler
  • dx (possible dexmerge)

SSdeep

Information computed with ssdeep.

APK file 12288:FKx8+iquca4ucnwcZ5uJz03vcd1WSaMe9e1cZ8p07UJXY7NMzp0aJdWEGl:saonwKOzqcd1HcGBY7epfNY
Manifest 192:FHXgSFbGmKm6+BgHRrlfWkA7VWgJUtSBjaZ2QHCV4NJfJ:FHXgSFFKm6+BgHRrlOk…
classes.dex 24576:gAIVxNr8xOhQdWxR8gQU6DmFul+pWOVYbtG:gxpr8/upWOH

Dexofuzzy

Information computed with Dexofuzzy.

APK file 96:89W8SOu3dZPoupPkgIv/Y06+Am+dLYtgoBrVVUxr5JAWrUWuGNz1:89W93btPkq06m…
classes.dex 96:89W8SOu3dZPoupPkgIv/Y06+Am+dLYtgoBrVVUxr5JAWrUWuGNz1:89W93btPkq06m…

APK details

Information computed with AndroGuard and Pithus.

Package com.sec.android.app.magnifier
App name Magnifier
Version name 3.5.66
Version code 356600100
SDK 23 - 23
UAID dd0d26b49b7d05568d116cbd410c4a77935da233
Signature Signature V1 Signature V2
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown

Certificate details

Information computed with AndroGuard.

MD5 d087e72912fba064cafa78dc34aea839
SHA1 9ca5170f381919dfe0446fcdab18b19a143b3163
SHA256 34df0e7a9f1cf1892e45c056b4973cd81ccf148a4050d11aea4ac5a65f900a42
Issuer Email Address: android.os@samsung.com, Common Name: Samsung Cert, Organizational Unit: DMC, Organization: Samsung Corporation, Locality: Suwon City, State/Province: South Korea, Country: KR
Not before 2011-06-22T12:25:12+00:00
Not after 2038-11-07T12:25:12+00:00

File Analysis

Information computed with MobSF.

Findings Files
Certificate/Key files hardcoded inside the app. SEC-INF/buildConfirm.crt

Manifest analysis

Information computed with MobSF.

High Activity (com.sec.android.app.magnifier.MagnifierWidget) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.

Activities

Information computed with AndroGuard.

com.sec.android.app.magnifier.MagnifierWidget
com.sec.android.app.magnifier.Magnifier
com.sec.android.app.magnifier.DummyActivity
com.sec.android.app.magnifier.RequestPermissionsActivity

Sample timeline

Oldest file found in APK Jan. 1, 2009, midnight
Latest file found in APK Jan. 1, 2009, midnight
Certificate valid not before June 22, 2011, 12:25 p.m.
First submission on VT April 26, 2021, 8 p.m.
Last submission on VT April 26, 2021, 8 p.m.
Upload on Pithus May 23, 2022, 11:06 p.m.
Certificate valid not after Nov. 7, 2038, 12:25 p.m.

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['camera'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has no network communications.
Network Communications
FDP_DAR_EXT.1.1 The application implement functionality to encrypt sensitive data in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product.
Protection of Data in Transit

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 com/sec/android/app/magnifier/Magnifier.java
com/sec/android/app/magnifier/Util.java
com/sec/android/app/magnifier/MagnifierRenderer.java
com/sec/android/app/magnifier/PermissionUtils.java
com/sec/android/app/magnifier/MagnifierGLSurface.java
com/sec/android/app/magnifier/MagnifierSurface.java
com/sec/android/app/magnifier/RequestPermissionsActivity.java
Medium
CVSS:7.4
Files may contain hardcoded sensitive information like usernames, passwords, keys etc.
MASVS: MSTG-STORAGE-14
CWE-312 Cleartext Storage of Sensitive Information
M9: Reverse Engineering
Files:
 com/sec/android/app/C0000CscFeatureTagSip.java
com/sec/android/app/CscFeatureTagLockScreen.java
High
CVSS:5.5
App can read/write to External Storage. Any App can read data written to External Storage.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 com/sec/android/app/magnifier/Magnifier.java

Permissions analysis

Information computed with MobSF.

High android.permission.CAMERA take pictures and videos
Allows application to take pictures and videos with the camera. This allows the application to collect images that the camera is seeing at any time.
High android.permission.READ_EXTERNAL_STORAGE read external storage contents
Allows an application to read from external storage.
High android.permission.WRITE_EXTERNAL_STORAGE read/modify/delete external storage contents
Allows an application to write to external storage.
High android.permission.WRITE_SETTINGS modify global system settings
Allows an application to modify the system's settings data. Malicious applications can corrupt your system's configuration.
Low android.permission.WAKE_LOCK prevent phone from sleeping
Allows an application to prevent the phone from going to sleep.
Low android.permission.FLASHLIGHT control flashlight
Allows the application to control the flashlight.
android.permission.REAL_GET_TASKS Unknown permission
Unknown permission from android reference
android.permission.READ_PRIVILEGED_PHONE_STATE Unknown permission
Unknown permission from android reference
com.android.launcher.permission.INSTALL_SHORTCUT Unknown permission
Unknown permission from android reference
com.sec.permission.AssistiveLight_ONOFF Unknown permission
Unknown permission from android reference
com.sec.enterprise.knox.MDM_CONTENT_PROVIDER Unknown permission
Unknown permission from android reference
com.sec.android.app.voicenote.Controller Unknown permission
Unknown permission from android reference
android.permission.INTERACT_ACROSS_USERS_FULL Unknown permission
Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Implicit intent(view a web page, make a phone call, etc.)
Confidence:
100%
Method reflection
Confidence:
100%
Read sensitive data(SMS, CALLLOG, etc)
Confidence:
100%
Monitor the broadcast action events (BOOT_COMPLETED)
Confidence:
100%
Method reflection
Confidence:
100%
Query data from URI (SMS, CALLLOGS)

Behavior analysis

Information computed with MobSF.

Get system service
       com/sec/android/app/magnifier/Magnifier.java
com/sec/android/app/magnifier/RequestPermissionsActivity.java
Inter process communication
       com/sec/android/app/magnifier/Magnifier.java
com/sec/android/app/magnifier/PermissionUtils.java
com/sec/android/app/magnifier/MagnifierWidget.java
com/sec/android/app/magnifier/DummyActivity.java
com/sec/android/app/magnifier/RequestPermissionsActivity.java
Java reflection
       com/sec/android/app/magnifier/Util.java
Loading native code (shared library)
       com/sec/smartmagnifier/SmartMagnifierLibs.java
Local file i/o operations
       com/sec/android/app/magnifier/Magnifier.java
Sending broadcast
       com/sec/android/app/magnifier/Magnifier.java
Starting activity
       com/sec/android/app/magnifier/Magnifier.java
com/sec/android/app/magnifier/PermissionUtils.java
com/sec/android/app/magnifier/MagnifierWidget.java
com/sec/android/app/magnifier/RequestPermissionsActivity.java

Control flow graphs analysis

Information computed by Pithus.

The application probably lists running applications

The application probably dynamically loads code