0/63

Threat

android

Android System

Analyzed on 2021-09-03T18:59:42.233177

14

permissions

21

activities

16

services

14

receivers

1

domains

File sums

MD5 19414733e069d66be10d22deb30c4d8a
SHA1 adcc112a2a160f9334b2da153588290c0f167db0
SHA256 e8965488c6ebc902eac4d7953a11ff90f0c73d13dadb3e8a5cd752f8c118d603
Size 38.2MB

APKiD

Information computed with APKiD.

SSdeep

Information computed with ssdeep.

APK file 196608:CgAR4BIrFKRaOOQKIOcvhUlqrH9hqWTkluQSYeBhLHyBp7g1g3v+aGVX:Cga4B/XOmOc+orHTqOkl4VHy3WaMX
Manifest 1536:cAAqwNkytWVnCU1y1iCXJsiVTwbqkDZofHtnjm6osh5iRoSUZSLSzcQKbNdXClqf…

Dexofuzzy

Information computed with Dexofuzzy.

APK details

Information computed with AndroGuard and Pithus.

Package android
App name Android System
Version name 10
Version code 29
SDK 29 - 29
UAID ca2ef22ab3f1cfd581c7fa400db7becdc377cee3
Signature Signature V1 Signature V2 Signature V3
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0xf05368c0: Unknown
  • 0x42726577: Verity padding

Certificate details

Information computed with AndroGuard.

MD5 eb86258406dcb0a2c0ba083bf23986d3
SHA1 38d81cfb64bd5d78baed393c25e7e92b9160200e
SHA256 0510e57a129e3b98d3f5e790db0f51c786b06461ed390dbfb3d860807b0d7b3a
Issuer Common Name: Android, Organizational Unit: Android, Organization: Google Inc., Locality: Mountain View, State/Province: California, Country: US
Not before 2017-04-19T00:50:16+00:00
Not after 2047-04-19T00:50:16+00:00

Manifest analysis

Information computed with MobSF.

Low App is direct-boot aware [android:directBootAware=true]
This app can run before the user unlocks the device. If you're using a custom subclass of Application, and if any component inside your application is direct - boot aware, then your entire custom application is considered to be direct - boot aware.During Direct Boot, your application can only access the data that is stored in device protected storage.
Medium Application Data can be Backed up[android:allowBackup] flag is missing.
The flag [android:allowBackup] should be set to false. By default it is set to true and allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
High Activity (com.android.internal.app.ChooserActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.android.internal.app.IntentForwarderActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.android.internal.app.ForwardIntentToParent) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.android.internal.app.ForwardIntentToManagedProfile) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (android.accounts.ChooseAccountActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (android.accounts.ChooseTypeAndAccountActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (android.accounts.CantAddAccountActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (android.accounts.GrantCredentialsPermissionActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.android.internal.app.ConfirmUserCreationActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Broadcast Receiver (com.android.server.BootReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
Low Service (com.android.server.MountServiceIdler) is Protected by a permission.
Permission: android.permission.BIND_JOB_SERVICE
protectionLevel: signature[android:exported=true]
A Service is found to be exported, but is protected by permission.
Low Service (com.android.server.backup.FullBackupJob) is Protected by a permission.
Permission: android.permission.BIND_JOB_SERVICE
protectionLevel: signature[android:exported=true]
A Service is found to be exported, but is protected by permission.
Low Service (com.android.server.pm.BackgroundDexOptService) is Protected by a permission.
Permission: android.permission.BIND_JOB_SERVICE
protectionLevel: signature[android:exported=true]
A Service is found to be exported, but is protected by permission.
Low Service (com.android.server.autofill.AutofillCompatAccessibilityService) is Protected by a permission.
Permission: android.permission.BIND_ACCESSIBILITY_SERVICE
protectionLevel: signature[android:exported=true]
A Service is found to be exported, but is protected by permission.
Medium High Intent Priority (1000)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.
Medium High Intent Priority (1000)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.

Main Activity

Information computed with AndroGuard.

['com.android.internal.app.ChooserActivity', 'com.android.internal.app.AccessibilityButtonChooserActivity', 'com.android.internal.app.IntentForwarderActivity', 'com.android.internal.app.HeavyWeightSwitcherActivity', 'com.android.internal.app.PlatLogoActivity', 'com.android.internal.app.DisableCarModeActivity', 'com.android.internal.app.DumpHeapActivity', 'android.accounts.ChooseAccountActivity', 'android.accounts.ChooseTypeAndAccountActivity', 'android.accounts.ChooseAccountTypeActivity', 'android.accounts.CantAddAccountActivity', 'android.accounts.GrantCredentialsPermissionActivity', 'android.content.SyncActivityTooManyDeletes', 'com.android.internal.app.ShutdownActivity', 'com.android.internal.app.NetInitiatedActivity', 'com.android.internal.app.SystemUserHomeActivity', 'com.android.internal.app.ConfirmUserCreationActivity', 'com.android.internal.app.SuspendedAppActivity', 'com.android.internal.app.UnlaunchableAppActivity', 'com.android.settings.notification.NotificationAccessConfirmationActivity', 'com.android.internal.app.HarmfulAppWarningActivity']

Activities

Information computed with AndroGuard.

com.android.internal.app.ChooserActivity
com.android.internal.app.AccessibilityButtonChooserActivity
com.android.internal.app.IntentForwarderActivity
com.android.internal.app.HeavyWeightSwitcherActivity
com.android.internal.app.PlatLogoActivity
com.android.internal.app.DisableCarModeActivity
com.android.internal.app.DumpHeapActivity
android.accounts.ChooseAccountActivity
android.accounts.ChooseTypeAndAccountActivity
android.accounts.ChooseAccountTypeActivity
android.accounts.CantAddAccountActivity
android.accounts.GrantCredentialsPermissionActivity
android.content.SyncActivityTooManyDeletes
com.android.internal.app.ShutdownActivity
com.android.internal.app.NetInitiatedActivity
com.android.internal.app.SystemUserHomeActivity
com.android.internal.app.ConfirmUserCreationActivity
com.android.internal.app.SuspendedAppActivity
com.android.internal.app.UnlaunchableAppActivity
com.android.settings.notification.NotificationAccessConfirmationActivity
com.android.internal.app.HarmfulAppWarningActivity

Receivers

Information computed with AndroGuard.

com.android.server.BootReceiver
com.android.server.updates.CertPinInstallReceiver
com.android.server.updates.IntentFirewallInstallReceiver
com.android.server.updates.SmsShortCodesInstallReceiver
com.android.server.updates.NetworkWatchlistInstallReceiver
com.android.server.updates.ApnDbInstallReceiver
com.android.server.updates.CarrierProvisioningUrlsInstallReceiver
com.android.server.updates.CertificateTransparencyLogInstallReceiver
com.android.server.updates.LangIdInstallReceiver
com.android.server.updates.SmartSelectionInstallReceiver
com.android.server.updates.ConversationActionsInstallReceiver
com.android.server.updates.CarrierIdInstallReceiver
com.android.server.MasterClearReceiver
com.android.server.WallpaperUpdateReceiver

Services

Information computed with AndroGuard.

android.hardware.location.GeofenceHardwareService
com.android.server.MountServiceIdler
com.android.server.ZramWriteback
com.android.server.backup.FullBackupJob
com.android.server.backup.KeyValueBackupJob
com.android.server.content.SyncJobService
com.android.server.pm.BackgroundDexOptService
com.android.server.pm.DynamicCodeLoggingService
com.android.server.PruneInstantAppsJobService
com.android.server.storage.DiskStatsLoggingService
com.android.server.PreloadsFileCacheExpirationJobService
com.android.server.camera.CameraStatsJobService
com.android.server.timezone.TimeZoneUpdateIdler
com.android.server.net.watchlist.ReportWatchlistJobService
com.android.server.display.BrightnessIdleJob
com.android.server.autofill.AutofillCompatAccessibilityService

Sample timeline

Oldest file found in APK Jan. 1, 2009, midnight
Latest file found in APK Jan. 1, 2009, midnight
Certificate valid not before April 19, 2017, 12:50 a.m.
First submission on VT June 14, 2020, 8:55 a.m.
Last submission on VT June 29, 2020, 11:24 p.m.
Upload on Pithus Sept. 3, 2021, 6:59 p.m.
Certificate valid not after April 19, 2047, 12:50 a.m.

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['USB', 'NFC', 'network connectivity', 'camera', 'location', 'bluetooth', 'microphone'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to ['calender', 'system logs', 'call lists', 'address book'].
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FTP_DIT_EXT.1.1 The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product.
Protection of Data in Transit
Pygal United States: 100

Map computed by Pithus.

Domains analysis

Information computed with MobSF.

US www.google.com 142.250.184.228

URL analysis

Information computed with MobSF.

https://www.google.com/accounts/recovery.
Defined in Android String Resource

Permissions analysis

Information computed with MobSF.

High android.permission.GET_ACCOUNTS list accounts
Allows access to the list of accounts in the Accounts Service.
Low android.permission.LOCATION_HARDWARE Allows an application to use location features in hardware, such as the geofencing api.
Medium android.permission.PACKAGE_USAGE_STATS update component usage statistics
Allows the modification of collected component usage statistics. Not for use by common applications.
Medium android.intent.category.MASTER_CLEAR.permission.C2D_MESSAGE Allows cloud to device messaging
Allows the application to receive push notifications.
android.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS Unknown permission
Unknown permission from android reference
android.permission.SEND_SHOW_SUSPENDED_APP_DETAILS Unknown permission
Unknown permission from android reference
android.permission.BIND_JOB_SERVICE Unknown permission
Unknown permission from android reference
android.permission.TRIGGER_TIME_ZONE_RULES_CHECK Unknown permission
Unknown permission from android reference
android.permission.BIND_NETWORK_RECOMMENDATION_SERVICE Unknown permission
Unknown permission from android reference
android.permission.BIND_ATTENTION_SERVICE Unknown permission
Unknown permission from android reference
android.permission.CONTROL_VPN Unknown permission
Unknown permission from android reference
android.permission.LOCAL_MAC_ADDRESS Unknown permission
Unknown permission from android reference
android.permission.CONFIRM_FULL_BACKUP Unknown permission
Unknown permission from android reference
android.permission.ACCESS_INSTANT_APPS Unknown permission
Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Behavior analysis

Information computed with MobSF.

Inter process communication
       android/R.java