Moderate Risk

Threat level

com.kidslox.app

Kidslox

Analyzed on 2022-08-28T20:05:20.778545

32

permissions

96

activities

22

services

21

receivers

69

domains

File sums

MD5 acb14d31051231becef9a7d13b26c1dd
SHA1 5e90bd536a20ac028599c658a080d48c4005ce95
SHA256 f509795292d8f3ae2e06421abb5e65376212cc8ca53421166c7d1d6e19b855ee
Size 13.55MB

APKiD

Information computed with APKiD.

/tmp/tmpr82qf3vm!classes.dex
anti_vm
  • Build.FINGERPRINT check
  • Build.MODEL check
  • Build.MANUFACTURER check
  • Build.PRODUCT check
  • Build.TAGS check
  • SIM operator check
  • network operator name check
  • device ID check
compiler
  • r8 without marker (suspicious)
/tmp/tmpr82qf3vm!classes2.dex
anti_vm
  • Build.FINGERPRINT check
  • Build.MODEL check
  • Build.MANUFACTURER check
  • Build.PRODUCT check
  • Build.HARDWARE check
  • Build.TAGS check
  • network operator name check
  • possible VM check
anti_debug
  • Debug.isDebuggerConnected() check
compiler
  • r8 without marker (suspicious)
/tmp/tmpr82qf3vm!classes3.dex
anti_vm
  • Build.MODEL check
  • Build.MANUFACTURER check
compiler
  • r8 without marker (suspicious)

SSdeep

Information computed with ssdeep.

APK file 393216:WaY0hUhBaOMmhMpTq7cqTdYNbfL+AdhHi4S:WD1MMap27H+M4S
Manifest 768:wEzYIQ0dPkAnKTAdRX/RxcKE6X1LSbqUQtKaT8ho9OAJih8oKG5etypUdIav9Qgn:…
classes.dex 49152:ninGjRsU1GBVEetq0HdhnlMDs/uLt+zM2P+2oXKsMoXzZlekChafMhdoemXIOca…
classes2.dex 98304:O/Lcg1QTLVNWMeWgiNogoGKG8pa+sVT3YBdHSx:J2QTLV0+DO1BnY
classes3.dex 49152:bN/W4bzUDp4I6yZBlrwt0wp8tJ646zVaazwGGT3/o3ov:boYyFwp8D5T3cov

Dexofuzzy

Information computed with Dexofuzzy.

APK file 12288:7cV1hALNh1UpRwOxfF2eUvHFiRhcNDdRz+W6MLL8h2DhkkWeoI3ICprJOiVwVCq…
classes.dex 6144:7rwB/uu7aOHa0sopxiLNh8k154pD1wXMfxPeaYG2EgitpWvHFxkRhepbiiDdl:7c…
classes2.dex 6144:EDfFazXSNBBS5a0tvLaW66DYMIYL8h2DWpu2hkWeoIo:bz+W6MLL8h2DhkkWeoIo
classes3.dex 6144:KkAqs4PcRYCSPcv0Vkof/Y/O/YLlYaRDioI66CaiqdDH:iICprJOiVwVCqH

APK details

Information computed with AndroGuard and Pithus.

Package com.kidslox.app
App name Kidslox
Version name 7.6.2
Version code 54854
SDK 26 - 31
UAID 311e1d8b2e1d5357a345e013bb618271245bee94
Signature Signature V2 Signature V3
Frosting Frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0xf05368c0: Unknown
  • 0x6dff800d: Source stamp V2 X509 cert
  • 0x2146444e: Google metadata
  • 0x42726577: Verity padding

Certificate details

Information computed with AndroGuard.

MD5 995449241abf990b897dd9c03ecb8cb8
SHA1 4bbd8f7e244b86b6b82f2a343ee8edb5e797fef8
SHA256 e3814e24acbe3bbfe90ef701d6fdf286adc4cf9ad147be6334e8bb013ce89e62
Issuer Country: UK
Not before 2015-08-20T13:22:15+00:00
Not after 2040-08-13T13:22:15+00:00

File Analysis

Information computed with MobSF.

Findings Files
Certificate/Key files hardcoded inside the app. META-INF/services/java.security.Provider
assets/ds-amex.pem
assets/ds-discover.cer
assets/ds-mastercard.crt
assets/ds-visa.crt

Manifest analysis

Information computed with MobSF.

High Activity (com.facebook.CustomTabActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (me.pushy.sdk.services.PushyJobService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Content Provider (com.kidslox.app.providers.CommonPreferencesProvider) is not Protected. [android:exported=true]
A Content Provider is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.singular.sdk.SingularInstallReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (androidx.work.impl.background.systemjob.SystemJobService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.DUMP [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.google.android.c2dm.permission.SEND [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (com.google.android.gms.auth.api.signin.RevocationBoundService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.google.android.gms.tagmanager.TagManagerPreviewActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.google.android.play.core.assetpacks.AssetPackExtractionService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.

Browsable activities

Information computed with MobSF.

com.kidslox.app.activities.SplashActivity

Hosts: kidslox.page.link com.kidslox.app

Schemes: http:// app:// kidslox://

com.facebook.CustomTabActivity

Hosts: cct.com.kidslox.app

Schemes: @string/fb_login_protocol_scheme:// fbconnect://

com.google.android.gms.tagmanager.TagManagerPreviewActivity

Schemes: tagmanager.c.com.kidslox.app://

Main Activity

Information computed with AndroGuard.

com.kidslox.app.activities.SplashActivity

Activities

Information computed with AndroGuard.

com.kidslox.app.activities.AdvancedFeaturesActivity
com.kidslox.app.activities.FakeDoorSurveyActivity
com.kidslox.app.activities.ValidatePairingCodeActivity
com.kidslox.app.activities.PrePairingChildActivity
com.kidslox.app.activities.PermissionsGuideActivity
com.kidslox.app.activities.AgreementActivity
com.kidslox.app.activities.UpdateDevicesActivity
com.kidslox.app.activities.AskForTimeActivity
com.kidslox.app.activities.ChildHomeActivity
com.kidslox.app.activities.SocialLoginActivity
com.kidslox.app.activities.EmailConfirmActivity
com.kidslox.app.activities.AccountActivity
com.kidslox.app.activities.HolderTypeActivity
com.kidslox.app.activities.IpPairingActivity
com.kidslox.app.activities.SplashActivity
com.kidslox.app.activities.SignUpActivity
com.kidslox.app.activities.SignInActivity
com.kidslox.app.activities.AddDeviceByDynamicLinkActivity
com.kidslox.app.activities.ForgotPassActivity
com.kidslox.app.activities.CreateProfileActivity
com.kidslox.app.activities.DemoDeviceActivity
com.kidslox.app.activities.ChildRewardsActivity
com.kidslox.app.activities.FakePipActivity
com.kidslox.app.activities.ChangePasscodeActivity
com.kidslox.app.activities.ValidatePasscodeActivity
com.kidslox.app.activities.ValidatePasscodeSettingActivity
com.kidslox.app.activities.ValidatePasscodeSettingPermissionsActivity
com.kidslox.app.activities.ValidatePasscodeDeleteAppActivity
com.kidslox.app.activities.ValidateGooglePlayAppPageActivity
com.kidslox.app.activities.MainActivity
com.kidslox.app.activities.AddEditDeviceActivity
com.kidslox.app.activities.CropImageActivity
com.kidslox.app.activities.RequestPermissionsActivity
com.kidslox.app.activities.BuySubscriptionActivity
com.kidslox.app.activities.ThankYouForPurchaseActivity
com.kidslox.app.activities.SetupAnotherChildActivity
com.kidslox.app.activities.SuperviseDeviceActivity
com.kidslox.app.activities.SuperviseDeviceDesktopAppLinkActivity
com.kidslox.app.activities.DailyLimitsStatActivity
com.kidslox.app.activities.SetupGuideActivity
com.kidslox.app.activities.VideoTutorialsActivity
com.kidslox.app.activities.DeviceSetupCompleteActivity
com.kidslox.app.activities.DeviceDetailsActivity
com.kidslox.app.activities.NearbyPairingSuccessParentActivity
com.kidslox.app.activities.NearbyPairingSuccessChildActivity
com.kidslox.app.activities.AlreadyLoggedInActivity
com.kidslox.app.activities.BarcodeScannerActivity
com.kidslox.app.activities.AdvancedFeaturesQrActivity
com.kidslox.app.activities.AdvancedFeaturesBarcodeScannerActivity
com.kidslox.app.activities.SurveyActivity
com.kidslox.app.activities.SetupAnotherDeviceActivity
com.kidslox.app.activities.ParentHomeActivity
com.kidslox.app.activities.AddAnotherParentActivity
com.kidslox.app.activities.ContactSupportActivity
com.kidslox.app.activities.ThankForFeedbackActivity
com.kidslox.app.activities.RemoveDeviceActivity
com.kidslox.app.activities.AdvancedFeaturesRemoveAppActivity
com.kidslox.app.activities.SetupAnotherChildWithPairingCodeActivity
com.kidslox.app.activities.SetupAnotherChildAlternativePairingActivity
com.kidslox.app.activities.SetupAnotherChildWithPairingLinkActivity
com.kidslox.app.activities.LockScreen
com.kidslox.app.activities.WebViewActivity
com.kidslox.app.activities.TransparentEmptyActivity
com.kidslox.app.activities.EnableLocationActivity
com.kidslox.app.activities.ShortcutActivity
com.kidslox.app.activities.OverlayViewActionHandlerActivity
com.kidslox.app.activities.NotificationActivity
com.facebook.FacebookActivity
com.facebook.CustomTabActivity
zendesk.support.guide.HelpCenterActivity
zendesk.support.guide.ViewArticleActivity
zendesk.support.request.RequestActivity
zendesk.support.requestlist.RequestListActivity
com.kidslox.app.activities.TestActivity
com.android.billingclient.api.ProxyBillingActivity
com.stripe.android.view.AddPaymentMethodActivity
com.stripe.android.view.PaymentMethodsActivity
com.stripe.android.view.PaymentFlowActivity
com.stripe.android.view.PaymentAuthWebViewActivity
com.stripe.android.view.PaymentRelayActivity
com.stripe.android.view.Stripe3ds2CompletionActivity
com.stripe.android.paymentsheet.PaymentSheetActivity
com.stripe.android.paymentsheet.PaymentOptionsActivity
com.stripe.android.googlepay.StripeGooglePayActivity
com.stripe.android.stripe3ds2.views.ChallengeActivity
com.stripe.android.stripe3ds2.views.ChallengeProgressActivity
zendesk.messaging.MessagingActivity
com.journeyapps.barcodescanner.CaptureActivity
com.facebook.CustomTabMainActivity
androidx.core.splashscreen.test.SplashScreenAppCompatTestActivity
com.google.android.gms.auth.api.signin.internal.SignInHubActivity
com.google.android.gms.tagmanager.TagManagerPreviewActivity
com.google.android.gms.common.api.GoogleApiActivity
com.google.android.gms.ads.AdActivity
com.google.android.play.core.missingsplits.PlayCoreMissingSplitsActivity
com.google.android.play.core.common.PlayCoreDialogWrapperActivity

Receivers

Information computed with AndroGuard.

com.kidslox.app.pushes.pushy.PushyBroadcastReceiver
me.pushy.sdk.receivers.PushyUpdateReceiver
me.pushy.sdk.receivers.PushyBootReceiver
com.kidslox.app.widgets.DailyLimitsWidgetProvider
com.kidslox.app.services.DevicePolicyReceiver
com.kidslox.app.receivers.DeviceBootReceiver
com.kidslox.app.receivers.DateTimeChangedReceiver
com.singular.sdk.SingularInstallReceiver
zendesk.support.DeepLinkingBroadcastReceiver
com.facebook.CurrentAccessTokenExpirationBroadcastReceiver
androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy
androidx.work.impl.background.systemalarm.RescheduleReceiver
androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver
androidx.work.impl.diagnostics.DiagnosticsReceiver
com.google.firebase.iid.FirebaseInstanceIdReceiver
com.google.android.gms.measurement.AppMeasurementReceiver
com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver

Services

Information computed with AndroGuard.

com.kidslox.app.pushes.fcm.FirebaseMessagingServiceImpl
me.pushy.sdk.services.PushySocketService
me.pushy.sdk.services.PushyJobService
com.kidslox.app.services.DailyLimitsWidgetService
com.kidslox.app.services.NotificationChangeService
com.kidslox.app.services.WindowChangeService
com.kidslox.app.foreground.ForegroundService
com.google.firebase.components.ComponentDiscoveryService
eu.faircode.netguard.ServiceSinkhole
androidx.work.impl.background.systemalarm.SystemAlarmService
androidx.work.impl.background.systemjob.SystemJobService
androidx.work.impl.foreground.SystemForegroundService
androidx.room.MultiInstanceInvalidationService
com.google.firebase.messaging.FirebaseMessagingService
com.google.android.gms.auth.api.signin.RevocationBoundService
com.uxcam.service.HttpPostService
com.google.android.datatransport.runtime.backends.TransportBackendDiscovery
com.google.android.gms.tagmanager.TagManagerService
com.google.android.gms.measurement.AppMeasurementService
com.google.android.gms.measurement.AppMeasurementJobService
com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService
com.google.android.play.core.assetpacks.AssetPackExtractionService

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application implement DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application implement asymmetric key generation.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['location', 'camera', 'network connectivity'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to ['calendar'].
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application implement functionality to encrypt sensitive data in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit
FCS_RBG_EXT.2.1
FCS_RBG_EXT.2.2
The application perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using Hash_DRBG. The deterministic RBG is seeded by an entropy source that accumulates entropy from a platform-based DRBG and a software-based noise source, with a minimum of 256 bits of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate.
Random Bit Generation from Application
FCS_CKM.1.1(1) The application generate asymmetric cryptographic keys not in accordance with FCS_CKM.1.1(1) using key generation algorithm RSA schemes and cryptographic key sizes of 1024-bit or lower.
Cryptographic Asymmetric Key Generation
FCS_CKM.1.1(3)
FCS_CKM.1.2(3)
A password/passphrase shall perform [Password-based Key Derivation Functions] in accordance with a specified cryptographic algorithm..
Password Conditioning
FCS_COP.1.1(1) The application perform encryption/decryption not in accordance with FCS_COP.1.1(1), AES-ECB mode is being used.
Cryptographic Operation - Encryption/Decryption
FCS_COP.1.1(2) The application perform cryptographic hashing services not in accordance with FCS_COP.1.1(2) and uses the cryptographic algorithm RC2/RC4/MD4/MD5.
Cryptographic Operation - Hashing
FCS_COP.1.1(3) The application perform cryptographic signature services (generation and verification) in accordance with a specified cryptographic algorithm RSA schemes using cryptographic key sizes of 2048-bit or greater.
Cryptographic Operation - Signing
FCS_HTTPS_EXT.1.1 The application implement the HTTPS protocol that complies with RFC 2818.
HTTPS Protocol
FCS_HTTPS_EXT.1.2 The application implement HTTPS using TLS.
HTTPS Protocol
FCS_HTTPS_EXT.1.3 The application notify the user and not establish the connection or request application authorization to establish the connection if the peer certificate is deemed invalid.
HTTPS Protocol
FIA_X509_EXT.1.1 The application invoked platform-provided functionality to validate certificates in accordance with the following rules: ['The application validate a certificate path by ensuring the presence of the basicConstraints extension and that the CA flag is set to TRUE for all CA certificates', 'The application validate the revocation status of the certificate using the Online Certificate Status Protocol (OCSP) as specified in RFC 2560 or a Certificate Revocation List (CRL) as specified in RFC 5759 or an OCSP TLS Status Request Extension (i.e., OCSP stapling) as specified in RFC 6066'].
X.509 Certificate Validation
FIA_X509_EXT.1.2 The application treat a certificate as a CA certificate only if the basicConstraints extension is present and the CA flag is set to TRUE.
X.509 Certificate Validation
FIA_X509_EXT.2.1 The application use X.509v3 certificates as defined by RFC 5280 to support authentication for HTTPS , TLS.
X.509 Certificate Authentication
FIA_X509_EXT.2.2 When the application cannot establish a connection to determine the validity of a certificate, the application allow the administrator to choose whether to accept the certificate in these cases or accept the certificate ,or not accept the certificate.
X.509 Certificate Authentication
FPT_TUD_EXT.2.1 The application shall be distributed using the format of the platform-supported package manager.
Integrity for Installation and Update
FCS_CKM.1.1(2) The application shall generate symmetric cryptographic keys using a Random Bit Generator as specified in FCS_RBG_EXT.1 and specified cryptographic key sizes 128 bit or 256 bit.
Cryptographic Symmetric Key Generation

Code analysis

Information computed with MobSF.

Medium
CVSS:7.4
Files may contain hardcoded sensitive information like usernames, passwords, keys etc.
MASVS: MSTG-STORAGE-14
CWE-312 Cleartext Storage of Sensitive Information
M9: Reverse Engineering
Files:
 com/stripe/android/paymentsheet/DefaultPaymentSheetFlowController.java
com/stripe/android/model/Source.java
com/kidslox/app/entities/NearbyCommand.java
zendesk/core/ZendeskStorage.java
com/stripe/android/view/PaymentAuthWebView.java
com/stripe/android/EphemeralKey.java
zendesk/support/ZendeskHelpCenterSettingsProvider.java
zendesk/core/ZendeskIdentityStorage.java
me/pushy/sdk/lib/paho/internal/wire/MqttDisconnect.java
com/stripe/android/model/ConfirmPaymentIntentParams.java
com/stripe/android/model/ConfirmSetupIntentParams.java
com/kidslox/app/viewmodels/restrictions/RestrictionsStoreViewModel.java
com/stripe/android/model/parsers/EphemeralKeyJsonParser.java
com/stripe/android/model/PaymentIntent.java
com/stripe/android/stripe3ds2/transaction/AuthenticationRequestParameters.java
com/stripe/android/stripe3ds2/transaction/AcsData.java
me/pushy/sdk/lib/paho/internal/wire/MqttPingReq.java
me/pushy/sdk/config/PushyPreferenceKeys.java
zendesk/core/ZendeskCoreSettingsStorage.java
com/kidslox/app/entities/RestrictionsIOS.java
com/stripe/android/model/Stripe3ds2AuthParams.java
zendesk/support/LegacyRequestMigrator.java
com/stripe/android/paymentsheet/PaymentSheet.java
com/stripe/android/stripe3ds2/transaction/AcsDataParser.java
com/stripe/android/PaymentConfiguration.java
com/stripe/android/stripe3ds2/utils/ParcelUtils.java
zendesk/core/Constants.java
com/stripe/android/model/SetupIntent.java
com/stripe/android/stripe3ds2/observability/DefaultSentryConfig.java
com/stripe/android/model/Stripe3ds2Fingerprint.java
com/stripe/android/networking/ApiRequest.java
s2/l.java
com/stripe/android/model/ConfirmStripeIntentParams.java
com/stripe/android/model/parsers/SetupIntentJsonParser.java
com/stripe/android/model/parsers/PaymentIntentJsonParser.java
zendesk/support/ZendeskArticleVoteStorage.java
zendesk/support/ZendeskRequestStorage.java
me/pushy/sdk/lib/paho/internal/wire/MqttConnack.java
me/pushy/sdk/lib/paho/internal/wire/MqttConnect.java
coil/memory/MemoryCache.java
zendesk/support/ZendeskSupportSettingsProvider.java
com/kidslox/app/entities/CommandPayload.java
com/stripe/android/paymentsheet/PaymentSheetContract.java
bf/e.java
me/pushy/sdk/lib/paho/internal/wire/MqttPingResp.java
com/stripe/android/PaymentController.java
com/kidslox/app/entities/User.java
com/stripe/android/PaymentAuthWebViewStarter.java
gb/d.java
High
CVSS:5.9
The App uses ECB mode in Cryptographic encryption algorithm. ECB mode is known to be weak as it results in the same ciphertext for identical blocks of plaintext.
MASVS: MSTG-CRYPTO-2
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 q8/m8.java
Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 na/f.java
dh/a.java
d8/c.java
com/kidslox/app/entities/NotificationLog.java
v/o.java
v/l.java
u/d.java
ug/a0.java
y8/z.java
l8/q.java
m3/g.java
dn/j.java
com/kidslox/app/entities/statistics/ModeChangesLogs.java
m9/a.java
f8/g0.java
zendesk/messaging/MessagingModel.java
d8/m.java
zg/f6.java
q9/b.java
v7/p.java
bb/f.java
t/b.java
q8/c4.java
com/kidslox/app/geolocation/b.java
na/y0.java
lj/c.java
i8/a.java
x/f.java
cj/b.java
d8/b.java
Medium
CVSS:4.3
IP Address disclosure
MASVS: MSTG-CODE-2
CWE-200 Information Exposure
Files:
 wk/u.java
vj/a.java
xk/o.java
ik/c.java
ok/n.java
eu/faircode/netguard/Util.java
wk/c0.java
eu/faircode/netguard/ServiceSinkhole.java
dk/a.java
wk/v0.java
ck/a.java
zj/a.java
jk/b.java
rk/b.java
yj/a.java
wk/y0.java
wk/a.java
mk/d.java
jm/e.java
lk/a.java
tj/b.java
ng/a.java
wk/w0.java
vk/e.java
sk/f.java
bg/f.java
s6/b.java
vk/c.java
pk/a.java
hk/a.java
qk/d.java
ek/a.java
wk/x0.java
nk/b.java
fk/a.java
Medium
CVSS:5.5
App creates temp file. Sensitive information should never be written into a temp file.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 dc/c.java
com/journeyapps/barcodescanner/d.java
Medium
CVSS:7.5
The App uses an insecure Random Number Generator.
MASVS: MSTG-CRYPTO-6
CWE-330 Use of Insufficiently Random Values
M5: Insufficient Cryptography
Files:
 me/pushy/sdk/lib/paho/internal/websocket/WebSocketFrame.java
oi/b.java
i4/g0.java
vn/b.java
qc/d.java
oi/a.java
am/e.java
nl/f.java
sk/e.java
pi/a.java
am/f.java
im/c.java
l6/s.java
u8/b.java
v7/e.java
High
CVSS:5.5
App can read/write to External Storage. Any App can read data written to External Storage.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 i4/g0.java
me/pushy/sdk/config/PushyStorage.java
he/b.java
Medium
CVSS:5.9
SHA-1 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 r4/a.java
dc/b.java
ug/f0.java
me/pushy/sdk/lib/paho/internal/websocket/WebSocketHandshake.java
Medium
CVSS:5.9
App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
M7: Client Code Quality
Files:
 m3/j.java
p1/a.java
h5/e0.java
h5/h0.java
ug/r.java
h5/b0.java
ug/u.java
Info
CVSS:0
This App uses SSL certificate pinning to detect or prevent MITM attacks in secure communication channel.
MASVS: MSTG-NETWORK-4
Files:
 me/pushy/sdk/lib/paho/internal/security/SSLSocketFactoryFactory.java
me/pushy/sdk/util/PushyCertificateManager.java
Info
CVSS:0
This App may have root detection capabilities.
MASVS: MSTG-RESILIENCE-1
Files:
 na/o0.java
eb/g.java
Low
CVSS:3.9
App can write to App Directory. Sensitive Information should be encrypted.
MASVS: MSTG-STORAGE-14
CWE-276 Incorrect Default Permissions
Files:
 e4/b.java
y3/e.java
Medium
CVSS:7.4
MD5 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 t3/c.java
q8/za.java
zg/f2.java
a4/g.java
High
CVSS:7.4
The App uses the encryption mode CBC with PKCS5/PKCS7 padding. This configuration is vulnerable to padding oracle attacks.
MASVS: MSTG-CRYPTO-3
CWE-649 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
M5: Insufficient Cryptography
Files:
 zg/w5.java
q8/n7.java
Low
CVSS:0
This App copies data to clipboard. Sensitive data should not be copied to clipboard as other applications can access it.
MASVS: MSTG-STORAGE-10
Files:
 com/amplitude/eventexplorer/EventExplorerInfoActivity.java
High
CVSS:5.4
Remote WebView debugging is enabled.
MASVS: MSTG-RESILIENCE-2
CWE-919 - Weaknesses in Mobile Applications
M1: Improper Platform Usage
Files:
 zendesk/support/guide/ViewArticleActivity.java
com/kidslox/app/activities/WebViewActivity.java
Pygal Germany: 700 Ireland: 500 Netherlands: 100 United States: 5200

Map computed by Pithus.

Domains analysis

Information computed with MobSF.

US twitter.com 104.244.42.65
US encrypted-tbn0.gstatic.com 142.250.186.78
US www.w3.org 128.30.52.100
US dashif.org 185.199.110.153
IE api.stripe.com 34.241.202.139
US plus.google.com 142.250.186.78
DE www.tiktok.com 23.216.77.67
DE www.minecraft.net 23.216.77.74
US kidslox.page.link 142.250.185.65
IE exceptions.singular.net 54.154.52.121
reports.crashlytics.com
US regionconfig.amplitude.com 18.66.139.38
US imasdk.googleapis.com 142.250.186.74
US www.kidslox.com 18.66.122.124
US firebase-settings.crashlytics.com 142.250.185.163
US googleads.g.doubleclick.net 142.250.74.194
US is5-ssl.mzstatic.com 23.35.236.24
US is2-ssl.mzstatic.com 23.35.236.24
US www.example.com 93.184.216.34
DE sdk-api-v1.singular.net 95.101.27.40
US update.crashlytics.com 142.250.186.35
US kidslox.firebaseio.com 34.120.160.131
NL wikipedia.org 91.198.174.192
US api2.amplitude.com 52.10.163.58
US api.pushy.me 54.84.179.148
US play.google.com 172.217.23.110
.facebook.com
US github.com 140.82.121.4
US youtu.be 142.250.186.174
DE developers.facebook.com 157.240.20.15
US developer.android.com 142.250.186.46
US bit.ly 67.199.248.10
US www.youtube.com 142.250.185.78
US errors.stripe.com 54.187.119.242
US pagead2.googlesyndication.com 142.250.186.34
US activity.kdlparentalcontrol.com 142.250.181.243
US csi.gstatic.com 142.250.189.131
US journeyapps.com 52.222.214.30
US q.stripe.com 54.186.23.98
US stripe.com 54.187.159.182
US accounts.google.com 142.250.74.205
US www.googleapis.com 142.250.185.74
schemas.android.com
US is1-ssl.mzstatic.com 23.35.236.24
US www.zendesk.com 172.64.152.49
US www.google.com 142.250.186.100
US xmlpull.org 74.50.61.58
US reddit.com 151.101.1.140
DE facebook.com 157.240.20.35
US verify-staging.uxcam.com 52.20.250.93
US kidsloxsupport.zendesk.com 104.16.51.111
US kidslox.com 18.66.122.122
US ebay.com 216.113.181.253
IE www.advanced.kidslox.com 52.218.121.44
US appleid.apple.com 17.157.64.68
US m.stripe.com 35.166.5.181
US tools.android.com 142.250.185.243
DE gadgets360.com 104.75.89.53
IE hooks.stripe.com 52.210.46.219
US verify.uxcam.com 50.19.166.88
US support.google.com 172.217.16.206
US i.ytimg.com 172.217.16.150
IE files.stripe.com 34.247.101.32
US admin.kdlparentalcontrol.com 34.120.115.37
US xml.org 104.239.240.11
ns.adobe.com
DE www.facebook.com 157.240.20.35
US console.firebase.google.com 142.250.186.46
US is4-ssl.mzstatic.com 23.35.236.24

URL analysis

Information computed with MobSF.

http://ns.adobe.com/xap/1.0/
Defined in v5/a.java
http://dashif.org/guidelines/last-segment-number
data:cs:AudioPurposeCS:2007
http://dashif.org/guidelines/trickmode
Defined in p6/c.java
http://dashif.org/guidelines/last-segment-number
data:cs:AudioPurposeCS:2007
http://dashif.org/guidelines/trickmode
Defined in p6/c.java
http://tools.android.com/tech-docs/new-build-system/user-guide/manifest-merger
Defined in zendesk/belvedere/Storage.java
https://www.zendesk.com/embeddables
Defined in zendesk/support/SupportSdkSettings.java
http://www.w3.org/ns/ttml#parameter
Defined in c7/c.java
https://developer.android.com/reference/com/google/android/play/core/install/model/InstallErrorCode#
Defined in ma/a.java
http://schemas.android.com/apk/res/android
Defined in f0/i.java
https://www.facebook.com/.well-known/oauth/openid/keys/
Defined in r4/b.java
https://plus.google.com/
Defined in f8/n0.java
https://kidslox.page.link/rqve
Defined in com/kidslox/app/viewmodels/RateUsViewModel.java
https://kidslox.page.link/
Defined in com/kidslox/app/viewmodels/BarcodeScannerViewModel.java
https://kidslox.page.link/rqve
Defined in com/kidslox/app/viewmodels/AboutViewModel.java
https://www.tiktok.com/
Defined in com/kidslox/app/workers/webactivity/FetchTikTokMetadataWorker.java
https://i.ytimg.com/vi/
Defined in com/kidslox/app/workers/webactivity/DetectYoutubeWebActivityWorker.java
www.youtube.com
https://www.youtube.com/watch?v=
https://i.ytimg.com/vi/
Defined in com/kidslox/app/workers/webactivity/FetchYouTubeMetadataWorker.java
www.youtube.com
https://www.youtube.com/watch?v=
https://i.ytimg.com/vi/
Defined in com/kidslox/app/workers/webactivity/FetchYouTubeMetadataWorker.java
https://admin.kdlparentalcontrol.com/api/social-sign-in/apple-callback
Defined in com/kidslox/app/social/apple/g.java
https://appleid.apple.com/auth/authorize?response_type=code&v=1.1.6&response_mode=form_post&client_id=com.kidslox-sign-in.android&scope=name%20email&state=
https://admin.kdlparentalcontrol.com/api/social-sign-in/apple-callback
Defined in com/kidslox/app/social/apple/a.java
https://appleid.apple.com/auth/authorize?response_type=code&v=1.1.6&response_mode=form_post&client_id=com.kidslox-sign-in.android&scope=name%20email&state=
https://admin.kdlparentalcontrol.com/api/social-sign-in/apple-callback
Defined in com/kidslox/app/social/apple/a.java
https://www.googleapis.com/auth/userinfo.profile
Defined in com/kidslox/app/social/google/a.java
https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSnfuq9FkxeD90sOD58fN00MTIjh7NBhIER9ho0P7-MwdjKtCWzF-_p4Ez1PW8DqLF0f00&usqp=CAU
https://is2-ssl.mzstatic.com/image/thumb/Purple116/v4/fe/b1/1d/feb11d23-b6c0-a578-bc82-9dc28a7ecb00/source/100x100bb.jpg
https://is4-ssl.mzstatic.com/image/thumb/Purple126/v4/7c/9f/e9/7c9fe956-fde4-cf9d-578f-655b3054dff2/source/100x100bb.jpg
https://is1-ssl.mzstatic.com/image/thumb/Purple126/v4/cd/89/2a/cd892aef-d70a-71be-4647-1c034a499184/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple116/v4/20/85/f5/2085f504-44bc-980b-76d1-babaaa14ee47/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple126/v4/0e/13/ac/0e13ac1e-6510-3a3f-f904-b81d4a0b3812/source/100x100bb.jpg
https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/b8/38/44/b8384476-4507-2117-ec8d-30b8862d2ea2/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple126/v4/0d/79/22/0d792293-0ab6-7533-0367-2a2f46ccda4b/source/100x100bb.jpg
https://is4-ssl.mzstatic.com/image/thumb/Purple126/v4/e9/e4/b4/e9e4b442-a3d8-450f-6ed7-d97044469247/source/100x100bb.jpg
Defined in com/kidslox/app/repositories/e.java
https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSnfuq9FkxeD90sOD58fN00MTIjh7NBhIER9ho0P7-MwdjKtCWzF-_p4Ez1PW8DqLF0f00&usqp=CAU
https://is2-ssl.mzstatic.com/image/thumb/Purple116/v4/fe/b1/1d/feb11d23-b6c0-a578-bc82-9dc28a7ecb00/source/100x100bb.jpg
https://is4-ssl.mzstatic.com/image/thumb/Purple126/v4/7c/9f/e9/7c9fe956-fde4-cf9d-578f-655b3054dff2/source/100x100bb.jpg
https://is1-ssl.mzstatic.com/image/thumb/Purple126/v4/cd/89/2a/cd892aef-d70a-71be-4647-1c034a499184/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple116/v4/20/85/f5/2085f504-44bc-980b-76d1-babaaa14ee47/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple126/v4/0e/13/ac/0e13ac1e-6510-3a3f-f904-b81d4a0b3812/source/100x100bb.jpg
https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/b8/38/44/b8384476-4507-2117-ec8d-30b8862d2ea2/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple126/v4/0d/79/22/0d792293-0ab6-7533-0367-2a2f46ccda4b/source/100x100bb.jpg
https://is4-ssl.mzstatic.com/image/thumb/Purple126/v4/e9/e4/b4/e9e4b442-a3d8-450f-6ed7-d97044469247/source/100x100bb.jpg
Defined in com/kidslox/app/repositories/e.java
https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSnfuq9FkxeD90sOD58fN00MTIjh7NBhIER9ho0P7-MwdjKtCWzF-_p4Ez1PW8DqLF0f00&usqp=CAU
https://is2-ssl.mzstatic.com/image/thumb/Purple116/v4/fe/b1/1d/feb11d23-b6c0-a578-bc82-9dc28a7ecb00/source/100x100bb.jpg
https://is4-ssl.mzstatic.com/image/thumb/Purple126/v4/7c/9f/e9/7c9fe956-fde4-cf9d-578f-655b3054dff2/source/100x100bb.jpg
https://is1-ssl.mzstatic.com/image/thumb/Purple126/v4/cd/89/2a/cd892aef-d70a-71be-4647-1c034a499184/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple116/v4/20/85/f5/2085f504-44bc-980b-76d1-babaaa14ee47/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple126/v4/0e/13/ac/0e13ac1e-6510-3a3f-f904-b81d4a0b3812/source/100x100bb.jpg
https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/b8/38/44/b8384476-4507-2117-ec8d-30b8862d2ea2/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple126/v4/0d/79/22/0d792293-0ab6-7533-0367-2a2f46ccda4b/source/100x100bb.jpg
https://is4-ssl.mzstatic.com/image/thumb/Purple126/v4/e9/e4/b4/e9e4b442-a3d8-450f-6ed7-d97044469247/source/100x100bb.jpg
Defined in com/kidslox/app/repositories/e.java
https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSnfuq9FkxeD90sOD58fN00MTIjh7NBhIER9ho0P7-MwdjKtCWzF-_p4Ez1PW8DqLF0f00&usqp=CAU
https://is2-ssl.mzstatic.com/image/thumb/Purple116/v4/fe/b1/1d/feb11d23-b6c0-a578-bc82-9dc28a7ecb00/source/100x100bb.jpg
https://is4-ssl.mzstatic.com/image/thumb/Purple126/v4/7c/9f/e9/7c9fe956-fde4-cf9d-578f-655b3054dff2/source/100x100bb.jpg
https://is1-ssl.mzstatic.com/image/thumb/Purple126/v4/cd/89/2a/cd892aef-d70a-71be-4647-1c034a499184/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple116/v4/20/85/f5/2085f504-44bc-980b-76d1-babaaa14ee47/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple126/v4/0e/13/ac/0e13ac1e-6510-3a3f-f904-b81d4a0b3812/source/100x100bb.jpg
https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/b8/38/44/b8384476-4507-2117-ec8d-30b8862d2ea2/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple126/v4/0d/79/22/0d792293-0ab6-7533-0367-2a2f46ccda4b/source/100x100bb.jpg
https://is4-ssl.mzstatic.com/image/thumb/Purple126/v4/e9/e4/b4/e9e4b442-a3d8-450f-6ed7-d97044469247/source/100x100bb.jpg
Defined in com/kidslox/app/repositories/e.java
https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSnfuq9FkxeD90sOD58fN00MTIjh7NBhIER9ho0P7-MwdjKtCWzF-_p4Ez1PW8DqLF0f00&usqp=CAU
https://is2-ssl.mzstatic.com/image/thumb/Purple116/v4/fe/b1/1d/feb11d23-b6c0-a578-bc82-9dc28a7ecb00/source/100x100bb.jpg
https://is4-ssl.mzstatic.com/image/thumb/Purple126/v4/7c/9f/e9/7c9fe956-fde4-cf9d-578f-655b3054dff2/source/100x100bb.jpg
https://is1-ssl.mzstatic.com/image/thumb/Purple126/v4/cd/89/2a/cd892aef-d70a-71be-4647-1c034a499184/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple116/v4/20/85/f5/2085f504-44bc-980b-76d1-babaaa14ee47/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple126/v4/0e/13/ac/0e13ac1e-6510-3a3f-f904-b81d4a0b3812/source/100x100bb.jpg
https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/b8/38/44/b8384476-4507-2117-ec8d-30b8862d2ea2/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple126/v4/0d/79/22/0d792293-0ab6-7533-0367-2a2f46ccda4b/source/100x100bb.jpg
https://is4-ssl.mzstatic.com/image/thumb/Purple126/v4/e9/e4/b4/e9e4b442-a3d8-450f-6ed7-d97044469247/source/100x100bb.jpg
Defined in com/kidslox/app/repositories/e.java
https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSnfuq9FkxeD90sOD58fN00MTIjh7NBhIER9ho0P7-MwdjKtCWzF-_p4Ez1PW8DqLF0f00&usqp=CAU
https://is2-ssl.mzstatic.com/image/thumb/Purple116/v4/fe/b1/1d/feb11d23-b6c0-a578-bc82-9dc28a7ecb00/source/100x100bb.jpg
https://is4-ssl.mzstatic.com/image/thumb/Purple126/v4/7c/9f/e9/7c9fe956-fde4-cf9d-578f-655b3054dff2/source/100x100bb.jpg
https://is1-ssl.mzstatic.com/image/thumb/Purple126/v4/cd/89/2a/cd892aef-d70a-71be-4647-1c034a499184/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple116/v4/20/85/f5/2085f504-44bc-980b-76d1-babaaa14ee47/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple126/v4/0e/13/ac/0e13ac1e-6510-3a3f-f904-b81d4a0b3812/source/100x100bb.jpg
https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/b8/38/44/b8384476-4507-2117-ec8d-30b8862d2ea2/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple126/v4/0d/79/22/0d792293-0ab6-7533-0367-2a2f46ccda4b/source/100x100bb.jpg
https://is4-ssl.mzstatic.com/image/thumb/Purple126/v4/e9/e4/b4/e9e4b442-a3d8-450f-6ed7-d97044469247/source/100x100bb.jpg
Defined in com/kidslox/app/repositories/e.java
https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSnfuq9FkxeD90sOD58fN00MTIjh7NBhIER9ho0P7-MwdjKtCWzF-_p4Ez1PW8DqLF0f00&usqp=CAU
https://is2-ssl.mzstatic.com/image/thumb/Purple116/v4/fe/b1/1d/feb11d23-b6c0-a578-bc82-9dc28a7ecb00/source/100x100bb.jpg
https://is4-ssl.mzstatic.com/image/thumb/Purple126/v4/7c/9f/e9/7c9fe956-fde4-cf9d-578f-655b3054dff2/source/100x100bb.jpg
https://is1-ssl.mzstatic.com/image/thumb/Purple126/v4/cd/89/2a/cd892aef-d70a-71be-4647-1c034a499184/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple116/v4/20/85/f5/2085f504-44bc-980b-76d1-babaaa14ee47/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple126/v4/0e/13/ac/0e13ac1e-6510-3a3f-f904-b81d4a0b3812/source/100x100bb.jpg
https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/b8/38/44/b8384476-4507-2117-ec8d-30b8862d2ea2/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple126/v4/0d/79/22/0d792293-0ab6-7533-0367-2a2f46ccda4b/source/100x100bb.jpg
https://is4-ssl.mzstatic.com/image/thumb/Purple126/v4/e9/e4/b4/e9e4b442-a3d8-450f-6ed7-d97044469247/source/100x100bb.jpg
Defined in com/kidslox/app/repositories/e.java
https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSnfuq9FkxeD90sOD58fN00MTIjh7NBhIER9ho0P7-MwdjKtCWzF-_p4Ez1PW8DqLF0f00&usqp=CAU
https://is2-ssl.mzstatic.com/image/thumb/Purple116/v4/fe/b1/1d/feb11d23-b6c0-a578-bc82-9dc28a7ecb00/source/100x100bb.jpg
https://is4-ssl.mzstatic.com/image/thumb/Purple126/v4/7c/9f/e9/7c9fe956-fde4-cf9d-578f-655b3054dff2/source/100x100bb.jpg
https://is1-ssl.mzstatic.com/image/thumb/Purple126/v4/cd/89/2a/cd892aef-d70a-71be-4647-1c034a499184/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple116/v4/20/85/f5/2085f504-44bc-980b-76d1-babaaa14ee47/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple126/v4/0e/13/ac/0e13ac1e-6510-3a3f-f904-b81d4a0b3812/source/100x100bb.jpg
https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/b8/38/44/b8384476-4507-2117-ec8d-30b8862d2ea2/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple126/v4/0d/79/22/0d792293-0ab6-7533-0367-2a2f46ccda4b/source/100x100bb.jpg
https://is4-ssl.mzstatic.com/image/thumb/Purple126/v4/e9/e4/b4/e9e4b442-a3d8-450f-6ed7-d97044469247/source/100x100bb.jpg
Defined in com/kidslox/app/repositories/e.java
https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSnfuq9FkxeD90sOD58fN00MTIjh7NBhIER9ho0P7-MwdjKtCWzF-_p4Ez1PW8DqLF0f00&usqp=CAU
https://is2-ssl.mzstatic.com/image/thumb/Purple116/v4/fe/b1/1d/feb11d23-b6c0-a578-bc82-9dc28a7ecb00/source/100x100bb.jpg
https://is4-ssl.mzstatic.com/image/thumb/Purple126/v4/7c/9f/e9/7c9fe956-fde4-cf9d-578f-655b3054dff2/source/100x100bb.jpg
https://is1-ssl.mzstatic.com/image/thumb/Purple126/v4/cd/89/2a/cd892aef-d70a-71be-4647-1c034a499184/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple116/v4/20/85/f5/2085f504-44bc-980b-76d1-babaaa14ee47/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple126/v4/0e/13/ac/0e13ac1e-6510-3a3f-f904-b81d4a0b3812/source/100x100bb.jpg
https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/b8/38/44/b8384476-4507-2117-ec8d-30b8862d2ea2/source/100x100bb.jpg
https://is5-ssl.mzstatic.com/image/thumb/Purple126/v4/0d/79/22/0d792293-0ab6-7533-0367-2a2f46ccda4b/source/100x100bb.jpg
https://is4-ssl.mzstatic.com/image/thumb/Purple126/v4/e9/e4/b4/e9e4b442-a3d8-450f-6ed7-d97044469247/source/100x100bb.jpg
Defined in com/kidslox/app/repositories/e.java
https://www.youtube.com/watch?v=
https://i.ytimg.com/vi/
Defined in com/kidslox/app/repositories/c0.java
https://www.youtube.com/watch?v=
https://i.ytimg.com/vi/
Defined in com/kidslox/app/repositories/c0.java
https://www.tiktok.com/
https://www.tik
Defined in com/kidslox/app/repositories/w.java
https://www.google.com/search?client=opera&q=How+to+fight+with+zombies&sourceid=opera&ie=UTF-8&oe=UTF-8
https://www.google.com/search?client=opera&q=Pranks+for+friends&sourceid=opera&ie=UTF-8&oe=UTF-8
https://www.google.com/search?q=the+longest+word+in+English&client=opera&hs=XvP&sxsrf=APq-WBuNYqthqd0CwK2VK9_W553oBU8biQ%3A1648043396960&ei=hCU7YoaTOtCGrwSDibiADQ&ved=0ahUKEwiG5f-JsNz2AhVQw4sKHYMEDtAQ4dUDCA0&uact=5&oq=the+longest+word+in+English&gs_lcp=Cgdnd3Mtd2l6EAMyBAgjECcyBQgAEIAEMgUIABCABDIFCAAQgAQyBQgAEIAEMgUIABCABDIFCAAQgAQyBQgAEIAEMgUIABCABDIFCAAQgAQ6BwgAEEcQsAM6BwgAELADEENKBAhBGABKBAhGGABQxQhYxQhgyA9oAnABeACAAVCIAVCSAQExmAEAoAEByAEKwAEB&sclient=gws-wiz
https://www.google.com/search?q=Is+there+a+spell+to+become+a+
https://www.google.com/search?client=opera&q=What+is+at+the+end+of+the+rainbow%3F&sourceid=opera&ie=UTF-8&oe=UTF-8
https://www.google.com/search?q=How+many+km+in+a+mile&client=opera&hs=Zzk&sxsrf=APq-WBvh7IgbXyYK2HZlyofH0kHgSLKrDw%3A1648044929921&ei=gSs7YuToN8LHrgSziK-YBA&ved=0ahUKEwikrfzktdz2AhXCo4sKHTPEC0MQ4dUDCA0&oq=How+many+km+in+a+mile&gs_lcp=Cgdnd3Mtd2l6EAwyBQgAEIAEMgUIABCABDIFCAAQgAQyBQgAEIAEMgUIABCABDIFCAAQgAQyBggAEBYQHjIGCAAQFhAeMgYIABAWEB4yBggAEBYQHjoHCAAQRxCwA0oECEEYAEoECEYYAFCtSlitSmDbT2gBcAF4AIABXIgBXJIBATGYAQCgAQKgAQHIAQjAAQE&sclient=gws-wiz
https://www.google.com/search?q=Funny+games&client=opera&hs=Hg5&sxsrf=APq-WBtCNq0XmF508R6-rotAgnkv_F1uWQ%3A1648045016967&ei=2Cs7Ys3aOszHrgScyrS4AQ&ved=0ahUKEwjNpr2Ottz2AhXMo4sKHRwlDRcQ4dUDCA0&uact=5&oq=Funny+games&gs_lcp=Cgdnd3Mtd2l6EAMyCAguENQCEMsBMgUIABDLATIFCAAQywEyBQgAEMsBMgUILhDLATIFCAAQywEyBQgAEMsBMgUIABDLATIFCAAQywEyBQgAEMsBOgQIIxAnOgoILhDHARDRAxBDOg4ILhCABBDHARCvARDUAjoFCAAQgAQ6CwguEIAEEMcBENEDOgUIABCRAjoHCC4Q1AIQQzoECAAQQzoKCAAQgAQQhwIQFDoFCC4QgARKBAhBGABKBAhGGABQAFieFWCYFmgAcAF4AIABhgGIAcEIkgEDNy40mAEAoAEBwAEB&sclient=gws-wiz
https://www.google.com/search?q=Naked+girls&client=opera&hs=L2k&sxsrf=APq-WBsTGpC5HPCE14hlsBZnS_FK13JVRg%3A1648045101759&ei=LSw7YoT7LeehrgSErLeAAw&ved=0ahUKEwjExfS2ttz2AhXnkIsKHQTWDTAQ4dUDCA0&uact=5&oq=Naked+girls&gs_lcp=Cgdnd3Mtd2l6EAM6BwgAEEcQsAM6BwgAELADEEM6CggAEOQCELADGAE6DAguEMgDELADEEMYAjoECCMQJzoECC4QQzoKCC4QxwEQ0QMQQzoFCAAQgAQ6CAguEIAEENQCOgQIABBDOgcILhDUAhBDOgUILhCABDoLCC4QgAQQxwEQ0QM6BwgAEIAEEAo6BQgAEMsBOgsILhDHARDRAxDLAToICC4Q1AIQywFKBAhBGABKBAhGGAFQ2gtYkh5gsR5oAXABeACAAXGIAagHkgEDNy4zmAEAoAEByAETwAEB2gEGCAEQARgJ2gEGCAIQARgI&sclient=gws-wiz
https://www.google.com/search?q=violent+punishment&client=opera&sxsrf=APq-WBsIJqSNlmd_jK5B3rMnsX-d4jR4xA%3A1648045573219&ei=BS47YqWCDcjLrgTLi7DoCg&oq=violent+pu&gs_lcp=Cgdnd3Mtd2l6EAMYAjIECAAQCjIHCAAQgAQQCjIFCAAQgAQyBAgAEAoyBAgAEAoyBQgAEIAEMgQIABAKMgUIABCABDIFCAAQgAQyBQgAEIAEOgQIIxAnOggILhDUAhCRAjoFCAAQkQI6CwguEIAEEMcBEKMCOgsILhCABBDHARDRAzoECAAQQzoHCC4Q1AIQQzoNCC4QxwEQowIQ1AIQQzoECC4QQzoFCAAQywE6BQguEMsBOggILhDUAhDLAToKCAAQgAQQhwIQFDoFCC4QgARKBAhBGAFKBAhGGABQtg1Y5h1ggi9oAXAAeACAAWaIAZ0HkgEDOC4ymAEAoAEBwAEB&sclient=gws-wiz
https://www.google.com/search?q=Girl+in+bra&client=opera&sxsrf=APq-WBuvR3xJXgiLx-N586xX7XwwVm88lQ%3A1648045791844&ei=3y47YvGSM6OHrwTUv7_gDA&ved=0ahUKEwix_vv_uNz2AhWjw4sKHdTfD8wQ4dUDCA0&uact=5&oq=Girl+in+bra&gs_lcp=Cgdnd3Mtd2l6EAMyBQgAEIAEMgUIABCABDIFCAAQgAQyBQgAEIAEMgUIABCABDIFCAAQgAQyBQgAEIAEMgUIABCABDIFCAAQgAQyBQgAEIAEOgkIABCwAxAHEB46CAgAEIAEELADOgkIABCwAxAFEB46CwgAELADEAUQChAeOgkIABCwAxAIEB46BAgjECc6BQgAEJECOgoILhDHARDRAxBDOgQIABBDOggILhDUAhCRAjoLCC4QgAQQxwEQ0QM6CgguEIAEEIcCEBQ6CAguEIAEENQCOgsILhCABBDHARCvAToFCC4QgAQ6BQguEJECOggILhDUAhDLAToFCC4QywE6BQgAEMsBSgQIQRgBSgQIRhgAUJA_WNFYYKtoaAFwAHgAgAHKAYgBhAmSAQU2LjQuMZgBAKABAcgBCsABAQ&sclient=gws-wiz
https://www.google.com/search?client=opera&q=Execution+video&sourceid=opera&ie=UTF-8&oe=UTF-8
https://www.google.com/search?q=Drug+dealer&client=opera&hs=lIl&sxsrf=APq-WBujnhtGy-aGTti6lgLRbByWV3VfCw%3A1648046119224&ei=JzA7YquVDcn5qwHF1LWADA&ved=0ahUKEwjrxImcutz2AhXJ_CoKHUVqDcAQ4dUDCA0&oq=Drug+dealer&gs_lcp=Cgdnd3Mtd2l6EAwyCAguENQCEJECMggILhDUAhCRAjIFCAAQywEyBQgAEMsBMgUIABDLATIFCAAQywEyBQgAEMsBMgUIABDLATIFCAAQywEyBQgAEMsBSgQIQRgBSgQIRhgAUMcBWMcBYNsGaAFwAHgAgAF2iAF2kgEDMC4xmAEAoAECoAEBwAEB&sclient=gws-wiz
https://www.google.com/search?client=opera&q=How+to+get+away+with+murder&sourceid=opera&ie=UTF-8&oe=UTF-8
https://youtu.be/knAYcg7Tt8E
https://i.ytimg.com/vi/knAYcg7Tt8E/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLDoZWGXlw8fJbU3OlReO-J6pIQaDg
https://youtu.be/B38eWbSuSiM
https://i.ytimg.com/vi/B38eWbSuSiM/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLDB0buQQDgCJa_ElstKD3-PFOFT-A
https://youtu.be/VGt-BZ-SxGI
https://i.ytimg.com/vi/VGt-BZ-SxGI/hq720.jpg?sqp=-oaymwEjCOgCEMoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLCX3D2YRTnROrt9Ahvx4ab6FZJotQ
https://youtu.be/vzzsqQ6RxT0
https://i.ytimg.com/vi/vzzsqQ6RxT0/hq720.jpg?sqp=-oaymwEjCOgCEMoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLA_JDEPPpLZT4XvSkq83CE9wb6s3w
https://youtu.be/r3iSRAcqI6Q
https://i.ytimg.com/vi/r3iSRAcqI6Q/hq720.jpg?sqp=-oaymwEjCOgCEMoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLCKLbJa115_KQC-NNsULWUJb5cnDA
https://wikipedia.org
https://reddit.com
https://ebay.com
https://gadgets360.com/
https://www.google.com/