Moderate Risk

Threat level

com.samsung.android.knox.containeragent

Work profile

Analyzed on 2021-12-30T14:17:06.255361

66

permissions

20

activities

3

services

4

receivers

1

domains

File sums

MD5 2ad04906ea978513324f73e0c00972ad
SHA1 3a486cbfba519733d9735f73d3f2b00065f4839b
SHA256 fc99a991abb807d6f5e92b5eaf39ba1d89f30518b04016576f5746edb3b7c79c
Size 7.3MB

APKiD

Information computed with APKiD.

/tmp/tmplrkpas6k!classes.dex
yara_issue
  • yara issue - dex file recognized by apkid but not yara module
anti_vm
  • Build.MANUFACTURER check
  • ro.build.type check
compiler
  • unknown (please file detection issue!)

SSdeep

Information computed with ssdeep.

APK file 98304:U6WobhlUizalte9y6uCvnM/6zeurfN9gXbXAda+rzqCjUGFi9F:U6uizSq+8nrIbXwa+HZrEF
Manifest 768:7q89Pktus//OFw3FSqbJ291yyO5tRACvQTbnzZ6J62Xfi/p5o7rxi7wEkDnWfGKg:…
classes.dex 49152:Ps6Wo/DsufNlUiz4MWCQlk0DIMnsn4atU:U6WobhlUizalt1

Dexofuzzy

Information computed with Dexofuzzy.

classes.dex None

APK details

Information computed with AndroGuard and Pithus.

Package com.samsung.android.knox.containeragent
App name Work profile
Version name 2.7.05001015
Version code 5001015
SDK 30 - 29
UAID 1d628a0762295ee332ec35f42fdbe3e1111b5726
Signature Signature V1 Signature V2
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown

Certificate details

Information computed with AndroGuard.

MD5 d087e72912fba064cafa78dc34aea839
SHA1 9ca5170f381919dfe0446fcdab18b19a143b3163
SHA256 34df0e7a9f1cf1892e45c056b4973cd81ccf148a4050d11aea4ac5a65f900a42
Issuer Email Address: android.os@samsung.com, Common Name: Samsung Cert, Organizational Unit: DMC, Organization: Samsung Corporation, Locality: Suwon City, State/Province: South Korea, Country: KR
Not before 2011-06-22T12:25:12+00:00
Not after 2038-11-07T12:25:12+00:00

File Analysis

Information computed with MobSF.

Findings Files
Certificate/Key files hardcoded inside the app. SEC-INF/buildConfirm.crt
assets/certificates/knoxlog-cloud-prod
assets/certificates/knoxlog-cloud-qa

Manifest analysis

Information computed with MobSF.

Low App is direct-boot aware [android:directBootAware=true]
This app can run before the user unlocks the device. If you're using a custom subclass of Application, and if any component inside your application is direct - boot aware, then your entire custom application is considered to be direct - boot aware.During Direct Boot, your application can only access the data that is stored in device protected storage.
Low App has a Network Security Configuration[android:networkSecurityConfig=@xml/network_security_config]
The Network Security Configuration feature lets apps customize their network security settings in a safe, declarative configuration file without modifying app code. These settings can be configured for specific domains and for a specific app.
High TaskAffinity is set for Activity
(com.samsung.android.knox.containeragent.settings.KnoxSettingsActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Activity-Alias (com.samsung.android.knox.containeragent.settings.KnoxSettingsActivityIconIII) is not Protected.An intent-filter exists.
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity-Alias is explicitly exported.
High Activity-Alias (com.samsung.android.knox.containeragent.settings.KnoxSettingsActivityIconII) is not Protected.An intent-filter exists.
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity-Alias is explicitly exported.
High Activity-Alias (com.samsung.android.knox.containeragent.settings.KnoxSettingsActivityIconI) is not Protected.An intent-filter exists.
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity-Alias is explicitly exported.
High TaskAffinity is set for Activity
(com.samsung.android.knox.containeragent.settings.KnoxSettingsListActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
Low Activity (com.samsung.android.knox.containeragent.settings.search.SearchGateActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.samsung.android.knox.permission.SEARCH_KNOX_SETTINGS
protectionLevel: signatureOrSystem [android:exported=true]
An Activity is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
High TaskAffinity is set for Activity
(com.samsung.android.knox.containeragent.settings.KnoxSettingsAboutKnoxActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Activity (com.samsung.android.knox.containeragent.settings.KnoxSettingsAboutKnoxActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High TaskAffinity is set for Activity
(com.samsung.android.knox.containeragent.settings.KnoxSettingsTimeoutActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High TaskAffinity is set for Activity
(com.samsung.android.knox.containeragent.settings.KnoxSettingCheckLockTypeActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Activity (com.samsung.android.knox.containeragent.usage.ActiveKeyPressShortcut) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.samsung.android.knox.containeragent.switcher.SwitchMainActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.samsung.android.knox.containeragent.switcher.GlobalSettingsIcon) is not Protected.An intent-filter exists.
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity-Alias is explicitly exported.
High Activity-Alias (com.samsung.android.knox.containeragent.switcher.SMSIcon) is not Protected.An intent-filter exists.
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity-Alias is explicitly exported.
High Activity-Alias (com.samsung.android.knox.containeragent.switcher.PhoneIcon) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.samsung.android.knox.containeragent.knoxkeyguard.LockdownActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.samsung.android.knox.containeragent.switcher.KnoxCoreSwitchMainActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.samsung.android.knox.containeragent.switcher.SwitchToKnoxIconIII) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.samsung.android.knox.containeragent.switcher.SwitchToKnoxIconII) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.samsung.android.knox.containeragent.switcher.SwitchToKnoxIconI) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.samsung.android.knox.containeragent.switcher.WorkProfileSettingsLauncher) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.samsung.android.knox.containeragent.switcher.WorkspaceSettingsLauncher) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.samsung.android.knox.containeragent.switcher.KnoxCoreSwitchMainPermissionActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.samsung.android.knox.permission.KNOX_ENTERPRISE_DEVICE_ADMIN [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (com.samsung.android.knox.containeragent.switcher.HomeReplaceActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.samsung.android.knox.containeragent.EmptyKioskActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.samsung.android.knox.containeragent.rcpcomponents.move.receiver.CommonReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Broadcast Receiver (com.samsung.android.knox.containeragent.switcher.KLMS.KLMSReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.samsung.android.knox.permission.KNOX_LICENSE_INTERNAL [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
Low Service (com.samsung.android.knox.containeragent.rcpcomponents.move.handlers.FileOperationsHandler) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.sec.knox.bridge.permission.FILE_OPERATION_HANDLER
protectionLevel: signatureOrSystem [android:exported=true]
A Service is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
Low Service (com.samsung.android.knox.containeragent.rcpcomponents.sync.RCPSyncerSecure) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.samsung.android.knox.containeragent.rcpcomponents.permission.MANAGE_RCP
protectionLevel: signatureOrSystem [android:exported=true]
A Service is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
Low Content Provider (com.samsung.android.knox.containeragent.rcpcomponents.move.provider.KnoxContentMgrDbProvider) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.samsung.knox.rcp.permission.ACCESS_KNOX_CONTENT_MGR_DB_PROVIDER
protectionLevel: signatureOrSystem [android:exported=true]
A Content Provider is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
High Content Provider (com.samsung.android.knox.containeragent.settings.search.KnoxSettingsSearchIndexablesProvider) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.READ_SEARCH_INDEXABLES [android:exported=true]
A Content Provider is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
Low Content Provider (com.samsung.android.knox.containeragent.rcpcomponents.sync.RCPDumpStateProvider) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.samsung.knox.rcp.permission.ACCESS_RCP_DUMP_STATE_PROVIDER
protectionLevel: signatureOrSystem [android:exported=true]
A Content Provider is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
Low Broadcast Receiver (com.samsung.android.knox.containeragent.rcpcomponents.shortcut.PersonaShortcutReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.sec.knox.admin.permission.ACTION_MANAGE_SHORTCUT
protectionLevel: signatureOrSystem [android:exported=true]
A Broadcast Receiver is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.

Activities

Information computed with AndroGuard.

com.samsung.android.knox.containeragent.settings.KnoxDrawerActivity
com.samsung.android.knox.containeragent.settings.KnoxSettingsActivity
com.samsung.android.knox.containeragent.settings.KnoxSettingsShortcutActivity
com.samsung.android.knox.containeragent.settings.KnoxSettingsListActivity
com.samsung.android.knox.containeragent.settings.search.SearchGateActivity
com.samsung.android.knox.containeragent.settings.KnoxSettingsAboutKnoxActivity
com.samsung.android.knox.containeragent.settings.KnoxSettingsShowTermsAndConditionsActivity
com.samsung.android.knox.containeragent.settings.KnoxSettingsShowOpenSourceLicensesActivity
com.samsung.android.knox.containeragent.settings.OpenSourceLicenseActivity
com.samsung.android.knox.containeragent.settings.KnoxSettingsOtherSecuritySettings
com.samsung.android.knox.containeragent.settings.KnoxSettingsTimeoutActivity
com.samsung.android.knox.containeragent.settings.KnoxSettingCheckLockTypeActivity
com.samsung.android.knox.containeragent.settings.KnoxSettingsLauncherActivity
com.samsung.android.knox.containeragent.usage.ActiveKeyPressShortcut
com.samsung.android.knox.containeragent.switcher.SwitchMainActivity
com.samsung.android.knox.containeragent.knoxkeyguard.LockdownActivity
com.samsung.android.knox.containeragent.switcher.KnoxCoreSwitchMainActivity
com.samsung.android.knox.containeragent.switcher.HomeReplaceActivity
com.samsung.android.knox.containeragent.rcpcomponents.move.activity.MoveToKnoxGateActivity
com.samsung.android.knox.containeragent.EmptyKioskActivity

Receivers

Information computed with AndroGuard.

com.samsung.android.knox.containeragent.rcpcomponents.move.receiver.CommonReceiver
com.samsung.android.knox.containeragent.switcher.KLMS.KLMSReceiver
com.samsung.android.knox.containeragent.rcpcomponents.shortcut.PersonaShortcutReceiver
androidx.remotecallback.ProviderRelayReceiver

Services

Information computed with AndroGuard.

com.samsung.android.knox.containeragent.rcpcomponents.move.handlers.FileOperationsHandler
com.samsung.android.knox.containeragent.rcpcomponents.sync.RCPSyncerSecure
com.samsung.android.knox.containeragent.rcpcomponents.move.service.BackgroundWorkerService

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['bluetooth', 'network connectivity'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to ['calender', 'address book'].
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product.
Protection of Data in Transit
FIA_X509_EXT.2.1 The application use X.509v3 certificates as defined by RFC 5280 to support authentication for HTTPS , TLS.
X.509 Certificate Authentication

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 com/samsung/android/knox/container/RCPPolicy.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/contacts/RCPContactsProviderWorker.java
com/samsung/android/knox/containeragent/EmptyKioskActivity.java
com/samsung/android/knox/lockscreen/LSOItemData.java
com/samsung/android/knox/containeragent/rcpcomponents/move/provider/KnoxContentMgrDbProvider.java
com/samsung/android/knox/containeragent/settings/KnoxDrawerActivity.java
com/samsung/android/knox/containeragent/switcher/KLMS/KLMSReceiver.java
com/samsung/android/knox/containeragent/switcher/folderlauncher2/util/KnoxLog.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsListActivity.java
com/samsung/android/settingslib/wifi/WifiQoSScoreCache.java
com/samsung/android/knox/lockscreen/LSOInterface.java
com/samsung/android/knox/container/ContainerCreationParams.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsShowTermsAndConditionsActivity.java
com/samsung/android/knox/container/ContainerModeConfigurationType.java
com/samsung/android/knox/EnterpriseDeviceManager.java
com/samsung/android/knox/containeragent/settings/search/KnoxSettingsSearchIndexablesProvider.java
com/samsung/android/knox/lockscreen/EmergencyPhoneWidget.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/contacts/RCPNewContactsSyncer.java
com/samsung/android/knox/containeragent/settings/search/SearchGateActivity.java
com/samsung/android/knox/containeragent/switcher/folderlauncher2/util/Utils.java
com/samsung/android/knox/lockscreen/LockscreenOverlayView.java
com/samsung/android/knox/containeragent/settings/Utils.java
com/samsung/android/knox/container/LightweightConfigurationType.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsActivity.java
com/samsung/android/knox/containeragent/rcpcomponents/move/receiver/CommonReceiver.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/Util.java
com/samsung/android/knox/containeragent/switcher/KLMS/KLMSUtils.java
com/samsung/android/knox/restriction/RestrictionPolicy.java
com/samsung/android/knox/application/ApplicationPolicy.java
com/samsung/android/knox/container/EnterpriseContainerObject.java
com/samsung/android/knox/containeragent/settings/KnoxSettingCheckLockTypeActivity.java
com/samsung/android/knox/lockscreen/LSOItemCreator.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsTimeoutListAdapter.java
com/samsung/android/knox/containeragent/rcpcomponents/move/activity/MoveToKnoxGateActivity.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsFragment.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/calendar/RCPCalendarProviderWorker.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsAboutKnoxActivity.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsDataToShare.java
com/samsung/android/knox/containeragent/rcpcomponents/move/operations/ExchangeContactData.java
com/samsung/android/knox/EnterpriseKnoxManager.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsMore.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/calendar/db/CalendarRCPDBInterface.java
com/samsung/android/knox/lockscreen/LSOAttributeSet.java
com/samsung/android/knox/container/SecureFolderConfigurationType.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsShortcutActivity.java
com/samsung/android/tencentwifisecurity/TencentSecurityWifiManager.java
com/samsung/android/knox/lockscreen/LSOUtils.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/contacts/db/DataBaseHelper.java
com/samsung/android/knox/containeragent/knoxkeyguard/LockdownActivity.java
com/samsung/android/knox/containeragent/switcher/SwitchMainActivity.java
com/samsung/android/knox/ucm/core/ucmRetParcelable.java
com/samsung/android/knox/containeragent/rcpcomponents/move/handlers/FileOperationsHandler.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/calendar/db/DataBaseHelper.java
com/samsung/android/settingslib/applications/cachedb/AppListCacheManager.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/calendar/RCPCalendarSyncerWorker.java
com/samsung/android/knox/containeragent/switcher/KnoxCoreSwitchMainActivity.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/RCPSyncerSecure.java
com/samsung/android/knox/license/EnterpriseLicenseManager.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/contacts/RCPContactsSyncerWorker.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsOtherSecuritySettings.java
com/samsung/android/knox/container/ContainerConfigurationPolicy.java
com/samsung/android/knox/containeragent/rcpcomponents/move/util/MoveUtils.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsShowOpenSourceLicensesActivity.java
com/samsung/android/knox/containeragent/settings/search/HighlightablePreferenceGroupAdapter.java
com/samsung/android/knox/containeragent/rcpcomponents/shortcut/PersonaShortcutReceiver.java
com/samsung/android/knox/containeragent/rcpcomponents/move/service/BackgroundWorkerService.java
com/samsung/android/settingslib/wifi/AccessPointFilter.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsLauncherActivity.java
com/samsung/android/knox/containeragent/switcher/HomeReplaceActivity.java
com/samsung/android/knox/devicesecurity/PasswordPolicy.java
com/samsung/android/knox/container/KnoxContainerManager.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/contacts/db/ContactsRCPDBInterface.java
com/samsung/android/settingslib/wifi/AccessPointFlags.java
com/samsung/android/knox/containeragent/settings/OpenSourceLicenseActivity.java
com/samsung/android/knox/lockscreen/LSOWidgetView.java
com/samsung/android/knox/containeragent/rcpcomponents/move/util/KnoxLog.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsTimeoutActivity.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/RCPDumpStateProvider.java
com/samsung/android/knox/container/KnoxConfigurationType.java
com/samsung/android/knox/containeragent/usage/ActiveKeyPressShortcut.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsNotifications.java
com/samsung/android/knox/lockscreen/InvisibleOverlay.java
com/samsung/android/knox/containeragent/settings/AboutKnoxFragment.java
com/samsung/android/knox/container/BBCConfigurationType.java
com/samsung/android/knox/containeragent/rcpcomponents/move/util/DataBaseHelper.java
High
CVSS:5.9
App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
M7: Client Code Quality
Files:
 com/samsung/android/knox/containeragent/rcpcomponents/sync/contacts/db/DataBaseHelper.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/contacts/RCPNewContactsSyncer.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/calendar/db/DataBaseHelper.java
com/samsung/android/knox/containeragent/rcpcomponents/move/util/DataBaseHelper.java
Pygal United States: 100

Map computed by Pithus.

Network analysis

Information computed with MobSF.

High Base config is insecurely configured to permit clear text traffic to all domains.
Scope: ['*']

Domains analysis

Information computed with MobSF.

US www.example.com 93.184.216.34

URL analysis

Information computed with MobSF.

https://www.example.com/proxy.pac
Defined in Android String Resource

Permissions analysis

Information computed with MobSF.

High android.permission.READ_CALENDAR read calendar events
Allows an application to read all of the calendar events stored on your phone. Malicious applications can use this to send your calendar events to other people.
High android.permission.WRITE_CALENDAR add or modify calendar events and send emails to guests
Allows an application to add or change the events on your calendar, which may send emails to guests. Malicious applications can use this to erase or modify your calendar events or to send emails to guests.
High android.permission.READ_CONTACTS read contact data
Allows an application to read all of the contact (address) data stored on your phone. Malicious applications can use this to send your data to other people.
High android.permission.WRITE_CONTACTS write contact data
Allows an application to modify the contact (address) data stored on your phone. Malicious applications can use this to erase or modify your contact data.
High android.permission.WRITE_SETTINGS modify global system settings
Allows an application to modify the system's settings data. Malicious applications can corrupt your system's configuration.
High android.permission.WRITE_EXTERNAL_STORAGE read/modify/delete external storage contents
Allows an application to write to external storage.
High android.permission.SET_PROCESS_LIMIT limit number of running processes
Allows an application to control the maximum number of processes that will run. Never needed for common applications.
High android.permission.SYSTEM_ALERT_WINDOW display system-level alerts
Allows an application to show system-alert windows. Malicious applications can take over the entire screen of the phone.
High android.permission.READ_PHONE_STATE read phone state and identity
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on.
Low android.permission.SET_WALLPAPER set wallpaper
Allows the application to set the system wallpaper.
Low android.permission.BLUETOOTH create Bluetooth connections
Allows applications to connect to paired bluetooth devices.
Low android.permission.USE_FINGERPRINT allow use of fingerprint
This constant was deprecated in API level 28. Applications should request USE_BIOMETRIC instead
Low android.permission.USE_BIOMETRIC Allows an app to use device supported biometric modalities.
Low android.permission.EXPAND_STATUS_BAR expand/collapse status bar
Allows application to expand or collapse the status bar.
Low android.permission.INTERNET full Internet access
Allows an application to create network sockets.
Low android.permission.ACCESS_NETWORK_STATE view network status
Allows an application to view the status of all networks.
Low android.permission.FOREGROUND_SERVICE Allows a regular application to use Service.startForeground
Medium android.permission.INTERNAL_SYSTEM_WINDOW display unauthorised windows
Allows the creation of windows that are intended to be used by the internal system user interface. Not for use by common applications.
Medium android.permission.BIND_DEVICE_ADMIN interact with device admin
Allows the holder to send intents to a device administrator. Should never be needed for common applications.
Medium android.permission.DEVICE_POWER turn phone on or off
Allows the application to turn the phone on or off.
Medium android.permission.CLEAR_APP_USER_DATA delete other applications' data
Allows an application to clear user data.
Medium android.permission.STATUS_BAR disable or modify status bar
Allows application to disable the status bar or add and remove system icons.
Medium android.permission.WRITE_SECURE_SETTINGS modify secure system settings
Allows an application to modify the system's secure settings data. Not for use by common applications.
Medium android.permission.CHANGE_COMPONENT_ENABLED_STATE enable or disable application components
Allows an application to change whether or not a component of another application is enabled. Malicious applications can use this to disable important phone capabilities. It is important to be careful with permission, as it is possible to bring application components into an unusable, inconsistent or unstable state.
android.permission.INTERACT_ACROSS_USERS_FULL Unknown permission
Unknown permission from android reference
android.permission.INTERACT_ACROSS_USERS Unknown permission
Unknown permission from android reference
com.sec.knox.admin.permission.ACTION_REQUEST_REMOVE_CONTAINER Unknown permission
Unknown permission from android reference
android.permission.MANAGE_USERS Unknown permission
Unknown permission from android reference
com.samsung.android.knox.permission.KNOX_CONTAINER Unknown permission
Unknown permission from android reference
com.android.launcher.permission.INSTALL_SHORTCUT Unknown permission
Unknown permission from android reference
com.android.launcher.permission.UNINSTALL_SHORTCUT Unknown permission
Unknown permission from android reference
com.samsung.android.knox.permission.KNOX_CONTAINER_RCP Unknown permission
Unknown permission from android reference
com.sec.android.provider.logsprovider.permission.READ_LOGS Unknown permission
Unknown permission from android reference
com.sec.android.provider.logsprovider.permission.WRITE_LOGS Unknown permission
Unknown permission from android reference
android.permission.WRITE_INTERNAL_STORAGE Unknown permission
Unknown permission from android reference
android.permission.WRITE_MEDIA_STORAGE Unknown permission
Unknown permission from android reference
com.sec.smartcard.pinservice.permission.SMARTCARD_PIN_ACCESS Unknown permission
Unknown permission from android reference
com.samsung.android.app.calendar.permission.USE_VCAL_COMPONENT Unknown permission
Unknown permission from android reference
com.samsung.knox.rcp.components.permission.MANAGE_RCP Unknown permission
Unknown permission from android reference
com.sec.knox.bridge.permission.FILE_OPERATION_HANDLER Unknown permission
Unknown permission from android reference
com.sec.knox.bridge.permission.CONTACT_OPERATION_HANDLER Unknown permission
Unknown permission from android reference
com.sec.knox.admin.permission.ACTION_MANAGE_SHORTCUT Unknown permission
Unknown permission from android reference
com.samsung.android.knox.containeragent.permission.RECEIVE_APP_UPDATE Unknown permission
Unknown permission from android reference
com.samsung.android.providers.context.permission.WRITE_USE_APP_FEATURE_SURVEY Unknown permission
Unknown permission from android reference
com.samsung.helphub.permission.HELP Unknown permission
Unknown permission from android reference
android.permission.CONTROL_KEYGUARD Unknown permission
Unknown permission from android reference
android.permission.PROVIDE_TRUST_AGENT Unknown permission
Unknown permission from android reference
com.android.alarm.permission.SET_ALARM Unknown permission
Unknown permission from android reference
android.permission.TRUST_LISTENER Unknown permission
Unknown permission from android reference
android.permission.ACCESS_KEYGUARD_SECURE_STORAGE Unknown permission
Unknown permission from android reference
com.sec.knox.permission.KEYGUARD_SERVICE Unknown permission
Unknown permission from android reference
android.permission.RESET_FINGERPRINT_LOCKOUT Unknown permission
Unknown permission from android reference
com.samsung.android.permission.FINGERPRINT_LOCK_SETTINGS Unknown permission
Unknown permission from android reference
com.samsung.android.permission.BIOMETRICS_PRIVILEGED Unknown permission
Unknown permission from android reference
com.samsung.android.knox.container.permission.MANAGED_PROFILE_REFRESH Unknown permission
Unknown permission from android reference
com.samsung.android.knox.permission.KNOX_PROXY_ADMIN_INTERNAL Unknown permission
Unknown permission from android reference
com.sec.enterprise.permission.MDM_PROXY_ADMIN_INTERNAL Unknown permission
Unknown permission from android reference
android.permission.MANAGE_ACTIVITY_STACKS Unknown permission
Unknown permission from android reference
android.permission.READ_SEARCH_INDEXABLES Unknown permission
Unknown permission from android reference
com.samsung.android.knox.permission.SEARCH_KNOX_SETTINGS Unknown permission
Unknown permission from android reference
com.sec.knox.containeragent.USE_KNOX_UI Unknown permission
Unknown permission from android reference
com.samsung.android.knox.permission.KNOX_LICENSE_INTERNAL Unknown permission
Unknown permission from android reference
com.samsung.android.launcher.permission.READ_SETTINGS Unknown permission
Unknown permission from android reference
com.sec.android.provider.badge.permission.READ Unknown permission
Unknown permission from android reference
com.sec.android.provider.badge.permission.WRITE Unknown permission
Unknown permission from android reference
com.sec.android.app.myfiles.permission.READ Unknown permission
Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Find a method from given class name, usually for reflection
Confidence:
100%
Modify voice volume
Confidence:
100%
Method reflection
Confidence:
100%
Install other APKs from file
Confidence:
100%
Retrieve data from broadcast
Confidence:
100%
Read sensitive data(SMS, CALLLOG, etc)
Confidence:
100%
Implicit intent(view a web page, make a phone call, etc.) via setData
Confidence:
100%
Monitor the broadcast action events (BOOT_COMPLETED)
Confidence:
100%
Get last known location of the device
Confidence:
100%
Method reflection
Confidence:
100%
Query data from URI (SMS, CALLLOGS)
Confidence:
100%
Get the time of current location
Confidence:
100%
Initialize class object dynamically
Confidence:
80%
Query WiFi BSSID and scan results
Confidence:
80%
Send broadcast
Confidence:
80%
Read file and put it into a stream
Confidence:
80%
Get declared method from given method name
Confidence:
80%
Open a file from given absolute path of the file
Confidence:
80%
Get absolute path of the file and store in string
Confidence:
80%
Get location of the device
Confidence:
80%
Get resource file from res/raw directory

Behavior analysis

Information computed with MobSF.

Android notifications
       com/samsung/android/knox/containeragent/rcpcomponents/move/handlers/FileOperationsHandler.java
com/samsung/android/knox/containeragent/rcpcomponents/move/service/BackgroundWorkerService.java
Base64 encode
       com/samsung/android/knox/containeragent/rcpcomponents/sync/contacts/RCPContactsSyncerWorker.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/contacts/RCPNewContactsSyncer.java
Content provider
       com/samsung/android/knox/containeragent/rcpcomponents/sync/contacts/RCPContactsSyncerWorker.java
com/samsung/android/knox/containeragent/rcpcomponents/move/provider/KnoxContentMgrDbProvider.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/contacts/RCPNewContactsSyncer.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/RCPDumpStateProvider.java
com/samsung/android/knox/containeragent/rcpcomponents/move/handlers/FileOperationsHandler.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/calendar/RCPCalendarSyncerWorker.java
com/samsung/android/knox/containeragent/rcpcomponents/move/service/BackgroundWorkerService.java
com/samsung/android/settings/search/provider/SearchIndexablesProvider.java
com/samsung/android/tencentwifisecurity/TencentSecurityWifiManager.java
Get installed applications
       com/samsung/android/knox/containeragent/settings/KnoxSettingsShowTermsAndConditionsActivity.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsOtherSecuritySettings.java
Get system service
       com/samsung/android/knox/containeragent/settings/KnoxSettingsDataToShare.java
com/samsung/android/knox/containeragent/switcher/Utils.java
com/samsung/android/knox/containeragent/settings/KnoxDrawerActivity.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsListActivity.java
com/samsung/android/settingslib/wifi/WifiQoSScoreCache.java
com/samsung/android/knox/lockscreen/LSOUtils.java
com/samsung/android/knox/EnterpriseDeviceManager.java
com/samsung/android/knox/containeragent/knoxkeyguard/LockdownActivity.java
com/samsung/android/knox/containeragent/settings/search/KnoxSettingsSearchIndexablesProvider.java
com/samsung/android/knox/containeragent/settings/search/SearchGateActivity.java
com/samsung/android/knox/containeragent/BaseApplication.java
com/samsung/android/knox/containeragent/rcpcomponents/move/handlers/FileOperationsHandler.java
com/samsung/android/knox/lockscreen/LockscreenOverlayView.java
com/samsung/android/knox/containeragent/settings/Utils.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/calendar/RCPCalendarSyncerWorker.java
com/samsung/android/knox/containeragent/rcpcomponents/move/receiver/CommonReceiver.java
com/samsung/android/knox/containeragent/switcher/KnoxCoreSwitchMainActivity.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/RCPSyncerSecure.java
com/samsung/android/settingslib/deviceinfo/CopyablePreference.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/Util.java
com/samsung/android/knox/containeragent/switcher/KLMS/KLMSUtils.java
com/samsung/android/knox/containeragent/settings/RestrictedLockUtils.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/contacts/RCPContactsSyncerWorker.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsOtherSecuritySettings.java
com/samsung/android/knox/containeragent/settings/KnoxSettingCheckLockTypeActivity.java
com/samsung/android/knox/containeragent/rcpcomponents/move/util/MoveUtils.java
com/samsung/android/knox/containeragent/knoxkeyguard/KeyguardUtils.java
com/samsung/android/knox/containeragent/rcpcomponents/move/activity/MoveToKnoxGateActivity.java
com/samsung/android/knox/containeragent/rcpcomponents/move/service/BackgroundWorkerService.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsFragment.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsTimeoutActivity.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/RCPDumpStateProvider.java
com/samsung/android/settingslib/wifi/SemWifiUtils.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsNotifications.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsChooseLockSettingsHelper.java
com/samsung/android/knox/containeragent/settings/AboutKnoxFragment.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsAboutKnoxActivity.java
Inter process communication
       com/samsung/android/knox/containeragent/switcher/Utils.java
com/samsung/android/tencentwifisecurity/IWifiEvalutionCallback.java
com/samsung/android/knox/containeragent/switcher/KLMS/KLMSReceiver.java
com/samsung/android/knox/containeragent/settings/RestrictedPreferenceHelper.java
com/samsung/android/knox/lockscreen/LSOInterface.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsShowTermsAndConditionsActivity.java
com/samsung/android/knox/containeragent/settings/search/KnoxSettingsSearchIndexablesProvider.java
com/samsung/android/knox/lockscreen/EmergencyPhoneWidget.java
com/samsung/android/knox/container/IRCPPolicy.java
com/samsung/android/knox/containeragent/settings/search/SearchGateActivity.java
com/samsung/android/knox/ucm/core/IUcmService.java
com/samsung/android/knox/lockscreen/LockscreenOverlayView.java
com/samsung/android/knox/containeragent/settings/Utils.java
com/samsung/android/knox/custom/ShortcutItem.java
com/samsung/android/knox/containeragent/rcpcomponents/move/receiver/CommonReceiver.java
com/samsung/android/knox/application/ApplicationPolicy.java
com/samsung/android/tencentwifisecurity/IWifiEvalutionService.java
com/samsung/android/knox/containeragent/settings/KnoxSettingCheckLockTypeActivity.java
com/samsung/android/knox/containeragent/rcpcomponents/move/activity/MoveToKnoxGateActivity.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsFragment.java
com/samsung/android/knox/restriction/IRestrictionPolicy.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsChooseLockSettingsHelper.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsAboutKnoxActivity.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsDataToShare.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsMore.java
com/samsung/android/knox/application/DefaultAppConfiguration.java
com/samsung/android/knox/devicesecurity/IPasswordPolicy.java
com/samsung/android/knox/ucm/configurator/IUniversalCredentialManager.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsListAdapter.java
com/samsung/android/tencentwifisecurity/TencentSecurityWifiManager.java
com/samsung/android/knox/containeragent/knoxkeyguard/LockdownActivity.java
com/samsung/android/knox/lockscreen/ILockscreenOverlay.java
com/samsung/android/knox/containeragent/switcher/SwitchMainActivity.java
com/samsung/android/knox/containeragent/rcpcomponents/move/handlers/FileOperationsHandler.java
com/samsung/android/knox/container/IKnoxContainerManager.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/calendar/RCPCalendarSyncerWorker.java
com/samsung/android/knox/containeragent/switcher/KnoxCoreSwitchMainActivity.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/RCPSyncerSecure.java
com/samsung/android/knox/containeragent/settings/RestrictedLockUtils.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/contacts/RCPContactsSyncerWorker.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsOtherSecuritySettings.java
com/samsung/android/knox/custom/WidgetItem.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsShowOpenSourceLicensesActivity.java
com/samsung/android/knox/custom/PowerItem.java
com/samsung/android/knox/IEnterpriseDeviceManager.java
com/samsung/android/knox/containeragent/rcpcomponents/shortcut/PersonaShortcutReceiver.java
com/samsung/android/knox/containeragent/rcpcomponents/move/service/BackgroundWorkerService.java
com/samsung/android/knox/application/IApplicationPolicy.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsLauncherActivity.java
com/samsung/android/knox/containeragent/settings/OpenSourceLicenseActivity.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsTimeoutActivity.java
com/samsung/android/knox/containeragent/usage/ActiveKeyPressShortcut.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsNotifications.java
com/samsung/android/settingslib/deviceinfo/AbstractWifiMacAddressPreferenceController.java
com/samsung/android/knox/license/IEnterpriseLicense.java
com/samsung/android/knox/containeragent/settings/AboutKnoxFragment.java
Java reflection
       com/samsung/android/knox/lockscreen/LSOWidgetView.java
Local file i/o operations
       com/samsung/android/knox/containeragent/rcpcomponents/sync/contacts/RCPContactsSyncerWorker.java
com/samsung/android/settingslib/applications/cachedb/AppListCacheManager.java
com/samsung/android/knox/containeragent/settings/Utils.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/calendar/RCPCalendarSyncerWorker.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/Util.java
Query database of sms, contacts etc
       com/samsung/android/knox/containeragent/rcpcomponents/sync/contacts/RCPContactsSyncerWorker.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsNotifications.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/calendar/RCPCalendarSyncerWorker.java
com/samsung/android/tencentwifisecurity/TencentSecurityWifiManager.java
Sending broadcast
       com/samsung/android/knox/containeragent/settings/KnoxSettingsDataToShare.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsNotifications.java
Set or read clipboard data
       com/samsung/android/settingslib/deviceinfo/CopyablePreference.java
Starting activity
       com/samsung/android/knox/containeragent/settings/KnoxSettingsOtherSecuritySettings.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsMore.java
com/samsung/android/knox/lockscreen/EmergencyPhoneWidget.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsShowOpenSourceLicensesActivity.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsNotifications.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsChooseLockSettingsHelper.java
com/samsung/android/knox/containeragent/rcpcomponents/move/activity/MoveToKnoxGateActivity.java
com/samsung/android/knox/containeragent/settings/AboutKnoxFragment.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsFragment.java
com/samsung/android/knox/containeragent/switcher/KnoxCoreSwitchMainActivity.java
Starting service
       com/samsung/android/knox/containeragent/rcpcomponents/sync/contacts/RCPContactsSyncerWorker.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsDataToShare.java
com/samsung/android/knox/containeragent/settings/KnoxSettingsNotifications.java
com/samsung/android/knox/containeragent/rcpcomponents/move/activity/MoveToKnoxGateActivity.java
com/samsung/android/knox/containeragent/rcpcomponents/sync/calendar/RCPCalendarSyncerWorker.java
com/samsung/android/tencentwifisecurity/TencentSecurityWifiManager.java
Webview get request
       com/samsung/android/knox/containeragent/settings/KnoxSettingsShowOpenSourceLicensesActivity.java

Control flow graphs analysis

Information computed by Pithus.

The application probably loads JS-capable web views

The application probably gets the network connections information

The application probably plays sound

The application probably listens accessibility events