0/59

Threat

android

Android System

Analyzed on 2021-07-17T02:42:14.225208

10

permissions

19

activities

12

services

11

receivers

1

domains

File sums

MD5 27ba1b6b6ddd409220007db28e93ebd8
SHA1 73200e49ea227315cc5b8b74935f4f147b0ab712
SHA256 fcc6b29ef6c7290616cd304889155a3fb36b2203cb6f52cff478cde986433f02
Size 17.33MB

APKiD

Information computed with APKiD.

SSdeep

Information computed with ssdeep.

APK file 393216:B/muKY54B/XOmOc+orHEXSoeqk9HyJQAP:Beq0/OnorHEioeJ9HyJzP
Manifest 3072:haCHjfBQXj5XgJmoE+BKa/7gd/FXM00wNTQzQBhvoBaS6UbmO4R44:MCbBk5XgJm…

Dexofuzzy

Information computed with Dexofuzzy.

APK details

Information computed with AndroGuard and Pithus.

Package android
App name Android System
Version name 8.1.0
Version code 27
SDK 27 - 27
UAID b49d3d52e777f622d67cc9b2356a0622b86b0b54
Signature Signature V1 Signature V2
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown

Certificate details

Information computed with AndroGuard.

MD5 c9a0fdbe525f6abf00f1853349268e15
SHA1 5f4161f4ba1982a1bc487792e6375b3ceb572868
SHA256 1d3cca9ba2ea5c5dac9dd129ac076f706ad09903fa0e6d20172dff5cb4336a2e
Issuer Email Address: Q-in@q-innovations.in, Common Name: Q-innovations, Organizational Unit: Q-innovations, Organization: Q-innovations, Locality: IN View, State/Province: IN, Country: IN
Not before 2018-04-25T08:01:03+00:00
Not after 2045-09-10T08:01:03+00:00

Manifest analysis

Information computed with MobSF.

Low App is direct-boot aware [android:directBootAware=true]
This app can run before the user unlocks the device. If you're using a custom subclass of Application, and if any component inside your application is direct - boot aware, then your entire custom application is considered to be direct - boot aware.During Direct Boot, your application can only access the data that is stored in device protected storage.
Medium Application Data can be Backed up[android:allowBackup] flag is missing.
The flag [android:allowBackup] should be set to false. By default it is set to true and allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
High Activity (com.android.internal.app.ChooserActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.android.internal.app.IntentForwarderActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.android.internal.app.ForwardIntentToParent) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity-Alias (com.android.internal.app.ForwardIntentToManagedProfile) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (android.accounts.ChooseAccountActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (android.accounts.ChooseTypeAndAccountActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (android.accounts.CantAddAccountActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (android.accounts.GrantCredentialsPermissionActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.android.internal.app.ConfirmUserCreationActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Broadcast Receiver (com.android.server.BootReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
Low Service (com.android.server.MountServiceIdler) is Protected by a permission.
Permission: android.permission.BIND_JOB_SERVICE
protectionLevel: signature[android:exported=true]
A Service is found to be exported, but is protected by permission.
Low Service (com.android.server.backup.FullBackupJob) is Protected by a permission.
Permission: android.permission.BIND_JOB_SERVICE
protectionLevel: signature[android:exported=true]
A Service is found to be exported, but is protected by permission.
Low Service (com.android.server.pm.BackgroundDexOptService) is Protected by a permission.
Permission: android.permission.BIND_JOB_SERVICE
protectionLevel: signature[android:exported=true]
A Service is found to be exported, but is protected by permission.
Medium High Intent Priority (1000)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.
Medium High Intent Priority (1000)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.

Main Activity

Information computed with AndroGuard.

['com.android.internal.app.ChooserActivity', 'com.android.internal.app.AccessibilityButtonChooserActivity', 'com.android.internal.app.IntentForwarderActivity', 'com.android.internal.app.HeavyWeightSwitcherActivity', 'com.android.internal.app.PlatLogoActivity', 'com.android.internal.app.DisableCarModeActivity', 'com.android.internal.app.DumpHeapActivity', 'android.accounts.ChooseAccountActivity', 'android.accounts.ChooseTypeAndAccountActivity', 'android.accounts.ChooseAccountTypeActivity', 'android.accounts.CantAddAccountActivity', 'android.accounts.GrantCredentialsPermissionActivity', 'android.content.SyncActivityTooManyDeletes', 'com.android.internal.app.ShutdownActivity', 'com.android.internal.app.NetInitiatedActivity', 'com.android.internal.app.SystemUserHomeActivity', 'com.android.internal.app.ConfirmUserCreationActivity', 'com.android.internal.app.UnlaunchableAppActivity', 'com.android.settings.notification.NotificationAccessConfirmationActivity']

Activities

Information computed with AndroGuard.

com.android.internal.app.ChooserActivity
com.android.internal.app.AccessibilityButtonChooserActivity
com.android.internal.app.IntentForwarderActivity
com.android.internal.app.HeavyWeightSwitcherActivity
com.android.internal.app.PlatLogoActivity
com.android.internal.app.DisableCarModeActivity
com.android.internal.app.DumpHeapActivity
android.accounts.ChooseAccountActivity
android.accounts.ChooseTypeAndAccountActivity
android.accounts.ChooseAccountTypeActivity
android.accounts.CantAddAccountActivity
android.accounts.GrantCredentialsPermissionActivity
android.content.SyncActivityTooManyDeletes
com.android.internal.app.ShutdownActivity
com.android.internal.app.NetInitiatedActivity
com.android.internal.app.SystemUserHomeActivity
com.android.internal.app.ConfirmUserCreationActivity
com.android.internal.app.UnlaunchableAppActivity
com.android.settings.notification.NotificationAccessConfirmationActivity

Receivers

Information computed with AndroGuard.

com.android.server.BootReceiver
com.android.server.updates.CertPinInstallReceiver
com.android.server.updates.IntentFirewallInstallReceiver
com.android.server.updates.SmsShortCodesInstallReceiver
com.android.server.updates.ApnDbInstallReceiver
com.android.server.updates.CarrierProvisioningUrlsInstallReceiver
com.android.server.updates.TzDataInstallReceiver
com.android.server.updates.CertificateTransparencyLogInstallReceiver
com.android.server.updates.LangIdInstallReceiver
com.android.server.updates.SmartSelectionInstallReceiver
com.android.server.MasterClearReceiver

Services

Information computed with AndroGuard.

android.hardware.location.GeofenceHardwareService
com.android.internal.backup.LocalTransportService
com.android.server.MountServiceIdler
com.android.server.backup.FullBackupJob
com.android.server.backup.KeyValueBackupJob
com.android.server.content.SyncJobService
com.android.server.pm.BackgroundDexOptService
com.android.server.PruneInstantAppsJobService
com.android.server.storage.DiskStatsLoggingService
com.android.server.PreloadsFileCacheExpirationJobService
com.android.server.camera.CameraStatsJobService
com.android.server.timezone.TimeZoneUpdateIdler

Sample timeline

Oldest file found in APK Jan. 1, 2009, midnight
Latest file found in APK Jan. 1, 2009, midnight
Certificate valid not before April 25, 2018, 8:01 a.m.
First submission on VT April 30, 2019, 4:36 p.m.
Last submission on VT April 30, 2019, 4:36 p.m.
Upload on Pithus July 17, 2021, 2:42 a.m.
Certificate valid not after Sept. 10, 2045, 8:01 a.m.

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['microphone', 'bluetooth', 'location', 'network connectivity', 'NFC', 'USB', 'camera'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to ['call lists', 'address book', 'calender', 'system logs'].
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FTP_DIT_EXT.1.1 The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product.
Protection of Data in Transit
Pygal United States: 100

Map computed by Pithus.

Domains analysis

Information computed with MobSF.

US uaprof.q1wmobile.com 54.149.48.156

URL analysis

Information computed with MobSF.

http://uaprof.q1wmobile.com/att/QS5509A.xml
Defined in Android String Resource

Permissions analysis

Information computed with MobSF.

High android.permission.GET_ACCOUNTS list accounts
Allows access to the list of accounts in the Accounts Service.
Low android.permission.INTERNET full Internet access
Allows an application to create network sockets.
Low android.permission.LOCATION_HARDWARE Allows an application to use location features in hardware, such as the geofencing api.
Medium android.permission.PACKAGE_USAGE_STATS update component usage statistics
Allows the modification of collected component usage statistics. Not for use by common applications.
Medium android.intent.category.MASTER_CLEAR.permission.C2D_MESSAGE Allows cloud to device messaging
Allows the application to receive push notifications.
android.permission.BIND_JOB_SERVICE Unknown permission
Unknown permission from android reference
android.permission.TRIGGER_TIME_ZONE_RULES_CHECK Unknown permission
Unknown permission from android reference
android.permission.BIND_NETWORK_RECOMMENDATION_SERVICE Unknown permission
Unknown permission from android reference
android.permission.CONTROL_VPN Unknown permission
Unknown permission from android reference
android.permission.CONFIRM_FULL_BACKUP Unknown permission
Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Behavior analysis

Information computed with MobSF.

Inter process communication
       android/R.java

Control flow graphs analysis

Information computed by Pithus.