{"report":{"attr":{"createdBy":"Appicaptor","flowID":"2016-08-31_1-weekly"},"app":[{"attr":{"os":"Android","appId":"com.miniclip.eightballpool:3.6.2","name":"8 Ball Pool","version":"3.6.2","model":"Game","store_url":"https://play.google.com/store/apps/details?id=com.miniclip.eightballpool"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be considered by doing a device backup. If an application contains sensitive information these can be cloned by backing up the data and extracted from the backup archive off device.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi/libImmEndpointWarpJ.so","ARM 32 bit: lib/armeabi/libgame.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Adcolony","AppLovin","ChartBoost","Doubleclick","Flurry","Fyber","Google AdMob","Google Analytics","MillennialMedia","Supersonic","TapJoy","mopub"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"ok","testID":"Bootcompleted Components Test","resultClass":"Runtime Security","name":"Application autostart receiver","detail":"The Application has the permission to start automatically after booting the device. The application can execute code without userinteraction or prevention.","text":"Executed component after Phone Reboot: ","context":"0"},"resultList":[{"result":["com.miniclip.notifications.local.LocalNotificationBootReceiver"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","a.applovin.com","adlog.flurry.com","ads.flurry.com","ads.mp.mydas.mobi","analytics.query.yahoo.com","androidads23.adcolony.com","androidsdk.ads.mp.mydas.mobi","api.facebook.com","api.sponsorpay.com","api.tumblr.com","api.vungle.com","app.adjust.com","cdn.flurry.com","cdn.millennialmedia.com","connect.tapjoy.com","content-js.tapjoy.com","cvt.mydas.mobi","d.applovin.com","data.flurry.com","engine.fyber.com","engine.sponsorpay.com","facebook.com","googleads.g.doubleclick.net","graph-video.%s","graph.%s","graph.%s.facebook.com","graph.facebook.com","iframe.sponsorpay.com","images.millennialmedia.com","img.youtube.com","impact.applifier.com","impact.staging.applifier.com","ingest.vungle.com","init.supersonicads.com","live.chartboost.com","live.hyprmx.com","m.facebook.com","maps.google.com","market.android.com","media.admob.com","millennialmedia.com","mobilelogs.ec2ssa.info","outcome.supersonicads.com","placements.tapjoy.com","play.google.com","plus.google.com","proton.flurry.com","rpc.tapjoy.com","rt.applovin.com","s.ssacdn.com","service.sponsorpay.com","services.dev.miniclippt.com","services.miniclippt.com","vid.applovin.com","video.fyber.com","ws.tapjoyads.com","www.amazon.com","www.facebook.com","www.google.com","www.googleapis.com","www.supersonicads.com","www.tumblr.com","www.ultraadserver.com","www.vungle.com","www.youtube.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["amzn://apps/android?p=%s","bazaar://search?q=pname:","flurry://flurrycall?event=","flurry://flurrycall?event=adWillClose","http://ads.mp.mydas.mobi/appConfigServlet?apid=","http://ads.mp.mydas.mobi/pixel?id=","http://cvt.mydas.mobi/handleConversion?firstlaunch=","http://maps.google.com/maps/api/geocode/json?latlng=","http://market.android.com/support/bin/answer.py?answer=1050566&hl=%lang%&dl=%region%","http://play.google.com/store/apps/details?id=","http://play.google.com/store/apps/details?id=com.google.android.youtube","http://www.youtube.com/playlist?list=","http://www.youtube.com/watch?v=","https://ads.mp.mydas.mobi/appConfigServlet?apid=","https://play.google.com/store/apps/details?id=","https://www.supersonicads.com/mobile/sdk5/log?method=","https://www.supersonicads.com/mobile/sdk5/log?method=contextIsNotActivity","https://www.supersonicads.com/mobile/sdk5/log?method=encodeAppKey","https://www.supersonicads.com/mobile/sdk5/log?method=encodeAppUserId","https://www.supersonicads.com/mobile/sdk5/log?method=extraParametersToJson","https://www.supersonicads.com/mobile/sdk5/log?method=htmlControllerDoesNotExistOnFileSystem","https://www.supersonicads.com/mobile/sdk5/log?method=injectJavaScript","https://www.supersonicads.com/mobile/sdk5/log?method=noProductType","https://www.supersonicads.com/mobile/sdk5/log?method=setWebViewSettings","https://www.supersonicads.com/mobile/sdk5/log?method=unregisterConnectionReceiverIllegal","https://www.supersonicads.com/mobile/sdk5/log?method=webviewLoadBlank","https://www.supersonicads.com/mobile/sdk5/log?method=webviewLoadWithPath","https://www.supersonicads.com/mobile/sdk5/log?method=webviewPause","https://www.supersonicads.com/mobile/sdk5/log?method=webviewResume","https://www.tumblr.com/oauth/authorize?oauth_token=%s","market://details?id=","market://details?id=%s","market://details?id=%s&referrer=%s","market://details?id=com.google.android.gms.ads","market://details?id=com.google.android.youtube","market://details?id=com.miniclip.eightballpool","market://search?q=pname:com.google"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","GET_TASKS (Allows an application to get information about the currently or recently running tasks.) ","INTERNET (Allows applications to open network sockets.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","ACCESS_COARSE_LOCATION (Allows an app to access approximate location derived from network location sources such as cell towers and Wi-Fi.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 8 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Netherlands","Austria","Romania","United States","Ireland","United Kingdom","Germany","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://ads.mp.mydas.mobi/appConfigServlet?apid=","http://ads.mp.mydas.mobi/pixel?id=","http://cvt.mydas.mobi/handleConversion?firstlaunch=","http://maps.google.com/maps/api/geocode/json?latlng=","http://market.android.com/support/bin/answer.py?answer=1050566&hl=%lang%&dl=%region%","http://play.google.com/store/apps/details?id=","http://play.google.com/store/apps/details?id=com.google.android.youtube","http://www.youtube.com/playlist?list="]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelatePackageManagerChecks","value":"yes","testID":"Lists installed applications","resultClass":"Privacy","name":"Package Manager Test","detail":"The Application gathers a list of installed applications. Even though some legitimate applications may use this functionality, it can be misused to send this information to third parties.","text":"Installed app list accessed?","context":"5000"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"MIXED_URL-TEST","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Mixed usage of HTTP and HTTPS: Protected and unprotected submission of parameters to the same domain. Indicates implementation flaw or weak communication protection. ","text":"Domains accessed with http AND https: ","context":"7000"},"resultList":[{"result":["ads.mp.mydas.mobi","play.google.com"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) ","VIBRATE (Allows access to the vibrator.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","RECEIVE_BOOT_COMPLETED (Allows an application to receive the android.content.Intent ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting. If you don't request this permission, you will not receive the broadcast at that time. Though holding this permission does not have any security implications, it can have a negative impact on the user experience by increasing the amount of time it takes the system to start and allowing applications to have themselves running without the user being aware of them. As such, you must explicitly declare your use of this facility to make that visible to the user.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["GET_TASKS","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.miniclip.eightballpool.EightBallPoolActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.android.vending.BILLING","com.miniclip.eightballpool.permission.C2D_MESSAGE","com.google.android.c2dm.permission.RECEIVE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build serial","build hardware","build brand","IMEI/MEID","Wifi-MAC address","country code + mobile network code for SIM provider","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different sensors. This allows the application to track the user and/or determine the environment of the user.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["WIFI-Based Location","Acceleration/Light"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://androidsdk.ads.mp.mydas.mobi/getAd.php5?","http://rt.applovin.com/pix","http://www.ultraadserver.com/api/rest/v1.1/uniqueusers?","http://ads.mp.mydas.mobi/pixel?id=","http://s.ssacdn.com/mobileSDKController/mobileController.html","http://www.supersonicads.com/timestamp.php","http://maps.google.com/maps/api/geocode/json?latlng=","http://www.youtube.com/embed/","http://www.amazon.com/gp/mas/get-appstore/android/ref=mas_mx_mba_iap_dl","http://services.miniclippt.com/newsfeed/newsfeed.php","http://ads.mp.mydas.mobi/appConfigServlet?apid=","http://www.tumblr.com/connect/login_success.html","http://play.google.com/store/apps/details?id=","http://millennialmedia.com/android/schema","http://outcome.supersonicads.com/mediation/","http://www.youtube.com/playlist?list=","http://mobilelogs.ec2ssa.info/log","http://www.youtube.com/user/","http://play.google.com/store/apps/details","http://cvt.mydas.mobi/handleConversion?firstlaunch=","http://services.dev.miniclippt.com/newsfeed/newsfeed.php","http://api.vungle.com/api/v4/"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected JS Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following JavaScript files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected JavaScripts?","context":"0"},"detailList":[{"detail":["http://media.admob.com/mraid/v1/mraid_app_interstitial.js","http://cdn.millennialmedia.com/mmjs/v1.7/mm.js","http://googleads.g.doubleclick.net/mads/static/sdk/native/sdk-core-v40.js","http://media.admob.com/mraid/v1/mraid_app_banner.js","http://media.admob.com/mraid/v1/mraid_app_expanded_banner.js"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected Maps Access","resultClass":"Privacy","name":"URL Checks","detail":"App contains URL(s) that indicate an unprotected HTTP access to map providers. The transmitted location query parameters to the following map providers are in this case accesible by third parties: ","text":"Unprotected map queries?","context":"0"},"detailList":[{"detail":["Google Maps"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"yes","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"Reasons for category violations of default policy: ","text":"Violations of default policy?","context":"0"},"detailList":[{"detail":["Estimated overall app risk for the enterprise exceeds the security policy threshold due to detected risks and flaws exploitable by skilled attackers without the existence of additional supporting factors. "]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: unintended use of insecure HTTP protocol for transmissions of parameters to servers capable of HTTPS. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["Extensive Advertisement/Tracking: App uses more than 10 advertisement and tracking providers. ","Unprotected Access: Disclosure of location or web query data though unprotected communication with service providers. ","App Listing: Usage of detected functionality to access list of installed apps poses a privacy risk for detected app type.","Code Execution At Boot: App executes code at phone boot without user interaction, which is suspicious for detected app type."]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.king.candycrushsaga:1.82.1.1","name":"Candy Crush Saga","version":"1.82.1.1","model":"Game","store_url":"https://play.google.com/store/apps/details?id=com.king.candycrushsaga"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be considered by doing a device backup. If an application contains sensitive information these can be cloned by backing up the data and extracted from the backup archive off device.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi-v7a/libcandycrushsaga.so"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Doubleclick"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","accounts.google.com","facebook.com","graph-video.%s","graph.%s","imasdk.googleapis.com","login.live.com","login.yahoo.com","play.google.com","plus.google.com","pubads.g.doubleclick.net","twitter.com","www.amazon.com","www.facebook.com","www.googleapis.com","www.linkedin.com","www.paypal.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=com.facebook.orca","https://pubads.g.doubleclick.net/gampad/ads?sz=640x480&impl=s&gdfp_req=1&env=vp&output=xml_vast3&unviewed_position_start=1&url=&description_url=&correlator=","market://details?id=com.facebook.orca","market://details?id=com.google.ads.interactivemedia.v3"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 5 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Belgium","United States","Ireland","United Kingdom","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=com.facebook.orca"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["GET_ACCOUNTS"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.king.core.VideoPlayerActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.king.cross.kingapp.provider.ACCESS","com.android.vending.BILLING","com.google.android.c2dm.permission.RECEIVE","com.king.candycrushsaga.permission.C2D_MESSAGE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build brand","Wifi-MAC address","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"none","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"No sensor usage Indicators found.","text":"Sensor usage: ","context":"0"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://imasdk.googleapis.com/native/sdkloader/native_sdk_v3.html","http://www.amazon.com/gp/mas/get-appstore/android/ref=mas_mx_mba_iap_dl"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.supercell.clashofclans:8.332.16","name":"Clash of Clans","version":"8.332.16","model":"Game","store_url":"https://play.google.com/store/apps/details?id=com.supercell.clashofclans"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi-v7a/libg.so","x86 32bit: lib/x86/libg.so"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Doubleclick","OpenUDID"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","accounts.google.com","app-measurement.com","csi.gstatic.com","facebook.com","googleads.g.doubleclick.net","graph-video.%s","graph.%s","play.google.com","plus.google.com","ssl.google-analytics.com","www.facebook.com","www.google-analytics.com","www.google.com","www.googleapis.com","www.googletagmanager.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=com.facebook.orca","market://details?id=","market://details?id=com.facebook.orca","market://details?id=com.google.android.gms.ads","market://play.google.com/store/apps/details?id="]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Constant initialization vectors found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Use of constant initialization vectors is a bad practice. The following initialization vectors were found: ","text":"Constant initialization vectors found?","context":"998"},"detailList":[{"detail":["\"fldsjfodasjifudslfjdsaofshaufihadsf\"","\"heF9BATUfWuISyO8\""]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"ECB mode usage identified. This mode has the disadvantage, that identical plaintext blocks are encrypted into identical ciphertext blocks. Therefore it does not hide patterns well and this mode is not recommended for use in cryptographic protocols at all. ","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/NoPadding\"","\"AES/CBC/PKCS5Padding\"","\"AES/ECB/PKCS5Padding\""]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Cryptographic keys found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"It is considered as a bad practice to use hard-coded cryptographic keys in the application. The following hard-coded cryptographic keys were found: ","text":"Cryptographic keys found?","context":"999"},"detailList":[{"detail":["\"heF9BATUfWuISyO8\"","\"sdk\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["INTERNET (Allows applications to open network sockets.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","CHANGE_WIFI_STATE (Allows applications to change Wi-Fi connectivity state.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 2 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["United States","Ireland"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=com.facebook.orca"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["ACCESS_WIFI_STATE","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.supercell.clashofclans.GameApp"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.supercell.clashofclans.permission.C2D_MESSAGE","com.android.vending.BILLING","com.google.android.c2dm.permission.RECEIVE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build hardware","build display","build fingerprint","build brand","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Location (inactive)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Crypto: Embedded static encryption key found, which can be extracted by attackers to revert the encryption or fake the signature of the content it is used for.","Crypto: Constant initialization vector detected. This should be avoided, as it allows an attacker to infer relationships between segments of encrypted messages if encrypted with the same key and initialization vector. ","Crypto: Overall quality of cryptographic implementation aspects is rated poor and should be inspected in detail."]}]}]},{"attr":{"os":"Android","appId":"com.ivanovichgames.CosmicChallenge:2.1","name":"Cosmic Challenge","version":"2.1","model":"Game","store_url":"https://play.google.com/store/apps/details?id=com.ivanovichgames.CosmicChallenge"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be considered by doing a device backup. If an application contains sensitive information these can be cloned by backing up the data and extracted from the backup archive off device.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi-v7a/libgpg.so","ARM 32 bit: lib/armeabi-v7a/libmain.so","ARM 32 bit: lib/armeabi-v7a/libmono.so","ARM 32 bit: lib/armeabi-v7a/libunity.so","x86 32bit: lib/x86/libgpg.so","x86 32bit: lib/x86/libmain.so","x86 32bit: lib/x86/libmono.so","x86 32bit: lib/x86/libunity.so"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Adcolony","ChartBoost","OpenUDID","TapJoy"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Alarm with Intervals test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The scheduled task gets repeated in the following intervals: ","text":"Alarm intervals dynamically?","context":"9420"},"detailList":[{"detail":["Dynamic interval(s)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","androidads23.adcolony.com","connect.tapjoy.com","facebook.com","graph-video.%s","graph.%s","impact.applifier.com","impact.staging.applifier.com","live.chartboost.com","market.android.com","placements.tapjoy.com","play.google.com","plus.google.com","rpc.tapjoy.com","ws.tapjoyads.com","www.amazon.com","www.googleapis.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=","http://play.google.com/store/apps/details?id=com.facebook.orca","market://details?id=","market://details?id=com.facebook.orca"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Constant initialization vectors found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Use of constant initialization vectors is a bad practice. The following initialization vectors were found: ","text":"Constant initialization vectors found?","context":"998"},"detailList":[{"detail":["16,74,71,-80,32,101,-47,72,117,-14,0,-29,70,65,-12,74"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["CAMERA (Required to be able to access the camera device. This will automatically enforce the uses-feature manifest element for all camera features. If you do not require all camera features or can properly operate if a camera is not available, then you must modify your manifest as appropriate in order to install on devices that don't support all camera features.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","USE_CREDENTIALS (Allows an application to request authtokens from the AccountManager.) ","INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 2 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["United States","Ireland"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=","http://play.google.com/store/apps/details?id=com.facebook.orca"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Key derivation iteration count: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Key derivation function used in the app with an amount of 1024 iterations is considered secure.","text":"Key derivation iteration count: ","context":"995"},"resultList":[{"result":["1024"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelatePackageManagerChecks","value":"yes","testID":"Lists installed applications","resultClass":"Privacy","name":"Package Manager Test","detail":"The Application gathers a list of installed applications. Even though some legitimate applications may use this functionality, it can be misused to send this information to third parties.","text":"Installed app list accessed?","context":"5000"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.facebook.unity.FBUnityDeepLinkingActivity","com.facebook.unity.FBUnityAppLinkActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.gamedonia.sdk.permission.C2D_MESSAGE","com.android.vending.BILLING","com.android.vending.CHECK_LICENSE","com.google.android.c2dm.permission.RECEIVE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build serial","build display","build fingerprint","build brand","IMEI/MEID","Wifi-MAC address","country code + mobile network code for SIM provider","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarm Serivce test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The alarm manager has been initialized properly. ","text":"Alarm Manager initialized dynamically?","context":"9410"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"ok","testID":"Scheduled Alarm Types test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"","text":"Alarm repeating types: ","context":"9440"},"resultList":[{"result":["RTC_WAKEUP"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application contains a registered scheduled alarm. With such an alarm the application repeats the execution of the registered task for example every 10 hours. The following classes register scheduled tasks:","text":"Scheduled Alarm Manager registered?","context":"9450"},"detailList":[{"detail":["com.Kohda.CosmicChallenge.UnityNotificationManager"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera","Location (inactive)","Acceleration/Light"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=","http://www.amazon.com/gp/mas/get-appstore/android/ref=mas_mx_mba_iap_dl"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["App Listing: Usage of detected functionality to access list of installed apps poses a privacy risk for detected app type."]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. ","Crypto: Constant initialization vector detected. This should be avoided, as it allows an attacker to infer relationships between segments of encrypted messages if encrypted with the same key and initialization vector. "]}]}]},{"attr":{"os":"Android","appId":"com.prettysimple.criminalcaseandroid:2.12","name":"Criminal Case","version":"2.12","model":"Game","store_url":"https://play.google.com/store/apps/details?id=com.prettysimple.criminalcaseandroid"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be considered by doing a device backup. If an application contains sensitive information these can be cloned by backing up the data and extracted from the backup archive off device.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi-v7a/libcrashlytics-envelope.so","ARM 32 bit: lib/armeabi-v7a/libcrashlytics.so","ARM 32 bit: lib/armeabi-v7a/libcriminalcase.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Adcolony","AppLovin","AppsFlyer","Crashlytics","Doubleclick","Supersonic","TapJoy","inMobi ADs"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Alarm with Intervals test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The scheduled task gets repeated in the following intervals: ","text":"Alarm intervals dynamically?","context":"9420"},"detailList":[{"detail":["Dynamic interval(s)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","a.applovin.com","accounts.google.com","androidads23.adcolony.com","api.appsflyer.com","api.facebook.com","api.geo.kontagent.net","app-measurement.com","connect.tapjoy.com","content-js.tapjoy.com","csi.gstatic.com","d.applovin.com","e.crashlytics.com","events.appsflyer.com","facebook.com","googleads.g.doubleclick.net","graph-video.%s","graph.%s","graph.%s.facebook.com","graph.facebook.com","impact.applifier.com","impact.staging.applifier.com","init.supersonicads.com","login.live.com","login.yahoo.com","m.facebook.com","mobile-api.geo.kontagent.net","mobilelogs.supersonic.com","outcome.supersonicads.com","placements.tapjoy.com","play.google.com","plus.google.com","rpc.tapjoy.com","rt.applovin.com","settings.crashlytics.com","t.appsflyer.com","track.appsflyer.com","twitter.com","ua.supersonicads.com","vid.applovin.com","ws.tapjoyads.com","www.%s.facebook.com","www.facebook.com","www.google.com","www.googleapis.com","www.linkedin.com","www.paypal.com","www.supersonicads.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://mobile-api.geo.kontagent.net/fb-install/%s/activities/?event=MOBILE_APP_INSTALL&attribution=%s","http://play.google.com/store/apps/details?id=","https://events.appsflyer.com/api/v2.3/androidevent?buildnumber=1.17&app_id=","https://t.appsflyer.com/api/v2.3/androidevent?buildnumber=1.17&app_id=","https://track.appsflyer.com/api/v2.3/uninsall?buildnumber=1.17","https://www.googleapis.com/games/v1management/achievements/reset?access_token=","https://www.googleapis.com/games/v1management/scores/reset?access_token=","https://www.supersonicads.com/mobile/sdk5/log?method=","https://www.supersonicads.com/mobile/sdk5/log?method=contextIsNotActivity","https://www.supersonicads.com/mobile/sdk5/log?method=encodeAppKey","https://www.supersonicads.com/mobile/sdk5/log?method=encodeAppUserId","https://www.supersonicads.com/mobile/sdk5/log?method=extraParametersToJson","https://www.supersonicads.com/mobile/sdk5/log?method=htmlControllerDoesNotExistOnFileSystem","https://www.supersonicads.com/mobile/sdk5/log?method=injectJavaScript","https://www.supersonicads.com/mobile/sdk5/log?method=noProductType","https://www.supersonicads.com/mobile/sdk5/log?method=setWebViewSettings","https://www.supersonicads.com/mobile/sdk5/log?method=webviewLoadBlank","https://www.supersonicads.com/mobile/sdk5/log?method=webviewLoadWithPath","https://www.supersonicads.com/mobile/sdk5/log?method=webviewPause","https://www.supersonicads.com/mobile/sdk5/log?method=webviewResume","market://details?id=","market://details?id=%s","market://details?id=com.google.android.gms.ads"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["INTERNET (Allows applications to open network sockets.) ","READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 5 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Netherlands","United States","Ireland","United Kingdom","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://mobile-api.geo.kontagent.net/fb-install/%s/activities/?event=MOBILE_APP_INSTALL&attribution=%s","http://play.google.com/store/apps/details?id="]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelatePackageManagerChecks","value":"yes","testID":"Lists installed applications","resultClass":"Privacy","name":"Package Manager Test","detail":"The Application gathers a list of installed applications. Even though some legitimate applications may use this functionality, it can be misused to send this information to third parties.","text":"Installed app list accessed?","context":"5000"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","VIBRATE (Allows access to the vibrator.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.prettysimple.game.CriminalCaseLauncher"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.prettysimple.criminalcaseandroid.permission.C2D_MESSAGE","com.android.vending.BILLING","com.google.android.c2dm.permission.RECEIVE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build serial","build display","build fingerprint","build brand","IMEI/MEID","Wifi-MAC address","country code + mobile network code for SIM provider","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"The SSL trust management for socket communication is modified in an insecure way. The following implementations of the X509TrustManager interface should be checked: ","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"},"detailList":[{"detail":["Lcom/facebook/ads/internal/util/gattr1;"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarm Serivce test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The alarm manager has been initialized properly. ","text":"Alarm Manager initialized dynamically?","context":"9410"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"ok","testID":"Scheduled Alarm Types test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"","text":"Alarm repeating types: ","context":"9440"},"resultList":[{"result":["RTC"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application contains a registered scheduled alarm. With such an alarm the application repeats the execution of the registered task for example every 10 hours. The following classes register scheduled tasks:","text":"Scheduled Alarm Manager registered?","context":"9450"},"detailList":[{"detail":["com.prettysimple.notification.a"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Location (inactive)","Acceleration/Light"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=","http://rt.applovin.com/pix","http://api.geo.kontagent.net/api/v0/ping/","http://mobile-api.geo.kontagent.net/fb-install/%s/activities/?event=MOBILE_APP_INSTALL&attribution=%s"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"yes","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"Reasons for category violations of default policy: ","text":"Violations of default policy?","context":"0"},"detailList":[{"detail":["Estimated overall app risk for the enterprise exceeds the security policy threshold due to detected risks and flaws exploitable by skilled attackers without the existence of additional supporting factors. "]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: App contains insecure code for communication protection with SSL/TLS. Common source for flawed communication protection against man-in-the-middle attacks. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["Advertisement/Tracking: App uses more than 5 advertisement and tracking providers. ","App Listing: Usage of detected functionality to access list of installed apps poses a privacy risk for detected app type."]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.outthinking.duckhunting:1.2","name":"Duck Hunting","version":"1.2","model":"Game","store_url":"https://play.google.com/store/apps/details?id=com.outthinking.duckhunting"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be considered by doing a device backup. If an application contains sensitive information these can be cloned by backing up the data and extracted from the backup archive off device.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi-v7a/libmain.so","ARM 32 bit: lib/armeabi-v7a/libmono.so","ARM 32 bit: lib/armeabi-v7a/libunity.so","x86 32bit: lib/x86/libmain.so","x86 32bit: lib/x86/libmono.so","x86 32bit: lib/x86/libunity.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["ChartBoost","Doubleclick","Heyzap"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["accounts.google.com","ads.heyzap.com","app-measurement.com","csi.gstatic.com","googleads.g.doubleclick.net","live.chartboost.com","login.live.com","login.yahoo.com","market.android.com","med.heyzap.com","plus.google.com","ssl.google-analytics.com","twitter.com","www.facebook.com","www.google-analytics.com","www.google.com","www.googleapis.com","www.googletagmanager.com","www.linkedin.com","www.paypal.com","x.heyzap.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["market://details?id=%s&referrer=%s","market://details?id=com.google.android.gms.ads","market://details?id=com.heyzap.android"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 4 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["United States","Ireland","United Kingdom","unknown"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.unity3d.player.UnityPlayerNativeActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.android.vending.BILLING"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build display","build fingerprint","Wifi-MAC address","country code + mobile network code for SIM provider","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"The SSL trust management for socket communication is modified in an insecure way. The following implementations of the X509TrustManager interface should be checked: ","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"},"detailList":[{"detail":["Lcom/heyzap/http/MySSLSocketFactoryattr1;"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no Permission defined for camera usage, but the application contains specific API calls accessing the camera. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera (inactive)","Location (inactive)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://ads.heyzap.com/in_game_api/ads"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: App contains insecure code for communication protection with SSL/TLS. Common source for flawed communication protection against man-in-the-middle attacks. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.fingersoft.hillclimb:1.30.0","name":"Hill Climb Racing","version":"1.30.0","model":"Game","store_url":"https://play.google.com/store/apps/details?id=com.fingersoft.hillclimb"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi/libgame.so","ARM 32 bit: lib/armeabi/libImmEndpointWarpJ.so","ARM 32 bit: lib/armeabi-v7a/libgame.so","x86 32bit: lib/x86/libgame.so"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Adcolony","Doubleclick","Flurry","MillennialMedia","Samsung AdHub","Smaato","Supersonic","inMobi ADs","inneractive","mopub"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["ad.samsungadhub.com","adelh.smaato.com","ads.fingersoft.net","ads.mp.mydas.mobi","ads3.fingersoft.net","analytics.mopub.com","androidads21.adcolony.com","api.appsflyer.com","api.crispwireless.com","api.vungle.com","app.getsentry.com","appclick.co","avr.smaato.net","cdn1.crispadvertising.com","cdn2.inner-active.mobi","csi.gstatic.com","data.flurry.com","dl.dropboxusercontent.com","events.appsflyer.com","fingersoft.net","googleads.g.doubleclick.net","i.w.inmobi.com","i.xx.openx.com","images.millennialmedia.com","img.youtube.com","impact.applifier.com","impact.staging.applifier.com","ingest.vungle.com","init.supersonicads.com","inmobisdk-a.akamaihd.net","internal.teamfreeze.com","internal2.teamfreeze.com","maps.google.com","market.android.com","marketplace-android-b56.hyprmx.com","millennialmedia.com","mobilelogs.supersonic.com","nativex-sdk-testapi.appspot.com","outcome.supersonicads.com","p25-elb-stg-mch-ad-test-681583878.us-west-1.elb.amazonaws.com","play.google.com","plus.google.com","register.appsflyer.com","relay.mobile.toboads.com","s3-eu-west-1.amazonaws.com","sdk-services.appsflyer.com","smaato-android-sdk.s3.amazonaws.com","soma-assets.smaato.net","soma.smaato.net","staging-fsad.trafficmanager.net","stats.appsflyer.com","supersonic.ironbeast.io","t.appsflyer.com","touch.facebook.com","twitter.com","ua.supersonicads.com","wv.inner-active.mobi","www.google.com","www.googleapis.com","www.mopub.com","www.samsungapps.com","www.smaato.com","www.supersonicads.com","www.vungle.com","www.youtube.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["amzn://apps/android?p=","http://adelh.smaato.com/lg.php?bannerid=57708&campaignid=3692&zoneid=0&loc=1&referer=http%3A%2F%2Fadelh.smaato.com%2Faxmlrpc.php%3Fsize%3Dxlarge%26img%3Dtrue%26carrier%3DT-Mobile%2B%2528WiFi%252FWLAN%2529&cb=6af462c795&r_id=20b1af536e51079d611b279e5e2e5a7e&r_ts=ln8ydk","http://adelh.smaato.com/lg.php?bannerid=60196&campaignid=3692&zoneid=0&loc=1&referer=http%3A%2F%2Fadelh.smaato.com%2Faxmlrpc.php%3Fsize%3Dxlarge%26img%3Dtrue%26carrier%3DT-Mobile%2B%2528WiFi%252FWLAN%2529&cb=8a7475eb48&r_id=c161faf29bc4cd1b964223995850ece4&r_ts=ln8y6l","http://ads.fingersoft.net/mobile/apprelease?appid=","http://ads.mp.mydas.mobi/pixel?id=","http://api.crispwireless.com/adRequest/control/ad.gif?sitekey=DEFAULT&partnerkey=afa1a1efc4977cc8bc83a8fe6a952a39&zid=1418&publisherid=374","http://api.crispwireless.com/adRequest/control/noscript.gif?sitekey=DEFAULT&partnerkey=afa1a1efc4977cc8bc83a8fe6a952a39&zid=1418&publisherid=374","http://play.google.com/store/apps/details?id=com.google.android.youtube","https://dl.dropboxusercontent.com/s/uushlgxxnf77zml/mraid_test_video_page.html?token_hash=AAF2-x1x1estOcg9hbncFPpJ4Q0MMkK47QbtOtFV0_5esQ&dl=1","https://play.google.com/store/apps/details?id=","https://www.supersonicads.com/mobile/sdk5/log?method=","https://www.supersonicads.com/mobile/sdk5/log?method=contextIsNotActivity","https://www.supersonicads.com/mobile/sdk5/log?method=encodeAppKey","https://www.supersonicads.com/mobile/sdk5/log?method=encodeAppUserId","https://www.supersonicads.com/mobile/sdk5/log?method=extraParametersToJson","https://www.supersonicads.com/mobile/sdk5/log?method=htmlControllerDoesNotExistOnFileSystem","https://www.supersonicads.com/mobile/sdk5/log?method=injectJavaScript","https://www.supersonicads.com/mobile/sdk5/log?method=noProductType","https://www.supersonicads.com/mobile/sdk5/log?method=setWebViewSettings","https://www.supersonicads.com/mobile/sdk5/log?method=webviewLoadBlank","https://www.supersonicads.com/mobile/sdk5/log?method=webviewLoadWithPath","https://www.supersonicads.com/mobile/sdk5/log?method=webviewPause","https://www.supersonicads.com/mobile/sdk5/log?method=webviewResume","https://www.youtube.com/playlist?list=","https://www.youtube.com/watch?v=","market://details?id=","market://details?id=com.google.android.gms.ads","market://details?id=com.google.android.youtube","market://search?q=pub:Fingersoft"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Constant initialization vectors found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Use of constant initialization vectors is a bad practice. The following initialization vectors were found: ","text":"Constant initialization vectors found?","context":"998"},"detailList":[{"detail":["\"FJNkd+T9\"","\"heF9BATUfWuISyO8\""]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/NoPadding\"","\"AES/CBC/PKCS5Padding\""]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Cryptographic keys found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"It is considered as a bad practice to use hard-coded cryptographic keys in the application. The following hard-coded cryptographic keys were found: ","text":"Cryptographic keys found?","context":"999"},"detailList":[{"detail":["\"Xke-jKFBeI9gfc4V\"","\"heF9BATUfWuISyO8\""]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Cryptographic seed values found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Constant seeds can return constant keys, making application highly insecure. The following cryptographic seeds were found: ","text":"Cryptographic seed values found?","context":"996"},"detailList":[{"detail":["\"tiJ8e+8Fb^21xd|5\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 6 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Netherlands","Austria","United States","Ireland","Germany","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://adelh.smaato.com/lg.php?bannerid=57708&campaignid=3692&zoneid=0&loc=1&referer=http%3A%2F%2Fadelh.smaato.com%2Faxmlrpc.php%3Fsize%3Dxlarge%26img%3Dtrue%26carrier%3DT-Mobile%2B%2528WiFi%252FWLAN%2529&cb=6af462c795&r_id=20b1af536e51079d611b279e5e2e5a7e&r_ts=ln8ydk","http://adelh.smaato.com/lg.php?bannerid=60196&campaignid=3692&zoneid=0&loc=1&referer=http%3A%2F%2Fadelh.smaato.com%2Faxmlrpc.php%3Fsize%3Dxlarge%26img%3Dtrue%26carrier%3DT-Mobile%2B%2528WiFi%252FWLAN%2529&cb=8a7475eb48&r_id=c161faf29bc4cd1b964223995850ece4&r_ts=ln8y6l","http://ads.fingersoft.net/mobile/apprelease?appid=","http://ads.mp.mydas.mobi/pixel?id=","http://api.crispwireless.com/adRequest/control/ad.gif?sitekey=DEFAULT&partnerkey=afa1a1efc4977cc8bc83a8fe6a952a39&zid=1418&publisherid=374","http://api.crispwireless.com/adRequest/control/noscript.gif?sitekey=DEFAULT&partnerkey=afa1a1efc4977cc8bc83a8fe6a952a39&zid=1418&publisherid=374","http://play.google.com/store/apps/details?id=com.google.android.youtube"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelatePackageManagerChecks","value":"yes","testID":"Lists installed applications","resultClass":"Privacy","name":"Package Manager Test","detail":"The Application gathers a list of installed applications. Even though some legitimate applications may use this functionality, it can be misused to send this information to third parties.","text":"Installed app list accessed?","context":"5000"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"MIXED_URL-TEST","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Mixed usage of HTTP and HTTPS: Protected and unprotected submission of parameters to the same domain. Indicates implementation flaw or weak communication protection. ","text":"Domains accessed with http AND https: ","context":"7000"},"resultList":[{"result":["play.google.com"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.fingersoft.game.MainActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.android.vending.BILLING","com.google.android.gms.permission.ACTIVITY_RECOGNITION"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build display","build fingerprint","build brand","IMEI/MEID","Wifi-MAC address","country code + mobile network code for SIM provider","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"The SSL trust management for socket communication is modified in an insecure way. The following implementations of the X509TrustManager interface should be checked: ","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"},"detailList":[{"detail":["Lcom/nativex/volleytoolbox/IgnoreCertTrustManager;","Lcom/flurry/sdk/ej;"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Location (inactive)","Acceleration/Light"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://marketplace-android-b56.hyprmx.com/viewings/","http://ads.mp.mydas.mobi/pixel?id=","http://plus.google.com/108100831193761361624/posts","http://maps.google.com/maps/api/geocode/json?","http://ads.fingersoft.net/mobile/apprelease?appid=","http://marketplace-android-b56.hyprmx.com/trackings/","http://ad.samsungadhub.com/api/android/1.0/request","http://internal.teamfreeze.com/internal.mobile.com/Richmedia/Preview/RichmediaTemplatePreview.aspx","http://marketplace-android-b56.hyprmx.com/embedded_offers/offers_available_json","http://millennialmedia.com/android/schema","http://internal2.teamfreeze.com/internal.mobile.com/Richmedia/Preview/RichmediaTemplatePreview.aspx","http://cdn2.inner-active.mobi/ia-android-sdk/","http://fingersoft.net/eula/","http://marketplace-android-b56.hyprmx.com/web_traffic_url_visits/create","http://avr.smaato.net/report","http://fingersoft.net/privacy/","http://play.google.com/store/apps/details","http://market.android.com/details","http://api.vungle.com/api/v4/","http://soma.smaato.net/oapi/reqAd.jsp?","http://twitter.com/#!/Fingersoft"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected JS Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following JavaScript files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected JavaScripts?","context":"0"},"detailList":[{"detail":["http://50.18.124.80/ormmabridge.and.js","http://soma-assets.smaato.net/js/ormma.js","http://cdn1.crispadvertising.com/afw/2.1/framework/client/adrequest.js","http://50.18.124.80/ormma.and.js","http://ad.samsungadhub.com/api/web/1.0/mraid.js","http://soma-assets.smaato.net/js/ormma_bridge.js"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"yes","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"Reasons for category violations of default policy: ","text":"Violations of default policy?","context":"0"},"detailList":[{"detail":["Estimated overall app risk for the enterprise exceeds the security policy threshold due to detected risks and flaws exploitable by skilled attackers without the existence of additional supporting factors. "]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: App contains insecure code for communication protection with SSL/TLS. Common source for flawed communication protection against man-in-the-middle attacks. ","Possible flaw: unintended use of insecure HTTP protocol for transmissions of parameters to servers capable of HTTPS. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["Advertisement/Tracking: App uses more than 5 advertisement and tracking providers. ","App Listing: Usage of detected functionality to access list of installed apps poses a privacy risk for detected app type."]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. ","Crypto: Embedded static encryption key found, which can be extracted by attackers to revert the encryption or fake the signature of the content it is used for.","Crypto: Constant initialization vector detected. This should be avoided, as it allows an attacker to infer relationships between segments of encrypted messages if encrypted with the same key and initialization vector. ","Crypto: Constant seed detected. Using a static seed may completely replace the cryptographically strong default seed causing the random number generator to return a predictable sequence of numbers unfit for secure use. ","Crypto: Overall quality of cryptographic implementation aspects is rated poor and should be inspected in detail."]}]}]},{"attr":{"os":"Android","appId":"com.wordsmobile.gunship:1.0.3","name":"Luftangriff des Helikopters","version":"1.0.3","model":"Game","store_url":"https://play.google.com/store/apps/details?id=com.wordsmobile.gunship"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be considered by doing a device backup. If an application contains sensitive information these can be cloned by backing up the data and extracted from the backup archive off device.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: assets/libs/armeabi-vfp/libmono.so","ARM 32 bit: assets/libs/armeabi-vfp/libunity.so","ARM 32 bit: lib/armeabi/libunity.so","ARM 32 bit: lib/armeabi/libmono.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Doubleclick","Flurry","Google AdMob","Google Analytics","TapJoy"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Alarm with Intervals test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The scheduled task gets repeated in the following intervals: ","text":"Alarm intervals dynamically?","context":"9420"},"detailList":[{"detail":["24 hours","72 hours"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"79"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["ad.flurry.com","connect.tapjoy.com","content-js.tapjoy.com","data.flurry.com","data2.doodlemobile.com","ec2-184-73-77-17.compute-1.amazonaws.com","events.tapjoy.com","f2.doodlemobile.com","featured.perfectionholic.com","googleads.g.doubleclick.net","market.android.com","media.admob.com","newfeatureview.perfectionholic.com","play.google.com","plus.google.com","s3.amazonaws.com","tech.tapjoy.com","ws.tapjoyads.com","www.google.com","www.googleapis.com","www.googletagmanager.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["bazaar://search?q=pname:","https://market.android.com/details?id=","market://details?id=","market://details?id=com.google.android.gms.ads"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Constant initialization vectors found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Use of constant initialization vectors is a bad practice. The following initialization vectors were found: ","text":"Constant initialization vectors found?","context":"998"},"detailList":[{"detail":["16,74,71,-80,32,101,-47,72,117,-14,0,-29,70,65,-12,74"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"ECB mode usage identified. This mode has the disadvantage, that identical plaintext blocks are encrypted into identical ciphertext blocks. Therefore it does not hide patterns well and this mode is not recommended for use in cryptographic protocols at all. ","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\"","\"AES/ECB/PKCS7Padding\"","\"DES/ECB/PKCS5Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["INTERNET (Allows applications to open network sockets.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 2 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["United States","Ireland"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yesbut","testID":"JavaScript bridging vulnerable","resultClass":"Data security","name":"JavaScript bridging usage","detail":"JavaScript to SDK API bridge vulnerability found: TargetSdk definition in the AndroidManifest.xml file is version: 14 . An application calling Android API methods by JavaScript and defining targetSdk version less than 17 could be vulnerable to remote code injection. For remote code injection the application has to load JavaScript or HTML code containing JavaScript code from a (generic) url.","text":"JavaScript to SDK API bridge vulnerability?","context":"0"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Key derivation iteration count: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Key derivation function used in the app with an amount of 1024 iterations is considered secure.","text":"Key derivation iteration count: ","context":"995"},"resultList":[{"result":["1024"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelatePackageManagerChecks","value":"yes","testID":"Lists installed applications","resultClass":"Privacy","name":"Package Manager Test","detail":"The Application gathers a list of installed applications. Even though some legitimate applications may use this functionality, it can be misused to send this information to third parties.","text":"Installed app list accessed?","context":"5000"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.wordsmobile.gunship.MainActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.android.vending.BILLING"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build serial","build display","build brand","IMEI/MEID","Wifi-MAC address","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"The SSL trust management for socket communication is modified in an insecure way. The following implementations of the X509TrustManager interface should be checked: ","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"},"detailList":[{"detail":["Lcom/flurry/android/n;"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarm Serivce test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The alarm manager has been initialized properly. ","text":"Alarm Manager initialized dynamically?","context":"9410"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"ok","testID":"Scheduled Alarm Types test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"","text":"Alarm repeating types: ","context":"9440"},"resultList":[{"result":["RTC_WAKEUP"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application contains a registered scheduled alarm. With such an alarm the application repeats the execution of the registered task for example every 10 hours. The following classes register scheduled tasks:","text":"Scheduled Alarm Manager registered?","context":"9450"},"detailList":[{"detail":["com.wordsmobile.gunship.MainActivity"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no Permission defined for camera usage, but the application contains specific API calls accessing the camera. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera (inactive)","Location (inactive)","Acceleration/Light"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://newfeatureview.perfectionholic.com/featureview/getfeatureview/","http://f2.doodlemobile.com/feature_server/fullScreen/get.php","http://play.google.com/store/apps/","http://featured.perfectionholic.com:8080/moregames/index_app.html","http://newfeatureview.perfectionholic.com/featureview/gettime/","http://ec2-184-73-77-17.compute-1.amazonaws.com/featureview/gettime/","http://featured.perfectionholic.com:8080/feature_appserver/recommands","http://f2.doodlemobile.com/feature_server/geo-ip/test.php","http://data2.doodlemobile.com:8080/dmdata_zmm/ReceiveServlet","http://featured.perfectionholic.com:8080/moregames/index.html"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected JS Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following JavaScript files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected JavaScripts?","context":"0"},"detailList":[{"detail":["http://media.admob.com/mraid/v1/mraid_app_interstitial.js","http://googleads.g.doubleclick.net/mads/static/sdk/native/sdk-core-v40.js","http://media.admob.com/mraid/v1/mraid_app_banner.js","http://media.admob.com/mraid/v1/mraid_app_expanded_banner.js"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default error handling for SSL/TLS client communication. Error-prone modifications can be ruled out. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"yes","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"Reasons for category violations of default policy: ","text":"Violations of default policy?","context":"0"},"detailList":[{"detail":["Estimated overall app risk for the enterprise exceeds the security policy threshold due to detected risks and flaws exploitable by skilled attackers without the existence of additional supporting factors. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: App contains insecure code for communication protection with SSL/TLS. Common source for flawed communication protection against man-in-the-middle attacks. ","Possible flaw: An application calling Android API methods by JavaScript and defining targetSdk version less than 17 could be vulnerable to remote code injection. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["App Listing: Usage of detected functionality to access list of installed apps poses a privacy risk for detected app type."]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. ","Crypto: Constant initialization vector detected. This should be avoided, as it allows an attacker to infer relationships between segments of encrypted messages if encrypted with the same key and initialization vector. "]}]}]},{"attr":{"os":"Android","appId":"com.outfit7.mytalkingtomfree:3.6.3.42","name":"Mein Talking Tom","version":"3.6.3.42","model":"Game","store_url":"https://play.google.com/store/apps/details?id=com.outfit7.mytalkingtomfree"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be considered by doing a device backup. If an application contains sensitive information these can be cloned by backing up the data and extracted from the backup archive off device.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi-v7a/libmain.so","ARM 32 bit: lib/armeabi-v7a/libmono.so","ARM 32 bit: lib/armeabi-v7a/libnativeutils.so","ARM 32 bit: lib/armeabi-v7a/libSoundTouchPlugin.so","ARM 32 bit: lib/armeabi-v7a/libsqlite3.so","ARM 32 bit: lib/armeabi-v7a/libunity.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Fyber","LiveRail","Nexage"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation provider used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"In general code obfuscation is done automatically by different obfuscation frameworks or obfuscation service providers. Detailed information to the detected framework Bangcle can be found under: http://www.bangcle.com/","text":"Obfuscation framework used: ","context":"4997"},"resultList":[{"result":["Bangcle"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","a.archyads.net","accounts.google.com","ad5.liverail.com","apache.org","api.sponsorpay.com","api.w3i.com","api2.tnkfactory.com","appdriver.jp","apps.outfit7.com","be.outfit7.net","cdn.bee7.com","cdn.outfit7.com","facebook.com","fb.me","graph-video.%s","graph.%s","graph.facebook.com","java.sun.com","javax.xml.XMLConstants","javax.xml.transform","javax.xml.transform.dom.DOMResult","javax.xml.transform.dom.DOMSource","javax.xml.transform.sax.SAXResult","javax.xml.transform.sax.SAXSource","javax.xml.transform.sax.SAXTransformerFactory","javax.xml.transform.stax.StAXResult","javax.xml.transform.stax.StAXSource","javax.xml.transform.stream.StreamResult","javax.xml.transform.stream.StreamSource","live.adbrix.igaworks.com","m.youtube.com","nwalsh.com","oauth.vk.com","offers.tokenads.com","play.google.com","relaxng.org","s2s.outfit7.org","sjc.ads0.nexage.com","staging.igaworks.com","storage.googleapis.com","vk.com","www.googleapis.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://ad5.liverail.com/?LR_IDFA_FLAG=1&iapu=0&LR_APPNAME=TestApp&wifi=true&LR_ADTYPE=3&LR_IDFA=1&os=8.3&lc=en&LR_VIDEO_POSITION=0&LR_AUTOPLAY=1&v=1.0&model=iPhone7%2C2&LR_HEIGHT=284&uid=4uT61f2yPWYD_emyE5T7yWfrBh1T_zLxO4SguN2RzD5oIK1XuEwiWfSEo8nK1gjC&LR_DURATION=3600&LR_PUBLISHER_ID=51027&lv=2.23.2&LR_FORMAT=video%2Fmp4&LR_WIDTH=320&LR_BUNDLE=com.outfit7.gridtestapp&LR_MUTED=0&o7msg=1&LR_SCHEMA=vast2","http://api2.tnkfactory.com/tnk/ad.icon.main?app_id=","http://offers.tokenads.com/show?style=xml&client_xml&","http://play.google.com/store/apps/details?id=com.facebook.orca","https://accounts.google.com/o/oauth2/auth?client_id=%s&redirect_uri=%s&response_type=code&scope=https://www.googleapis.com/auth/youtube+https://www.googleapis.com/auth/youtube.upload+https://www.googleapis.com/auth/youtubepartner","https://m.youtube.com/create_channel?chromeless=1&next=/channel_creation_done","https://oauth.vk.com/authorize?client_id=%s&scope=%s&redirect_uri=%s&display=mobile&v=%s&response_type=token&revoke=%d","https://www.googleapis.com/youtube/v3/channels?part=status&mine=true","https://www.googleapis.com/youtube/v3/subscriptions?part=snippet","market://details?id=","market://details?id=com.facebook.orca","outfit7p:http://apps.outfit7.com/ad/ad.jsp?udid="]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5PADDING\""]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Cryptographic keys found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"It is considered as a bad practice to use hard-coded cryptographic keys in the application. The following hard-coded cryptographic keys were found: ","text":"Cryptographic keys found?","context":"999"},"detailList":[{"detail":["\"igaworks1k0i1d4a6e2i5g0ajwyobrks\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["INTERNET (Allows applications to open network sockets.) ","READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","RECORD_AUDIO (Allows an application to record audio.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 10 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Netherlands","Romania","Belgium","United States","Japan","Ireland","Germany","Republic of Korea","unknown","Russia"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://ad5.liverail.com/?LR_IDFA_FLAG=1&iapu=0&LR_APPNAME=TestApp&wifi=true&LR_ADTYPE=3&LR_IDFA=1&os=8.3&lc=en&LR_VIDEO_POSITION=0&LR_AUTOPLAY=1&v=1.0&model=iPhone7%2C2&LR_HEIGHT=284&uid=4uT61f2yPWYD_emyE5T7yWfrBh1T_zLxO4SguN2RzD5oIK1XuEwiWfSEo8nK1gjC&LR_DURATION=3600&LR_PUBLISHER_ID=51027&lv=2.23.2&LR_FORMAT=video%2Fmp4&LR_WIDTH=320&LR_BUNDLE=com.outfit7.gridtestapp&LR_MUTED=0&o7msg=1&LR_SCHEMA=vast2","http://api2.tnkfactory.com/tnk/ad.icon.main?app_id=","http://offers.tokenads.com/show?style=xml&client_xml&","http://play.google.com/store/apps/details?id=com.facebook.orca"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["ACCESS_WIFI_STATE","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.outfit7.mytalkingtom.activity.Preferences","com.outfit7.mytalkingtomfree.Main"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.android.vending.BILLING","com.google.android.c2dm.permission.RECEIVE","com.outfit7.mytalkingtomfree.permission.C2D_MESSAGE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build serial","build fingerprint","build brand","IMEI/MEID","country code + mobile network code for SIM provider","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no Permission defined for camera usage, but the application contains specific API calls accessing the camera. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually. Application defines a permission ( android.permission.RECORD_AUDIO ) accessing the microphone, but there were no specific API calls found. This could be an indication for overprivileges, developer missconfiguration or confused deputy attack.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera (inactive)","Location (inactive)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://apache.org/xml/features/dom/create-entity-ref-nodes","http://apache.org/xml/features/validation/dynamic","http://apache.org/xml/properties/internal/validator/dtd","http://apache.org/xml/properties/input-buffer-size","http://apache.org/xml/properties/internal/datatype-validator-factory","http://apache.org/xml/properties/internal/validator/schema","http://java.sun.com/xml/jaxp/properties/schemaSource","http://apache.org/xml/properties/internal/error-handler","http://apache.org/xml/features/validate-annotations","http://apps.outfit7.com/rest/receipts/v1/apps","http://apps.outfit7.com/rest/data/news-reporting","http://be.outfit7.net/rest/talkingFriends/v3/","http://apache.org/xml/features/xinclude","http://apache.org/xml/serializer","http://apps.outfit7.com/rest/talkingFriends/v1/video/report-event/","http://apache.org/xml/features/validation/schema-full-checking","http://apache.org/xml/features/validation/warn-on-duplicate-attdef","http://api.w3i.com/PublicServices/AfppApiRestV1.svc/Device/Offer/Click/Put","http://apache.org/xml/properties/internal/entity-manager","http://apache.org/xml/properties/internal/dtd-processor","http://apps.outfit7.com/rest/video-gallery/v3/videos","http://apache.org/xml/features/namespace-growth","http://apache.org/xml/features/internal/parser-settings","http://apache.org/xml/features/internal/strings-interned","http://apps.outfit7.com/rest/talkingFriends/v1/push-notification/delete/%s/%s/","http://apache.org/xml/features/dom/include-ignorable-whitespace","http://apache.org/xml/features/create-cdata-nodes","http://apache.org/xml/properties/internal/grammar-pool","http://apache.org/xml/properties/locale","http://apps.outfit7.com/rest/talkingFriends/v2/newsletter/is-subscribed/Android","http://apache.org/xml/features/validation/warn-on-undeclared-elemdef","http://javax.xml.XMLConstants/feature/secure-processing","http://api.w3i.com/PublicServices/AfppApiRestV1.svc/Device/Balance/Available/Get","http://apache.org/xml/features/xinclude/fixup-base-uris","http://apache.org/xml/properties/internal/error-reporter","http://apache.org/xml/properties/internal/namespace-context","http://apache.org/xml/features/warn-on-duplicate-entitydef","http://apps.outfit7.com/rest/talkingFriends/v1/trackers/sources","http://javax.xml.transform.sax.SAXTransformerFactory/feature/xmlfilter","http://apache.org/xml/properties/internal/xpointer-handler","http://java.sun.com/xml/jaxp/properties/schemaLanguage","http://apache.org/xml/features/allow-java-encodings","http://api.w3i.com/PublicServices/AfppApiRestV1.svc/Offer/Qualified/Get","http://apache.org/xml/features/internal/tolerate-duplicates","http://s2s.outfit7.org/templates/","http://apache.org/xml/features/include-comments","http://apache.org/xml/features/scanner/notify-char-refs","http://apache.org/xml/features/validation/id-idref-checking","http://apps.outfit7.com/rest/data/1/events","http://apache.org/xml/properties/dom/current-element-node","http://javax.xml.transform.dom.DOMResult/feature","http://javax.xml.transform.stax.StAXSource/feature","http://apache.org/xml/properties/internal/document-scanner","http://apache.org/xml/features/standard-uri-conformant","http://apache.org/xml/features/continue-after-fatal-error","http://apache.org/xml/features/validation/identity-constraint-checking","http://apps.outfit7.com/rest/talkingFriends/v3/Android","http://apache.org/xml/properties/","http://apache.org/xml/features/honour-all-schemaLocations","http://javax.xml.transform.stream.StreamSource/feature","http://apps.outfit7.com/rest/data/report/client/v1/","http://a.archyads.net/offers?","http://apache.org/xml/features/xinclude/fixup-language","http://apache.org/xml/features/nonvalidating/load-external-dtd","http://apache.org/xml/properties/internal/entity-resolver","http://javax.xml.transform.dom.DOMSource/feature","http://apache.org/xml/features/","http://apache.org/xml/features/generate-synthetic-annotations","http://offers.tokenads.com/show?style=xml&client_xml&","http://apps.outfit7.com/rest/talkingFriends/v1/ping","http://apache.org/xml/features/dom/defer-node-expansion","http://apache.org/xml/features/scanner/notify-builtin-refs","http://apache.org/xml/features/disallow-doctype-decl","http://apache.org/xml/features/validation/balance-syntax-trees","http://apache.org/xml/properties/dom/document-class-name","http://javax.xml.transform.stream.StreamResult/feature","http://apps.outfit7.com/rest/talkingFriends/v1/assets-url/Android","http://javax.xml.transform.sax.SAXResult/feature","http://apache.org/xml/properties/internal/namespace-binder","http://apache.org/xml/properties/internal/symbol-table","http://api.w3i.com/PublicServices/AfppApiRestV1.svc/Device/Balance/Redeem/Put","http://java.sun.com/xml/jaxp/properties/","http://apache.org/xml/properties/internal/validation-manager","http://javax.xml.transform.sax.SAXTransformerFactory/feature","http://apache.org/xml/properties/internal/xinclude-handler","http://apps.outfit7.com/rest/talkingFriends/v1/rate-app/Android","http://apache.org/xml/properties/security-manager","http://java.sun.com/jaxp/xpath/dom","http://apache.org/xml/features/validation/unparsed-entity-checking","http://javax.xml.transform.stax.StAXResult/feature","http://apache.org/xml/features/validation/schema","http://apps.outfit7.com/rest/talkingFriends/v3/Android-devel","http://apache.org/xml/properties/internal/dtd-scanner","http://javax.xml.transform.sax.SAXSource/feature"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. ","Crypto: Embedded static encryption key found, which can be extracted by attackers to revert the encryption or fake the signature of the content it is used for."]}]}]},{"attr":{"os":"Android","appId":"com.outfit7.mytalkingangelafree:2.6.0.19","name":"Meine Talking Angela","version":"2.6.0.19","model":"Generic","store_url":"https://play.google.com/store/apps/details?id=com.outfit7.mytalkingangelafree"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be considered by doing a device backup. If an application contains sensitive information these can be cloned by backing up the data and extracted from the backup archive off device.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi-v7a/libmain.so","ARM 32 bit: lib/armeabi-v7a/libmono.so","ARM 32 bit: lib/armeabi-v7a/libnativeutils.so","ARM 32 bit: lib/armeabi-v7a/libSoundTouchPlugin.so","ARM 32 bit: lib/armeabi-v7a/libsqlite3.so","ARM 32 bit: lib/armeabi-v7a/libunity.so"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Fyber","LiveRail","Nexage"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation provider used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"In general code obfuscation is done automatically by different obfuscation frameworks or obfuscation service providers. Detailed information to the detected framework Bangcle can be found under: http://www.bangcle.com/","text":"Obfuscation framework used: ","context":"4997"},"resultList":[{"result":["Bangcle"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","a.archyads.net","accounts.google.com","ad5.liverail.com","apache.org","api.sponsorpay.com","api2.tnkfactory.com","appdriver.jp","apps.outfit7.com","be.outfit7.net","cdn.bee7.com","cdn.outfit7.com","facebook.com","fb.me","graph-video.%s","graph.%s","graph.facebook.com","java.sun.com","javax.xml.XMLConstants","javax.xml.transform","javax.xml.transform.dom.DOMResult","javax.xml.transform.dom.DOMSource","javax.xml.transform.sax.SAXResult","javax.xml.transform.sax.SAXSource","javax.xml.transform.sax.SAXTransformerFactory","javax.xml.transform.stax.StAXResult","javax.xml.transform.stax.StAXSource","javax.xml.transform.stream.StreamResult","javax.xml.transform.stream.StreamSource","live.adbrix.igaworks.com","m.youtube.com","nwalsh.com","oauth.vk.com","offers.tokenads.com","play.google.com","relaxng.org","s2s.outfit7.org","sjc.ads0.nexage.com","staging.igaworks.com","storage.googleapis.com","vk.com","www.googleapis.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://ad5.liverail.com/?LR_IDFA_FLAG=1&iapu=0&LR_APPNAME=TestApp&wifi=true&LR_ADTYPE=3&LR_IDFA=1&os=8.3&lc=en&LR_VIDEO_POSITION=0&LR_AUTOPLAY=1&v=1.0&model=iPhone7%2C2&LR_HEIGHT=284&uid=4uT61f2yPWYD_emyE5T7yWfrBh1T_zLxO4SguN2RzD5oIK1XuEwiWfSEo8nK1gjC&LR_DURATION=3600&LR_PUBLISHER_ID=51027&lv=2.23.2&LR_FORMAT=video%2Fmp4&LR_WIDTH=320&LR_BUNDLE=com.outfit7.gridtestapp&LR_MUTED=0&o7msg=1&LR_SCHEMA=vast2","http://api2.tnkfactory.com/tnk/ad.icon.main?app_id=","http://offers.tokenads.com/show?style=xml&client_xml&","http://play.google.com/store/apps/details?id=com.facebook.orca","https://accounts.google.com/o/oauth2/auth?client_id=%s&redirect_uri=%s&response_type=code&scope=https://www.googleapis.com/auth/youtube+https://www.googleapis.com/auth/youtube.upload+https://www.googleapis.com/auth/youtubepartner","https://m.youtube.com/create_channel?chromeless=1&next=/channel_creation_done","https://oauth.vk.com/authorize?client_id=%s&scope=%s&redirect_uri=%s&display=mobile&v=%s&response_type=token&revoke=%d","https://www.googleapis.com/youtube/v3/channels?part=status&mine=true","https://www.googleapis.com/youtube/v3/subscriptions?part=snippet","market://details?id=","market://details?id=com.facebook.orca","outfit7p:http://apps.outfit7.com/ad/ad.jsp?udid="]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5PADDING\""]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Cryptographic keys found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"It is considered as a bad practice to use hard-coded cryptographic keys in the application. The following hard-coded cryptographic keys were found: ","text":"Cryptographic keys found?","context":"999"},"detailList":[{"detail":["\"igaworks1k0i1d4a6e2i5g0ajwyobrks\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","RECORD_AUDIO (Allows an application to record audio.) ","INTERNET (Allows applications to open network sockets.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 10 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Netherlands","Romania","Belgium","United States","Japan","Ireland","Germany","Republic of Korea","unknown","Russia"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://ad5.liverail.com/?LR_IDFA_FLAG=1&iapu=0&LR_APPNAME=TestApp&wifi=true&LR_ADTYPE=3&LR_IDFA=1&os=8.3&lc=en&LR_VIDEO_POSITION=0&LR_AUTOPLAY=1&v=1.0&model=iPhone7%2C2&LR_HEIGHT=284&uid=4uT61f2yPWYD_emyE5T7yWfrBh1T_zLxO4SguN2RzD5oIK1XuEwiWfSEo8nK1gjC&LR_DURATION=3600&LR_PUBLISHER_ID=51027&lv=2.23.2&LR_FORMAT=video%2Fmp4&LR_WIDTH=320&LR_BUNDLE=com.outfit7.gridtestapp&LR_MUTED=0&o7msg=1&LR_SCHEMA=vast2","http://api2.tnkfactory.com/tnk/ad.icon.main?app_id=","http://offers.tokenads.com/show?style=xml&client_xml&","http://play.google.com/store/apps/details?id=com.facebook.orca"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["ACCESS_WIFI_STATE","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.outfit7.mytalkingangelafree.Main","com.outfit7.mytalkingangela.activity.Preferences"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.outfit7.mytalkingangelafree.permission.C2D_MESSAGE","com.android.vending.BILLING","com.google.android.c2dm.permission.RECEIVE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build serial","build fingerprint","build brand","IMEI/MEID","country code + mobile network code for SIM provider","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no Permission defined for camera usage, but the application contains specific API calls accessing the camera. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually. Application defines a permission ( android.permission.RECORD_AUDIO ) accessing the microphone, but there were no specific API calls found. This could be an indication for overprivileges, developer missconfiguration or confused deputy attack.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera (inactive)","Location (inactive)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://apache.org/xml/features/dom/create-entity-ref-nodes","http://apache.org/xml/features/validation/dynamic","http://apache.org/xml/properties/internal/validator/dtd","http://apache.org/xml/properties/input-buffer-size","http://apache.org/xml/properties/internal/datatype-validator-factory","http://apache.org/xml/properties/internal/validator/schema","http://java.sun.com/xml/jaxp/properties/schemaSource","http://apache.org/xml/properties/internal/error-handler","http://apache.org/xml/features/validate-annotations","http://apps.outfit7.com/rest/receipts/v1/apps","http://apps.outfit7.com/rest/data/news-reporting","http://be.outfit7.net/rest/talkingFriends/v3/","http://apache.org/xml/features/xinclude","http://apache.org/xml/serializer","http://apps.outfit7.com/rest/talkingFriends/v1/video/report-event/","http://apache.org/xml/features/validation/schema-full-checking","http://apache.org/xml/features/validation/warn-on-duplicate-attdef","http://apache.org/xml/properties/internal/entity-manager","http://apache.org/xml/properties/internal/dtd-processor","http://apps.outfit7.com/rest/video-gallery/v3/videos","http://apache.org/xml/features/namespace-growth","http://apache.org/xml/features/internal/parser-settings","http://apache.org/xml/features/internal/strings-interned","http://apps.outfit7.com/rest/talkingFriends/v1/push-notification/delete/%s/%s/","http://apache.org/xml/features/dom/include-ignorable-whitespace","http://apache.org/xml/features/create-cdata-nodes","http://apache.org/xml/properties/internal/grammar-pool","http://apache.org/xml/properties/locale","http://apps.outfit7.com/rest/talkingFriends/v2/newsletter/is-subscribed/Android","http://apache.org/xml/features/validation/warn-on-undeclared-elemdef","http://javax.xml.XMLConstants/feature/secure-processing","http://apache.org/xml/features/xinclude/fixup-base-uris","http://apache.org/xml/properties/internal/error-reporter","http://apache.org/xml/properties/internal/namespace-context","http://apache.org/xml/features/warn-on-duplicate-entitydef","http://apps.outfit7.com/rest/talkingFriends/v1/trackers/sources","http://javax.xml.transform.sax.SAXTransformerFactory/feature/xmlfilter","http://apache.org/xml/properties/internal/xpointer-handler","http://java.sun.com/xml/jaxp/properties/schemaLanguage","http://apache.org/xml/features/allow-java-encodings","http://apache.org/xml/features/internal/tolerate-duplicates","http://s2s.outfit7.org/templates/","http://apache.org/xml/features/include-comments","http://apache.org/xml/features/scanner/notify-char-refs","http://apache.org/xml/features/validation/id-idref-checking","http://apps.outfit7.com/rest/data/1/events","http://apache.org/xml/properties/dom/current-element-node","http://javax.xml.transform.dom.DOMResult/feature","http://javax.xml.transform.stax.StAXSource/feature","http://apache.org/xml/properties/internal/document-scanner","http://apache.org/xml/features/standard-uri-conformant","http://apache.org/xml/features/continue-after-fatal-error","http://apache.org/xml/features/validation/identity-constraint-checking","http://apps.outfit7.com/rest/talkingFriends/v3/Android","http://apache.org/xml/properties/","http://apache.org/xml/features/honour-all-schemaLocations","http://javax.xml.transform.stream.StreamSource/feature","http://apps.outfit7.com/rest/data/report/client/v1/","http://a.archyads.net/offers?","http://apache.org/xml/features/xinclude/fixup-language","http://apache.org/xml/features/nonvalidating/load-external-dtd","http://apache.org/xml/properties/internal/entity-resolver","http://javax.xml.transform.dom.DOMSource/feature","http://apache.org/xml/features/","http://apache.org/xml/features/generate-synthetic-annotations","http://offers.tokenads.com/show?style=xml&client_xml&","http://apps.outfit7.com/rest/talkingFriends/v1/ping","http://apache.org/xml/features/dom/defer-node-expansion","http://apache.org/xml/features/scanner/notify-builtin-refs","http://apache.org/xml/features/disallow-doctype-decl","http://apache.org/xml/features/validation/balance-syntax-trees","http://apache.org/xml/properties/dom/document-class-name","http://javax.xml.transform.stream.StreamResult/feature","http://apps.outfit7.com/rest/talkingFriends/v1/assets-url/Android","http://javax.xml.transform.sax.SAXResult/feature","http://apache.org/xml/properties/internal/namespace-binder","http://apache.org/xml/properties/internal/symbol-table","http://java.sun.com/xml/jaxp/properties/","http://apache.org/xml/properties/internal/validation-manager","http://javax.xml.transform.sax.SAXTransformerFactory/feature","http://apache.org/xml/properties/internal/xinclude-handler","http://apps.outfit7.com/rest/talkingFriends/v1/rate-app/Android","http://apache.org/xml/properties/security-manager","http://java.sun.com/jaxp/xpath/dom","http://apache.org/xml/features/validation/unparsed-entity-checking","http://javax.xml.transform.stax.StAXResult/feature","http://apache.org/xml/features/validation/schema","http://apps.outfit7.com/rest/talkingFriends/v3/Android-devel","http://apache.org/xml/properties/internal/dtd-scanner","http://javax.xml.transform.sax.SAXSource/feature"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. ","Crypto: Embedded static encryption key found, which can be extracted by attackers to revert the encryption or fake the signature of the content it is used for."]}]}]},{"attr":{"os":"Android","appId":"com.spilgames.mydolphinshow:2.1.57","name":"My Dolphin Show","version":"2.1.57","model":"Game","store_url":"https://play.google.com/store/apps/details?id=com.spilgames.mydolphinshow"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be considered by doing a device backup. If an application contains sensitive information these can be cloned by backing up the data and extracted from the backup archive off device.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi-v7a/libAmazonIapV2Bridge.so","ARM 32 bit: lib/armeabi-v7a/libmain.so","ARM 32 bit: lib/armeabi-v7a/libmono.so","ARM 32 bit: lib/armeabi-v7a/libunity.so","x86 32bit: lib/x86/libAmazonIapV2Bridge.so","x86 32bit: lib/x86/libmain.so","x86 32bit: lib/x86/libmono.so","x86 32bit: lib/x86/libunity.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Adcolony","Adjust","AppLovin","ChartBoost","Crashlytics","Doubleclick","Fyber","Google Analytics"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["(.*)\\.amazon\\.[^","a.applovin.com","ags-ext.amazon.com","androidads23.adcolony.com","androidquery.appspot.com","api.sponsorpay.com","app.adjust.io","applab-sdk.amazon.com","apptracker.spilgames.com","banner.fyber.com","cortana-gateway.amazon.com","d.applovin.com","e.crashlytics.com","engine.fyber.com","engine.sponsorpay.com","googleads.g.doubleclick.net","iframe.sponsorpay.com","impact.applifier.com","impact.staging.applifier.com","live.chartboost.com","market.android.com","node.veedi.com","plus.google.com","rt.applovin.com","service.sponsorpay.com","settings.crashlytics.com","ssl.google-analytics.com","vid.applovin.com","video.fyber.com","www.amazon.com","www.google.com","www.googleapis.com","www.googletagmanager.com","www.veedi.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://node.veedi.com/mobile/android/server/tracker?action=","market://details?id=","market://details?id=com.google.android.gms.ads","market://search?q=pname:com.google"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Constant initialization vectors found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Use of constant initialization vectors is a bad practice. The following initialization vectors were found: ","text":"Constant initialization vectors found?","context":"998"},"detailList":[{"detail":["16,74,71,-80,32,101,-47,72,117,-14,0,-29,70,65,-12,74"]}]},{"attr":{"rev":"7499","checkClass":"AndroidCorrelateWebCode","value":"yes","testID":"Cordova Test","resultClass":"Runtime Security","name":"Runtime Code","detail":"App contains Apache Cordova framework which enables software programmers to build applications for mobile devices using JavaScript, HTML5, and CSS3. The following Cordova plugins were detected: ","text":"Cordova WebApp?","context":"12000"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"ECB mode usage identified. This mode has the disadvantage, that identical plaintext blocks are encrypted into identical ciphertext blocks. Therefore it does not hide patterns well and this mode is not recommended for use in cryptographic protocols at all. ","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\"","\"DES/ECB/PKCS7Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["ACCESS_COARSE_LOCATION (Allows an app to access approximate location derived from network location sources such as cell towers and Wi-Fi.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 7 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Netherlands","Romania","United States","Ireland","United Kingdom","Germany","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://node.veedi.com/mobile/android/server/tracker?action="]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","dalvik.system.PathClassLoader(...)","ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Key derivation iteration count: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Key derivation function used in the app with an amount of 1024 iterations is considered secure.","text":"Key derivation iteration count: ","context":"995"},"resultList":[{"result":["1024"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","VIBRATE (Allows access to the vibrator.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.spilgames.spilsdk.SpilUnityActivityWithPrime"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.android.vending.BILLING","com.android.vending.CHECK_LICENSE","com.google.android.c2dm.permission.RECEIVE","com.parse.parseunitypushsample.permission.C2D_MESSAGE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build serial","build display","build fingerprint","build brand","IMEI/MEID","Wifi-MAC address","country code + mobile network code for SIM provider","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"The SSL trust management for socket communication is modified in an insecure way. The following implementations of the X509TrustManager interface should be checked: ","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"},"detailList":[{"detail":["Lcom/amazon/identity/auth/device/endpoint/AbstractTokenRequestattrUnsafeSslHttpClientattrMySSLSocketFactoryattr1;","Lorg/acra/util/NaiveTrustManager;"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no Permission defined for camera usage, but the application contains specific API calls accessing the camera.Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera (inactive)","WIFI-Based Location","Acceleration/Light"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://rt.applovin.com/pix","http://www.amazon.com/gp/mas/get-appstore/android/ref=mas_mx_mba_iap_dl","http://node.veedi.com/mobile/android/server/tracker?action="]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: App contains insecure code for communication protection with SSL/TLS. Common source for flawed communication protection against man-in-the-middle attacks. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["Advertisement/Tracking: App uses more than 5 advertisement and tracking providers. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. ","Crypto: Constant initialization vector detected. This should be avoided, as it allows an attacker to infer relationships between segments of encrypted messages if encrypted with the same key and initialization vector. ","JavaScript Bridge attackable: App uses a bridge between web content and native code. In combination with the detected loading of unprotected web content, the functionality provided by the bridge can be exploited by man-in-the-middle attackers."]}]}]},{"attr":{"os":"Android","appId":"com.ffgames.racingincar:1.1","name":"Racing in Car","version":"1.1","model":"Game","store_url":"https://play.google.com/store/apps/details?id=com.ffgames.racingincar"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be considered by doing a device backup. If an application contains sensitive information these can be cloned by backing up the data and extracted from the backup archive off device.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["x86 32bit: lib/x86/libmain.so","x86 32bit: lib/x86/libmono.so","x86 32bit: lib/x86/libunity.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Adcolony","ChartBoost","Doubleclick"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["accounts.google.com","androidads23.adcolony.com","app-measurement.com","csi.gstatic.com","googleads.g.doubleclick.net","impact.applifier.com","impact.staging.applifier.com","live.chartboost.com","login.live.com","login.yahoo.com","market.android.com","plus.google.com","ssl.google-analytics.com","twitter.com","www.facebook.com","www.google-analytics.com","www.google.com","www.googleapis.com","www.googletagmanager.com","www.linkedin.com","www.paypal.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["market://details?id=","market://details?id=com.google.android.gms.ads"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["INTERNET (Allows applications to open network sockets.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 4 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["United States","Ireland","United Kingdom","unknown"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.prime31.UnityPlayerNativeActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.android.vending.BILLING"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build display","build fingerprint","Wifi-MAC address","country code + mobile network code for SIM provider","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no Permission defined for camera usage, but the application contains specific API calls accessing the camera. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera (inactive)","Location (inactive)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Security risks?","context":"0"}}]},{"attr":{"os":"Android","appId":"com.kiloo.subwaysurf:1.59.1","name":"Subway Surfers","version":"1.59.1","model":"Generic","store_url":"https://play.google.com/store/apps/details?id=com.kiloo.subwaysurf"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi-v7a/libmain.so","ARM 32 bit: lib/armeabi-v7a/libmono.so","ARM 32 bit: lib/armeabi-v7a/libunity.so","x86 32bit: lib/x86/libmain.so","x86 32bit: lib/x86/libmono.so","x86 32bit: lib/x86/libunity.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Adcolony","Appsdt","ChartBoost","Doubleclick","Flurry","Supersonic","TapJoy","inMobi ADs","mdotm"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","a.ai.inmobi.com","accounts.google.com","adlog.flurry.com","ads.flurry.com","ads.mdotm.com","analytics.query.yahoo.com","androidads23.adcolony.com","api.facebook.com","api.tumblr.com","api.vungle.com","cdn.flurry.com","connect.tapjoy.com","content-js.tapjoy.com","csi.gstatic.com","d.appsdt.com","data.flurry.com","dock.inmobi.com","e-ltvp.inmobi.com","facebook.com","googleads.g.doubleclick.net","graph-video.%s","graph.%s","graph.facebook.com","i.w.inmobi.com","ingest.vungle.com","init.supersonicads.com","inmobisdk-a.akamaihd.net","live.chartboost.com","login.live.com","login.yahoo.com","m.facebook.com","m.google.com","market.android.com","mobilelogs.supersonic.com","outcome.supersonicads.com","placements.tapjoy.com","play.google.com","plus.google.com","proton.flurry.com","rpc.tapjoy.com","rules-ltvp.inmobi.com","sdkm.w.inmobi.com","supersonic.ironbeast.io","twitter.com","ua.supersonicads.com","ws.tapjoyads.com","www.facebook.com","www.google.com","www.googleapis.com","www.linkedin.com","www.paypal.com","www.supersonicads.com","www.tumblr.com","www.vungle.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["flurry://flurrycall?event=","flurry://flurrycall?event=adWillClose","http://play.google.com/store/apps/details?id=","http://twitter.com/home?status=","https://m.google.com/app/plus/x/?v=compose&content=","https://play.google.com/store/apps/details?id=","https://www.facebook.com/dialog/feed?app_id=181821551957328&link=","https://www.supersonicads.com/mobile/sdk5/log?method=","https://www.supersonicads.com/mobile/sdk5/log?method=contextIsNotActivity","https://www.supersonicads.com/mobile/sdk5/log?method=encodeAppKey","https://www.supersonicads.com/mobile/sdk5/log?method=encodeAppUserId","https://www.supersonicads.com/mobile/sdk5/log?method=extraParametersToJson","https://www.supersonicads.com/mobile/sdk5/log?method=htmlControllerDoesNotExistOnFileSystem","https://www.supersonicads.com/mobile/sdk5/log?method=injectJavaScript","https://www.supersonicads.com/mobile/sdk5/log?method=noProductType","https://www.supersonicads.com/mobile/sdk5/log?method=setWebViewSettings","https://www.supersonicads.com/mobile/sdk5/log?method=webviewLoadBlank","https://www.supersonicads.com/mobile/sdk5/log?method=webviewLoadWithPath","https://www.supersonicads.com/mobile/sdk5/log?method=webviewPause","https://www.supersonicads.com/mobile/sdk5/log?method=webviewResume","https://www.tumblr.com/oauth/authorize?oauth_token=%s","market://details?id=","market://details?id=com.google.android.gms.ads"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\"","\"AES/CBC/PKCS7Padding\"","\"RSA/ECB/nopadding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","GET_TASKS (Allows an application to get information about the currently or recently running tasks.) ","INTERNET (Allows applications to open network sockets.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 6 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Austria","United States","Ireland","United Kingdom","Germany","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=","http://twitter.com/home?status="]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["java.net.URLClassLoader(...)","dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelatePackageManagerChecks","value":"yes","testID":"Lists installed applications","resultClass":"Privacy","name":"Package Manager Test","detail":"The Application gathers a list of installed applications. Even though some legitimate applications may use this functionality, it can be misused to send this information to third parties.","text":"Installed app list accessed?","context":"5000"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"MIXED_URL-TEST","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Mixed usage of HTTP and HTTPS: Protected and unprotected submission of parameters to the same domain. Indicates implementation flaw or weak communication protection. ","text":"Domains accessed with http AND https: ","context":"7000"},"resultList":[{"result":["play.google.com"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["VIBRATE (Allows access to the vibrator.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["GET_ACCOUNTS","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.kiloo.unityutilities.UnityPluginActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.kiloo.subwaysurf.permission.C2D_MESSAGE","com.android.vending.BILLING","com.android.vending.CHECK_LICENSE","com.google.android.c2dm.permission.RECEIVE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build serial","build display","build fingerprint","build brand","IMEI/MEID","Wifi-MAC address","country code + mobile network code for SIM provider","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no Permission defined for camera usage, but the application contains specific API calls accessing the camera. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera (inactive)","Location (inactive)","Acceleration/Light"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://www.tumblr.com/connect/login_success.html","http://a.ai.inmobi.com/v2/ad.html","http://twitter.com/home?status=","http://play.google.com/store/apps/details?id=","http://dock.inmobi.com/carb/v1/o","http://dock.inmobi.com/carb/v1/i","http://ads.mdotm.com/ads/feed.php?","http://api.vungle.com/api/v4/"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: unintended use of insecure HTTP protocol for transmissions of parameters to servers capable of HTTPS. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["Advertisement/Tracking: App uses more than 5 advertisement and tracking providers. ","App Listing: Usage of detected functionality to access list of installed apps may poses a privacy risk."]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.teenpatti.hd.gold:1.85.1","name":"Teen Patti Gold","version":"1.85.1","model":"Game","store_url":"https://play.google.com/store/apps/details?id=com.teenpatti.hd.gold"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be considered by doing a device backup. If an application contains sensitive information these can be cloned by backing up the data and extracted from the backup archive off device.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi/libcrashlytics.so","ARM 32 bit: lib/armeabi/libgame.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Adjust","Branch Metrics","Crashlytics","Doubleclick","Google AdMob","Google Analytics"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Alarm with Intervals test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The scheduled task gets repeated in the following intervals: ","text":"Alarm intervals dynamically?","context":"9420"},"detailList":[{"detail":["Dynamic interval(s)","24 hours"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","api.branch.io","app.adjust.io","bnc.lt","d2dejozc1aqhol.cloudfront.net","e.apsalar.com","e.crashlytics.com","facebook.com","googleads.g.doubleclick.net","graph-video.%s","graph.%s","graph.facebook.com","media.admob.com","play.google.com","plus.google.com","settings.crashlytics.com","sg-1.tp.teenpattigold.in","teenpattigold.com","www.google.com","www.googleapis.com","www.googletagmanager.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=com.facebook.orca","http://sg-1.tp.teenpattigold.in/stats/s?p=","http://teenpattigold.com/?pid=","https://play.google.com/store/apps/details?id=com.teenpatti.hd.gold","market://details?id=com.facebook.orca","market://details?id=com.google.android.gms.ads"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","INTERNET (Allows applications to open network sockets.) ","ACCESS_FINE_LOCATION (Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.) ","READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 4 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Singapore","United States","Ireland","Germany"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=com.facebook.orca","http://sg-1.tp.teenpattigold.in/stats/s?p=","http://teenpattigold.com/?pid="]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelatePackageManagerChecks","value":"yes","testID":"Lists installed applications","resultClass":"Privacy","name":"Package Manager Test","detail":"The Application gathers a list of installed applications. Even though some legitimate applications may use this functionality, it can be misused to send this information to third parties.","text":"Installed app list accessed?","context":"5000"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"MIXED_URL-TEST","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Mixed usage of HTTP and HTTPS: Protected and unprotected submission of parameters to the same domain. Indicates implementation flaw or weak communication protection. ","text":"Domains accessed with http AND https: ","context":"7000"},"resultList":[{"result":["play.google.com"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","VIBRATE (Allows access to the vibrator.) ","GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["ACCESS_FINE_LOCATION","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.teenpatti.hd.gold.gold"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.teenpatti.hd.gold.permission.C2D_MESSAGE","com.android.vending.BILLING","com.android.vending.CHECK_LICENSE","com.google.android.c2dm.permission.RECEIVE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build serial","build fingerprint","build brand","IMEI/MEID","phone number","Wifi-MAC address","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarm Serivce test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The alarm manager has been initialized properly. ","text":"Alarm Manager initialized dynamically?","context":"9410"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"ok","testID":"Scheduled Alarm Types test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"","text":"Alarm repeating types: ","context":"9440"},"resultList":[{"result":["RTC_WAKEUP"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application contains a registered scheduled alarm. With such an alarm the application repeats the execution of the registered task for example every 10 hours. The following classes register scheduled tasks:","text":"Scheduled Alarm Manager registered?","context":"9450"},"detailList":[{"detail":["com.teenpatti.hd.gold.DailyBonusScheduler","com.teenpatti.hd.gold.gold"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually. Application defines GPS Location Access Permission ( android.permission.ACCESS_FINE_LOCATION) but there where no specific API calls found. This could be an indication for overprivileges, developer missconfiguration or confused deputy attack.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Acceleration/Light"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://e.apsalar.com/api/v1","http://e.apsalar.com/api/v1/canonical","http://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.html","http://sg-1.tp.teenpattigold.in/stats/s?p=","http://googleads.g.doubleclick.net/mads/static/sdk/native/sdk-core-v40.html","http://e.apsalar.com/api/v1/event","http://e.apsalar.com/api/v1/resolve","http://e.apsalar.com/api/v1/start"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected JS Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following JavaScript files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected JavaScripts?","context":"0"},"detailList":[{"detail":["http://media.admob.com/mraid/v1/mraid_app_interstitial.js","http://media.admob.com/mraid/v1/mraid_app_banner.js","http://media.admob.com/mraid/v1/mraid_app_expanded_banner.js"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"yes","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"Reasons for category violations of default policy: ","text":"Violations of default policy?","context":"0"},"detailList":[{"detail":["Estimated overall app risk for the enterprise exceeds the security policy threshold due to detected risks and flaws exploitable by skilled attackers without the existence of additional supporting factors. "]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: unintended use of insecure HTTP protocol for transmissions of parameters to servers capable of HTTPS. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["Advertisement/Tracking: App uses more than 5 advertisement and tracking providers. ","App tries to access the device phone number which can be use to identify the owner remotely.","App Listing: Usage of detected functionality to access list of installed apps poses a privacy risk for detected app type."]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.imangi.templerun:1.6.1","name":"Temple Run","version":"1.6.1","model":"Game","store_url":"https://play.google.com/store/apps/details?id=com.imangi.templerun"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be considered by doing a device backup. If an application contains sensitive information these can be cloned by backing up the data and extracted from the backup archive off device.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi-v7a/libmain.so","ARM 32 bit: lib/armeabi-v7a/libmono.so","ARM 32 bit: lib/armeabi-v7a/libunity.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Insecure Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a bit-length of less than 1024 bits (1021 bits).","text":"App uses insecure signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Flurry"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["ad.flurry.com","androidscreens.hit.bg","api.dropbox.com","api.facebook.com","api.kaixin001.com","api.linkedin.com","api.login.yahoo.com","api.t.163.com","api.t.sina.com.cn","api.t.sohu.com","api.twitter.com","api.vkontakte.ru","api.w3i.com","data.flurry.com","dl5.neospotlight.com","fc05.deviantart.net","fc08.deviantart.net","files.softicons.com","foursquare.com","graph.facebook.com","iap.samsungapps.com","id.sapo.pt","m.facebook.com","market.android.com","oauth.constantcontact.com","oauth.live.com","open.t.qq.com","openapi.lovefilm.com","sandbox.evernote.com","upload.twitter.com","vimeo.com","www.amazon.com","www.dropbox.com","www.evernote.com","www.facebook.com","www.file-extensions.org","www.google.com","www.lovefilm.com","www.plurk.com","www.yammer.com","www.youtube.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://api.kaixin001.com/oauth/authorize?oauth_token=%s","http://api.t.163.com/oauth/authenticate?oauth_token=%s","http://api.t.163.com/oauth/authorize?oauth_token=%s","http://api.t.sina.com.cn/oauth/authorize?oauth_token=%s","http://api.t.sohu.com/oauth/authorize?oauth_token=%s","http://api.w3i.com/AfppApi/PrivacyPolicy.aspx?PlatformType=2","http://foursquare.com/oauth/authorize?oauth_token=%s","http://vimeo.com/oauth/authorize?oauth_token=%s","http://www.plurk.com/OAuth/authorize?oauth_token=%s","http://www.plurk.com/m/authorize?oauth_token=%s","https://api.linkedin.com/uas/oauth/authorize?oauth_token=%s","https://api.login.yahoo.com/oauth/v2/request_auth?oauth_token=%s","https://api.twitter.com/oauth/authenticate?oauth_token=%s","https://api.twitter.com/oauth/authorize?oauth_token=%s","https://api.vkontakte.ru/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code","https://foursquare.com/oauth2/access_token?grant_type=authorization_code","https://foursquare.com/oauth2/authenticate?client_id=%s&response_type=code&redirect_uri=%s","https://iap.samsungapps.com/iap/appsItemVerifyIAPReceipt.as?protocolVersion=2.0","https://id.sapo.pt/oauth/authorize?oauth_token=%s","https://market.android.com/details?id=","https://oauth.constantcontact.com/ws/oauth/confirm_access?oauth_token=%s","https://oauth.live.com/authorize?client_id=%s&redirect_uri=%s&response_type=code","https://oauth.live.com/authorize?client_id=%s&redirect_uri=%s&response_type=code&scope=%s","https://oauth.live.com/token?grant_type=authorization_code","https://open.t.qq.com/cgi-bin/authorize?oauth_token=%s","https://sandbox.evernote.com/oauth?oauth_token=%s","https://www.dropbox.com/0/oauth/authorize?oauth_token=","https://www.evernote.com/OAuth.action?oauth_token=%s","https://www.facebook.com/dialog/oauth?client_id=%s&redirect_uri=%s","https://www.facebook.com/dialog/oauth?client_id=%s&redirect_uri=%s&scope=%s","https://www.google.com/accounts/OAuthAuthorizeToken?oauth_token=%s","https://www.lovefilm.com/activate?oauth_token=%s","https://www.yammer.com/oauth/authorize?oauth_token=%s","market://details?id="]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"ECB mode usage identified. This mode has the disadvantage, that identical plaintext blocks are encrypted into identical ciphertext blocks. Therefore it does not hide patterns well and this mode is not recommended for use in cryptographic protocols at all. ","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/ECB/PKCS7Padding\"","\"PBEWithMD5AndDES\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["INTERNET (Allows applications to open network sockets.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 9 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Czech Republic","United States","China","Ireland","Bulgaria","Portugal","Germany","Russia","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://api.kaixin001.com/oauth/authorize?oauth_token=%s","http://api.t.163.com/oauth/authenticate?oauth_token=%s","http://api.t.163.com/oauth/authorize?oauth_token=%s","http://api.t.sina.com.cn/oauth/authorize?oauth_token=%s","http://api.t.sohu.com/oauth/authorize?oauth_token=%s","http://api.w3i.com/AfppApi/PrivacyPolicy.aspx?PlatformType=2","http://foursquare.com/oauth/authorize?oauth_token=%s","http://vimeo.com/oauth/authorize?oauth_token=%s","http://www.plurk.com/OAuth/authorize?oauth_token=%s","http://www.plurk.com/m/authorize?oauth_token=%s"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.PathClassLoader(...)","ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Key derivation iteration count: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Key derivation functions with less than 1000 interations are considered vulnerable to bruteforce attacks. Therefore, this app with 20 iterations is considered vulnerable.","text":"Key derivation iteration count: ","context":"995"},"resultList":[{"result":["20"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"MIXED_URL-TEST","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Mixed usage of HTTP and HTTPS: Protected and unprotected submission of parameters to the same domain. Indicates implementation flaw or weak communication protection. ","text":"Domains accessed with http AND https: ","context":"7000"},"resultList":[{"result":["foursquare.com"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.flurry.android.CatalogActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.android.vending.BILLING"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build fingerprint","build brand","IMEI/MEID","Wifi-MAC address","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"The SSL trust management for socket communication is modified in an insecure way. The following implementations of the X509TrustManager interface should be checked: ","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"},"detailList":[{"detail":["Lcom/w3i/advertiser/EasySSLSocketFactoryattr1;","Lcom/flurry/android/n;"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no Permission defined for camera usage, but the application contains specific API calls accessing the camera. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera (inactive)","Location (inactive)","Acceleration/Light"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://www.plurk.com/OAuth/request_token","http://api.w3i.com/PublicServices/MobileTrackingApiRestV1.svc/ActionTaken/Put","http://api.t.163.com/oauth/request_token","http://api.kaixin001.com/oauth/authorize?oauth_token=%s","http://api.t.sina.com.cn/oauth/request_token","http://www.plurk.com/m/authorize?oauth_token=%s","http://api.t.sohu.com/oauth/access_token","http://api.w3i.com/PublicServices/CtaApiRestV1.svc/Offer/Qualified/Get","http://www.plurk.com/OAuth/access_token","http://openapi.lovefilm.com/oauth/access_token","http://api.t.sohu.com/oauth/request_token","http://api.twitter.com/oauth/access_token","http://api.t.sina.com.cn/oauth/access_token","http://api.w3i.com/PublicServices/MobileTrackingApiRestV1.svc/AppWasRunV2/Put","http://api.w3i.com/PublicServices/MobileTrackingApiRestV1.svc/Session/End/Put","http://api.w3i.com/AfppApi/PrivacyPolicy.aspx?PlatformType=2","http://api.w3i.com/PublicServices/AfppApiRestV1.svc/Offer/Featured/Get","http://api.kaixin001.com/oauth/request_token","http://api.w3i.com/PublicServices/MobileTrackingApiRestV1.svc/Session/Get","http://vimeo.com/oauth/access_token","http://api.w3i.com/PublicServices/AfppApiRestV1.svc/Device/Offer/Click/Put","http://api.t.163.com/oauth/authenticate?oauth_token=%s","http://vimeo.com/oauth/authorize?oauth_token=%s","http://openapi.lovefilm.com/oauth/request_token","http://api.t.sina.com.cn/oauth/authorize?oauth_token=%s","http://api.w3i.com/PublicServices/MobileTrackingApiRestV1.svc/AppWasRun/Put","http://api.w3i.com/PublicServices/AfppApiRestV1.svc/Device/Offer/History/Get","http://api.w3i.com/PublicServices/AfppApiRestV1.svc/Device/Balance/Available/Get","http://www.plurk.com/OAuth/authorize?oauth_token=%s","http://api.t.sohu.com/oauth/authorize?oauth_token=%s","http://api.w3i.com/PublicServices/AfppApiRestV1.svc/Device/Balance/Redeem/Put","http://www.amazon.com/gp/mas/get-appstore/android/ref=mas_mx_mba_iap_dl","http://foursquare.com/oauth/access_token","http://api.w3i.com/PublicServices/AfppApiRestV1.svc/Offer/Qualified/Get","http://api.kaixin001.com/oauth/access_token","http://vimeo.com/oauth/request_token","http://api.t.163.com/oauth/access_token","http://api.w3i.com/PublicServices/CtaApiRestV1.svc/Device/Offer/Click/Put","http://foursquare.com/oauth/request_token","http://api.t.163.com/oauth/authorize?oauth_token=%s","http://api.twitter.com/oauth/request_token","http://foursquare.com/oauth/authorize?oauth_token=%s"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default error handling for SSL/TLS client communication. Error-prone modifications can be ruled out. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: App contains insecure code for communication protection with SSL/TLS. Common source for flawed communication protection against man-in-the-middle attacks. ","Possible flaw: unintended use of insecure HTTP protocol for transmissions of parameters to servers capable of HTTPS. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.imangi.templerun2:1.27","name":"Temple Run 2","version":"1.27","model":"Game","store_url":"https://play.google.com/store/apps/details?id=com.imangi.templerun2"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be considered by doing a device backup. If an application contains sensitive information these can be cloned by backing up the data and extracted from the backup archive off device.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["x86 32bit: lib/x86/libAmazonIapV2Bridge.so","x86 32bit: lib/x86/libmain.so","x86 32bit: lib/x86/libmono.so","x86 32bit: lib/x86/libunity.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Adcolony","ChartBoost","Doubleclick","Flurry"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["adlog.flurry.com","ads.flurry.com","ags-ext.amazon.com","androidads23.adcolony.com","api.tumblr.com","api.vungle.com","applab-sdk.amazon.com","bidder.kochava.com","cdn.flurry.com","content.bitsontherun.com","control.kochava.com","cortana-gateway.amazon.com","csi.gstatic.com","data.flurry.com","googleads.g.doubleclick.net","impact.applifier.com","impact.staging.applifier.com","live.chartboost.com","market.android.com","play.google.com","plus.google.com","proton.flurry.com","twitter.com","www.amazon.com","www.google-analytics.com","www.google.com","www.googleapis.com","www.tumblr.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["amzn://apps/android?p=%s","flurry://flurrycall?event=","flurry://flurrycall?event=adWillClose","http://bidder.kochava.com/adserver/request/?w=","http://www.amazon.com/gp/mas/dl/android?p=%s","https://market.android.com/details?id=","https://play.google.com/store/apps/details?id=","https://play.google.com/store/apps/details?id=%s","https://twitter.com/intent/tweet?source=webclient","https://twitter.com/intent/tweet?source=webclient&text=","https://www.tumblr.com/oauth/authorize?oauth_token=%s","market://details?id=","market://details?id=%s","market://details?id=com.google.android.gms.ads","mraid://useCustomClose/?useCustomClose=true&callId="]}]},{"attr":{"rev":"7499","checkClass":"AndroidCorrelateWebCode","value":"yes","testID":"Cordova Test","resultClass":"Runtime Security","name":"Runtime Code","detail":"App contains Apache Cordova framework which enables software programmers to build applications for mobile devices using JavaScript, HTML5, and CSS3. The following Cordova plugins were detected: ","text":"Cordova WebApp?","context":"12000"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"ECB mode usage identified. This mode has the disadvantage, that identical plaintext blocks are encrypted into identical ciphertext blocks. Therefore it does not hide patterns well and this mode is not recommended for use in cryptographic protocols at all. ","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\"","\"DES/ECB/PKCS7Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 3 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["United States","Ireland","United Kingdom"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://bidder.kochava.com/adserver/request/?w=","http://www.amazon.com/gp/mas/dl/android?p=%s"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","dalvik.system.PathClassLoader(...)","ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.imangi.unityactivity.ImangiUnityProxyActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.android.vending.BILLING"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build serial","build hardware","build display","build fingerprint","build brand","IMEI/MEID","Wifi-MAC address","country code + mobile network code for SIM provider","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"The SSL trust management for socket communication is modified in an insecure way. The following implementations of the X509TrustManager interface should be checked: ","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"},"detailList":[{"detail":["Lcom/amazon/identity/auth/device/endpoint/AbstractTokenRequestattrMyHttpClientattrMySSLSocketFactoryattr1;"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no Permission defined for camera usage, but the application contains specific API calls accessing the camera. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera (inactive)","Location (inactive)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://www.tumblr.com/connect/login_success.html","http://api.vungle.com/api/v1/","http://www.amazon.com/gp/mas/dl/android?p=%s","http://bidder.kochava.com/adserver/request/","http://www.amazon.com/gp/mas/get-appstore/android/ref=mas_mx_mba_iap_dl","http://bidder.kochava.com/adserver/request/?w="]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: App contains insecure code for communication protection with SSL/TLS. Common source for flawed communication protection against man-in-the-middle attacks. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. ","JavaScript Bridge attackable: App uses a bridge between web content and native code. In combination with the detected loading of unprotected web content, the functionality provided by the bridge can be exploited by man-in-the-middle attackers."]}]}]},{"attr":{"os":"Android","appId":"com.playrix.township:4.0.1","name":"Township","version":"4.0.1","model":"Generic","store_url":"https://play.google.com/store/apps/details?id=com.playrix.township"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["x86 32bit: lib/x86/libgame.so","ARM 32 bit: lib/armeabi-v7a/libgame.so"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["AppLovin","ChartBoost","Doubleclick","Fyber","HockeyApp","Supersonic","TapJoy","inneractive"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Alarm with Intervals test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The scheduled task gets repeated in the following intervals: ","text":"Alarm intervals dynamically?","context":"9420"},"detailList":[{"detail":["Dynamic interval(s)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","a.applovin.com","api.sponsorpay.com","api.vungle.com","banner.fyber.com","cdn.playrix.com","connect.tapjoy.com","csi.gstatic.com","d.applovin.com","engine.fyber.com","engine.sponsorpay.com","facebook.com","forum.playrix.com","googleads.g.doubleclick.net","graph-video.%s","graph.%s","graph.%s.facebook.com","graph.facebook.com","iframe.sponsorpay.com","imasdk.googleapis.com","impact.applifier.com","impact.staging.applifier.com","ingest.vungle.com","instagram.com","live.chartboost.com","market.android.com","mobile.twitter.com","play.google.com","plrx.gs","rink.hockeyapp.net","rpc.tapjoy.com","rt.applovin.com","sdk.hockeyapp.net","service.sponsorpay.com","township-ios.playrix.com","vdo.pokkt.com","vid.applovin.com","video.fyber.com","web.playrix.com","ws.tapjoyads.com","www.%s.facebook.com","www.appitrk.com","www.apple.com","www.facebook.com","www.googleapis.com","www.pokkt.com","www.supersonicads.com","www.vungle.com","xml.playrix.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["(https?|ftp|file)://[-a-zA-Z0-9+&@#/%?=~_|!:,.;\\(\\)]*[^\\.]+\\.(mp4|mkv|flv|webm|avi|wmv)","http://play.google.com/store/apps/details?id=com.facebook.orca","http://web.playrix.com/township_ios/og2.php?city=","http://xml.playrix.com/township_ios/og1_v2.php?object=","http://xml.playrix.com/township_ios/og2.php?city=","https://play.google.com/store/apps/details?id=com.playrix.township","https://www.supersonicads.com/mobile/sdk5/log?method=","https://www.supersonicads.com/mobile/sdk5/log?method=contextIsNotActivity","https://www.supersonicads.com/mobile/sdk5/log?method=encodeAppKey","https://www.supersonicads.com/mobile/sdk5/log?method=encodeAppUserId","https://www.supersonicads.com/mobile/sdk5/log?method=extraParametersToJson","https://www.supersonicads.com/mobile/sdk5/log?method=htmlControllerDoesNotExistOnFileSystem","https://www.supersonicads.com/mobile/sdk5/log?method=noProductType","https://www.supersonicads.com/mobile/sdk5/log?method=setWebViewSettings","https://www.supersonicads.com/mobile/sdk5/log?method=webviewLoadBlank","https://www.supersonicads.com/mobile/sdk5/log?method=webviewLoadWithPath","https://www.supersonicads.com/mobile/sdk5/log?method=webviewPause","https://www.supersonicads.com/mobile/sdk5/log?method=webviewResume","market://details?id=","market://details?id=%s","market://details?id=com.facebook.orca","market://details?id=com.google.ads.interactivemedia.v3","market://details?id=com.playrix.township","market://search?q=pname:com.google"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 9 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Netherlands","Romania","Singapore","Belgium","United States","Ireland","Germany","unknown","Russia"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=com.facebook.orca","http://web.playrix.com/township_ios/og2.php?city=","http://xml.playrix.com/township_ios/og1_v2.php?object=","http://xml.playrix.com/township_ios/og2.php?city="]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Key derivation iteration count: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Key derivation function used in the app with an amount of 65536 iterations is considered secure.","text":"Key derivation iteration count: ","context":"995"},"resultList":[{"result":["65536"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelatePackageManagerChecks","value":"yes","testID":"Lists installed applications","resultClass":"Privacy","name":"Package Manager Test","detail":"The Application gathers a list of installed applications. Even though some legitimate applications may use this functionality, it can be misused to send this information to third parties.","text":"Installed app list accessed?","context":"5000"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"MIXED_URL-TEST","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Mixed usage of HTTP and HTTPS: Protected and unprotected submission of parameters to the same domain. Indicates implementation flaw or weak communication protection. ","text":"Domains accessed with http AND https: ","context":"7000"},"resultList":[{"result":["play.google.com"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","VIBRATE (Allows access to the vibrator.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.playrix.township.Launcher"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.android.vending.BILLING","com.android.vending.CHECK_LICENSE","com.google.android.c2dm.permission.RECEIVE","com.playrix.township.permission.C2D_MESSAGE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build display","build brand","IMEI/MEID","Wifi-MAC address","country code + mobile network code for SIM provider","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarm Serivce test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The alarm manager has been initialized properly. ","text":"Alarm Manager initialized dynamically?","context":"9410"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"ok","testID":"Scheduled Alarm Types test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"","text":"Alarm repeating types: ","context":"9440"},"resultList":[{"result":["RTC"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application contains a registered scheduled alarm. With such an alarm the application repeats the execution of the registered task for example every 10 hours. The following classes register scheduled tasks:","text":"Scheduled Alarm Manager registered?","context":"9450"},"detailList":[{"detail":["com.app.pokktsdk.notification.NotificationScheduler"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Location (inactive)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://xml.playrix.com/township_ios/og2.php?city=","http://rt.applovin.com/pix","http://xml.playrix.com/township_ios/og1_v2.php?object=","http://township-ios.playrix.com/404","http://xml.playrix.com/township_android/","http://facebook.com/TownshipMobile","http://cdn.playrix.com/%1attrs/help/help-%2attrs.html","http://www.apple.com/404","http://web.playrix.com/township_ios/og2.php?city=","http://plrx.gs/township_ios","http://instagram.com/township_mobile","http://forum.playrix.com/forumdisplay.php?1-Township","http://web.playrix.com/%1attrs/help/help-%2attrs.html","http://api.vungle.com/api/v4/","http://xml.playrix.com/township-tracking/api/TrackPurchase"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: unintended use of insecure HTTP protocol for transmissions of parameters to servers capable of HTTPS. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["Advertisement/Tracking: App uses more than 5 advertisement and tracking providers. ","App Listing: Usage of detected functionality to access list of installed apps may poses a privacy risk."]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.skgames.trafficrider:1.2","name":"Traffic Rider","version":"1.2","model":"Game","store_url":"https://play.google.com/store/apps/details?id=com.skgames.trafficrider"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be considered by doing a device backup. If an application contains sensitive information these can be cloned by backing up the data and extracted from the backup archive off device.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi-v7a/libmain.so","ARM 32 bit: lib/armeabi-v7a/libmono.so","ARM 32 bit: lib/armeabi-v7a/libunity.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Adcolony","ChartBoost","Doubleclick"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["accounts.google.com","androidads23.adcolony.com","app-measurement.com","csi.gstatic.com","googleads.g.doubleclick.net","impact.applifier.com","impact.staging.applifier.com","live.chartboost.com","login.live.com","login.yahoo.com","market.android.com","plus.google.com","ssl.google-analytics.com","twitter.com","www.facebook.com","www.google-analytics.com","www.google.com","www.googleapis.com","www.googletagmanager.com","www.linkedin.com","www.paypal.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["amzn://apps/android?p=","market://details?id=","market://details?id=com.google.android.gms.ads"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["INTERNET (Allows applications to open network sockets.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 4 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["United States","Ireland","United Kingdom","unknown"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.prime31.UnityPlayerNativeActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.android.vending.BILLING"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build display","build fingerprint","Wifi-MAC address","country code + mobile network code for SIM provider","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no Permission defined for camera usage, but the application contains specific API calls accessing the camera. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera (inactive)","Location (inactive)","Acceleration/Light"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Security risks?","context":"0"}}]},{"attr":{"os":"Android","appId":"com.timuzsolutions.trainsimulator2016:2.5","name":"Train Simulator 2016","version":"2.5","model":"Game","store_url":"https://play.google.com/store/apps/details?id=com.timuzsolutions.trainsimulator2016"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be considered by doing a device backup. If an application contains sensitive information these can be cloned by backing up the data and extracted from the backup archive off device.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi-v7a/libmain.so","ARM 32 bit: lib/armeabi-v7a/libmono.so","ARM 32 bit: lib/armeabi-v7a/libunity.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Doubleclick"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","accounts.google.com","app-measurement.com","csi.gstatic.com","facebook.com","googleads.g.doubleclick.net","graph-video.%s","graph.%s","login.live.com","login.yahoo.com","market.android.com","onesignal.com","play.google.com","plus.google.com","ssl.google-analytics.com","timuz.com","twitter.com","www.facebook.com","www.google-analytics.com","www.google.com","www.googleapis.com","www.googletagmanager.com","www.linkedin.com","www.paypal.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=com.facebook.orca","https://market.android.com/details?id=","https://play.google.com/store/apps/details?id=","https://www.googleapis.com/games/v1management/achievements/reset?access_token=","market://details?id=","market://details?id=com.facebook.orca","market://details?id=com.google.android.gms.ads"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 4 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["United States","Ireland","United Kingdom","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=com.facebook.orca"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"MIXED_URL-TEST","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Mixed usage of HTTP and HTTPS: Protected and unprotected submission of parameters to the same domain. Indicates implementation flaw or weak communication protection. ","text":"Domains accessed with http AND https: ","context":"7000"},"resultList":[{"result":["play.google.com"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","VIBRATE (Allows access to the vibrator.) "]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.facebook.unity.FBUnityDeepLinkingActivity","com.facebook.unity.FBUnityAppLinkActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.sonyericsson.home.permission.BROADCAST_BADGE","com.htc.launcher.permission.READ_SETTINGS","com.android.vending.BILLING","com.majeur.launcher.permission.UPDATE_BADGE","com.timuzsolutions.trainsimulator2016.permission.C2D_MESSAGE","com.htc.launcher.permission.UPDATE_SHORTCUT","com.sec.android.provider.badge.permission.WRITE","com.sec.android.provider.badge.permission.READ","com.anddoes.launcher.permission.UPDATE_COUNT","com.google.android.c2dm.permission.RECEIVE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build display","build fingerprint","build brand","IMEI/MEID","Wifi-MAC address","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"no","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"No indicators for overprivilege/redundant permissions found! The defined permission can not abused by foreign apps.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no Permission defined for camera usage, but the application contains specific API calls accessing the camera. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera (inactive)","Location (inactive)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://timuz.com/mobilegames/privacypolicy.html"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: unintended use of insecure HTTP protocol for transmissions of parameters to servers capable of HTTPS. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.scopely.headshot:2.7.3.36682","name":"Walking Dead: Road to Survival","version":"2.7.3.36682","model":"Game","store_url":"https://play.google.com/store/apps/details?id=com.scopely.headshot"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["x86 32bit: lib/x86/libapp.so","x86 32bit: lib/x86/libclient.so","x86 32bit: lib/x86/libopenal.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Adcolony","Doubleclick","Fyber","Google AdMob","Google Analytics","HockeyApp","TapJoy"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","androidads21.adcolony.com","api.facebook.com","api.nanigans.com","api.sponsorpay.com","app.adjust.com","be.sponsorpay.com","collector.scopely.io","connect.tapjoy.com","content-js.tapjoy.com","engine.sponsorpay.com","facebook.com","googleads.g.doubleclick.net","graph-video.%s","graph.%s","graph.facebook.com","iframe.sponsorpay.com","m.facebook.com","media.admob.com","placements.tapjoy.com","play.google.com","plus.google.com","puck.scopely.io","rink.hockeyapp.net","rpc.tapjoy.com","sdk.hockeyapp.net","service.sponsorpay.com","ws.tapjoyads.com","www.google.com","www.googleapis.com","www.googletagmanager.com","www.youtube.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=","market://details?id=com.google.android.gms.ads","market://search?q=pname:com.google"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Constant initialization vectors found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Use of constant initialization vectors is a bad practice. The following initialization vectors were found: ","text":"Constant initialization vectors found?","context":"998"},"detailList":[{"detail":["\"__l3anplum__iv__\"","\"heF9BATUfWuISyO8\"","16,74,71,-80,32,101,-47,72,117,-14,0,-29,70,65,-12,74"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/NoPadding\"","\"AES/CBC/PKCS5Padding\""]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Cryptographic keys found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"It is considered as a bad practice to use hard-coded cryptographic keys in the application. The following hard-coded cryptographic keys were found: ","text":"Cryptographic keys found?","context":"999"},"detailList":[{"detail":["\"heF9BATUfWuISyO8\""]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Cryptographic salt values found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Use of constant salts can make application vulnerable to bruteforce attacks. The following constant salts were found: ","text":"Cryptographic salt values found?","context":"997"},"detailList":[{"detail":["\"L3@nP1Vm\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","INTERNET (Allows applications to open network sockets.) ","CHANGE_WIFI_STATE (Allows applications to change Wi-Fi connectivity state.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 4 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Romania","United States","Ireland","Germany"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id="]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Key derivation iteration count: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Key derivation function used in the app with an amount of 1000,1024 iterations is considered secure.","text":"Key derivation iteration count: ","context":"995"},"resultList":[{"result":["1000","1024"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelatePackageManagerChecks","value":"yes","testID":"Lists installed applications","resultClass":"Privacy","name":"Package Manager Test","detail":"The Application gathers a list of installed applications. Even though some legitimate applications may use this functionality, it can be misused to send this information to third parties.","text":"Installed app list accessed?","context":"5000"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","VIBRATE (Allows access to the vibrator.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.iugome.igl.Activity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.android.vending.BILLING","com.android.vending.CHECK_LICENSE","com.scopely.headshot.permission.C2D_MESSAGE","com.google.android.c2dm.permission.RECEIVE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build serial","build hardware","build display","build fingerprint","build brand","IMEI/MEID","Wifi-MAC address","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"The SSL trust management for socket communication is modified in an insecure way. The following implementations of the X509TrustManager interface should be checked: ","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"},"detailList":[{"detail":["Lcom/iugome/igl/IugoX509TrustManager;"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Location (inactive)","Acceleration/Light"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=","http://api.nanigans.com/disallowed.php?","http://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.html","http://www.youtube.com/embed/","http://googleads.g.doubleclick.net/mads/static/sdk/native/sdk-core-v40.html"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected JS Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following JavaScript files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected JavaScripts?","context":"0"},"detailList":[{"detail":["http://media.admob.com/mraid/v1/mraid_app_interstitial.js","http://media.admob.com/mraid/v1/mraid_app_banner.js","http://media.admob.com/mraid/v1/mraid_app_expanded_banner.js"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"yes","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"Reasons for category violations of default policy: ","text":"Violations of default policy?","context":"0"},"detailList":[{"detail":["Estimated overall app risk for the enterprise exceeds the security policy threshold due to detected risks and flaws exploitable by skilled attackers without the existence of additional supporting factors. "]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: App contains insecure code for communication protection with SSL/TLS. Common source for flawed communication protection against man-in-the-middle attacks. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["Advertisement/Tracking: App uses more than 5 advertisement and tracking providers. ","App Listing: Usage of detected functionality to access list of installed apps poses a privacy risk for detected app type."]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. ","Crypto: Embedded static encryption key found, which can be extracted by attackers to revert the encryption or fake the signature of the content it is used for.","Crypto: Constant initialization vector detected. This should be avoided, as it allows an attacker to infer relationships between segments of encrypted messages if encrypted with the same key and initialization vector. ","Crypto: Constant salt detected. This should be avoided, as it can make app vulnerable to bruteforce attacks.","Crypto: Overall quality of cryptographic implementation aspects is rated poor and should be inspected in detail."]}]}]},{"attr":{"os":"Android","appId":"de.prosiebensat1digital.seventv:1.9.6.1-342b4c1","name":"7TV | Mediathek, TV Livestream","version":"1.9.6.1-342b4c1","model":"Generic","store_url":"https://play.google.com/store/apps/details?id=de.prosiebensat1digital.seventv"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARMv8 64 bit: lib/arm64-v8a/libWasabiJni.so","ARM 32 bit: lib/armeabi/libWasabiJni.so","ARM 32 bit: lib/armeabi-v7a/libWasabiJni.so","x86 32bit: lib/x86/libWasabiJni.so","x86 64bit: lib/x86_64/libWasabiJni.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Doubleclick","HockeyApp","Mixpanel"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","71iapp-cp.nuggad.net","ad.71i.de","admin.applicaster.com","admin.d8v.applicaster.com","admin.demo.applicaster.com","admin.qa.applicaster.com","ais-api.applicaster.com","ais.qa.applicaster.com","api.mixpanel.com","api.twitter.com","app-measurement.com","assets-production.applicaster.com","clearing.p7s1.net","common-app-st.sim-technik.de","contentapi.sim-technik.de","csi.gstatic.com","decide.mixpanel.com","facebook.com","googleads.g.doubleclick.net","graph-video.%s","graph.%s","graph.facebook.com","iam-agof-app.irquest.com","its0n.tv","market.android.com","mobile.twitter.com","mobileapi.prosiebensat1.com","play.google.com","player-feedback.sim-technik.de","plus.google.com","profile.sim-technik.de","prosieben01.webtrekk.net","sdk.hockeyapp.net","sitestream.twitter.com","sso.7pass.de","stream.twitter.com","twitter4j.org","userstream.twitter.com","vas.sim-technik.de","video.adverserve.net","voucher.sim-technik.de","www.amazon.com","www.googleapis.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["://play?channelid=","http://api.mixpanel.com/track?ip=1","http://market.android.com/details?id=","http://market.android.com/support/bin/answer.py?answer=1050566&hl=%lang%&dl=%region%","http://play.google.com/store/apps/details?id=com.facebook.orca","https://api.mixpanel.com/track?ip=1","https://mobileapi.prosiebensat1.com/7tv/mega-app/blacklist?geoLocation=","https://play.google.com/store/apps/details?id=","market://details?id=com.facebook.orca","mega-app://deeplink?type=live&channel=%s","��http://player-feedback.sim-technik.de/drm/?drmType=marlin&eventName=%1attrs&errorCode=%2attrs&eventDuration=%3attrs&platform=android&appName=seventv&appVersion=%4"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"ECB mode usage identified. This mode has the disadvantage, that identical plaintext blocks are encrypted into identical ciphertext blocks. Therefore it does not hide patterns well and this mode is not recommended for use in cryptographic protocols at all. ","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/ECB/PKCS7Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","INTERNET (Allows applications to open network sockets.) ","GET_TASKS (Allows an application to get information about the currently or recently running tasks.) ","USE_CREDENTIALS (Allows an application to request authtokens from the AccountManager.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 7 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Netherlands","Austria","Belgium","United States","Ireland","Japan","Germany"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://api.mixpanel.com/track?ip=1","http://market.android.com/details?id=","http://market.android.com/support/bin/answer.py?answer=1050566&hl=%lang%&dl=%region%","http://play.google.com/store/apps/details?id=com.facebook.orca"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"MIXED_URL-TEST","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Mixed usage of HTTP and HTTPS: Protected and unprotected submission of parameters to the same domain. Indicates implementation flaw or weak communication protection. ","text":"Domains accessed with http AND https: ","context":"7000"},"resultList":[{"result":["api.mixpanel.com","play.google.com"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","VIBRATE (Allows access to the vibrator.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["GET_ACCOUNTS","USE_CREDENTIALS","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.applicaster.billing.APStorefront"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.android.vending.BILLING","com.applicaster.permission.C2D_MESSAGE","com.google.android.c2dm.permission.RECEIVE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build display","build brand","IMEI/MEID","SIM card serial","Wifi-MAC address","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"none","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"No sensor usage Indicators found.","text":"Sensor usage: ","context":"0"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://market.android.com/details?id=","http://api.mixpanel.com/track?ip=1","http://decide.mixpanel.com/decide","http://ais.qa.applicaster.com/api/v1/","http://api.mixpanel.com/engage","http://twitter4j.org/en/twitter4j-","http://www.amazon.com/gp/mas/get-appstore/android/ref=mas_mx_mba_iap_dl"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: unintended use of insecure HTTP protocol for transmissions of parameters to servers capable of HTTPS. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.digidust.elokence.akinator.freemium:4.08","name":"Akinator the Genie FREE","version":"4.08","model":"Generic","store_url":"https://play.google.com/store/apps/details?id=com.digidust.elokence.akinator.freemium"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW CLEAR USERDATA TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains the attribute allowClearUserData = false in the Manifest file. This attribute is reserved for system apps. It specifies that userdata can not be cleared for this app.","text":"Forbid userdata clearence?","context":"0"}},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["AdMarvel","Amazon Ad System","AppLovin","Doubleclick","SmartAdServer","Supersonic","TapJoy","mopub"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Alarm with Intervals test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The scheduled task gets repeated in the following intervals: ","text":"Alarm intervals dynamically?","context":"9420"},"detailList":[{"detail":["10 minutes"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"ok","testID":"Bootcompleted Components Test","resultClass":"Runtime Security","name":"Application autostart receiver","detail":"The Application has the permission to start automatically after booting the device. The application can execute code without userinteraction or prevention.","text":"Executed component after Phone Reboot: ","context":"0"},"resultList":[{"result":["io.presage.receivers.BootReceiver","org.altbeacon.beacon.startup.StartupBroadcastReceiver"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","a.applovin.com","admarvel.s3.amazonaws.com","ads.admarvel.com","ak-ns.sascdn.com","amazon-adsystem.amazon.com","amazon-adsystem.com","api-ar1.akinator.com","api-cn1.akinator.com","api-de1.akinator.com","api-en1.akinator.com","api-es1.akinator.com","api-fr3.akinator.com","api-il1.akinator.com","api-it1.akinator.com","api-jp1.akinator.com","api-kr1.akinator.com","api-nl1.akinator.com","api-obj-fr1.akinator.com","api-pl1.akinator.com","api-pt1.akinator.com","api-ru1.akinator.com","api-tr1.akinator.com","api.tumblr.com","assets-mobile.akinator.com","assets-mobile2.akinator.com","baseurl.admarvel.com","cgu.akinator.com","connect.tapjoy.com","content-js.tapjoy.com","csi.gstatic.com","cv.apprupt.com","d.applovin.com","data.altbeacon.org","defi.akinator.com","en.akinator.com","endpoint1.collection.eu.sumologic.com","facebook.com","fb.me","fr.akinator.com","googleads.g.doubleclick.net","graph-video.%s","graph.%s","graph.%s.facebook.com","graph.facebook.com","impact.applifier.com","impact.staging.applifier.com","loghost.aatkit.com","loopme.me","m.google.com","maps.google","market.android.com","mobile.smartadserver.com","onelink.to","pagead2.googlesyndication.com","ph-sdk-api-ssl.playhaven.com","play.google.com","push.akinator.com","rpc.tapjoy.com","rt.applovin.com","s.ssacdn.com","sb-ssl.google.com","sdk-rh.admarvel.com","sdk.applift.com","twitter.com","vid.applovin.com","ws.tapjoyads.com","wsback-%s.ogury.local","wsback-%s.presage.io","wsback-%s.staging.presage.io","www.%s.facebook.com","www.akinator.com","www.amazon.fr","www.facebook.com","www.googleapis.com","www.mopub.com","www.supersonicads.com","www.tumblr.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["amzn://apps/android?p=","fb://facewebmodal/f?href=https://www.facebook.com/Akinator","http://defi.akinator.com/get_new_defi?base_logique_id=","http://loopme.me/api/v2/events?et=INFO","http://loopme.me/api/v2/events?et=INFO&vt=","http://play.google.com/store/apps/details?id=com.facebook.orca","http://push.akinator.com/cross-selling/get_cross_selling?application=","http://twitter.com/home?status=","http://www.akinator.com/ippolicy.php?name=","http://www.supersonicads.com/api/v1/guc.php?aid=","https://m.google.com/app/plus/x/?v=compose&content=","https://market.android.com/details?id=","https://play.google.com/store/apps/details?id=","https://www.facebook.com/dialog/feed?app_id=181821551957328&link=","https://www.tumblr.com/oauth/authorize?oauth_token=%s","market://details?id=","market://details?id=%s","market://details?id=com.digidust.elokence.akinator.freemium","market://details?id=com.digidust.elokence.akinator.paid","market://details?id=com.facebook.orca","twitter://user?screen_name=akinator_team"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"ECB mode usage identified. This mode has the disadvantage, that identical plaintext blocks are encrypted into identical ciphertext blocks. Therefore it does not hide patterns well and this mode is not recommended for use in cryptographic protocols at all. Usage of RSA was identified. RSA without padding is considered weak. ","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS7Padding\"","\"AES/ECB/PKCS7Padding\"","\"RSA/ECB/PKCS1Padding\"","\"RSA/NONE/NoPadding\""]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Cryptographic keys found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"It is considered as a bad practice to use hard-coded cryptographic keys in the application. The following hard-coded cryptographic keys were found: ","text":"Cryptographic keys found?","context":"999"},"detailList":[{"detail":["\"d4b0XOnt3AW42PtLzQ4tC1N\"","-6,98,68,-94,-105,-92,-70,3,46,-119,-34,-101,119,-13,-94,-7"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["ACCESS_COARSE_LOCATION (Allows an app to access approximate location derived from network location sources such as cell towers and Wi-Fi.) ","BLUETOOTH_ADMIN (Allows applications to discover and pair bluetooth devices.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","READ_HISTORY_BOOKMARKS (Allows an application to read (but not write) the user's browsing history and bookmarks.) ","SYSTEM_ALERT_WINDOW (Allows an application to open windows using the type android.view.WindowManager.LayoutParams TYPE_SYSTEM_ALERT, shown on top of all other applications. Very few applications should use this permission; these windows are intended for system-level interaction with the user.) ","ACCESS_FINE_LOCATION (Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.) ","BLUETOOTH (Allows applications to connect to paired bluetooth devices.) ","INTERNET (Allows applications to open network sockets.) ","CHANGE_WIFI_STATE (Allows applications to change Wi-Fi connectivity state.) ","WRITE_HISTORY_BOOKMARKS (Allows an application to write (but not read) the user'sbrowsing history and bookmarks.) ","READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 9 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Netherlands","Austria","Belgium","United States","Ireland","United Kingdom","France","Germany","unknown"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"Full remote auto backup include test","resultClass":"Privacy","name":"Full remote auto backup include test","detail":"In this application full remote auto backup is enabled. There will be a remote backup of specified, possibly sensitive application data like database entries. The backup will be stored in the Google Cloud. The application defines the whitelisting of files in the backup configuration. The following specified files in the whitelisting will will be remotely stored in the Google Cloud:","text":"Remote auto backup with include enabled?","context":"0"},"detailList":[{"detail":["sharedpref:bank","sharedpref:MinibaseSettings","database:akinator.db","database:defis.db","database:metrics.db","database:crossselling.db"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://defi.akinator.com/get_new_defi?base_logique_id=","http://loopme.me/api/v2/events?et=INFO","http://loopme.me/api/v2/events?et=INFO&vt=","http://play.google.com/store/apps/details?id=com.facebook.orca","http://push.akinator.com/cross-selling/get_cross_selling?application=","http://twitter.com/home?status=","http://www.akinator.com/ippolicy.php?name=","http://www.supersonicads.com/api/v1/guc.php?aid="]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelatePackageManagerChecks","value":"yes","testID":"Lists installed applications","resultClass":"Privacy","name":"Package Manager Test","detail":"The Application gathers a list of installed applications. Even though some legitimate applications may use this functionality, it can be misused to send this information to third parties.","text":"Installed app list accessed?","context":"5000"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"MIXED_URL-TEST","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Mixed usage of HTTP and HTTPS: Protected and unprotected submission of parameters to the same domain. Indicates implementation flaw or weak communication protection. ","text":"Domains accessed with http AND https: ","context":"7000"},"resultList":[{"result":["play.google.com"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","RECEIVE_BOOT_COMPLETED (Allows an application to receive the android.content.Intent ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting. If you don't request this permission, you will not receive the broadcast at that time. Though holding this permission does not have any security implications, it can have a negative impact on the user experience by increasing the amount of time it takes the system to start and allowing applications to have themselves running without the user being aware of them. As such, you must explicitly declare your use of this facility to make that visible to the user.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","CHANGE_NETWORK_STATE (Allows applications to change network connectivity state.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["SYSTEM_ALERT_WINDOW","CHANGE_WIFI_STATE","CHANGE_NETWORK_STATE","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["io.presage.activities.PresageActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.digidust.elokence.akinator.paid.permission.C2D_MESSAGE","com.android.vending.BILLING","com.android.launcher.permission.UNINSTALL_SHORTCUT","com.google.android.c2dm.permission.RECEIVE","com.android.launcher.permission.INSTALL_SHORTCUT","android.permission.ACCESS_DOWNLOAD_MANAGER"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build display","build fingerprint","build brand","IMEI/MEID","SIM card serial","Wifi-MAC address","country code + mobile network code for SIM provider","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarm Serivce test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The alarm manager has been initialized properly. ","text":"Alarm Manager initialized dynamically?","context":"9410"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"ok","testID":"Scheduled Alarm Types test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"","text":"Alarm repeating types: ","context":"9440"},"resultList":[{"result":["RTC_WAKEUP"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application contains a registered scheduled alarm. With such an alarm the application repeats the execution of the registered task for example every 10 hours. The following classes register scheduled tasks:","text":"Scheduled Alarm Manager registered?","context":"9450"},"detailList":[{"detail":["io.presage.Presage"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no Permission defined for camera usage, but the application contains specific API calls accessing the camera.Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera (inactive)","WIFI-Based Location","GPS Location","Acceleration/Light"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://twitter.com/home?status=","http://rt.applovin.com/pix","http://api-it1.akinator.com/ws","http://push.akinator.com/analytics","http://en.akinator.com/content/10/terms-of-mobile-app","http://api-pl1.akinator.com/ws","http://api-ar1.akinator.com/ws","http://onelink.to/g8yys6","http://api-de1.akinator.com/ws","http://cgu.akinator.com/mobile/content#inpi","http://api-nl1.akinator.com/ws","http://defi.akinator.com/get_new_defi?base_logique_id=","http://api-cn1.akinator.com/ws","http://cgu.akinator.com/mobile/content","http://fr.akinator.com/content/10/conditions-d-utilisation-de-l-app-mobile","http://sdk-rh.admarvel.com/adhistory/upload?","http://api-tr1.akinator.com/ws","http://api-jp1.akinator.com/ws","http://admarvel.s3.amazonaws.com/sdk/assets/adm_bmp/","http://api-pt1.akinator.com/ws","http://s.ssacdn.com/mobileSDKController/mobileController.html","http://www.akinator.com/ippolicy.php?name=","http://push.akinator.com/new_boot","http://loopme.me/api/v2/events?et=INFO","http://www.supersonicads.com/api/v1/guc.php?aid=","http://api-es1.akinator.com/ws","http://push.akinator.com/cross-selling/get_cross_selling?application=","http://ads.admarvel.com/fam/androidGetAd.php","http://loopme.me/api/v2/events?et=INFO&vt=","http://cgu.akinator.com/mobile/content#cgv","http://www.tumblr.com/connect/login_success.html","http://cgu.akinator.com/mobile/privacy","http://api-obj-fr1.akinator.com/ws","http://api-fr3.akinator.com/ws","http://api-il1.akinator.com/ws","http://api-en1.akinator.com/ws","http://api-ru1.akinator.com/ws","http://api-kr1.akinator.com/ws"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected JS Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following JavaScript files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected JavaScripts?","context":"0"},"detailList":[{"detail":["http://admarvel.s3.amazonaws.com/js/admarvel_mraid_v2_complete.js","http://ak-ns.sascdn.com/diff/templates/js/mobile/mraid/bridges/android-sdk-mraid-bridge-2.3.js","http://admarvel.s3.amazonaws.com/js/admarvel_compete_v1.1.js","http://admarvel.s3.amazonaws.com/sdk/admarvel_android_sdk_dynamic_viewport.js","http://baseurl.admarvel.com/mraid.js"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: unintended use of insecure HTTP protocol for transmissions of parameters to servers capable of HTTPS. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["Advertisement/Tracking: App uses more than 5 advertisement and tracking providers. ","App Listing: Usage of detected functionality to access list of installed apps may poses a privacy risk."]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. ","Crypto: Embedded static encryption key found, which can be extracted by attackers to revert the encryption or fake the signature of the content it is used for."]}]}]},{"attr":{"os":"Android","appId":"de.mcoins.applike:0.3.3","name":"AppLike: Apps & Prämien","version":"0.3.3","model":"Generic","store_url":"https://play.google.com/store/apps/details?id=de.mcoins.applike"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi-v7a/libed.so","ARM 32 bit: lib/armeabi-v7a/libwebp.so","x86 32bit: lib/x86/libed.so","x86 32bit: lib/x86/libwebp.so","ARM 32 bit: lib/armeabi/libed.so","ARM 32 bit: lib/armeabi/libwebp.so"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Adjust","AppsFlyer","ChartBoost","Doubleclick","TapJoy"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Alarm with Intervals test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The scheduled task gets repeated in the following intervals: ","text":"Alarm intervals dynamically?","context":"9420"},"detailList":[{"detail":["10 seconds"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"ok","testID":"Bootcompleted Components Test","resultClass":"Runtime Security","name":"Application autostart receiver","detail":"The Application has the permission to start automatically after booting the device. The application can execute code without userinteraction or prevention.","text":"Executed component after Phone Reboot: ","context":"0"},"resultList":[{"result":["de.mcoins.applike.aqt.AlarmManager_SetupReceiver"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","accounts.google.com","api.applike-services.info","api.appsflyer.com","api.sandbox.applike-services.info","app-measurement.com","app.adjust.io","connect.tapjoy.com","creativecommons.org","developer.android.com","developers.facebook.com","developers.google.com","events.appsflyer.com","facebook.com","github.com","goo.gl","google.de","graph-video.%s","graph.%s","jsoup.org","live.chartboost.com","market.android.com","opensource.org","ormlite.com","placements.tapjoy.com","play.google.com","plus.google.com","psdev.de","pubads.g.doubleclick.net","rpc.tapjoy.com","sdk-services.appsflyer.com","stats.appsflyer.com","t.appsflyer.com","track.appsflyer.com","ws.tapjoyads.com","www.googleadservices.com","www.googleapis.com","www.webmproject.org"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["bazaar://search?q=pname:","http://app.adjust.io/cbtest?install_callback=http%3A%2F%2Fsandbox.m-coins.de%2Fapp_dev.php%2Fapi%2Ftracking%2Fadjust%2Fbafb0e7fc6c32398cf1c296859090f3aebbf5ea7%2Finstall%3Fdevice%3D%7Bandroid_id%7D%26app%3D%7Bapp_id%7D%26installed_at%3D%7Binstalled_at%7D&event_callback=http%3A%2F%2Fsandbox.m-coins.de%2Fapp_dev.php%2Fapi%2Ftracking%2Fadjust%2Fbafb0e7fc6c32398cf1c296859090f3aebbf5ea7%3Fandroid_id%3D%7Bandroid_id%7D%26app_id%3D%7Bapp_id%7D%26iap_name%3D%7Bevent%7D%26iap_value%3D%7Brevenue%7D%26iap_currency%3D%7Bcurrency%7D%26country_code%3D%7Bcountry%7D%26created_at%3D%7Bcreated_at%7D","http://play.google.com/store/apps/details?id=","http://play.google.com/store/apps/details?id=com.facebook.orca","https://events.appsflyer.com/api/v3/androidevent?buildnumber=3.0&app_id=","https://play.google.com/store/account?purchaseFilter=apps","https://play.google.com/store/apps/details?id=de.mcoins.applike","https://play.google.com/store/apps/details?id=de.mcoins.applike&referrer=","https://t.appsflyer.com/api/v3/androidevent?buildnumber=3.0&app_id=","https://track.appsflyer.com/api/v3/uninstall?buildnumber=3.0","https://www.googleapis.com/urlshortener/v1/url?key=AIzaSyDATK_202NszbsvTMUNI7W23x4kJ4xKNkE","market://details?id=","market://details?id=com.facebook.orca"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["GET_TASKS (Allows an application to get information about the currently or recently running tasks.) ","INTERNET (Allows applications to open network sockets.) ","USE_CREDENTIALS (Allows an application to request authtokens from the AccountManager.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 4 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Belgium","United States","Ireland","Germany"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://app.adjust.io/cbtest?install_callback=http%3A%2F%2Fsandbox.m-coins.de%2Fapp_dev.php%2Fapi%2Ftracking%2Fadjust%2Fbafb0e7fc6c32398cf1c296859090f3aebbf5ea7%2Finstall%3Fdevice%3D%7Bandroid_id%7D%26app%3D%7Bapp_id%7D%26installed_at%3D%7Binstalled_at%7D&event_callback=http%3A%2F%2Fsandbox.m-coins.de%2Fapp_dev.php%2Fapi%2Ftracking%2Fadjust%2Fbafb0e7fc6c32398cf1c296859090f3aebbf5ea7%3Fandroid_id%3D%7Bandroid_id%7D%26app_id%3D%7Bapp_id%7D%26iap_name%3D%7Bevent%7D%26iap_value%3D%7Brevenue%7D%26iap_currency%3D%7Bcurrency%7D%26country_code%3D%7Bcountry%7D%26created_at%3D%7Bcreated_at%7D","http://play.google.com/store/apps/details?id=","http://play.google.com/store/apps/details?id=com.facebook.orca"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelatePackageManagerChecks","value":"yes","testID":"Lists installed applications","resultClass":"Privacy","name":"Package Manager Test","detail":"The Application gathers a list of installed applications. Even though some legitimate applications may use this functionality, it can be misused to send this information to third parties.","text":"Installed app list accessed?","context":"5000"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"MIXED_URL-TEST","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Mixed usage of HTTP and HTTPS: Protected and unprotected submission of parameters to the same domain. Indicates implementation flaw or weak communication protection. ","text":"Domains accessed with http AND https: ","context":"7000"},"resultList":[{"result":["play.google.com"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","VIBRATE (Allows access to the vibrator.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","RECEIVE_BOOT_COMPLETED (Allows an application to receive the android.content.Intent ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting. If you don't request this permission, you will not receive the broadcast at that time. Though holding this permission does not have any security implications, it can have a negative impact on the user experience by increasing the amount of time it takes the system to start and allowing applications to have themselves running without the user being aware of them. As such, you must explicitly declare your use of this facility to make that visible to the user.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["PACKAGE_USAGE_STATS","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["de.mcoins.applike.activities.registration.RegisterEmailActivity","de.mcoins.applike.activities.registration.RegisterGoogleActivity","de.mcoins.applike.activities.registration.RegisterFacebookActivity","de.mcoins.applike.activities.MainActivity","de.mcoins.applike.activities.VideoActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["de.mcoins.applike.permission.C2D_MESSAGE","com.google.android.c2dm.permission.RECEIVE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build serial","build display","build brand","IMEI/MEID","Wifi-MAC address","country code + mobile network code for SIM provider","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarm Serivce test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The alarm manager has been initialized properly. ","text":"Alarm Manager initialized dynamically?","context":"9410"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"ok","testID":"Scheduled Alarm Types test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"","text":"Alarm repeating types: ","context":"9440"},"resultList":[{"result":["RTC_WAKEUP"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application contains a registered scheduled alarm. With such an alarm the application repeats the execution of the registered task for example every 10 hours. The following classes register scheduled tasks:","text":"Scheduled Alarm Manager registered?","context":"9450"},"detailList":[{"detail":["de.mcoins.applike.aqt.AlarmManager_SetupReceiver"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Location (inactive)","Acceleration/Light"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Signature Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs system/signature permissions? ","context":"180"},"detailList":[{"detail":["PACKAGE_USAGE_STATS (Allows an application to collect component usage statistics.) "]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=","http://developer.android.com/tools/support-library/index.html","http://opensource.org/licenses/BSD-3-Clause","http://opensource.org/licenses/MIT","http://opensource.org/licenses/BSD-2-Clause","http://psdev.de/LicensesDialog","http://www.webmproject.org/license/software/"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: unintended use of insecure HTTP protocol for transmissions of parameters to servers capable of HTTPS. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["App Listing: Usage of detected functionality to access list of installed apps may poses a privacy risk."]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.bitstrips.imoji:9.35.289","name":"Bitmoji – dein Avatar-Emoji","version":"9.35.289","model":"Messenger","store_url":"https://play.google.com/store/apps/details?id=com.bitstrips.imoji"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"yes","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"App requests permission READ_CONTACTS to access the phones address book.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Crashlytics","HockeyApp"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Alarm with Intervals test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The scheduled task gets repeated in the following intervals: ","text":"Alarm intervals dynamically?","context":"9420"},"detailList":[{"detail":["Dynamic interval(s)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"ok","testID":"Bootcompleted Components Test","resultClass":"Runtime Security","name":"Application autostart receiver","detail":"The Application has the permission to start automatically after booting the device. The application can execute code without userinteraction or prevention.","text":"Executed component after Phone Reboot: ","context":"0"},"resultList":[{"result":["com.bitstrips.imoji.receivers.BootCompletedReceiver"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","accounts.google.com","api.bitmoji.com","api.instabug.com","bitmoji.com","bitstrips.com","cp.pushwoosh.com","e.crashlytics.com","facebook.com","gate.hockeyapp.net","get.bitmoji.com","graph-video.%s","graph.%s","login.live.com","login.yahoo.com","play.google.com","plus.google.com","render.bitstrips.com","render.staging.bs.ht","sdk.hockeyapp.net","settings.crashlytics.com","ssl.google-analytics.com","twitter.com","www.bitmoji.com","www.facebook.com","www.google-analytics.com","www.googleapis.com","www.googletagmanager.com","www.linkedin.com","www.paypal.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=","http://play.google.com/store/apps/details?id=com.facebook.orca","https://render.bitstrips.com/v2/cpanel/10141385-%s-v1.png?transparent=1","market://details?id=","market://details?id=com.facebook.orca","market://details?id=com.snapchat.android"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"ECB mode usage identified. This mode has the disadvantage, that identical plaintext blocks are encrypted into identical ciphertext blocks. Therefore it does not hide patterns well and this mode is not recommended for use in cryptographic protocols at all. ","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/ECB/PKCS7Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["SYSTEM_ALERT_WINDOW (Allows an application to open windows using the type android.view.WindowManager.LayoutParams TYPE_SYSTEM_ALERT, shown on top of all other applications. Very few applications should use this permission; these windows are intended for system-level interaction with the user.) ","RECORD_AUDIO (Allows an application to record audio.) ","INTERNET (Allows applications to open network sockets.) ","WRITE_CONTACTS (Allows an application to write (but not read) the user'scontacts data.) ","GET_TASKS (Allows an application to get information about the currently or recently running tasks.) ","READ_CONTACTS (Allows an application to read the user's contacts data.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","CAMERA (Required to be able to access the camera device. This will automatically enforce the uses-feature manifest element for all camera features. If you do not require all camera features or can properly operate if a camera is not available, then you must modify your manifest as appropriate in order to install on devices that don't support all camera features.) ","READ_PROFILE (Allows an application to read the user's personal profile data.) ","READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 5 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["United States","Ireland","United Kingdom","Germany","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=","http://play.google.com/store/apps/details?id=com.facebook.orca"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["java.net.URLClassLoader(...)","ClassLoader.loadClass(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"ok","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"The application or application components define specific type filter for handling different file types. If different applications define the same filter types the user has to decide which application should handle the file. ","text":"App can handle documents of mimeType: ","context":"0"},"resultList":[{"result":["image/*"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","RECEIVE_BOOT_COMPLETED (Allows an application to receive the android.content.Intent ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting. If you don't request this permission, you will not receive the broadcast at that time. Though holding this permission does not have any security implications, it can have a negative impact on the user experience by increasing the amount of time it takes the system to start and allowing applications to have themselves running without the user being aware of them. As such, you must explicitly declare your use of this facility to make that visible to the user.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_CONTACTS","SYSTEM_ALERT_WINDOW","READ_PROFILE","RECEIVE_BOOT_COMPLETED","WRITE_CONTACTS","CAMERA","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.bitstrips.imoji.ui.ImojiBrowserActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.bitstrips.imoji.permission.C2D_MESSAGE","com.android.vending.BILLING","com.google.android.c2dm.permission.RECEIVE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build display","build brand","IMEI/MEID","Wifi-MAC address","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarm Serivce test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The alarm manager has been initialized properly. ","text":"Alarm Manager initialized dynamically?","context":"9410"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"ok","testID":"Scheduled Alarm Types test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"","text":"Alarm repeating types: ","context":"9440"},"resultList":[{"result":["ELAPSED_REALTIME"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application contains a registered scheduled alarm. With such an alarm the application repeats the execution of the registered task for example every 10 hours. The following classes register scheduled tasks:","text":"Scheduled Alarm Manager registered?","context":"9450"},"detailList":[{"detail":["com.bitstrips.imoji.manager.FloaterServiceManager"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Location (inactive)","Microphone"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://bitstrips.com/community_guidelines/","http://play.google.com/store/apps/details?id=","http://www.bitmoji.com/support/android.html","http://bitmoji.com/support/terms.html","http://bitstrips.com/terms.php","http://get.bitmoji.com/a/","http://bitmoji.com/support/privacy.html"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"de.robertgering.themagicshell:2.28","name":"Die Magische Muschel","version":"2.28","model":"Dictionary","store_url":"https://play.google.com/store/apps/details?id=de.robertgering.themagicshell"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be considered by doing a device backup. If an application contains sensitive information these can be cloned by backing up the data and extracted from the backup archive off device.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi-v7a/libil2cpp.so","ARM 32 bit: lib/armeabi-v7a/libmain.so","ARM 32 bit: lib/armeabi-v7a/libunity.so","x86 32bit: lib/x86/libil2cpp.so","x86 32bit: lib/x86/libmain.so","x86 32bit: lib/x86/libunity.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["ChartBoost","Doubleclick"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["csi.gstatic.com","googleads.g.doubleclick.net","iap.samsungapps.com","impact.applifier.com","impact.staging.applifier.com","live.chartboost.com","market.android.com","pagead2.googlesyndication.com","plus.google.com","sb-ssl.google.com","ssl.google-analytics.com","www.amazon.com","www.google-analytics.com","www.google.com","www.googleapis.com","www.googletagmanager.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["https://iap.samsungapps.com/iap/appsItemVerifyIAPReceipt.as?protocolVersion=2.0","market://details?id=","market://details?id=com.google.android.gms.ads"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 3 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Belgium","United States","Ireland"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.prime31.UnityPlayerNativeActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.sec.android.iap.permission.BILLING","com.android.vending.BILLING"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build display","build fingerprint","country code + mobile network code for SIM provider","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"none","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"There was no Permission defined for camera usage, but the application contains specific API calls accessing the camera.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera (inactive)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://www.amazon.com/gp/mas/get-appstore/android/ref=mas_mx_mba_iap_dl"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.disney.dedisneychannel_goo:1.2.14","name":"Disney Channel","version":"1.2.14","model":"Media Player","store_url":"https://play.google.com/store/apps/details?id=com.disney.dedisneychannel_goo"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi-v7a/libdatabase_sqlcipher.so","ARM 32 bit: lib/armeabi-v7a/libsqlcipher_android.so","ARM 32 bit: lib/armeabi-v7a/libstlport_shared.so","x86 32bit: lib/x86/libdatabase_sqlcipher.so","x86 32bit: lib/x86/libsqlcipher_android.so","x86 32bit: lib/x86/libstlport_shared.so"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Doubleclick","HockeyApp","INFOnline","ScorecardResearch"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["accounts.google.com","analytics.disneyinternational.com","api.disney.com","b.scorecardresearch.com","cdnapi.kaltura.com","cdnapisec.kaltura.com","config.ioam.de","csi.gstatic.com","de.ioam.de","dilcdn-emea.disneycdn.com","disney.com","disney.de","disneychannel.de","disneychannel.es","disneynetwork0-a.akamaihd.net","disneyprivacycenter.com","disneytermsofuse.com","googleads.g.doubleclick.net","help.disney.com","iam-agof-app.irquest.com","int.api.disney.private","login.live.com","login.yahoo.com","ma123-r.analytics.edgesuite.net","market.android.com","play.google.com","plus.google.com","qa.api.disney.com","registration.disneyinternational.com","requirejs.org","s0.2mdn.net","sb.scorecardresearch.com","sdk.hockeyapp.net","ssl.gstatic.com","tredir.go.com","twitter.com","udm.scorecardresearch.com","www.disney.de","www.facebook.com","www.google.com","www.googleapis.com","www.linkedin.com","www.paypal.com","www.twcapps.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["file:///android_asset/www/index-phone.html?language=","http://cdnapi.kaltura.com/api_v3/index.php?ks=%1attrs&service=caption_captionasset&action=servewebvtt&captionAssetId=%2attrs&segmentIndex=1&segmentDuration=360000&localTimestamp=0","http://cdnapi.kaltura.com/api_v3/index.php?service=multirequest&action=null&format=1&1:service=session&1:action=startWidgetSession&1:widgetId=_1068292&2:ks={1:result:ks}&2:service=caption_captionasset&2:action=list&2:filter:objectType=KalturaAssetFilter&2:filter:entryIdEqual=%1attrs&2:filter:statusEqual=2","http://dilcdn-emea.disneycdn.com/appdata/disneychannel.de/_search?q=show&filters[type]=Show&filters[site_s]=shows.disneychannel.de&fl=id,dimg_property_codes,asset_logo_image,asset_logo_retina_image,name,duration,property_names&rpp=100","http://dilcdn-emea.disneycdn.com/appdata/disneychannel.de/_search?q=video&filters[type]=Video&filters[site_s]=disneychannel.de&fl=id,name,url,primary_image_url,duration,show_ids,start_date_s,site_s,kaltura_age_consent,external_ids,property_names&rpp=100","http://dilcdn-emea.disneycdn.com/appdata/disneychannel.de/_search?q=video&filters[type]=Video&filters[site_s]=disneychannel.de&fl=id,name,url,primary_image_url,duration,show_ids,start_date_s,start_date,end_date,site_s,kaltura_age_consent,external_ids,property_names&rpp=100","http://dilcdn-emea.disneycdn.com/appdata/disneychannel.es/_search?q=show&filters[type]=Show&filters[site_s]=disneychannel.es&fl=id,dimg_property_codes,asset_logo_image,asset_logo_retina_image,name,duration,property_names&rpp=100","http://dilcdn-emea.disneycdn.com/appdata/disneychannel.es/_search?q=video&filters[type]=Video&filters[site_s]=en.disneychannel.es,disneychannel.es&fl=id,name,url,primary_image_url,duration,show_ids,start_date_s,start_date,end_date,house_number,site_s,kaltura_age_consent,external_ids,property_names&rpp=100","http://tredir.go.com/capmon/GetDE/?set=j¶m=countryisocode","https://analytics.disneyinternational.com/ads/tagsv2/video/?hub=disney.de&output=vast&sdk=%1attrs&site=disneychannel.de&url=http://www.disneychannel.de§ion=%2attrs&slug1=mobile-app&description_url=http://www.disneychannel.de&cmsid=13728&vid=%3attrs&sitesection=video&contenttype=videos&country=%4attrs&disneycms=twc-app&slug2=%5attrs&appvsn=%6attrs","https://analytics.disneyinternational.com/ads/tagsv2/video/?hub=disney.es&output=vast&sdk=%1attrs&site=disneychannel.es&url=http://www.disneychannel.es§ion=%2attrs&slug1=mobile-app&description_url=http://www.disneychannel.es&cmsid=13728&vid=%3attrs&sitesection=video&contenttype=videos&country=%4attrs&disneycms=twc-app&slug2=%5attrs&appvsn=%6attrs","https://cdnapisec.kaltura.com/p/1068292/sp/106829200/playManifest/entryId/%1attrs/format/applehttp/protocol/http/a.m3u8?UMBEPARAMplatform=mobile-android","https://market.android.com/details?id=","https://play.google.com/store/apps/details?id=","https://registration.disneyinternational.com/login.htm?task=invite&p=11215&next_url=http://www.disney.de/disney-tv/disney-channel/index.jsp&site_code=DE.DE.DIS&fullScreen=true","https://registration.disneyinternational.com/privacy.htm?p=132&fullScreen=true","https://registration.disneyinternational.com/terms.htm?p=132&fullScreen=true","market://details?id=","market://details?id=com.google.android.gms.ads"]}]},{"attr":{"rev":"7499","checkClass":"AndroidCorrelateWebCode","value":"yes","testID":"Cordova Test","resultClass":"Runtime Security","name":"Runtime Code","detail":"App contains Apache Cordova framework which enables software programmers to build applications for mobile devices using JavaScript, HTML5, and CSS3. The following Cordova plugins were detected: ","text":"Cordova WebApp?","context":"12000"},"detailList":[{"detail":["cordova-plugin-whitelist/whitelist.js","com.twc.corodva.appversion/www/AppVersionPlugin.js","cordova-plugin-broadcaster/www/broadcaster.js","org.apache.cordova.dialogs/www/android/notification.js","com.twc.cordova.ctotracking/www/ctotracker.js","com.twc.corodva.browser-restriction/www/browser-restriction.js","com.twc.cordova.videoplayer/www/videoplayer.js","org.apache.cordova.network-information/www/Connection.js","org.apache.cordova.network-information/www/network.js","cordova-plugin-splashscreen/www/splashscreen.js","cordova-plugin-inappbrowser/www/inappbrowser.js","org.apache.cordova.dialogs/www/notification.js"]}]},{"attr":{"rev":"7499","checkClass":"AndroidCorrelateWebCode","value":"ok","testID":"Cordova Version","resultClass":"Runtime Security","name":"Runtime Code","detail":"The plattfrom build version information was found in app bundle.","text":"Cordova WebApp Plattform Version: ","context":"11999"},"resultList":[{"result":["5.1.1"]}]},{"attr":{"rev":"7499","checkClass":"AndroidCorrelateWebCode","value":"ok","testID":"Cordova Whitelist","resultClass":"Runtime Security","name":"Runtime Code","detail":"The network access whitelist information was found in app bundle.","text":"Cordova WebApp Access Whitelist: ","context":"11998"},"resultList":[{"result":["*"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\"","\"AES/CBC/PKCS7Padding\"","\"RSA/ECB/PKCS1PADDING\""]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Cryptographic keys found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"It is considered as a bad practice to use hard-coded cryptographic keys in the application. The following hard-coded cryptographic keys were found: ","text":"Cryptographic keys found?","context":"999"},"detailList":[{"detail":["\"1984E85B17174FD8\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 8 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Netherlands","Austria","Belgium","United States","Ireland","United Kingdom","Germany","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://cdnapi.kaltura.com/api_v3/index.php?ks=%1attrs&service=caption_captionasset&action=servewebvtt&captionAssetId=%2attrs&segmentIndex=1&segmentDuration=360000&localTimestamp=0","http://cdnapi.kaltura.com/api_v3/index.php?service=multirequest&action=null&format=1&1:service=session&1:action=startWidgetSession&1:widgetId=_1068292&2:ks={1:result:ks}&2:service=caption_captionasset&2:action=list&2:filter:objectType=KalturaAssetFilter&2:filter:entryIdEqual=%1attrs&2:filter:statusEqual=2","http://dilcdn-emea.disneycdn.com/appdata/disneychannel.de/_search?q=show&filters[type]=Show&filters[site_s]=shows.disneychannel.de&fl=id,dimg_property_codes,asset_logo_image,asset_logo_retina_image,name,duration,property_names&rpp=100","http://dilcdn-emea.disneycdn.com/appdata/disneychannel.de/_search?q=video&filters[type]=Video&filters[site_s]=disneychannel.de&fl=id,name,url,primary_image_url,duration,show_ids,start_date_s,site_s,kaltura_age_consent,external_ids,property_names&rpp=100","http://dilcdn-emea.disneycdn.com/appdata/disneychannel.de/_search?q=video&filters[type]=Video&filters[site_s]=disneychannel.de&fl=id,name,url,primary_image_url,duration,show_ids,start_date_s,start_date,end_date,site_s,kaltura_age_consent,external_ids,property_names&rpp=100","http://dilcdn-emea.disneycdn.com/appdata/disneychannel.es/_search?q=show&filters[type]=Show&filters[site_s]=disneychannel.es&fl=id,dimg_property_codes,asset_logo_image,asset_logo_retina_image,name,duration,property_names&rpp=100","http://dilcdn-emea.disneycdn.com/appdata/disneychannel.es/_search?q=video&filters[type]=Video&filters[site_s]=en.disneychannel.es,disneychannel.es&fl=id,name,url,primary_image_url,duration,show_ids,start_date_s,start_date,end_date,house_number,site_s,kaltura_age_consent,external_ids,property_names&rpp=100","http://tredir.go.com/capmon/GetDE/?set=j¶m=countryisocode"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelatePackageManagerChecks","value":"yes","testID":"Lists installed applications","resultClass":"Privacy","name":"Package Manager Test","detail":"The Application gathers a list of installed applications. Even though some legitimate applications may use this functionality, it can be misused to send this information to third parties.","text":"Installed app list accessed?","context":"5000"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["INTERACT_ACROSS_USERS"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.disney.dedisneychannel.DisneyChannel"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build serial","build hardware","build display","build fingerprint","build brand","IMEI/MEID","SIM card serial","subscriber ID (IMSI)","Wifi-MAC address","country code + mobile network code for SIM provider","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"SHARED UID TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"Application with the same shared user ID and signed with the same certificate can access each other's data and, if desired, run in the same process. This means one application can access the private local stored data from another one. The following shared user ID is used:","text":"Shared user ID defined?","context":"0"},"detailList":[{"detail":["com.disney.andi"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"The SSL trust management for socket communication is modified in an insecure way. The following implementations of the X509TrustManager interface should be checked: ","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"},"detailList":[{"detail":["Lcom/mobilenetwork/referralstore/utils/DMNReferralStoreUtilsattr2;"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Location (inactive)"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Signature Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs system/signature permissions? ","context":"180"},"detailList":[{"detail":["INTERACT_ACROSS_USERS (Allows an application to call APIs that allow it to do interactions across the users on the device, using singleton services and user-targeted broadcasts. This permission is not available to third party applications.) "]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://cdnapi.kaltura.com/api_v3/index.php?ks=%1attrs&service=caption_captionasset&action=servewebvtt&captionAssetId=%2attrs&segmentIndex=1&segmentDuration=360000&localTimestamp=0","http://disneytermsofuse.com/spanish/","http://www.disney.de/impressum/","http://tredir.go.com/capmon/GetDE/?set=j¶m=countryisocode","http://dilcdn-emea.disneycdn.com/appdata/disneychannel.es/_schedule/full/%@/%i/%2Fprogramacion/","http://disneyprivacycenter.com/privacy-policy-translations/german","http://dilcdn-emea.disneycdn.com/appdata/disneychannel.de/_schedule/full/%@","http://dilcdn-emea.disneycdn.com/appdata/disneychannel.de/livestream","http://iam-agof-app.irquest.com/agof-qds/v2","http://udm.scorecardresearch.com/offline","http://dilcdn-emea.disneycdn.com/appdata/disneychannel.es/directo/","http://s0.2mdn.net/instream/html5/native/native_sdk_v3.html","http://b.scorecardresearch.com/p2?","http://disney.de/service/mobile-app","http://disneynetwork0-a.akamaihd.net/mobilenetwork/referralstore/bootstrap/","http://iam-agof-app.irquest.com/agof-qds/v2/measure"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"yes","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"Reasons for category violations of default policy: ","text":"Violations of default policy?","context":"0"},"detailList":[{"detail":["Estimated overall app risk for the enterprise exceeds the security policy threshold due to detected risks and flaws exploitable by skilled attackers without the existence of additional supporting factors. "]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: App contains insecure code for communication protection with SSL/TLS. Common source for flawed communication protection against man-in-the-middle attacks. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["App Listing: Usage of detected functionality to access list of installed apps poses a privacy risk for detected app type."]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. ","Crypto: Embedded static encryption key found, which can be extracted by attackers to revert the encryption or fake the signature of the content it is used for.","JavaScript Bridge attackable: App uses a bridge between web content and native code. In combination with the detected loading of unprotected web content, the functionality provided by the bridge can be exploited by man-in-the-middle attackers.","Cordova Warning: Before moving a Cordova app to production, a whitelist should be formulated to grand only access to specific network domains and subdomains. This app, however, uses a whitelist that allows access to any network domain. "]}]}]},{"attr":{"os":"Android","appId":"com.incorporateapps.fakegps.fre:4.3.5","name":"Fake GPS Location Spoofer Free","version":"4.3.5","model":"Generic","store_url":"https://play.google.com/store/apps/details?id=com.incorporateapps.fakegps.fre"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Doubleclick"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["accounts.google.com","app-measurement.com","csi.gstatic.com","googleads.g.doubleclick.net","login.live.com","login.yahoo.com","plus.google.com","ssl.google-analytics.com","twitter.com","www.facebook.com","www.google-analytics.com","www.google.com","www.googleapis.com","www.googletagmanager.com","www.incorporateapps.com","www.linkedin.com","www.paypal.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["market://details?id=","market://details?id=com.google.android.gms.ads"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["ACCESS_FINE_LOCATION (Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.) ","ACCESS_COARSE_LOCATION (Allows an app to access approximate location derived from network location sources such as cell towers and Wi-Fi.) ","INTERNET (Allows applications to open network sockets.) ","ACCESS_MOCK_LOCATION (Allows an application to create mock location providers for testing.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 5 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["United States","Ireland","United Kingdom","Germany","unknown"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["WRITE_SETTINGS (Allows an application to read or write the system settings.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["WRITE_SETTINGS"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.incorporateapps.fakegps.fre.Maps"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build display","build fingerprint","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no Permission defined for camera usage, but the application contains specific API calls accessing the camera.Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera (inactive)","WIFI-Based Location","GPS Location"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://www.incorporateapps.com/fake_gps_free_faq.html"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.go.map:1.5.0","name":"GO Map - For Pokémon GO","version":"1.5.0","model":"Generic","store_url":"https://play.google.com/store/apps/details?id=com.go.map"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Crashlytics","Doubleclick"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["cdn.krxd.net","csi.gstatic.com","e.crashlytics.com","googleads.g.doubleclick.net","graph.%s.facebook.com","graph.facebook.com","pagead2.googlesyndication.com","pkmn.gg","play.google.com","plus.google.com","pushapi.localytics.com","sb-ssl.google.com","settings.crashlytics.com","ssl.google-analytics.com","www.%s.facebook.com","www.facebook.com","www.google-analytics.com","www.google.com","www.googleapis.com","www.googletagmanager.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://pushapi.localytics.com/push_test?platform=android&type=prod&campaign=%s&creative=%s&token=%s&install_id=%s&client_ts=%s","https://play.google.com/store/apps/details?id=","market://details?id=","market://details?id=%s","market://details?id=com.google.android.gms.ads"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["ACCESS_FINE_LOCATION (Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.) ","ACCESS_COARSE_LOCATION (Allows an app to access approximate location derived from network location sources such as cell towers and Wi-Fi.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 4 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Belgium","United States","Ireland","France"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://pushapi.localytics.com/push_test?platform=android&type=prod&campaign=%s&creative=%s&token=%s&install_id=%s&client_ts=%s"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.go.map.activities.PokemonListingActivity"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build display","build fingerprint","build brand","IMEI/MEID","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different sensors. This allows the application to track the user and/or determine the environment of the user.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["WIFI-Based Location","GPS Location"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://pushapi.localytics.com/push_test?platform=android&type=prod&campaign=%s&creative=%s&token=%s&install_id=%s&client_ts=%s"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.google.android.play.games:3.7.24 (3051774-070)","name":"Google Play Spiele","version":"3.7.24 (3051774-070)","model":"Game","store_url":"https://play.google.com/store/apps/details?id=com.google.android.play.games"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is disabled. This means no backup or restore of the application will ever be performed, even by a full-system backup that would otherwise cause all application data to be saved via adb backup function.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["x86 32bit: lib/x86/libgames_rtmp_jni.so"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Doubleclick"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["accounts.google.com","accounts\\.google(\\.co(m","android.clients.google.com","drive.google.com","games.google.com","googledrive.com","m.youtube.com","market.android.com","passwords.google.com","play.google.com","play.googleapis.com","plus.google.com","staging-www.sandbox.googleapis.com","support.google.com","www-googleapis-staging.sandbox.google.com","www.facebook.com","www.googleapis.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yesbut","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Application can establish a client connection to some host system via Browser interaction. This means the application open the system browser for showing or transfering information to the host system. This communication does not require INTERNET permission! App contains communication code but no INTERNET permission. This could be a hint for code which is not used e.g. due to some library usage or for some malicious behaviour. App has to be inspected manually in detail. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["a;href=https://support.google.com/googleplay/?p=games_signin","g;example=market://details?id=com.google.android.games.sample;id=play_store_uri","http://support.google.com/googleplay/?p=about_play_games","http://www.youtube.com/watch?v=%s","https://gaming.youtube.com/watch?v=%s","https://support.google.com/?p=google_settings","https://support.google.com/googleplay/?p=account_password","https://support.google.com/googleplay/?p=game_profile_visibility","https://support.google.com/googleplay/?p=games_notifications","https://support.google.com/googleplay/?p=games_signin","https://support.google.com/googleplay/?p=games_visibility","https://support.google.com/googleplay/?p=play_games_nearby","https://support.google.com/googleplay/?p=reco","https://support.google.com/googleplay/?p=record_g","https://support.google.com/googleplay/?p=record_ga","https://support.google.com/googleplay/?p=record_game","https://support.google.com/googleplay/?p=record_games","https://support.google.com/googleplay/?p=report_gamertag","market://details?id=","market://details?id=com.google.android.youtube"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 4 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Belgium","United States","Ireland","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://support.google.com/googleplay/?p=about_play_games"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelatePackageManagerChecks","value":"yes","testID":"Lists installed applications","resultClass":"Privacy","name":"Package Manager Test","detail":"The Application gathers a list of installed applications. Even though some legitimate applications may use this functionality, it can be misused to send this information to third parties.","text":"Installed app list accessed?","context":"5000"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"MIXED_URL-TEST","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Mixed usage of HTTP and HTTPS: Protected and unprotected submission of parameters to the same domain. Indicates implementation flaw or weak communication protection. ","text":"Domains accessed with http AND https: ","context":"7000"},"resultList":[{"result":["support.google.com"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) ","VIBRATE (Allows access to the vibrator.) "]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.google.android.gms.games.ui.restricted.achievements.RestrictedAchievementDescriptionActivity","com.google.android.gms.games.ui.destination.players.PlayerDetailActivity","com.google.android.gms.games.ui.client.requests.SendRequestActivity","com.google.android.gms.games.ui.client.leaderboards.ClientLeaderboardScoreActivity","com.google.android.gms.games.ui.signin.SignInActivity","com.google.android.gms.games.ui.GamesSettingsActivity","com.google.android.gms.games.ui.destination.requests.DestinationPublicRequestActivity","com.google.android.gms.games.ui.destination.quests.CompletedQuestListActivity","com.google.android.gms.games.ui.destination.games.GameDetailActivity","com.google.android.gms.games.ui.destination.matches.DestinationPublicInvitationActivity","com.google.android.gms.games.ui.client.matches.ClientMultiplayerInboxActivity","com.google.android.gms.games.ui.client.requests.ClientPublicRequestActivity","com.google.android.gms.games.ui.restricted.videos.RestrictedVideoCapturedActivity","com.google.android.gms.games.ui.destination.matches.DestinationParticipantListActivity","com.google.android.gms.games.testcompat.ParcelTestCompatActivity","com.google.android.gms.games.ui.client.leaderboards.ClientLeaderboardListActivity","com.google.android.gms.games.ui.destination.requests.DestinationRequestListActivity","com.google.android.gms.games.ui.client.achievements.ClientAchievementListActivity","com.google.android.gms.games.ui.restricted.videos.RestrictedVideoRecordingOnboardingActivity","com.google.android.gms.games.ui.destination.inbox.DestinationInboxActivity","com.google.android.gms.games.ui.client.matches.RealTimeWaitingRoomActivity","com.google.android.gms.games.ui.destination.matches.DestinationMultiplayerListActivity","com.google.android.gms.games.ui.client.matches.ClientPublicInvitationActivity","com.google.android.gms.games.ui.destination.games.ShopGamesActivity","com.google.android.gms.games.ui.destination.players.AchievementComparisonListActivity","com.google.android.gms.games.ui.client.quests.ClientQuestDetailActivity","com.google.android.gms.games.ui.destination.games.DestinationGameSearchActivity","com.google.android.gms.games.ui.destination.achievements.DestinationAchievementDescriptionActivity","com.google.android.gms.games.ui.client.quests.ClientQuestListActivity","com.google.android.gms.games.ui.destination.videos.DestinationVideoRecordingOnboardingActivity","com.google.android.gms.games.ui.client.main.ClientSettingsActivity","com.google.android.gms.games.ui.client.matches.SelectOpponentsActivity","com.google.android.gms.games.ui.client.snapshots.ClientSnapshotListActivity","com.google.android.gms.games.ui.dialog.InterstitialVideoDialogLauncher","com.google.android.gms.games.ui.destination.players.PlayerDetailGameComparisonActivity","com.google.android.gms.games.ui.client.players.ClientPlayerSearchActivity","com.google.android.gms.games.ui.restricted.matches.RestrictedParticipantListActivity","com.google.android.gms.games.ui.common.players.ProfileSummaryActivity","com.google.android.gms.games.ui.GamesSettingsDebugActivity","com.google.android.gms.games.ui.client.requests.ClientRequestInboxActivity","com.google.android.gms.games.ui.client.ClientUiProxyActivity","com.google.android.gms.games.ui.dialog.CaptureHeadlessPermissionActivity","com.google.android.gms.games.ui.destination.leaderboards.DestinationLeaderboardScoreActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.google.android.gms.permission.GAMES_DEBUG_SETTINGS","com.google.android.gms.permission.INTERNAL_BROADCAST","com.google.android.providers.gsf.permission.WRITE_GSERVICES","com.google.android.providers.gsf.permission.READ_GSERVICES"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build hardware","build fingerprint","build brand","country code + mobile network code for SIM provider","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"no","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"No indicators for overprivilege/redundant permissions found! The defined permission can not abused by foreign apps.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"none","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"No sensor usage Indicators found.","text":"Sensor usage: ","context":"0"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://games.google.com/sync/friends/%s","http://support.google.com/googleplay/?p=about_play_games","http://games.google.com/sync/request/%s","http://plus.google.com/%s/about","http://play.google.com/store/apps/category/GAME","http://games.google.com/sync/match/%s"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default error handling for SSL/TLS client communication. Error-prone modifications can be ruled out. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"yes","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"Reasons for category violations of default policy: ","text":"Violations of default policy?","context":"0"},"detailList":[{"detail":["Estimated overall app risk for the enterprise exceeds the security policy threshold due to detected risks and flaws exploitable by skilled attackers without the existence of additional supporting factors. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: unintended use of insecure HTTP protocol for transmissions of parameters to servers capable of HTTPS. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["App Listing: Usage of detected functionality to access list of installed apps poses a privacy risk for detected app type."]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.crema.instant:1.0.8","name":"Instant Buttons","version":"1.0.8","model":"Generic","store_url":"https://play.google.com/store/apps/details?id=com.crema.instant"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi/libaac-encoder.so"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Doubleclick","Heyzap","LiveRail","Parse","inMobi ADs"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["ad6.%s.liverail.com","ad6.liverail.com","admob-app-id-2125635051.firebaseio.com","ads.heyzap.com","api.parse.com","app-measurement.com","auth.firebase.com","cremagames.com","csi.gstatic.com","goo.gl","googleads.g.doubleclick.net","graph.%s.facebook.com","graph.facebook.com","i.l.inmobicdn.net","i.w.inmobi.com","med.heyzap.com","mobilecrashreporting.googleapis.com","pagead2.googlesyndication.com","play.google.com","plus.google.com","sb-ssl.google.com","ssl.google-analytics.com","twitter.com","www.%s.facebook.com","www.copyright.gov","www.cremagames.com","www.facebook.com","www.google-analytics.com","www.google.com","www.googleapis.com","www.googletagmanager.com","www.loc.gov"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["https://mobilecrashreporting.googleapis.com/v1/crashes:batchCreate?key=","https://play.google.com/store/apps/details?id=com.crema.instant","market://details?id=%s","market://details?id=%s&referrer=%s","market://details?id=com.google.android.gms.ads","market://details?id=com.heyzap.android"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["RECORD_AUDIO (Allows an application to record audio.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 4 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Netherlands","Belgium","United States","Ireland"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"ok","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"The application or application components define specific type filter for handling different file types. If different applications define the same filter types the user has to decide which application should handle the file. ","text":"App can handle documents of mimeType: ","context":"0"},"resultList":[{"result":["audio/*","video/mp4"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","WRITE_SETTINGS (Allows an application to read or write the system settings.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.crema.instant.localchooser.InstantChooser","com.crema.instant.widget.WidgetConfig"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.crema.instant.permission.C2D_MESSAGE","com.google.android.c2dm.permission.RECEIVE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build display","build fingerprint","IMEI/MEID","Wifi-MAC address","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"The SSL trust management for socket communication is modified in an insecure way. The following implementations of the X509TrustManager interface should be checked: ","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"},"detailList":[{"detail":["Lcom/facebook/ads/internal/util/gattr1;"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Location (inactive)","Microphone"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://cremagames.com/instantbuttons/PP.htm","http://www.loc.gov/copyright","http://cremagames.com/instantbuttons/TOS.htm","http://ads.heyzap.com/in_game_api/ads"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: App contains insecure code for communication protection with SSL/TLS. Common source for flawed communication protection against man-in-the-middle attacks. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.mobilplug.lovetest:3.2.6","name":"Liebe Test","version":"3.2.6","model":"Generic","store_url":"https://play.google.com/store/apps/details?id=com.mobilplug.lovetest"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["StartApp"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["ads.digital-inspiration.net","d1byvlfiet2h9q.cloudfront.net","mobilplug.com","play.google.com","www.dummy.com","www.startappexchange.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://ads.digital-inspiration.net/adserver/request.php?package=","http://play.google.com/store/apps/details?id=","https://play.google.com/store/apps/details?id=","market://details?id="]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["ACCESS_FINE_LOCATION (Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.) ","ACCESS_COARSE_LOCATION (Allows an app to access approximate location derived from network location sources such as cell towers and Wi-Fi.) ","INTERNET (Allows applications to open network sockets.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 3 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Austria","United States","Germany"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://ads.digital-inspiration.net/adserver/request.php?package=","http://play.google.com/store/apps/details?id="]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["ClassLoader.loadClass(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"MIXED_URL-TEST","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Mixed usage of HTTP and HTTPS: Protected and unprotected submission of parameters to the same domain. Indicates implementation flaw or weak communication protection. ","text":"Domains accessed with http AND https: ","context":"7000"},"resultList":[{"result":["play.google.com"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["VIBRATE (Allows access to the vibrator.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.mobilplug.lovetest.MainActivity"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","country code + mobile network code for SIM provider","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different sensors. This allows the application to track the user and/or determine the environment of the user.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["WIFI-Based Location","GPS Location"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=","http://d1byvlfiet2h9q.cloudfront.net/InApp/resources/adInformationDialog3.html","http://ads.digital-inspiration.net/adserver/request.php?package="]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default error handling for SSL/TLS client communication. Error-prone modifications can be ruled out. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: unintended use of insecure HTTP protocol for transmissions of parameters to servers capable of HTTPS. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.netflix.mediaclient:4.8.6 build 9782","name":"Netflix","version":"4.8.6 build 9782","model":"Media Player","store_url":"https://play.google.com/store/apps/details?id=com.netflix.mediaclient"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is disabled. This means no backup or restore of the application will ever be performed, even by a full-system backup that would otherwise cause all application data to be saved via adb backup function.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: assets/armeabi/lib64libcrittercism-v3.crt","ARM 32 bit: assets/armeabi-v7a/lib64libcrittercism-v3.crt","ARMv8 64 bit: assets/arm64-v8a/lib64libcrittercism-v3.crt","ARM 32 bit: lib/armeabi-v7a/libwhistleengine.so","ARM 32 bit: lib/armeabi-v7a/libnetflix_jp2jni.so","ARM 32 bit: lib/armeabi-v7a/libnetflix_device10.so","ARM 32 bit: lib/armeabi-v7a/libnetflix_device7.so","ARM 32 bit: lib/armeabi-v7a/libnetflix_jpjni.so","ARM 32 bit: lib/armeabi-v7a/libnetflixmp_jni.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"none","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"No indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["android.nccp.netflix.com","cdn2.nflximg.net","cdn7.nflximg.net","dummyimage.com","google.com","help.netflix.com","ichnaea.netflix.com","market.android.com","netflix.com","plus.google.com","signup.netflix.com","tp.akam.nflximg.com","www.google.com","www.netflix.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["amzn://apps/android?p=com.netflix.mediaclient","https://market.android.com/details?id=com.netflix.mediaclient","market://details?id=com.netflix.mediaclient","nflx://www.netflix.com/Browse?q=","nflx://www.netflix.com/Browse?q=source%3DNetflixWidget%26trkid%3D14836231%26action%3D"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\"","\"AES/CTR/NoPadding\"","\"AES/GCM/NoPadding\""]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Cryptographic salt values found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Use of constant salts can make application vulnerable to bruteforce attacks. The following constant salts were found: ","text":"Cryptographic salt values found?","context":"997"},"detailList":[{"detail":["-87,-101,-56,50,86,52,-29,3"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","CHANGE_WIFI_MULTICAST_STATE (Allows applications to enter Wi-Fi Multicast mode.) ","RECORD_AUDIO (Allows an application to record audio.) ","BLUETOOTH (Allows applications to connect to paired bluetooth devices.) ","INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 4 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Austria","Belgium","United States","Ireland"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["ClassLoader.loadClass(...)","load(...)","loadLibrary(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Key derivation iteration count: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Key derivation functions with less than 1000 interations are considered vulnerable to bruteforce attacks. Therefore, this app with 19 iterations is considered vulnerable.","text":"Key derivation iteration count: ","context":"995"},"resultList":[{"result":["19"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","MODIFY_AUDIO_SETTINGS (Allows an application to modify global audio settings.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["CHANGE_WIFI_MULTICAST_STATE","RECORD_AUDIO"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.netflix.mediaclient.ui.launch.UIWebViewTabletActivity","com.netflix.mediaclient.ui.search.SearchActivity","com.netflix.mediaclient.ui.launch.NetflixComLaunchActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.amazon.permission.SET_FLAG_NOSOFTKEYS","com.netflix.mediaclient.permission.C2D_MESSAGE","com.android.vending.BILLING","com.google.android.c2dm.permission.RECEIVE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build serial","build hardware","build display","build fingerprint","build brand","IMEI/MEID","Wifi-MAC address","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually. Application defines a permission ( android.permission.RECORD_AUDIO ) accessing the microphone, but there were no specific API calls found. This could be an indication for overprivileges, developer missconfiguration or confused deputy attack.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Acceleration/Light"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Crypto: Constant salt detected. This should be avoided, as it can make app vulnerable to bruteforce attacks."]}]}]},{"attr":{"os":"Android","appId":"com.scee.psxandroid:4.0.5","name":"PlayStation®App","version":"4.0.5","model":"Generic","store_url":"https://play.google.com/store/apps/details?id=com.scee.psxandroid"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is disabled. This means no backup or restore of the application will ever be performed, even by a full-system backup that would otherwise cause all application data to be saved via adb backup function.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi/liblept.so","ARM 32 bit: lib/armeabi/libscecompanionutil.so","ARM 32 bit: lib/armeabi/libscepsxandroidutil.so","ARM 32 bit: lib/armeabi/libtess.so","ARM 32 bit: lib/armeabi/libvoucher_ocr.so","ARM 32 bit: lib/armeabi-v7a/liblept.so","ARM 32 bit: lib/armeabi-v7a/libscecompanionutil.so","ARM 32 bit: lib/armeabi-v7a/libscepsxandroidutil.so","ARM 32 bit: lib/armeabi-v7a/libtess.so","ARM 32 bit: lib/armeabi-v7a/libvoucher_ocr.so","MIPS I: lib/mips/liblept.so","MIPS I: lib/mips/libscecompanionutil.so","MIPS I: lib/mips/libscepsxandroidutil.so","MIPS I: lib/mips/libtess.so","MIPS I: lib/mips/libvoucher_ocr.so","x86 32bit: lib/x86/liblept.so","x86 32bit: lib/x86/libscecompanionutil.so","x86 32bit: lib/x86/libscepsxandroidutil.so","x86 32bit: lib/x86/libtess.so","x86 32bit: lib/x86/libvoucher_ocr.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"none","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"No indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Alarm with Intervals test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The scheduled task gets repeated in the following intervals: ","text":"Alarm intervals dynamically?","context":"9420"},"detailList":[{"detail":["30 seconds"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"ok","testID":"Bootcompleted Components Test","resultClass":"Runtime Security","name":"Application autostart receiver","detail":"The Application has the permission to start automatically after booting the device. The application can execute code without userinteraction or prevention.","text":"Executed component after Phone Reboot: ","context":"0"},"resultList":[{"result":["com.playstation.companionutil.StartupReceiver"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","account%s.sonyentertainmentnetwork.com","adrvdsstore.dl.playstation.net","api.twitter.com","app-measurement.com","asm.*.community.playstation.net","auth.api.%ssonyentertainmentnetwork.com","facebook.com","goo.gl","graph-video.%s","graph.%s","play.google.com","plus.google.com","psapp-start.dl.playstation.net","psapp.dl.playstation.net","psn-rsc.prod.dl.playstation.net","sitestream.twitter.com","stream.twitter.com","twitter4j.org","upload.twitter.com","userstream.twitter.com","vl.api.*.km.playstation.net","www.dailymotion.com","www.youtube","www.youtube.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=com.facebook.orca","http://www.dailymotion.com/embed/video/%s?html=1&fullscreen=%s&app=%s&api=location","http://www.dailymotion.com/embed/video/%s?html=1&fullscreen=%s&app=%s&api=location&related=%s","market://details?id=com.facebook.orca","scecompcall://launchInAppView?url="]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/NoPadding\"","\"AES/CBC/PKCS5Padding\"","\"RSA/ECB/OAEPPadding\""]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Cryptographic keys found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"It is considered as a bad practice to use hard-coded cryptographic keys in the application. The following hard-coded cryptographic keys were found: ","text":"Cryptographic keys found?","context":"999"},"detailList":[{"detail":["48,-126,1,34,48,13,6,9,42,-122,72,-122,-9,13,1,1,1,5,0,3,-126,1,15,0,48,-126,1,10,2,-126,1,1,0,-59,-16,14,-4,-64,-28,-26,-117,-39,-90,-98,-15,-108,111,73,36,-89,56,74,14,51,-76,12,-2,5,-77,-83,-24,102,-31,-71,-67,54,-76,95,91,-81,41,37,-91,50,50,-52,-51,47,-13,94,-23,-63,13,-45,10,-120,-96,-89,17,28,89,-44,-14,-110,16,-53,112,104,64,109,-54,122,19,-75,-31,-15,-95,-60,-78,-88,45,67,-9,62,-63,-115,115,34,93,-33,83,-1,-18,117,-39,65,-43,123,-94,-91,123,97,14,-2,-98,-103,123,50,-55,79,-19,37,106,-100,-49,47,71,8,-103,-36,44,-105,-104,-93,-77,9,-67,-3,-109,19,-39,-25,-107,89,-75,-57,-121,-27,-104,61,36,-41,58,-17,111,115,14,54,-86,25,108,-90,-1,77,5,110,86,16,111,-19,35,62,83,-109,-46,-117,119,98,92,-116,117,54,120,-8,-67,15,28,-107,19,84,39,-107,-11,-75,63,87,125,89,-118,65,45,73,-25,93,-41,53,-99,46,96,118,17,15,52,24,-70,58,75,90,-25,46,-95,-66,-17,-25,76,2,-91,73,-73,-120,-93,-11,125,-128,-94,-60,-61,-6,-60,89,-76,-116,-10,51,-43,-124,26,49,93,-7,86,70,48,115,-115,42,-126,77,-38,-65,67,-61,75,-19,70,-47,-48,-90,-77,2,3,1,0,1"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["INTERNET (Allows applications to open network sockets.) ","CAMERA (Required to be able to access the camera device. This will automatically enforce the uses-feature manifest element for all camera features. If you do not require all camera features or can properly operate if a camera is not available, then you must modify your manifest as appropriate in order to install on devices that don't support all camera features.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","GET_TASKS (Allows an application to get information about the currently or recently running tasks.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 6 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["United States","Ireland","Japan","Italy","France","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=com.facebook.orca","http://www.dailymotion.com/embed/video/%s?html=1&fullscreen=%s&app=%s&api=location","http://www.dailymotion.com/embed/video/%s?html=1&fullscreen=%s&app=%s&api=location&related=%s"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Key derivation iteration count: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Key derivation functions with less than 1000 interations are considered vulnerable to bruteforce attacks. Therefore, this app with 10,16 iterations is considered vulnerable.","text":"Key derivation iteration count: ","context":"995"},"resultList":[{"result":["10","16"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["RECEIVE_BOOT_COMPLETED (Allows an application to receive the android.content.Intent ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting. If you don't request this permission, you will not receive the broadcast at that time. Though holding this permission does not have any security implications, it can have a negative impact on the user experience by increasing the amount of time it takes the system to start and allowing applications to have themselves running without the user being aware of them. As such, you must explicitly declare your use of this facility to make that visible to the user.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","VIBRATE (Allows access to the vibrator.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["RECEIVE_BOOT_COMPLETED","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.scee.psxandroid.activity.LaunchFromOtherActivity","com.scee.psxandroid.activity.DebugMainActivity","com.playstation.companionutil.CompanionUtilBrowserRedirectReceiverActivity","com.scee.psxandroid.activity.TwitterRedirectActivity","com.scee.psxandroid.activity.LaunchFromMessengerActivity","com.scee.psxandroid.sso.SsoServiceWebViewActivity","com.facebook.CustomTabActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.scee.psxandroid.permission.C2D_MESSAGE","com.google.android.c2dm.permission.RECEIVE","com.sony.snei.np.android.account.provider.permission.DUID_READ_PROVIDER"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build fingerprint","build brand","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"The SSL trust management for socket communication is modified in an insecure way. The following implementations of the X509TrustManager interface should be checked: ","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"},"detailList":[{"detail":["Lcom/sony/snei/np/android/sso/share/d/a/c;"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarm Serivce test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The alarm manager has been initialized properly. ","text":"Alarm Manager initialized dynamically?","context":"9410"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"ok","testID":"Scheduled Alarm Types test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"","text":"Alarm repeating types: ","context":"9440"},"resultList":[{"result":["ELAPSED_REALTIME"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application contains a registered scheduled alarm. With such an alarm the application repeats the execution of the registered task for example every 10 hours. The following classes register scheduled tasks:","text":"Scheduled Alarm Manager registered?","context":"9450"},"detailList":[{"detail":["com.playstation.companionutil.CompanionUtilSessionService"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for microphone usage, but the application contains specific API calls accessing the microphone. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera","Microphone (inactive)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://www.youtube.com/get_video_info","http://www.dailymotion.com/embed/video/%s?html=1&fullscreen=%s&app=%s&api=location&related=%s","http://www.dailymotion.com/embed/video/%s?html=1&fullscreen=%s&app=%s&api=location","http://twitter4j.org/en/twitter4j-","http://play.google.com/store/apps/details"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: App contains insecure code for communication protection with SSL/TLS. Common source for flawed communication protection against man-in-the-middle attacks. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. ","Crypto: Embedded static encryption key found, which can be extracted by attackers to revert the encryption or fake the signature of the content it is used for."]}]}]},{"attr":{"os":"Android","appId":"com.pokemon.camppokemon:1.2.6","name":"Pokémon Ferienlager","version":"1.2.6","model":"Generic","store_url":"https://play.google.com/store/apps/details?id=com.pokemon.camppokemon"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be considered by doing a device backup. If an application contains sensitive information these can be cloned by backing up the data and extracted from the backup archive off device.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi-v7a/libmain.so","ARM 32 bit: lib/armeabi-v7a/libmono.so","ARM 32 bit: lib/armeabi-v7a/libopencvforunity.so","ARM 32 bit: lib/armeabi-v7a/libunity.so","x86 32bit: lib/x86/libmain.so","x86 32bit: lib/x86/libmono.so","x86 32bit: lib/x86/libopencvforunity.so","x86 32bit: lib/x86/libunity.so"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"none","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"No indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["amzn://apps/android?p=","market://details?id="]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["INTERNET (Allows applications to open network sockets.) ","CAMERA (Required to be able to access the camera device. This will automatically enforce the uses-feature manifest element for all camera features. If you do not require all camera features or can properly operate if a camera is not available, then you must modify your manifest as appropriate in order to install on devices that don't support all camera features.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["ACCESS_WIFI_STATE","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.onevcat.uniwebview.AndroidPlugin"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.android.vending.CHECK_LICENSE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build fingerprint","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera","Location (inactive)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default error handling for SSL/TLS client communication. Error-prone modifications can be ruled out. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Security risks?","context":"0"}}]},{"attr":{"os":"Android","appId":"de.prosiebensat1digital.prosieben:1.7","name":"ProSieben - Live TV, Mediathek","version":"1.7","model":"Generic","store_url":"https://play.google.com/store/apps/details?id=de.prosiebensat1digital.prosieben"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Doubleclick","HockeyApp","ScorecardResearch"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Alarm with Intervals test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The scheduled task gets repeated in the following intervals: ","text":"Alarm intervals dynamically?","context":"9420"},"detailList":[{"detail":["Dynamic interval(s)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","71iapp-cp.nuggad.net","achievement-center.applicaster.com","achievement-center.demo.applicaster.com","achievement-center.qa.applicaster.com","admin.applicaster.com","admin.d8v.applicaster.com","admin.demo.applicaster.com","admin.qa.applicaster.com","ais-api.applicaster.com","ais.qa.applicaster.com","api.appoxee.com","assets-production.applicaster.com","assets-production.applicaster.com.s3.amazonaws.com","b.scorecardresearch.com","csi.gstatic.com","facebook.com","freegeoip.net","googleads.g.doubleclick.net","graph-video.%s","graph.%s","graph.facebook.com","imasdk.googleapis.com","iosapi.appoxee.com","its0n.tv","market.android.com","mobile.twitter.com","mobileapi-stage.prosiebensat1.com","mobileapi-test.prosiebensat1.com","mobileapi.prosiebensat1.com","pagead2.googlesyndication.com","play.google.com","plus.google.com","profile.mediacorp.sg","sb-ssl.google.com","sb.scorecardresearch.com","sdk.hockeyapp.net","ssl.google-analytics.com","stars.applicaster.com","stars.demo.applicaster.com","stars.qa.applicaster.com","udm.scorecardresearch.com","vas-live-mdp.glomex.com","vas.sim-technik.de","www.google-analytics.com","www.google.com","www.googleapis.com","www.googletagmanager.com","www.prosieben.de","zapp-client.applicaster.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["://play?channelid=","http://b.scorecardresearch.com/p2?c2=","http://iosapi.appoxee.com/AppBoxWebClient/feedback/feedback.aspx?appID=","http://market.android.com/details?id=","http://market.android.com/support/bin/answer.py?answer=1050566&hl=%lang%&dl=%region%","http://play.google.com/store/apps/details?id=com.facebook.orca","https://play.google.com/store/apps/details?id=","https://profile.mediacorp.sg/v2/MobileSignIn.aspx?clientid=84a57fdb-0d6f-4327-a7b2-acf452e94fe1&web=toggle&sub=now","https://profile.mediacorp.sg/v2/MobileSignIn.aspx?clientid=84a57fdb-0d6f-4327-a7b2-acf452e94fe1&web=toggle&sub=now&logintype=facebook","https://profile.mediacorp.sg/v2/MobileSignIn.aspx?clientid=84a57fdb-0d6f-4327-a7b2-acf452e94fe1&web=toggle&sub=now&logintype=ma","https://profile.mediacorp.sg/v2/MobileSignUpOverlay.aspx?clientid=toggle&web=toggle&sub=now","market://details?id=%s","market://details?id=com.facebook.orca","market://details?id=com.google.ads.interactivemedia.v3","market://details?id=com.google.android.gms.ads"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"ECB mode usage identified. This mode has the disadvantage, that identical plaintext blocks are encrypted into identical ciphertext blocks. Therefore it does not hide patterns well and this mode is not recommended for use in cryptographic protocols at all. ","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\"","\"AES/CBC/PKCS7Padding\"","\"AES/ECB/PKCS7Padding\"","\"RSA/ECB/PKCS1PADDING\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["INTERNET (Allows applications to open network sockets.) ","USE_CREDENTIALS (Allows an application to request authtokens from the AccountManager.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 7 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Austria","Singapore","Belgium","United States","Ireland","Germany","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://b.scorecardresearch.com/p2?c2=","http://iosapi.appoxee.com/AppBoxWebClient/feedback/feedback.aspx?appID=","http://market.android.com/details?id=","http://market.android.com/support/bin/answer.py?answer=1050566&hl=%lang%&dl=%region%","http://play.google.com/store/apps/details?id=com.facebook.orca"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"MIXED_URL-TEST","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Mixed usage of HTTP and HTTPS: Protected and unprotected submission of parameters to the same domain. Indicates implementation flaw or weak communication protection. ","text":"Domains accessed with http AND https: ","context":"7000"},"resultList":[{"result":["play.google.com"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["USE_CREDENTIALS","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.applicaster.billing.APStorefront","com.facebook.CustomTabActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.applicaster.permission.C2D_MESSAGE","com.google.android.c2dm.permission.RECEIVE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build serial","build display","build fingerprint","build brand","IMEI/MEID","SIM card serial","subscriber ID (IMSI)","country code + mobile network code for SIM provider","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarm Serivce test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The alarm manager has been initialized properly. ","text":"Alarm Manager initialized dynamically?","context":"9410"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"ok","testID":"Scheduled Alarm Types test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"","text":"Alarm repeating types: ","context":"9440"},"resultList":[{"result":["ELAPSED_REALTIME"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application contains a registered scheduled alarm. With such an alarm the application repeats the execution of the registered task for example every 10 hours. The following classes register scheduled tasks:","text":"Scheduled Alarm Manager registered?","context":"9450"},"detailList":[{"detail":["com.applicaster.genericapp.fragments.ChannelListFragment","com.applicaster.genericapp.fragments.SchedulePageFragment","com.applicaster.genericapp.fragments.MultiChannelTabletFragment"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Location (inactive)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://achievement-center.demo.applicaster.com/api/v1","http://achievement-center.applicaster.com/api/","http://iosapi.appoxee.com/AppBoxWebClient/feedback/feedback.aspx?appID=","http://imasdk.googleapis.com/native/sdkloader/native_sdk_v3.html","http://achievement-center.applicaster.com/api/v1","http://market.android.com/details?id=","http://api.appoxee.com/api/","http://b.scorecardresearch.com/p2?c2=","http://ais.qa.applicaster.com/api/v1/","http://achievement-center.qa.applicaster.com/api/v1","http://achievement-center.demo.applicaster.com/api/","http://udm.scorecardresearch.com/offline","http://b.scorecardresearch.com/p2?","http://freegeoip.net/json/","http://achievement-center.qa.applicaster.com/api/"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: unintended use of insecure HTTP protocol for transmissions of parameters to servers capable of HTTPS. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"de.prosiebensat1digital.sat1:1.7","name":"SAT.1 - Live TV und Mediathek","version":"1.7","model":"Generic","store_url":"https://play.google.com/store/apps/details?id=de.prosiebensat1digital.sat1"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Doubleclick","HockeyApp","ScorecardResearch"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Alarm with Intervals test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The scheduled task gets repeated in the following intervals: ","text":"Alarm intervals dynamically?","context":"9420"},"detailList":[{"detail":["Dynamic interval(s)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","71iapp-cp.nuggad.net","achievement-center.applicaster.com","achievement-center.demo.applicaster.com","achievement-center.qa.applicaster.com","admin.applicaster.com","admin.d8v.applicaster.com","admin.demo.applicaster.com","admin.qa.applicaster.com","ais-api.applicaster.com","ais.qa.applicaster.com","api.appoxee.com","assets-production.applicaster.com","assets-production.applicaster.com.s3.amazonaws.com","b.scorecardresearch.com","csi.gstatic.com","facebook.com","freegeoip.net","googleads.g.doubleclick.net","graph-video.%s","graph.%s","graph.facebook.com","imasdk.googleapis.com","iosapi.appoxee.com","its0n.tv","market.android.com","mobile.twitter.com","mobileapi-stage.prosiebensat1.com","mobileapi-test.prosiebensat1.com","mobileapi.prosiebensat1.com","pagead2.googlesyndication.com","play.google.com","plus.google.com","profile.mediacorp.sg","sb-ssl.google.com","sb.scorecardresearch.com","sdk.hockeyapp.net","ssl.google-analytics.com","stars.applicaster.com","stars.demo.applicaster.com","stars.qa.applicaster.com","udm.scorecardresearch.com","vas-live-mdp.glomex.com","vas.sim-technik.de","www.google-analytics.com","www.google.com","www.googleapis.com","www.googletagmanager.com","www.prosieben.de","zapp-client.applicaster.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["://play?channelid=","http://b.scorecardresearch.com/p2?c2=","http://iosapi.appoxee.com/AppBoxWebClient/feedback/feedback.aspx?appID=","http://market.android.com/details?id=","http://market.android.com/support/bin/answer.py?answer=1050566&hl=%lang%&dl=%region%","http://play.google.com/store/apps/details?id=com.facebook.orca","https://play.google.com/store/apps/details?id=","https://profile.mediacorp.sg/v2/MobileSignIn.aspx?clientid=84a57fdb-0d6f-4327-a7b2-acf452e94fe1&web=toggle&sub=now","https://profile.mediacorp.sg/v2/MobileSignIn.aspx?clientid=84a57fdb-0d6f-4327-a7b2-acf452e94fe1&web=toggle&sub=now&logintype=facebook","https://profile.mediacorp.sg/v2/MobileSignIn.aspx?clientid=84a57fdb-0d6f-4327-a7b2-acf452e94fe1&web=toggle&sub=now&logintype=ma","https://profile.mediacorp.sg/v2/MobileSignUpOverlay.aspx?clientid=toggle&web=toggle&sub=now","market://details?id=%s","market://details?id=com.facebook.orca","market://details?id=com.google.ads.interactivemedia.v3","market://details?id=com.google.android.gms.ads"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"ECB mode usage identified. This mode has the disadvantage, that identical plaintext blocks are encrypted into identical ciphertext blocks. Therefore it does not hide patterns well and this mode is not recommended for use in cryptographic protocols at all. ","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\"","\"AES/CBC/PKCS7Padding\"","\"AES/ECB/PKCS7Padding\"","\"RSA/ECB/PKCS1PADDING\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","INTERNET (Allows applications to open network sockets.) ","USE_CREDENTIALS (Allows an application to request authtokens from the AccountManager.) ","READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 7 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Austria","Singapore","Belgium","United States","Ireland","Germany","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://b.scorecardresearch.com/p2?c2=","http://iosapi.appoxee.com/AppBoxWebClient/feedback/feedback.aspx?appID=","http://market.android.com/details?id=","http://market.android.com/support/bin/answer.py?answer=1050566&hl=%lang%&dl=%region%","http://play.google.com/store/apps/details?id=com.facebook.orca"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"MIXED_URL-TEST","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Mixed usage of HTTP and HTTPS: Protected and unprotected submission of parameters to the same domain. Indicates implementation flaw or weak communication protection. ","text":"Domains accessed with http AND https: ","context":"7000"},"resultList":[{"result":["play.google.com"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["USE_CREDENTIALS","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.applicaster.billing.APStorefront","com.facebook.CustomTabActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.applicaster.permission.C2D_MESSAGE","com.google.android.c2dm.permission.RECEIVE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build serial","build display","build fingerprint","build brand","IMEI/MEID","SIM card serial","subscriber ID (IMSI)","country code + mobile network code for SIM provider","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarm Serivce test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The alarm manager has been initialized properly. ","text":"Alarm Manager initialized dynamically?","context":"9410"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"ok","testID":"Scheduled Alarm Types test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"","text":"Alarm repeating types: ","context":"9440"},"resultList":[{"result":["ELAPSED_REALTIME"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application contains a registered scheduled alarm. With such an alarm the application repeats the execution of the registered task for example every 10 hours. The following classes register scheduled tasks:","text":"Scheduled Alarm Manager registered?","context":"9450"},"detailList":[{"detail":["com.applicaster.genericapp.fragments.ChannelListFragment","com.applicaster.genericapp.fragments.SchedulePageFragment","com.applicaster.genericapp.fragments.MultiChannelTabletFragment"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Location (inactive)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://achievement-center.demo.applicaster.com/api/v1","http://achievement-center.applicaster.com/api/","http://iosapi.appoxee.com/AppBoxWebClient/feedback/feedback.aspx?appID=","http://imasdk.googleapis.com/native/sdkloader/native_sdk_v3.html","http://achievement-center.applicaster.com/api/v1","http://market.android.com/details?id=","http://api.appoxee.com/api/","http://b.scorecardresearch.com/p2?c2=","http://ais.qa.applicaster.com/api/v1/","http://achievement-center.qa.applicaster.com/api/v1","http://achievement-center.demo.applicaster.com/api/","http://udm.scorecardresearch.com/offline","http://b.scorecardresearch.com/p2?","http://freegeoip.net/json/","http://achievement-center.qa.applicaster.com/api/"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: unintended use of insecure HTTP protocol for transmissions of parameters to servers capable of HTTPS. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"de.rtli.tvnow:1.1.0","name":"TV NOW","version":"1.1.0","model":"Media Player","store_url":"https://play.google.com/store/apps/details?id=de.rtli.tvnow"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi/libAVEAndroid.so","ARM 32 bit: lib/x86/libAVEAndroid.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Bugsnap","INFOnline"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["accounts.google.com","ad.auditude.com","api-edit-tvnow.rtlnm.de","api.tvnow.de","app-measurement.com","bugsnag.com","cdn.auditude.com","cdn2.auditude.com","config.ioam.de","de.ioam.de","fpdownload.macromedia.com","iam-agof-app.irquest.com","login.live.com","login.yahoo.com","notify-bugs-fra1.rtl.de","notify.bugsnag.com","plus.google.com","ssl.google-analytics.com","twitter.com","www.adobe.com","www.facebook.com","www.google-analytics.com","www.googleapis.com","www.googletagmanager.com","www.linkedin.com","www.paypal.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://ad.auditude.com/adserver/e?type=playererror"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 7 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Netherlands","United States","Ireland","Luxembourg","United Kingdom","Germany","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://ad.auditude.com/adserver/e?type=playererror"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) "]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["de.rtli.everest.activity.MainActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["de.rtli.tvnow.permission.C2D_MESSAGE","com.google.android.c2dm.permission.RECEIVE","de.rtli.push.permission.C2D_MESSAGE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build serial","build hardware","build display","build brand","IMEI/MEID","Wifi-MAC address","country code + mobile network code for SIM provider","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"no","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"No indicators for overprivilege/redundant permissions found! The defined permission can not abused by foreign apps.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Location (inactive)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://cdn.auditude.com/adserver","http://iam-agof-app.irquest.com/agof-qds/v2","http://cdn2.auditude.com/assets/3p/v1/","http://cdn2.auditude.com/assets/3p/v","http://cdn.auditude.com/player/tvsdk/vpaid/2.0/vpaid.html","http://iam-agof-app.irquest.com/agof-qds/v2/measure","http://www.adobe.com/go/getflashplayer","http://ad.auditude.com/adserver/e?type=playererror"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default error handling for SSL/TLS client communication. Error-prone modifications can be ruled out. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"de.tvspielfilm:4.5.0","name":"TV SPIELFILM - TV Programm","version":"4.5.0","model":"News","store_url":"https://play.google.com/store/apps/details?id=de.tvspielfilm"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Crashlytics","Doubleclick","INFOnline","Mixpanel"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"ok","testID":"Bootcompleted Components Test","resultClass":"Runtime Security","name":"Application autostart receiver","detail":"The Application has the permission to start automatically after booting the device. The application can execute code without userinteraction or prevention.","text":"Executed component after Phone Reboot: ","context":"0"},"resultList":[{"result":["de.tvspielfilm.receiver.FavoriteBootReceiver"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["(.*)\\.amazon\\.[^",".facebook.com","accounts.google.com","api.mixpanel.com","api.twitter.com","app.adjust.com","config.ioam.de","csi.gstatic.com","de.ioam.de","decide.mixpanel.com","developers.facebook.com","e.crashlytics.com","facebook.com","github.com","googleads.g.doubleclick.net","graph-video.%s","graph.%s","iam-agof-app.irquest.com","imasdk.googleapis.com","maps.google.com","play.google.com","plus.google.com","settings.crashlytics.com","sitestream.twitter.com","ssl.google-analytics.com","stream.twitter.com","tinyurl.com","twitter4j.org","upload.twitter.com","userstream.twitter.com","www.adjust.com","www.google-analytics.com","www.google.com","www.googleapis.com","www.googletagmanager.com","www.websequencediagrams.com","yuml.me"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["=https?://)","amzn://apps/android?p=","http://api.mixpanel.com/track?ip=1","http://play.google.com/store/apps/details?id=","http://play.google.com/store/apps/details?id=com.facebook.orca","http://tinyurl.com/api-create.php?url=","https://accounts.google.com/o/oauth2/tokeninfo?access_token=","https://api.mixpanel.com/track?ip=1","https://maps.google.com/maps?q=","market://details?id=","market://details?id=com.facebook.orca","market://details?id=com.google.ads.interactivemedia.v3","market://details?id=com.google.android.gms.ads"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\"","\"AES/CBC/PKCS7Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["INTERNET (Allows applications to open network sockets.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 6 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Canada","United States","Ireland","Japan","Germany","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://api.mixpanel.com/track?ip=1","http://play.google.com/store/apps/details?id=","http://play.google.com/store/apps/details?id=com.facebook.orca","http://tinyurl.com/api-create.php?url="]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"MIXED_URL-TEST","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Mixed usage of HTTP and HTTPS: Protected and unprotected submission of parameters to the same domain. Indicates implementation flaw or weak communication protection. ","text":"Domains accessed with http AND https: ","context":"7000"},"resultList":[{"result":["api.mixpanel.com"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","RECEIVE_BOOT_COMPLETED (Allows an application to receive the android.content.Intent ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting. If you don't request this permission, you will not receive the broadcast at that time. Though holding this permission does not have any security implications, it can have a negative impact on the user experience by increasing the amount of time it takes the system to start and allowing applications to have themselves running without the user being aware of them. As such, you must explicitly declare your use of this facility to make that visible to the user.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["GET_ACCOUNTS","READ_EXTERNAL_STORAGE","RECEIVE_BOOT_COMPLETED"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["de.tvspielfilm.activities.phone.HomeActivity","de.tvspielfilm.activities.DeepLinkActivity","com.facebook.CustomTabActivity","de.tvspielfilm.activities.tablet.HomeActivityTablet"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["de.tvspielfilm.permission.C2D_MESSAGE","com.android.vending.BILLING","com.google.android.c2dm.permission.RECEIVE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build hardware","build display","build brand","IMEI/MEID","Wifi-MAC address","country code + mobile network code for SIM provider","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"The SSL trust management for socket communication is modified in an insecure way. The following implementations of the X509TrustManager interface should be checked: ","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"},"detailList":[{"detail":["Lcom/amazon/identity/auth/device/endpoint/AbstractTokenRequestattrUnsafeSslHttpClientattrMySSLSocketFactoryattr1;"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"none","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"No sensor usage Indicators found.","text":"Sensor usage: ","context":"0"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://api.mixpanel.com/track?ip=1","http://play.google.com/store/apps/details?id=","http://decide.mixpanel.com/decide","http://imasdk.googleapis.com/native/sdkloader/native_sdk_v3.html","http://developers.facebook.com/policy/","http://api.mixpanel.com/engage","http://iam-agof-app.irquest.com/agof-qds/v2","http://twitter4j.org/en/twitter4j-","http://iam-agof-app.irquest.com/agof-qds/v2/measure","http://tinyurl.com/api-create.php?url=","http://yuml.me/diagram/"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: App contains insecure code for communication protection with SSL/TLS. Common source for flawed communication protection against man-in-the-middle attacks. ","Possible flaw: unintended use of insecure HTTP protocol for transmissions of parameters to servers capable of HTTPS. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"tv.twitch.android.app:4.11.1","name":"Twitch","version":"4.11.1","model":"Generic","store_url":"https://play.google.com/store/apps/details?id=tv.twitch.android.app"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is disabled. This means no backup or restore of the application will ever be performed, even by a full-system backup that would otherwise cause all application data to be saved via adb backup function.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARMv8 64 bit: lib/arm64-v8a/libtwitchsdk.so","ARM 32 bit: lib/armeabi/libtwitchsdk.so","ARM 32 bit: lib/armeabi-v7a/libtwitchsdk.so","MIPS I: lib/mips/libtwitchsdk.so","MIPS I: lib/mips64/libtwitchsdk.so","x86 32bit: lib/x86/libtwitchsdk.so","x86 64bit: lib/x86_64/libtwitchsdk.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Crashlytics","Doubleclick","INFOnline","Mixpanel","ScorecardResearch"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["api.justin.tv","api.mixpanel.com","b.scorecardresearch.com","config.ioam.de","csi.gstatic.com","de.ioam.de","decide.mixpanel.com","e.crashlytics.com","googleads.g.doubleclick.net","link.twitch.tv","minixperiment.twitch.tv","pagead2.googlesyndication.com","plus.google.com","pubads.g.doubleclick.net","sb-ssl.google.com","sb.scorecardresearch.com","settings.crashlytics.com","spectre.twitch.tv","static-cdn.jtvnw.net","status.twitch.tv","tmi.twitch.tv","udm.scorecardresearch.com","www.google.com","www.googleapis.com","www.twitch.tv"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://%s/api/channel/hls/%s.m3u8?token=%s&sig=%s","http://%s/api/channel/hls/%s.m3u8?token=%s&sig=%s&allow_spectre=true","http://%s/api/users/%s/followed/hosting?offset=%d&limit=%d","http://%s/track/?data=%s&ip=1","http://%s/vod/%s.m3u8?nauth=%s&nauthsig=%s","http://api.mixpanel.com/track?ip=1","https://%s/api/channels/%s/use_chat_notification_token?token_id=%s","https://%s/api/resumewatching/user-video?id=%s&video_id=%s&position=%s&type=%s","https://%s/api/resumewatching/user?id=%s","https://%s/api/ticket_products/%s/checkout_url?platform=%s&device_id=%s&return_url=%s","https://%s/api/users/%s/follows/channels?offset=%d&limit=%d&sortby=%s&direction=%s","https://%s/api/users/%s/follows/games/follow?name=%s","https://%s/api/users/%s/follows/games/isFollowing?name=%s","https://%s/api/users/%s/follows/games/live?offset=%d&limit=%d","https://%s/api/users/%s/follows/games/unfollow?name=%s","https://%s/api/users/%s/follows/games?offset=%d&limit=%d","https://%s/api/users/%s/tickets?channel=%s","https://%s/kraken/channels/%s/videos?limit=%d&offset=%d","https://%s/kraken/feed/%s/posts/%s/comments/%s/reactions?emote_id=%s","https://%s/kraken/feed/%s/posts/%s/comments?limit=%d&cursor=%s","https://%s/kraken/feed/%s/posts/%s/comments?user=%s","https://%s/kraken/feed/%s/posts/%s/reactions?emote_id=%s","https://%s/kraken/feed/%s/posts?limit=%d","https://%s/kraken/games/featured?limit=%d&hls=true&offset=%d&avc_profile=High&avc_level=4.1&platform=%s","https://%s/kraken/games/top?limit=%d&hls=true&offset=%d&avc_profile=High&avc_level=4.1","https://%s/kraken/oauth2/authorize?response_type=code&client_id=%s&redirect_uri=%s&login_type=%s&scope=%s","https://%s/kraken/oauth2/token?client_id=%s&client_secret=%s&grant_type=authorization_code&redirect_uri=%s&code=%s","https://%s/kraken/streams/featured?limit=%d&hls=true&offset=%d&avc_profile=High&avc_level=4.1","https://%s/kraken/streams/followed?offset=%d&limit=%d&hls=true&avc_profile=High&avc_level=4.1","https://%s/kraken/streams?limit=%d&game=%s&hls=true&offset=%d&avc_profile=High&avc_level=4.1","https://%s/kraken/streams?limit=%d&game=%s&hls=true&offset=%d&broadcaster_language=%s&avc_profile=High&avc_level=4.1","https://%s/kraken/streams?limit=%d&hls=true&offset=%d&avc_profile=High&avc_level=4.1","https://%s/kraken/streams?limit=%d&hls=true&offset=%d&broadcaster_language=%s&avc_profile=High&avc_level=4.1","https://%s/kraken/videos/top?limit=%d&game=%s&offset=%d&broadcast_type=all&period=week","https://api.mixpanel.com/track?ip=1","https://tmi.twitch.tv/hosts?include_logins=1&host=%s","market://details?id=","market://details?id=com.google.android.gms.ads","ttv://open?stream=","ttv://open?video=%s&position=%s","ttv://open?video=%s&t=%s"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"ECB mode usage identified. This mode has the disadvantage, that identical plaintext blocks are encrypted into identical ciphertext blocks. Therefore it does not hide patterns well and this mode is not recommended for use in cryptographic protocols at all. ","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\"","\"AES/CBC/PKCS7Padding\"","\"AES/ECB/PKCS7Padding\"","\"RSA/ECB/PKCS1PADDING\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["INTERNET (Allows applications to open network sockets.) ","SYSTEM_ALERT_WINDOW (Allows an application to open windows using the type android.view.WindowManager.LayoutParams TYPE_SYSTEM_ALERT, shown on top of all other applications. Very few applications should use this permission; these windows are intended for system-level interaction with the user.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 5 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Belgium","United States","Ireland","Germany","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://%s/api/channel/hls/%s.m3u8?token=%s&sig=%s","http://%s/api/channel/hls/%s.m3u8?token=%s&sig=%s&allow_spectre=true","http://%s/vod/%s.m3u8?nauth=%s&nauthsig=%s","http://api.mixpanel.com/track?ip=1"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)","load(...)","loadLibrary(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelatePackageManagerChecks","value":"yes","testID":"Lists installed applications","resultClass":"Privacy","name":"Package Manager Test","detail":"The Application gathers a list of installed applications. Even though some legitimate applications may use this functionality, it can be misused to send this information to third parties.","text":"Installed app list accessed?","context":"5000"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"MIXED_URL-TEST","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Mixed usage of HTTP and HTTPS: Protected and unprotected submission of parameters to the same domain. Indicates implementation flaw or weak communication protection. ","text":"Domains accessed with http AND https: ","context":"7000"},"resultList":[{"result":["api.mixpanel.com"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["SYSTEM_ALERT_WINDOW"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["tv.twitch.android.app.core.DeepLinkActivity","com.google.android.libraries.cast.companionlibrary.cast.player.VideoCastControllerActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.google.android.c2dm.permission.RECEIVE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build serial","build hardware","build display","build fingerprint","build brand","IMEI/MEID","Wifi-MAC address","country code + mobile network code for SIM provider","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Location (inactive)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://api.mixpanel.com/track?ip=1","http://www.twitch.tv/user/legal","http://decide.mixpanel.com/decide","http://link.twitch.tv/learn_more_channel_feed","http://api.mixpanel.com/engage","http://spectre.twitch.tv/v1/channels/%s","http://udm.scorecardresearch.com/offline","http://b.scorecardresearch.com/p2?"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: unintended use of insecure HTTP protocol for transmissions of parameters to servers capable of HTTPS. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["App Listing: Usage of detected functionality to access list of installed apps may poses a privacy risk."]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.google.android.apps.youtube.gaming:1.6.19.8","name":"YouTube Gaming","version":"1.6.19.8","model":"Generic","store_url":"https://play.google.com/store/apps/details?id=com.google.android.apps.youtube.gaming"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is disabled. This means no backup or restore of the application will ever be performed, even by a full-system backup that would otherwise cause all application data to be saved via adb backup function.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["x86 32bit: lib/x86/libambisonic_audio_renderer.so","x86 32bit: lib/x86/libcronet.so","x86 32bit: lib/x86/libvpx.so","x86 32bit: lib/x86/libvpxJNI.so","x86 32bit: lib/x86/libvrtoolkit.so"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"yes","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"App requests permission READ_CONTACTS to access the phones address book.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Doubleclick"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"ok","testID":"Bootcompleted Components Test","resultClass":"Runtime Security","name":"Application autostart receiver","detail":"The Application has the permission to start automatically after booting the device. The application can execute code without userinteraction or prevention.","text":"Executed component after Phone Reboot: ","context":"0"},"resultList":[{"result":["com.google.android.libraries.youtube.offline.transfer.service.OfflineTransferServiceattrDeviceStateReceiver"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["app-measurement.com","csi.gstatic.com","dummy.googlevideo.com","gdata.youtube.com","googleads.g.doubleclick.net","gvabox.com","m.youtube.com","mpcontrollers.s3-website-us-east-1.amazonaws.com","play.google.com","plus.google.com","ssl.google-analytics.com","staging-www.sandbox.googleapis.com","staging-youtubei.sandbox.googleapis.com","support.goo","support.googl","support.google.c","support.google.com","test-www.sandbox.googleapis.com","test-youtubei.sandbox.googleapis.com","video.google.com","www.com","www.google-analytics.com","www.google.com","www.googleapis.com","www.googletagmanager.com","www.you","www.youtube-nocookie.com","www.youtube.com","youtube.com","youtubei.googleapis.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["a;href=https://www.google.com/get/cardboard/?ytvrm=1","http://www.youtube.com/watch?v=","https://play.google.com/store/apps/details?id=com.google.android.apps.youtube.gaming","https://video.google.com/timedtext?hl=","https://video.google.com/timedtext?hl=en&v=","https://www.youtube.com/leanback_ajax?action_environment=1","https://www.youtube.com/t/terms?chromeless=1","https://www.youtube.com/watch?v="]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\"","\"AES/CTR/NoPadding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["ACCESS_COARSE_LOCATION (Allows an app to access approximate location derived from network location sources such as cell towers and Wi-Fi.) ","USE_CREDENTIALS (Allows an application to request authtokens from the AccountManager.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","INTERNET (Allows applications to open network sockets.) ","CAMERA (Required to be able to access the camera device. This will automatically enforce the uses-feature manifest element for all camera features. If you do not require all camera features or can properly operate if a camera is not available, then you must modify your manifest as appropriate in order to install on devices that don't support all camera features.) ","READ_CONTACTS (Allows an application to read the user's contacts data.) ","SYSTEM_ALERT_WINDOW (Allows an application to open windows using the type android.view.WindowManager.LayoutParams TYPE_SYSTEM_ALERT, shown on top of all other applications. Very few applications should use this permission; these windows are intended for system-level interaction with the user.) ","RECORD_AUDIO (Allows an application to record audio.) ","ACCESS_FINE_LOCATION (Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 4 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Belgium","United States","Ireland","unknown"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"MIXED_URL-TEST","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Mixed usage of HTTP and HTTPS: Protected and unprotected submission of parameters to the same domain. Indicates implementation flaw or weak communication protection. ","text":"Domains accessed with http AND https: ","context":"7000"},"resultList":[{"result":["www.youtube.com"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","RECEIVE_BOOT_COMPLETED (Allows an application to receive the android.content.Intent ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting. If you don't request this permission, you will not receive the broadcast at that time. Though holding this permission does not have any security implications, it can have a negative impact on the user experience by increasing the amount of time it takes the system to start and allowing applications to have themselves running without the user being aware of them. As such, you must explicitly declare your use of this facility to make that visible to the user.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","GET_PACKAGE_SIZE (Allows an application to find out the space used by any package.) ","VIBRATE (Allows access to the vibrator.) ","GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_CONTACTS","GET_PACKAGE_SIZE","SYSTEM_ALERT_WINDOW","RECEIVE_BOOT_COMPLETED","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.google.android.libraries.social.licenses.LicenseMenuActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.google.android.apps.youtube.gaming.permission.C2D_MESSAGE","com.google.android.c2dm.permission.RECEIVE","com.google.android.providers.gsf.permission.READ_GSERVICES"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build display","build fingerprint","build brand","country code + mobile network code for SIM provider","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Class AllowAllHostnameVerifier is used or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually. Application defines GPS Location Access Permission ( android.permission.ACCESS_FINE_LOCATION) but there where no specific API calls found. This could be an indication for overprivileges, developer missconfiguration or confused deputy attack. Application defines a permission ( android.permission.RECORD_AUDIO ) accessing the microphone, but there were no specific API calls found. This could be an indication for overprivileges, developer missconfiguration or confused deputy attack.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera","Acceleration/Light"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://youtube.com/streaming/metadata/segment/102015","http://mpcontrollers.s3-website-us-east-1.amazonaws.com/demos/guest/","http://dummy.googlevideo.com/videoplayback","http://gvabox.com/youtube/debug/"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: unintended use of insecure HTTP protocol for transmissions of parameters to servers capable of HTTPS. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.oneandone.controlcenter:3.13.1","name":"1&1 Control-Center","version":"3.13.1","model":"Generic","store_url":"https://play.google.com/store/apps/details?id=com.oneandone.controlcenter"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"none","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"No indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["accshmssamwbsproda01.cname.lan","acs-eue-qs001.v976.gmx.net","center.vodafone.de","dbs.breitbandtest.net","dsl.1und1.de","hilfe-center.1und1.de","hsp-eue-qa.server.lan","hsp.1und1.de","ias.1und1.de","login-geo.1und1.de","passwort.1und1.de","play.google.com","plus.google.com","www.amazon.de","www.ebay.de","www.facebook.com","www.google.de","www.googleapis.com","www.youtube.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://hilfe-center.1und1.de/article/793490?hc=a_control-center-app","http://hilfe-center.1und1.de/category/85143?hc=a_control-center-app","https://%s/rest/v1/mbox/%s?client=%s","https://play.google.com/store/apps/details?id=","market://details?id="]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"ECB mode usage identified. This mode has the disadvantage, that identical plaintext blocks are encrypted into identical ciphertext blocks. Therefore it does not hide patterns well and this mode is not recommended for use in cryptographic protocols at all. ","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/ECB/PKCS7Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["AUTHENTICATE_ACCOUNTS (Allows an application to act as an AccountAuthenticator for the AccountManager.) ","ACCESS_FINE_LOCATION (Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.) ","INTERNET (Allows applications to open network sockets.) ","ACCESS_COARSE_LOCATION (Allows an app to access approximate location derived from network location sources such as cell towers and Wi-Fi.) ","READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","MANAGE_ACCOUNTS (Allows an application to manage the list of accounts in the AccountManager.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 4 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["United States","Ireland","Germany","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://hilfe-center.1und1.de/article/793490?hc=a_control-center-app","http://hilfe-center.1und1.de/category/85143?hc=a_control-center-app"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["ClassLoader.loadClass(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelatePackageManagerChecks","value":"yes","testID":"Lists installed applications","resultClass":"Privacy","name":"Package Manager Test","detail":"The Application gathers a list of installed applications. Even though some legitimate applications may use this functionality, it can be misused to send this information to third parties.","text":"Installed app list accessed?","context":"5000"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.oneandone.controlcenter.MainActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["android.permission.ACCESS_COARSE_UPDATES"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","IMEI/MEID","SIM card serial","subscriber ID (IMSI)","MAC address(es)","Wifi-MAC address","country code + mobile network code for SIM provider","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"yes","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app uses protection measures for preventing screenshots at least for some or all activities. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different sensors. This allows the application to track the user and/or determine the environment of the user.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["WIFI-Based Location","GPS Location"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://hilfe-center.1und1.de/hosting/contact","http://hilfe-center.1und1.de/mobil-telefonieren-c84077/im-ausland-telefonieren-c85247/1und1-telefon-und-sms-europa-1-a794139.html","http://hsp-eue-qa.server.lan/http-service-proxy1/service/pacs/MSSAContext","http://accshmssamwbsproda01.cname.lan:8180/mssa/","http://hilfe-center.1und1.de/category/85143?hc=a_control-center-app","http://hilfe-center.1und1.de/mobil-surfen-im-internet-c84076/im-ausland-unterwegs-c84443/","http://acs-eue-qs001.v976.gmx.net/accesscontrolservice-1.0/rest/login","http://hilfe-center.1und1.de/article/793490?hc=a_control-center-app","http://dsl.1und1.de/DetailsBedingungMobilfunk"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default error handling for SSL/TLS client communication. Error-prone modifications can be ruled out. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["App Listing: Usage of detected functionality to access list of installed apps may poses a privacy risk."]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.adobe.reader:16.2.1","name":"Adobe Acrobat Reader","version":"16.2.1","model":"File Viewer","store_url":"https://play.google.com/store/apps/details?id=com.adobe.reader"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is disabled. This means no backup or restore of the application will ever be performed, even by a full-system backup that would otherwise cause all application data to be saved via adb backup function.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["x86 32bit: lib/x86/libpl_droidsonroids_gif.so","x86 32bit: lib/x86/libpl_droidsonroids_gif_surface.so","x86 32bit: lib/x86/libAdobeReader.so"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["HockeyApp"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["createpdf.acrobat.com","createpdf.stage.acrobat.com","createpdf.test.dexilab.acrobat.com","files.acrobat.com","files.stage.acrobat.com","files.test.dexilab.acrobat.com","gps.echosign.com","gps.echosigndemo.com","gps.echosigndr.com","gps.echosignpreview.com","gps.echosignstage.com","na1p-stg1.licenses.adobe.com","na1p.licenses.adobe.com","new.acrobat.com","new.stage.acrobat.com","sdk.hockeyapp.net","www.adobe.com","www.google.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["https://new.acrobat.com/doc-cloud/br/pt/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/br/pt/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/br/pt/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/br/pt/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/cn/zh/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/cn/zh/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/cn/zh/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/cn/zh/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/cz/cs/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/cz/cs/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/cz/cs/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/cz/cs/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/de/de/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/de/de/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/de/de/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/de/de/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/dk/da/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/dk/da/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/dk/da/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/dk/da/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/es/es/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/es/es/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/es/es/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/es/es/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/fi/fi/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/fi/fi/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/fi/fi/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/fi/fi/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/fr/fr/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/fr/fr/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/fr/fr/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/fr/fr/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/it/it/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/it/it/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/it/it/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/it/it/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/jp/ja/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/jp/ja/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/jp/ja/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/jp/ja/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/kr/ko/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/kr/ko/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/kr/ko/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/kr/ko/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/nl/nl/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/nl/nl/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/nl/nl/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/nl/nl/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/no/nb/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/no/nb/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/no/nb/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/no/nb/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/pl/pl/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/pl/pl/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/pl/pl/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/pl/pl/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/ru/ru/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/ru/ru/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/ru/ru/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/ru/ru/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/se/sv/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/se/sv/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/se/sv/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/se/sv/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/tr/tr/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/tr/tr/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/tr/tr/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/tr/tr/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/tw/zh/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/tw/zh/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/tw/zh/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/tw/zh/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/us/en/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/us/en/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.acrobat.com/doc-cloud/us/en/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.acrobat.com/doc-cloud/us/en/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud//cn/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/br/pt/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/br/pt/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/br/pt/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/br/pt/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/cn/zh/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/cn/zh/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/cn/zh/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/cz/cs/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/cz/cs/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/cz/cs/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/cz/cs/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/de/de/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/de/de/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/de/de/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/de/de/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/dk/da/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/dk/da/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/dk/da/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/dk/da/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/es/es/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/es/es/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/es/es/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/es/es/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/fi/fi/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/fi/fi/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/fi/fi/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/fi/fi/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/fr/fr/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/fr/fr/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/fr/fr/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/fr/fr/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/it/it/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/it/it/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/it/it/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/it/it/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/jp/ja/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/jp/ja/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/jp/ja/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/jp/ja/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/kr/ko/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/kr/ko/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/kr/ko/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/kr/ko/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/nl/nl/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/nl/nl/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/nl/nl/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/nl/nl/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/no/nb/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/no/nb/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/no/nb/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/no/nb/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/pl/pl/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/pl/pl/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/pl/pl/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/pl/pl/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/ru/ru/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/ru/ru/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/ru/ru/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/ru/ru/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/se/sv/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/se/sv/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/se/sv/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/se/sv/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/tr/tr/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/tr/tr/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/tr/tr/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/tr/tr/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/tw/zh/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/tw/zh/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/tw/zh/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/tw/zh/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/us/en/ipm/android/cpdf/cpdf_subscribe.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/us/en/ipm/android/cpdf/cpdf_subscribe_seamless.html?trackingid=KPHIO","https://new.stage.acrobat.com/doc-cloud/us/en/ipm/android/epdf/epdf_subscribe.html?trackingid=KPHIN","https://new.stage.acrobat.com/doc-cloud/us/en/ipm/android/epdf/epdf_subscribe_seamless.html?trackingid=KPHIN","https://www.google.com/cloudprint/dialog.html?hl=cs","https://www.google.com/cloudprint/dialog.html?hl=da","https://www.google.com/cloudprint/dialog.html?hl=de","https://www.google.com/cloudprint/dialog.html?hl=es","https://www.google.com/cloudprint/dialog.html?hl=fr","https://www.google.com/cloudprint/dialog.html?hl=it","https://www.google.com/cloudprint/dialog.html?hl=ja","https://www.google.com/cloudprint/dialog.html?hl=ko","https://www.google.com/cloudprint/dialog.html?hl=nl","https://www.google.com/cloudprint/dialog.html?hl=pl","https://www.google.com/cloudprint/dialog.html?hl=pt","https://www.google.com/cloudprint/dialog.html?hl=ru","https://www.google.com/cloudprint/dialog.html?hl=sv","https://www.google.com/cloudprint/dialog.html?hl=tr","https://www.google.com/cloudprint/dialog.html?hl=zh_CN","https://www.google.com/cloudprint/dialog.html?hl=zh_TW","market://details?id=com.adobe.fas&referrer=utm_source%3DAdobe%2520Acrobat%2520Android","readermobile://cpdfgetstarted/?skuid="]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"ECB mode usage identified. This mode has the disadvantage, that identical plaintext blocks are encrypted into identical ciphertext blocks. Therefore it does not hide patterns well and this mode is not recommended for use in cryptographic protocols at all. ","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/NoPadding\"","\"AES/CBC/PKCS5Padding\"","\"AES/ECB/NoPadding\"","\"RSA/ECB/PKCS1Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","CAMERA (Required to be able to access the camera device. This will automatically enforce the uses-feature manifest element for all camera features. If you do not require all camera features or can properly operate if a camera is not available, then you must modify your manifest as appropriate in order to install on devices that don't support all camera features.) ","INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 2 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Netherlands","United States"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["ClassLoader.loadClass(...)","load(...)","loadLibrary(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"ok","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"The application or application components define specific type filter for handling different file types. If different applications define the same filter types the user has to decide which application should handle the file. ","text":"App can handle documents of mimeType: ","context":"0"},"resultList":[{"result":["application/vnd.sun.xml.writer.template","image/vnd.adobe.photoshop","image/jpeg","image/bmp","image/gif","image/x-ms-bmp","application/x-indesign","image/x-photoshop","application/vnd.sun.xml.calc","application/postscript","application/vnd.openxmlformats-officedocument.wordprocessingml.document","application/vnd.sun.xml.impress","application/vnd.ms-excel","application/vnd.sun.xml.writer","text/rtf","application/vnd.oasis.opendocument.spreadsheet","application/vnd.oasis.opendocument.graphics","text/plain","image/png","application/pdf","application/msword","application/illustrator","application/vnd.ms-word","application/vnd.ms-powerpoint","application/rtf","application/vnd.oasis.opendocument.text","application/vnd.openxmlformats-officedocument.presentationml.presentation","application/vnd.openxmlformats-officedocument.spreadsheetml.sheet","image/tiff","application/vnd.oasis.opendocument.presentation","application/vnd.ms-publisher","application/vnd.oasis.opendocument.formula","application/vnd.sun.xml.draw","text/richtext"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.adobe.reader.services.cpdf.ARCreatePDFActivity","com.dropbox.client2.android.AuthActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.android.vending.BILLING"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build brand","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera","Location (inactive)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"yes","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The tapjacking protection is used, so the app is not vulnerable for this type of attacks.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://www.adobe.com/go/lcrm_privacy_named_pl","http://www.adobe.com/go/lcrm_privacy_named_nl","http://www.adobe.com/go/lcrm_privacy_named_cz","http://www.adobe.com/go/lcrm_privacy_named_tw","http://www.adobe.com/go/lcrm_privacy_named_fi","http://www.adobe.com/go/lcrm_privacy_anonymous_kr","http://www.adobe.com/go/lcrm_privacy_named_jp","http://www.adobe.com/go/lcrm_privacy_named_no","http://www.adobe.com/go/lcrm_privacy_named_de","http://www.adobe.com/go/lcrm_privacy_named_it","http://www.adobe.com/go/lcrm_privacy_named_cn","http://www.adobe.com/special/misc/reader/learnmore_reader_faq.html","http://www.adobe.com/go/lcrm_privacy_named_es","http://www.adobe.com/go/lcrm_privacy_named","http://www.adobe.com/go/lcrm_privacy_named_kr","http://www.adobe.com/go/lcrm_privacy_anonymous_es","http://www.adobe.com/go/lcrm_privacy_anonymous_it","http://www.adobe.com/go/lcrm_privacy_anonymous_cn","http://www.adobe.com/go/lcrm_privacy_anonymous","http://www.adobe.com/go/lcrm_privacy_anonymous_cz","http://www.adobe.com/go/lcrm_privacy_anonymous_no","http://www.adobe.com/go/lcrm_privacy_anonymous_de","http://www.adobe.com/go/lcrm_privacy_anonymous_nl","http://www.adobe.com/go/lcrm_privacy_anonymous_pl","http://www.adobe.com/go/lcrm_privacy_anonymous_jp","http://www.adobe.com/go/lcrm_privacy_anonymous_fi","http://www.adobe.com/go/lcrm_privacy_anonymous_tw","http://www.adobe.com/go/lcrm_privacy_named_fr","http://www.adobe.com/go/lcrm_privacy_anonymous_br","http://www.adobe.com/go/lcrm_privacy_anonymous_fr","http://www.adobe.com/go/lcrm_privacy_named_br"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default error handling for SSL/TLS client communication. Error-prone modifications can be ruled out. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"yes","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"Reasons for category violations of default policy: ","text":"Violations of default policy?","context":"0"},"detailList":[{"detail":["Detected risks are not compliant to security policy requirements for apps managing files. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. ","Crypto: Electronic codebook (ECB) mode detected. It should be avoided in cryptographic protocols because it does not hide data patterns well and therefore poses a risk for unauthorized information retrieval about encrypted corporate data. "]}]}]},{"attr":{"os":"Android","appId":"com.avira.optimizer:1.2","name":"Avira Optimizer","version":"1.2","model":"Generic","store_url":"https://play.google.com/store/apps/details?id=com.avira.optimizer"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"yes","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"App requests permission READ_CONTACTS to access the phones address book.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Crashlytics","Mixpanel"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"ok","testID":"Bootcompleted Components Test","resultClass":"Runtime Security","name":"Application autostart receiver","detail":"The Application has the permission to start automatically after booting the device. The application can execute code without userinteraction or prevention.","text":"Executed component after Phone Reboot: ","context":"0"},"resultList":[{"result":["com.avira.optimizer.batterydoctor.receivers.BootCompletedReceiver"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","accounts.google.com","api.mixpanel.com","app-measurement.com","decide.mixpanel.com","e.crashlytics.com","espn.com","facebook.com","graph-video.%s","graph.%s","graph.%s.facebook.com","graph.facebook.com","license.avira.com","m.facebook.com","play.google.com","plus.google.com","settings.crashlytics.com","ssl.google-analytics.com","ssld.oes.avira.com","twitter.com","www.%s.facebook.com","www.amazon.com","www.avira.com","www.bbc.co.uk","www.cnn.com","www.ebay.com","www.facebook.com","www.google-analytics.com","www.google.com","www.msn.com","www.nytimes.com","www.weather.com","www.wikipedia.org","www.yahoo.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["amzn://apps/android?p=","http://api.mixpanel.com/track?ip=1","http://play.google.com/store/apps/details?id=","http://www.amazon.com/gp/mas/dl/android?p=","https://api.mixpanel.com/track?ip=1","https://m.facebook.com/sharer.php?u=","https://play.google.com/store/apps/details?id=com.avira.android","https://play.google.com/store/apps/details?id=com.avira.optimizer","https://plus.google.com/share?url=","https://twitter.com/intent/tweet?text=","market://details?id=","market://details?id=%s","market://details?id=com.avira.android"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["CLEAR_APP_CACHE (Allows an application to clear the caches of all installed applications on the device.) ","WRITE_CONTACTS (Allows an application to write (but not read) the user'scontacts data.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","INTERNET (Allows applications to open network sockets.) ","READ_CONTACTS (Allows an application to read the user's contacts data.) ","CHANGE_WIFI_STATE (Allows applications to change Wi-Fi connectivity state.) ","READ_CALL_LOG (Allows an application to read the user's call log. Note: If the app uses the READ_CONTACTS permission and both minSdkVersion and targetSdkVersion values are set to 15 or lower, the system implicitly grants this permission to the app.) ","WRITE_HISTORY_BOOKMARKS (Allows an application to write (but not read) the user'sbrowsing history and bookmarks.) ","SYSTEM_ALERT_WINDOW (Allows an application to open windows using the type android.view.WindowManager.LayoutParams TYPE_SYSTEM_ALERT, shown on top of all other applications. Very few applications should use this permission; these windows are intended for system-level interaction with the user.) ","READ_HISTORY_BOOKMARKS (Allows an application to read (but not write) the user's browsing history and bookmarks.) ","WRITE_CALL_LOG (Allows an application to write (but not read) the user's contacts data. Note: If your app uses the WRITE_CONTACTS permission and both your minSdkVersion and targetSdkVersion values are set to 15 or lower, the system implicitly grants this permission to the app.) ","BLUETOOTH_ADMIN (Allows applications to discover and pair bluetooth devices.) ","GET_TASKS (Allows an application to get information about the currently or recently running tasks.) ","DISABLE_KEYGUARD (Allows applications to disable the keyguard.) ","BLUETOOTH (Allows applications to connect to paired bluetooth devices.) ","READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 6 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Netherlands","United States","Ireland","United Kingdom","Germany","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://api.mixpanel.com/track?ip=1","http://play.google.com/store/apps/details?id=","http://www.amazon.com/gp/mas/dl/android?p="]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["ClassLoader.loadClass(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"MIXED_URL-TEST","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Mixed usage of HTTP and HTTPS: Protected and unprotected submission of parameters to the same domain. Indicates implementation flaw or weak communication protection. ","text":"Domains accessed with http AND https: ","context":"7000"},"resultList":[{"result":["api.mixpanel.com","play.google.com"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["GET_PACKAGE_SIZE (Allows an application to find out the space used by any package.) ","GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) ","KILL_BACKGROUND_PROCESSES (Allows an application to call android.app.ActivityManager killBackgroundProcesses.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","CHANGE_NETWORK_STATE (Allows applications to change network connectivity state.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","RECEIVE_BOOT_COMPLETED (Allows an application to receive the android.content.Intent ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting. If you don't request this permission, you will not receive the broadcast at that time. Though holding this permission does not have any security implications, it can have a negative impact on the user experience by increasing the amount of time it takes the system to start and allowing applications to have themselves running without the user being aware of them. As such, you must explicitly declare your use of this facility to make that visible to the user.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","WRITE_SETTINGS (Allows an application to read or write the system settings.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_CONTACTS","SYSTEM_ALERT_WINDOW","WRITE_CONTACTS","CLEAR_APP_CACHE","DISABLE_KEYGUARD","PACKAGE_USAGE_STATS","GET_PACKAGE_SIZE","WRITE_CALL_LOG","READ_CALL_LOG","CHANGE_NETWORK_STATE","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.avira.optimizer.base.MainActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.avira.optimiser.permission.C2D_MESSAGE","com.google.android.c2dm.permission.RECEIVE","com.avira.android.aviradata.READ","com.android.vending.BILLING","com.sec.android.provider.logsprovider.permission.READ_LOGS","com.sec.android.provider.logsprovider.permission.WRITE_LOGS"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build serial","build hardware","build brand","IMEI/MEID","phone number","country code + mobile network code for SIM provider","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"The SSL trust management for socket communication is modified in an insecure way. The following implementations of the X509TrustManager interface should be checked: ","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"},"detailList":[{"detail":["Lvsattr1;"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"none","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"No sensor usage Indicators found.","text":"Sensor usage: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Signature Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs system/signature permissions? ","context":"180"},"detailList":[{"detail":["PACKAGE_USAGE_STATS (Allows an application to collect component usage statistics.) "]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"yes","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The tapjacking protection is used, so the app is not vulnerable for this type of attacks.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://decide.mixpanel.com/decide","http://www.avira.com/ru/android-upsell","http://www.avira.com/es/android-upsell","http://www.avira.com/pt-br/android-upsell","http://www.avira.com/fr/android-upsell","http://www.avira.com/help","http://www.avira.com/it/android-upsell","http://api.mixpanel.com/track?ip=1","http://www.avira.com/cs/android-upsell","http://play.google.com/store/apps/details?id=","http://www.avira.com/ko/android-upsell","http://www.avira.com/tr/android-upsell","http://www.avira.com/%s/support","http://api.mixpanel.com/engage","http://www.avira.com/en/android-upsell","http://www.avira.com/ja/android-upsell","http://www.avira.com/zh/android-upsell","http://www.amazon.com/gp/mas/dl/android?p=","http://www.avira.com/de/android-upsell","http://www.avira.com/uk/android-upsell"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: App contains insecure code for communication protection with SSL/TLS. Common source for flawed communication protection against man-in-the-middle attacks. ","Possible flaw: unintended use of insecure HTTP protocol for transmissions of parameters to servers capable of HTTPS. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["App tries to access the device phone number which can be use to identify the owner remotely."]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.socialnmobile.dictapps.notepad.color.note:3.10.6","name":"ColorNote Notepad Notizen","version":"3.10.6","model":"Organizer","store_url":"https://play.google.com/store/apps/details?id=com.socialnmobile.dictapps.notepad.color.note"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be considered by doing a device backup. If an application contains sensitive information these can be cloned by backing up the data and extracted from the backup archive off device.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Flurry"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation provider used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"In general code obfuscation is done automatically by different obfuscation frameworks or obfuscation service providers. Detailed information to the detected framework Proguard can be found under: http://developer.android.com/tools/help/proguard.html","text":"Obfuscation framework used: ","context":"4997"},"resultList":[{"result":["Proguard"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"ok","testID":"Bootcompleted Components Test","resultClass":"Runtime Security","name":"Application autostart receiver","detail":"The Application has the permission to start automatically after booting the device. The application can execute code without userinteraction or prevention.","text":"Executed component after Phone Reboot: ","context":"0"},"resultList":[{"result":["com.socialnmobile.colornote.receiver.TimeChangedReceiver"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["accounts.google.com","api.facebook.com","data.flurry.com","event-collector-colornote.appspot.com","facebook.com","graph.facebook.com","www.amazon.com","www.colornote.com","www.facebook.com","www.google.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://www.amazon.com/gp/aw/s?tag=colornotenotepa-20&linkCode=da4&i=aps&k=%s&sort=&p_lbr_brands_browse-bin=","http://www.amazon.com/gp/mas/dl/android?p=com.socialnmobile.dictapps.notepad.color.note","http://www.google.com/cse?cx=partner-pub-2353536094017743:1302913524&ie=UTF-8&sa=Search&q=","market://details?id=","market://details?id=com.socialnmobile.dictapps.notepad.color.note","market://search?q=pname:com.socialnmobile.colordict"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"ok","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"The application defines an unprotected content provider. From this interface other application can read or write data to or from the application. The listed content provider names allow access on application data by external apps without permissions. ","text":"Content provider accessible without permission: ","context":"98"},"resultList":[{"result":["com.socialnmobile.colornote.data.NoteProvider"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 2 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["United States","Ireland"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://www.amazon.com/gp/aw/s?tag=colornotenotepa-20&linkCode=da4&i=aps&k=%s&sort=&p_lbr_brands_browse-bin=","http://www.amazon.com/gp/mas/dl/android?p=com.socialnmobile.dictapps.notepad.color.note","http://www.google.com/cse?cx=partner-pub-2353536094017743:1302913524&ie=UTF-8&sa=Search&q="]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["ClassLoader.loadClass(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"ok","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"The application or application components define specific type filter for handling different file types. If different applications define the same filter types the user has to decide which application should handle the file. ","text":"App can handle documents of mimeType: ","context":"0"},"resultList":[{"result":["text/html","vnd.android.cursor.item/vnd.socialnmobile.colornote.note","vnd.android.cursor.dir/vnd.socialnmobile.colornote.note","vnd.android.cursor.item/vnd.socialnmobile.colornote.note.title","text/plain"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","RECEIVE_BOOT_COMPLETED (Allows an application to receive the android.content.Intent ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting. If you don't request this permission, you will not receive the broadcast at that time. Though holding this permission does not have any security implications, it can have a negative impact on the user experience by increasing the amount of time it takes the system to start and allowing applications to have themselves running without the user being aware of them. As such, you must explicitly declare your use of this facility to make that visible to the user.) ","VIBRATE (Allows access to the vibrator.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.socialnmobile.colornote.activity.Archive","com.socialnmobile.colornote.activity.BackupLocal","com.socialnmobile.colornote.activity.NoteEditor","com.socialnmobile.colornote.activity.Search","com.socialnmobile.colornote.activity.SyncStatus","com.socialnmobile.colornote.activity.Today","com.socialnmobile.colornote.sync.SyncDevSettingsActivity","com.socialnmobile.colornote.activity.SendToNoteByTitle","com.socialnmobile.colornote.activity.ActionReceiver","com.socialnmobile.colornote.activity.PasswordSetting","com.socialnmobile.colornote.activity.NoteWidgetConfigure"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build display","build fingerprint","build brand","IMEI/MEID","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"SHARED UID TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"Application with the same shared user ID and signed with the same certificate can access each other's data and, if desired, run in the same process. This means one application can access the private local stored data from another one. The following shared user ID is used:","text":"Shared user ID defined?","context":"0"},"detailList":[{"detail":["colordict.uid.shared"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"The SSL trust management for socket communication is modified in an insecure way. The following implementations of the X509TrustManager interface should be checked: ","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"},"detailList":[{"detail":["Lcom/flurry/android/monolithic/sdk/impl/bf;"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"yes","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app uses protection measures for preventing screenshots at least for some or all activities. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Location (inactive)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://www.colornote.com/help/translation.html","http://www.amazon.com/gp/aw/s?tag=colornotenotepa-20&linkCode=da4&i=aps&k=%s&sort=&p_lbr_brands_browse-bin=","http://www.facebook.com/ColorNote","http://www.colornote.com/help/faq.html","http://www.colornote.com/help/privacy.html","http://www.colornote.com/help/tos.html","http://www.google.com/cse?cx=partner-pub-2353536094017743:1302913524&ie=UTF-8&sa=Search&q="]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default error handling for SSL/TLS client communication. Error-prone modifications can be ruled out. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"yes","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"Reasons for category violations of default policy: ","text":"Violations of default policy?","context":"0"},"detailList":[{"detail":["Detected risks are not compliant to security policy requirements for organizer apps. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: App contains insecure code for communication protection with SSL/TLS. Common source for flawed communication protection against man-in-the-middle attacks. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"de.dhl.paket:2.10","name":"DHL Paket","version":"2.10","model":"Generic","store_url":"https://play.google.com/store/apps/details?id=de.dhl.paket"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi/libiconv.so","ARM 32 bit: lib/armeabi/libzbarjni.so","ARM 32 bit: lib/armeabi-v7a/libiconv.so","ARM 32 bit: lib/armeabi-v7a/libvudroid.so","ARM 32 bit: lib/armeabi-v7a/libzbarjni.so","x86 32bit: lib/x86/libiconv.so","x86 32bit: lib/x86/libzbarjni.so"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"yes","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"App requests permission READ_CONTACTS to access the phones address book.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Crashlytics","Flurry"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation provider used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"In general code obfuscation is done automatically by different obfuscation frameworks or obfuscation service providers. Detailed information to the detected framework Kobil can be found under: null","text":"Obfuscation framework used: ","context":"4997"},"resultList":[{"result":["Kobil"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","accounts.google.com","ad.doubleclick.net","android.googlesource.com","api.facebook.com","app-measurement.com","app.dhl.de","chat.deutschepost.de","code.google.com","data.flurry.com","e.crashlytics.com","facebook.com","goo.gl","graph-video.%s","graph.%s","graph.facebook.com","lh4.ggpht.com","login.live.com","login.yahoo.com","m.facebook.com","maps.google.com","mobil.dhl.de","nolp.dhl.de","ormlite.com","play.google.com","plus.google.com","proton.flurry.com","push-transfermarkt.convisual.de","settings.crashlytics.com","square.github.io","twitter.com","webgate.ec.europa.eu","www.deutschepost.de","www.facebook.com","www.googleapis.com","www.linkedin.com","www.paket.de","www.paypal.com","zbar.sourceforge.net"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://maps.google.com/maps?q=loc:","https://app.dhl.de/banner?width=","https://app.dhl.de/online-frankierung/product-categories/Abholservices/destination-countries/DEU/products?languageCode=de","https://nolp.dhl.de/nextt-online-public/set_identcodes.do?lang=de&idc=%1attrs&rfn=&extendedSearch=true","https://play.google.com/store/apps/details?id=","https://twitter.com/intent/tweet?text=","market://details?id=","twitter://user?screen_name=DHLPaket"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"ECB mode usage identified. This mode has the disadvantage, that identical plaintext blocks are encrypted into identical ciphertext blocks. Therefore it does not hide patterns well and this mode is not recommended for use in cryptographic protocols at all. ","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\"","\"AES/ECB/PKCS7Padding\""]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Cryptographic keys found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"It is considered as a bad practice to use hard-coded cryptographic keys in the application. The following hard-coded cryptographic keys were found: ","text":"Cryptographic keys found?","context":"999"},"detailList":[{"detail":["\"yt8yeqdXxpUyoUk3\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["READ_CONTACTS (Allows an application to read the user's contacts data.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","ACCESS_COARSE_LOCATION (Allows an app to access approximate location derived from network location sources such as cell towers and Wi-Fi.) ","CAMERA (Required to be able to access the camera device. This will automatically enforce the uses-feature manifest element for all camera features. If you do not require all camera features or can properly operate if a camera is not available, then you must modify your manifest as appropriate in order to install on devices that don't support all camera features.) ","ACCESS_FINE_LOCATION (Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.) ","INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 7 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Czech Republic","United States","Ireland","Luxembourg","United Kingdom","Germany","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://maps.google.com/maps?q=loc:"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Key derivation iteration count: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Key derivation function used in the app with an amount of 10000 iterations is considered secure.","text":"Key derivation iteration count: ","context":"995"},"resultList":[{"result":["10000"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","VIBRATE (Allows access to the vibrator.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_CONTACTS","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["de.dhl.packet.MainActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["de.dhl.paket.permission.C2D_MESSAGE","com.google.android.c2dm.permission.RECEIVE","com.google.android.providers.gsf.permission.READ_GSERVICES"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build fingerprint","build brand","IMEI/MEID","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different sensors. This allows the application to track the user and/or determine the environment of the user.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera","WIFI-Based Location","GPS Location"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://square.github.io/okhttp/","http://square.github.io/picasso/","http://maps.google.com/maps?q=loc:","http://push-transfermarkt.convisual.de:8080/push","http://goo.gl/QDxM2f","http://www.facebook.com/DHLPaket"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected Maps Access","resultClass":"Privacy","name":"URL Checks","detail":"App contains URL(s) that indicate an unprotected HTTP access to map providers. The transmitted location query parameters to the following map providers are in this case accesible by third parties: ","text":"Unprotected map queries?","context":"0"},"detailList":[{"detail":["Google Maps"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Faulty custom SSL error handling detected. The Class WebViewClient is extended and onReceiveSslError(...) is overwritten with an insecure implementation. ","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: App contains insecure code for communication protection with SSL/TLS. Common source for flawed communication protection against man-in-the-middle attacks. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["Unprotected Access: Disclosure of location or web query data though unprotected communication with service providers. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. ","Crypto: Embedded static encryption key found, which can be extracted by attackers to revert the encryption or fake the signature of the content it is used for."]}]}]},{"attr":{"os":"Android","appId":"com.dropbox.android:15.2.2","name":"Dropbox","version":"15.2.2","model":"Generic","store_url":"https://play.google.com/store/apps/details?id=com.dropbox.android"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is disabled. This means no backup or restore of the application will ever be performed, even by a full-system backup that would otherwise cause all application data to be saved via adb backup function.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: res/raw/lib_breakpadinstaller_c306ccff239fbeae5a6a82383e69dc267516ea2b_armv7a.so","x86 32bit: res/raw/lib_breakpadinstaller_c306ccff239fbeae5a6a82383e69dc267516ea2b_x86.so","ARM 32 bit: res/raw/lib_dbxfileobserver_b492ffd532b8b6365d97439f842c164c3c90fd4e_armv7a.so","x86 32bit: res/raw/lib_dbxfileobserver_b492ffd532b8b6365d97439f842c164c3c90fd4e_x86.so","x86 32bit: res/raw/lib_dropboxsync_18833259690975f8a6a9d7b58b3afe65_x86.so","ARM 32 bit: res/raw/lib_dropboxsync_3eec55324842996279a908c7b346a35e_armv7a.so","ARM 32 bit: res/raw/lib_mupdf_65d8e7a72c46d3cc32b3f32f0482b3a6648eb947_armv7a.so","x86 32bit: res/raw/lib_mupdf_65d8e7a72c46d3cc32b3f32f0482b3a6648eb947_x86.so","x86 32bit: lib/x86/librsjni.so","x86 32bit: lib/x86/libDummyArchIndicator.so","x86 32bit: lib/x86/libRSSupport.so","x86 32bit: lib/x86/libblasV8.so","ARM 32 bit: lib/armeabi-v7a/librsjni.so","ARM 32 bit: lib/armeabi-v7a/libDummyArchIndicator.so","ARM 32 bit: lib/armeabi-v7a/libRSSupport.so","ARM 32 bit: lib/armeabi-v7a/libblasV8.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"yes","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"App requests permission READ_CONTACTS to access the phones address book.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"none","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"No indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Alarm with Intervals test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The scheduled task gets repeated in the following intervals: ","text":"Alarm intervals dynamically?","context":"9420"},"detailList":[{"detail":["Dynamic interval(s)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation provider used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"In general code obfuscation is done automatically by different obfuscation frameworks or obfuscation service providers. Detailed information to the detected framework Proguard can be found under: http://developer.android.com/tools/help/proguard.html","text":"Obfuscation framework used: ","context":"4997"},"resultList":[{"result":["Proguard"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"ok","testID":"Bootcompleted Components Test","resultClass":"Runtime Security","name":"Application autostart receiver","detail":"The Application has the permission to start automatically after booting the device. The application can execute code without userinteraction or prevention.","text":"Executed component after Phone Reboot: ","context":"0"},"resultList":[{"result":["com.dropbox.android.service.WakeupReceiver","com.evernote.android.job.JobBootReceiver"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","api.dropbox.com","dl.dropbox.com","dropbox.com","facebook.com","github.com","graph-video.%s","graph.%s","ios-crash-vm-001.corp.dropbox.com","notes.dropbox.com","paper.dropbox.com","play.google.com","plus.google.com","support.google.com","www.dropbox.com","www.google.com","www.googleapis.com","zxing.appspot.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["a;href=https://www.dropbox.com/gs?oib=true","http://play.google.com/store/apps/details?id=","http://play.google.com/store/apps/details?id=com.facebook.orca","https://ios-crash-vm-001.corp.dropbox.com/uploaded?bucket_key=","https://play.google.com/store/apps/details?id=com.dropbox.android","https://www.dropbox.com/android_opensource?cl=%s&mobile=1","https://www.dropbox.com/c/help/camera_upload_full?cl=%s&device=android","https://www.dropbox.com/c/help/mobile_favorites?cl=%s&device=android","https://www.dropbox.com/c/help/two_step?cl=%s&device=android","https://www.dropbox.com/gs?cl=%s&mobile=1","https://www.dropbox.com/help/4212?cl=%s&device=android","https://www.dropbox.com/help/9240?cl=%s&device=android","https://www.dropbox.com/help/category/Mobile?cl=%s#category:Mobile","https://www.dropbox.com/privacy?cl=%s&mobile=1","https://www.dropbox.com/team/join?cl=%s&mobile=1","https://www.dropbox.com/terms?cl=%s&mobile=1","https://www.dropbox.com/upgrade?cl=%s&android_app=1&oqa=upcm","https://www.dropbox.com/upgrade?cl=%s&android_app=1&oqa=upcug","https://www.dropbox.com/upgrade?cl=%s&android_app=1&oqa=upcuoq","https://www.dropbox.com/upgrade?cl=%s&android_app=1&oqa=updenotb","https://www.dropbox.com/upgrade?cl=%s&android_app=1&oqa=updri","https://www.dropbox.com/upgrade?cl=%s&android_app=1&oqa=updrs","https://www.dropbox.com/upgrade?cl=%s&android_app=1&oqa=upeaoq","https://www.dropbox.com/upgrade?cl=%s&android_app=1&oqa=upgsoq","https://www.dropbox.com/upgrade?cl=%s&android_app=1&oqa=upmfioq","https://www.dropbox.com/upgrade?cl=%s&android_app=1&oqa=upmfooq","https://www.dropbox.com/upgrade?cl=%s&android_app=1&oqa=upmfsoq","https://www.dropbox.com/upgrade?cl=%s&android_app=1&oqa=upmuoq","https://www.dropbox.com/upgrade?cl=%s&android_app=1&oqa=upnfoq","https://www.dropbox.com/upgrade?cl=%s&android_app=1&oqa=upnot","https://www.dropbox.com/upgrade?cl=%s&android_app=1&oqa=upnotb","https://www.dropbox.com/upgrade?cl=%s&android_app=1&oqa=upnotbl","https://www.dropbox.com/upgrade?cl=%s&android_app=1&oqa=uppmpt","https://www.dropbox.com/upgrade?cl=%s&android_app=1&oqa=uprfioq","https://www.dropbox.com/upgrade?cl=%s&android_app=1&oqa=uprfiqq","https://www.dropbox.com/upgrade?cl=%s&android_app=1&oqa=uprfooq","https://www.dropbox.com/upgrade?cl=%s&android_app=1&oqa=upsclfooq","https://www.dropbox.com/upgrade?cl=%s&android_app=1&oqa=upsfoq","https://www.dropbox.com/upgrade?cl=%s&android_app=1&oqa=upssb","https://www.dropbox.com/upgrade?cl=%s&android_app=1&oqa=upssb2","https://www.dropbox.com/upgrade?cl=%s&android_app=1&oqa=upsub","https://www.google.com/recaptcha/api/challenge?k={{publicKey}}","market://details?id=","market://details?id=com.dropbox.android","market://details?id=com.facebook.orca"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["INTERNET (Allows applications to open network sockets.) ","READ_CONTACTS (Allows an application to read the user's contacts data.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","CAMERA (Required to be able to access the camera device. This will automatically enforce the uses-feature manifest element for all camera features. If you do not require all camera features or can properly operate if a camera is not available, then you must modify your manifest as appropriate in order to install on devices that don't support all camera features.) ","AUTHENTICATE_ACCOUNTS (Allows an application to act as an AccountAuthenticator for the AccountManager.) ","MANAGE_ACCOUNTS (Allows an application to manage the list of accounts in the AccountManager.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 3 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["United States","Ireland","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=","http://play.google.com/store/apps/details?id=com.facebook.orca"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.PathClassLoader(...)","ClassLoader.loadClass(...)","load(...)","loadLibrary(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelatePackageManagerChecks","value":"yes","testID":"Lists installed applications","resultClass":"Privacy","name":"Package Manager Test","detail":"The Application gathers a list of installed applications. Even though some legitimate applications may use this functionality, it can be misused to send this information to third parties.","text":"Installed app list accessed?","context":"5000"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"ok","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"The application or application components define specific type filter for handling different file types. If different applications define the same filter types the user has to decide which application should handle the file. ","text":"App can handle documents of mimeType: ","context":"0"},"resultList":[{"result":["image/*","message/rfc822","application/pdf","*/*","audio/*","video/*","text/*","multipart/*","application/*"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"MIXED_URL-TEST","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Mixed usage of HTTP and HTTPS: Protected and unprotected submission of parameters to the same domain. Indicates implementation flaw or weak communication protection. ","text":"Domains accessed with http AND https: ","context":"7000"},"resultList":[{"result":["play.google.com"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["RECEIVE_BOOT_COMPLETED (Allows an application to receive the android.content.Intent ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting. If you don't request this permission, you will not receive the broadcast at that time. Though holding this permission does not have any security implications, it can have a negative impact on the user experience by increasing the amount of time it takes the system to start and allowing applications to have themselves running without the user being aware of them. As such, you must explicitly declare your use of this facility to make that visible to the user.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","VIBRATE (Allows access to the vibrator.) ","WRITE_SYNC_SETTINGS (Allows applications to write the sync settings.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","READ_SYNC_SETTINGS (Allows applications to read the sync settings.) ","GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_CONTACTS","READ_SYNC_SETTINGS","RECEIVE_BOOT_COMPLETED","WRITE_SYNC_SETTINGS","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.dropbox.android.activity.IntegrationLandingPageActivity","com.dropbox.android.activity.DropboxCreateShortcut","com.dropbox.android.activity.payment.PaymentUpgradeForSDKActivity","com.dropbox.android.activity.NotesWebViewActivity","com.dropbox.android.activity.auth.DropboxAuth","com.dropbox.android.activity.DropboxShareWith","com.dropbox.android.activity.docpreviews.DocumentPreviewForSDKActivity","com.dropbox.android.activity.FacebookMessengerActivity","com.dropbox.android.activity.DropboxSendTo","com.dropbox.android.activity.CameraUploadSettingsActivity","com.dropbox.android.activity.DropboxGetFrom","com.dropbox.android.activity.DropboxChooserActivity","com.dropbox.android.activity.AccountsAndSyncSetupActivity","com.dropbox.android.activity.lock.VerifyLockForExternalActivity","com.dropbox.android.activity.LoginOrNewAcctActivity","com.dropbox.android.activity.DbxMainActivity","com.dropbox.android.activity.VoiceActionsActivity","com.dropbox.android.sharedlink.SharedLinkActivity","com.dropbox.android.activity.docpreviews.DocumentPreviewForAnonymousActivity","com.dropbox.android.activity.GSUrlHandlerActivity","com.dropbox.android.activity.SsoCallbackReceiver"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.android.vending.BILLING","com.dropbox.android.service.ACCOUNT_INFO_ALARM_TRIGGER","com.google.android.c2dm.permission.RECEIVE","com.dropbox.android.permission.C2D_MESSAGE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build serial","build fingerprint","build brand","Wifi-MAC address","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarm Serivce test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The alarm manager has been initialized properly. ","text":"Alarm Manager initialized dynamically?","context":"9410"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"ok","testID":"Scheduled Alarm Types test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"","text":"Alarm repeating types: ","context":"9440"},"resultList":[{"result":["RTC_WAKEUP"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application contains a registered scheduled alarm. With such an alarm the application repeats the execution of the registered task for example every 10 hours. The following classes register scheduled tasks:","text":"Scheduled Alarm Manager registered?","context":"9450"},"detailList":[{"detail":["com.evernote.android.job.v14.a"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera","Location (inactive)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=","http://github.com/droidfu/schema"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: unintended use of insecure HTTP protocol for transmissions of parameters to servers capable of HTTPS. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["App Listing: Usage of detected functionality to access list of installed apps may poses a privacy risk."]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.estrongs.android.pop:4.1.3.1","name":"ES Datei Explorer","version":"4.1.3.1","model":"File Manager","store_url":"https://play.google.com/store/apps/details?id=com.estrongs.android.pop"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF binary entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Native executables found:","text":"Contains native executables: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: res/raw/estool_arm","x86 32bit: res/raw/estool_x86"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: res/raw/estool_arm_pie","x86 32bit: res/raw/estool_x86_pie"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["AppsFlyer","Doubleclick"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Alarm with Intervals test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The scheduled task gets repeated in the following intervals: ","text":"Alarm intervals dynamically?","context":"9420"},"detailList":[{"detail":["Dynamic interval(s)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation provider used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"In general code obfuscation is done automatically by different obfuscation frameworks or obfuscation service providers. Detailed information to the detected framework Proguard can be found under: http://developer.android.com/tools/help/proguard.html","text":"Obfuscation framework used: ","context":"4997"},"resultList":[{"result":["Proguard"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["0.esfileexplorer.duapp.com","api.appsflyer.com","api.flickr.com","api.instagram.com","api.mobula.sd.duapps.com","api.mobula.sdk.duapps.com","app.vmall.com","appstore.naver.com","book.naver.com","books.amazon.com","books.yahoo.com","common.duapps.com","conf.international.baidu.com","cq01-duapps-qa-2016-09.epc.baidu.com","csi.gstatic.com","db-infbk-online-17.db01.baidu.com","dbl-dev-rd23.vm.baidu.com","down.znds.com","dwz.cn","dxp.baidu.com","events.appsflyer.com","farm%1attrs.static.flickr.com","flickr.com","games.yahoo.com","goo.gl","googleads.g.doubleclick.net","graph.%s.facebook.com","graph.facebook.com","himg.baidu.com","himg.bdimg.com","hmma.baidu.com","image.search.naver.com","images.google.com","images.search.yahoo.com","m.anzhi.com","m.baidu.com","m.facebook.com","m.flickr.com","m.hao123.com","m.music.naver.com","m.shafa.com","m.video.yandex.com","m.youtube.com","market.android.com","movie.naver.com","movies.yahoo.com","music.amazon.com","music.baidu.com","music.naver.com","music.yahoo.com","news.google.com","nrc.ds.duapps.com","nrc.sd.duapps.com","nrc.tapas.net","nsclick.baidu.com","nstore.naver.com","openapi.baidu.com","openrcv.baidu.com","passport.baidu.com","passport.qatest.baidu.com","passport.rdtest.baidu.com","pasta.dianxinos.com","pasta.ds.duapps.com","pasta.esfile.duapps.com","pasta.sd.duapps.com","pcs.baidu.com","photo.naver.com","play.google.com","rec.in.tira.cn","rt.api.glispa.com","rts.mobula.sdk.duapps.com","sandbox.duapps.com","sandbox.sjws.baidu.com","sdk-services.appsflyer.com","search.naver.com","search.yahoo.com","ssl.google-analytics.com","stats.appsflyer.com","t.appsflyer.com","t.cn","track.appsflyer.com","tv.baidu.com","twitter.com","update.estrongs.com","url.ds.duapps.com","v.17186.cn","video.amazon.com","video.search.naver.com","video.search.yahoo.com","wappass.baidu.com","wappass.bdimg.com","wappass.qatest.baidu.com","www.%s.facebook.com","www.amazon.com","www.baidu.com","www.estrongs.com","www.facebook.com","www.flickr.com","www.google-analytics.com","www.google.com","www.mopub.com","www.mysearch.com","www.yahoo.com","www.yandex.com","www.youtube.com","wwww.naver.com","yandex.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["ftp://cmelody:passw0rd@192.168.1.21/plugins/%1attrs/es_%2attrs.zip","http://book.naver.com/search/search.nhn?query=%1s","http://down.znds.com/plus/search.php?kwtype=0&q=%1s&searchtype=title","http://flashair/command.cgi?op=100&DIR=","http://flashair/upload.cgi?DEL=","http://image.search.naver.com/search.naver?query=%1s","http://m.baidu.com/app?action=search&from=1000364e&pu=osname@esbrowser#word=%1s","http://m.baidu.com/app?from=1000364e&pu=osname@esbrowser","http://m.baidu.com/book/?ref=es_file_explorer&from=1648a","http://m.baidu.com/news?from=1648a","http://m.baidu.com/s?from=1648a","http://m.baidu.com/s?from=1648a&vit=union&st=103041&word=%1s","http://m.baidu.com/s?from=1648a&word=%1s","http://m.baidu.com/s?from=1648a&word=天气","http://m.baidu.com/s?st=11n041&tn=xsd&pn=0&pu=sz@1320_1001&ssid=0&from=1648a&bd_page_type=1&word=%1s","http://m.baidu.com/video?from=1648a&word=%1s","http://m.hao123.com/a/tupian/?tagid=shenghuo_shoujibizhi","http://m.music.naver.com/search/search.nhn?query=%1s","http://m.shafa.com/search?kw=%1s","http://m.video.yandex.com/#!/search?text=%1s","http://market.android.com/details?id=","http://music.baidu.com/#search/%1s/?fr=ch_es&pa=1&da=1&bb=1&lr=1&vd=1&td=1&ta=1&mgd=0&bi=1&sl=1&dsa=1&tn=1&noad=1","http://music.baidu.com/?fr=ch_es&pa=1&da=1&bb=1&lr=1&vd=1&td=1&ta=1&mgd=0&bi=1&sl=1&dsa=1&tn=1&noad=1","http://nstore.naver.com/search/search.nhn?t=all&fs=appstore&q=%1s","http://search.naver.com/search.naver?query=%1s","http://search.yahoo.com/search/?p=%1s&vs=music.yahoo.com","http://tv.baidu.com/m?from=es_file_explorer","http://update.estrongs.com/up/?id=100&v=0","http://update.estrongs.com/up?id=1&l=","http://video.search.naver.com/search.naver?query=%1s","http://www.amazon.com/gp/mas/dl/android?p=","http://www.baidu.com?__wp-action=auth-widget","http://www.baidu.com?__wp-action=forget-pwd","http://www.baidu.com?__wp-action=modify-pwd","http://www.estrongs.com/channel?aid=","http://www.estrongs.com/channel?iid=","http://www.estrongs.com/console/service/0918/?aid=","http://www.estrongs.com/console/service/0918/?iid=","http://www.estrongs.com/console/service/app_folder/share.php?f=%s&a=%s&i=%s","http://www.estrongs.com/console/service/app_folder?v=","http://www.estrongs.com/console/service/cards/?t=","http://www.estrongs.com/console/service/cards/?t=-","http://www.estrongs.com/console/service/pkg/stat/?req=s&t=1&p=com.dianxinos.optimizer.duplay","http://www.estrongs.com/console/service/pkg/stat/?req=s&t=3&p=com.dianxinos.optimizer.duplay","http://www.estrongs.com/console/service/searchaddrs?v=","http://www.estrongs.com/esshare?s=","http://www.google.com/search?safe=strict&q=%1s","http://www.google.com/search?safe=strict&tbm=isch&q=%1s","http://www.mysearch.com/pictures?mgct=hp&o=APN11895&q=%1s","http://www.mysearch.com/videos?mgct=hp&o=APN11895&q=%1s","http://www.mysearch.com/web?mgct=hp&o=APN11955","http://www.mysearch.com/web?mgct=hp&o=APN11955&q=%1s","http://www.mysearch.com/web?mgct=hp&o=APN11955&q=apk","http://www.mysearch.com/web?mgct=hp&o=APN11955&q=document","http://www.mysearch.com/web?mgct=hp&o=APN11955&q=image","http://www.mysearch.com/web?mgct=hp&o=APN11955&q=music","http://www.mysearch.com/web?mgct=hp&o=APN11955&q=news","http://www.mysearch.com/web?mgct=hp&o=APN11955&q=video","http://www.mysearch.com/web?mgct=hp&o=APN11955&q=weather","http://www.yandex.com/images/search?text=%1s","http://www.yandex.com/touchsearch?text=%1s","http://www.youtube.com/results?search_query=%1s","https://events.appsflyer.com/api/v3/androidevent?buildnumber=3.2&app_id=","https://graph.facebook.com/%s/comments?limit=%s&offset=%s&access_token=%s","https://graph.facebook.com/%s?access_token=%s","https://images.search.yahoo.com/search/images?p=%1s","https://m.facebook.com/dialog/oauth?display=touch&client_id=245740315545780&scope=offline_access%2Cpublish_stream%2Cuser_photos%2Cpublish_checkins%2Cphoto_upload&type=user_agent&redirect_uri=fbconnect%3A%2F%2Fsuccess","https://play.google.com/store/apps/details?id=","https://play.google.com/store/apps/details?id=%s&referrer=%s","https://play.google.com/store/apps/details?id=com.dianxinos.optimizer.duplay&referrer=","https://play.google.com/store/apps/details?id=com.estrongs.android.pop","https://play.google.com/store/search?q=%1s","https://search.yahoo.com/search?p=%1s","https://t.appsflyer.com/api/v3/androidevent?buildnumber=3.2&app_id=","https://track.appsflyer.com/api/v3/uninstall?buildnumber=3.2","https://video.search.yahoo.com/search/video?p=%1s","https://www.google.com/search?&q=weather","https://www.google.com/search?&tbm=bks&q=%1s","market://details?id=","market://details?id=%s","market://search?q=","market://search?q=%1s&c=apps","market://search?q=%1s&c=books","market://search?q=%1s&c=music","market://search?q=pname:"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Constant initialization vectors found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Use of constant initialization vectors is a bad practice. The following initialization vectors were found: ","text":"Constant initialization vectors found?","context":"998"},"detailList":[{"detail":["\"30212102dicudiab\"","\"8070605040302010\"","0","0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15","1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"ok","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"The application defines an unprotected content provider. From this interface other application can read or write data to or from the application. The listed content provider names allow access on application data by external apps without permissions. ","text":"Content provider accessible without permission: ","context":"98"},"resultList":[{"result":["com.estrongs.android.pop.app.FileContentProvider"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"ECB mode usage identified. This mode has the disadvantage, that identical plaintext blocks are encrypted into identical ciphertext blocks. Therefore it does not hide patterns well and this mode is not recommended for use in cryptographic protocols at all. Usage of RSA was identified. RSA without padding is considered weak. ","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"8070605040302010\"","\"AES/CBC/NoPadding\"","\"AES/CBC/PKCS5Padding\"","\"AES/CFB/NoPadding\"","\"AES/ECB/PKCS5Padding\"","\"AES/ECB/PKCS7Padding\"","\"DES/ECB/PKCS5Padding\"","\"DES/ECB/PKCS7Padding\"","\"RSA/ECB/NoPadding\"","\"RSA/ECB/PKCS1Padding\"","\"RSA/NONE/NoPadding\""]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Cryptographic keys found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"It is considered as a bad practice to use hard-coded cryptographic keys in the application. The following hard-coded cryptographic keys were found: ","text":"Cryptographic keys found?","context":"999"},"detailList":[{"detail":["\"30212102dicudiab\"","\"baiduvoice35hy12\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["BLUETOOTH_ADMIN (Allows applications to discover and pair bluetooth devices.) ","CHANGE_WIFI_MULTICAST_STATE (Allows applications to enter Wi-Fi Multicast mode.) ","GET_TASKS (Allows an application to get information about the currently or recently running tasks.) ","INTERNET (Allows applications to open network sockets.) ","SYSTEM_ALERT_WINDOW (Allows an application to open windows using the type android.view.WindowManager.LayoutParams TYPE_SYSTEM_ALERT, shown on top of all other applications. Very few applications should use this permission; these windows are intended for system-level interaction with the user.) ","READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","BLUETOOTH (Allows applications to connect to paired bluetooth devices.) ","CHANGE_WIFI_STATE (Allows applications to change Wi-Fi connectivity state.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 10 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Netherlands","Hong Kong","United States","China","Ireland","United Kingdom","Republic of Korea","Germany","unknown","Russia"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://book.naver.com/search/search.nhn?query=%1s","http://down.znds.com/plus/search.php?kwtype=0&q=%1s&searchtype=title","http://flashair/command.cgi?op=100&DIR=","http://flashair/upload.cgi?DEL=","http://image.search.naver.com/search.naver?query=%1s","http://m.baidu.com/app?action=search&from=1000364e&pu=osname@esbrowser#word=%1s","http://m.baidu.com/app?from=1000364e&pu=osname@esbrowser","http://m.baidu.com/book/?ref=es_file_explorer&from=1648a","http://m.baidu.com/news?from=1648a","http://m.baidu.com/s?from=1648a","http://m.baidu.com/s?from=1648a&vit=union&st=103041&word=%1s","http://m.baidu.com/s?from=1648a&word=%1s","http://m.baidu.com/s?from=1648a&word=天气","http://m.baidu.com/s?st=11n041&tn=xsd&pn=0&pu=sz@1320_1001&ssid=0&from=1648a&bd_page_type=1&word=%1s","http://m.baidu.com/video?from=1648a&word=%1s","http://m.hao123.com/a/tupian/?tagid=shenghuo_shoujibizhi","http://m.music.naver.com/search/search.nhn?query=%1s","http://m.shafa.com/search?kw=%1s","http://m.video.yandex.com/#!/search?text=%1s","http://market.android.com/details?id=","http://music.baidu.com/#search/%1s/?fr=ch_es&pa=1&da=1&bb=1&lr=1&vd=1&td=1&ta=1&mgd=0&bi=1&sl=1&dsa=1&tn=1&noad=1","http://music.baidu.com/?fr=ch_es&pa=1&da=1&bb=1&lr=1&vd=1&td=1&ta=1&mgd=0&bi=1&sl=1&dsa=1&tn=1&noad=1","http://nstore.naver.com/search/search.nhn?t=all&fs=appstore&q=%1s","http://search.naver.com/search.naver?query=%1s","http://search.yahoo.com/search/?p=%1s&vs=music.yahoo.com","http://tv.baidu.com/m?from=es_file_explorer","http://update.estrongs.com/up/?id=100&v=0","http://update.estrongs.com/up?id=1&l=","http://video.search.naver.com/search.naver?query=%1s","http://www.amazon.com/gp/mas/dl/android?p=","http://www.baidu.com?__wp-action=auth-widget","http://www.baidu.com?__wp-action=forget-pwd","http://www.baidu.com?__wp-action=modify-pwd","http://www.estrongs.com/channel?aid=","http://www.estrongs.com/channel?iid=","http://www.estrongs.com/console/service/0918/?aid=","http://www.estrongs.com/console/service/0918/?iid=","http://www.estrongs.com/console/service/app_folder/share.php?f=%s&a=%s&i=%s","http://www.estrongs.com/console/service/app_folder?v=","http://www.estrongs.com/console/service/cards/?t=","http://www.estrongs.com/console/service/cards/?t=-","http://www.estrongs.com/console/service/pkg/stat/?req=s&t=1&p=com.dianxinos.optimizer.duplay","http://www.estrongs.com/console/service/pkg/stat/?req=s&t=3&p=com.dianxinos.optimizer.duplay","http://www.estrongs.com/console/service/searchaddrs?v=","http://www.estrongs.com/esshare?s=","http://www.google.com/search?safe=strict&q=%1s","http://www.google.com/search?safe=strict&tbm=isch&q=%1s","http://www.mysearch.com/pictures?mgct=hp&o=APN11895&q=%1s","http://www.mysearch.com/videos?mgct=hp&o=APN11895&q=%1s","http://www.mysearch.com/web?mgct=hp&o=APN11955","http://www.mysearch.com/web?mgct=hp&o=APN11955&q=%1s","http://www.mysearch.com/web?mgct=hp&o=APN11955&q=apk","http://www.mysearch.com/web?mgct=hp&o=APN11955&q=document","http://www.mysearch.com/web?mgct=hp&o=APN11955&q=image","http://www.mysearch.com/web?mgct=hp&o=APN11955&q=music","http://www.mysearch.com/web?mgct=hp&o=APN11955&q=news","http://www.mysearch.com/web?mgct=hp&o=APN11955&q=video","http://www.mysearch.com/web?mgct=hp&o=APN11955&q=weather","http://www.yandex.com/images/search?text=%1s","http://www.yandex.com/touchsearch?text=%1s","http://www.youtube.com/results?search_query=%1s"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)","load(...)","loadLibrary(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Key derivation iteration count: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Key derivation functions with less than 1000 interations are considered vulnerable to bruteforce attacks. Therefore, this app with 37 iterations is considered vulnerable.","text":"Key derivation iteration count: ","context":"995"},"resultList":[{"result":["37"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelatePackageManagerChecks","value":"yes","testID":"Lists installed applications","resultClass":"Privacy","name":"Package Manager Test","detail":"The Application gathers a list of installed applications. Even though some legitimate applications may use this functionality, it can be misused to send this information to third parties.","text":"Installed app list accessed?","context":"5000"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"ok","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"The application or application components define specific type filter for handling different file types. If different applications define the same filter types the user has to decide which application should handle the file. ","text":"App can handle documents of mimeType: ","context":"0"},"resultList":[{"result":["audio/x-mpegurl","image/*","*/*","resource/folder","application/x-rar-compressed","audio/x-wav","text/plain","application/x-gzip","application/x-bzip2","video/3gpp","audio/*","audio/mid","video/*","audio/amr","application/x-zip","audio/mpeg","audio/ogg","text/*","application/x-tar","application/rar","application/vnd.ms-cab-compressed","application/zip","application/zipx","application/x-7z-compressed","video/mp4"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"MIXED_URL-TEST","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Mixed usage of HTTP and HTTPS: Protected and unprotected submission of parameters to the same domain. Indicates implementation flaw or weak communication protection. ","text":"Domains accessed with http AND https: ","context":"7000"},"resultList":[{"result":["search.yahoo.com","www.google.com"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["KILL_BACKGROUND_PROCESSES (Allows an application to call android.app.ActivityManager killBackgroundProcesses.) ","VIBRATE (Allows access to the vibrator.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","CHANGE_NETWORK_STATE (Allows applications to change network connectivity state.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","SET_WALLPAPER (Allows applications to set the wallpaper.) ","WRITE_SETTINGS (Allows an application to read or write the system settings.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["SYSTEM_ALERT_WINDOW","WRITE_MEDIA_STORAGE","KILL_BACKGROUND_PROCESSES","CHANGE_NETWORK_STATE","SET_WALLPAPER"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.estrongs.android.pop.app.PopVideoPlayer","com.estrongs.android.pop.app.AudioPlayerProxyActivity","com.estrongs.android.pop.app.DownloaderActivity","com.estrongs.android.pop.app.ESRingtoneChooserActivity","com.estrongs.android.pop.app.SaveToESActivity","com.estrongs.android.pop.app.BrowserDownloaderActivity","com.estrongs.android.pop.app.filetransfer.FileTransferSendActivity","com.estrongs.android.pop.app.ESContentChooserActivity","com.estrongs.android.pop.app.PopRemoteImageBrowser","com.estrongs.android.pop.app.UsbMonitorActivity","com.estrongs.android.pop.app.ESWallPaperChooserActivity","com.estrongs.android.pop.app.editor.PopNoteEditor","com.estrongs.android.pop.app.compress.CompressionActivity","com.estrongs.android.pop.ftp.ESFtpShortcut","com.estrongs.android.pop.app.ESFileSharingActivity","com.estrongs.android.pop.app.TransitActivity","com.estrongs.android.pop.app.compress.CompressionProxyActivity","com.estrongs.android.pop.app.LocalFileSharingActivity","com.estrongs.android.pop.app.PopVideoPlayerProxyActivity","com.estrongs.android.pop.app.FileChooserActivity","com.estrongs.android.pop.app.AdbControllerActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["android.permission.ACCESS_SUPERUSER","com.android.launcher.permission.UNINSTALL_SHORTCUT",".PERMISSION","com.android.launcher.permission.INSTALL_SHORTCUT"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build hardware","build display","build fingerprint","build brand","IMEI/MEID","subscriber ID (IMSI)","phone number","MAC address(es)","Wifi-MAC address","country code + mobile network code for SIM provider","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"The SSL trust management for socket communication is modified in an insecure way. The following implementations of the X509TrustManager interface should be checked: ","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"},"detailList":[{"detail":["Lcom/estrongs/android/util/ab;","Lorg/apache/commons/net/ftp/FTPSTrustManager;","Lcom/estrongs/android/util/o;","Lcom/estrongs/android/pop/spfs/facebook/FacebookFileSystemattrMySSLSocketFactoryattr1;","Lcom/estrongs/android/pop/spfs/flickr/FlickrFileSystemattrMySSLSocketFactoryattr1;","Lcom/estrongs/android/pop/spfs/instagram/InstagramFileSystemattrMySSLSocketFactoryattr1;","Lcom/estrongs/android/pop/spfs/facebook/FacebookFileSystemattr2;","Lcom/baidu/cloudsdk/common/http/SSLSocketFactoryExattr1;"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarm Serivce test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The alarm manager has been initialized properly. ","text":"Alarm Manager initialized dynamically?","context":"9410"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"ok","testID":"Scheduled Alarm Types test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"","text":"Alarm repeating types: ","context":"9440"},"resultList":[{"result":["RTC","RTC_WAKEUP"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application contains a registered scheduled alarm. With such an alarm the application repeats the execution of the registered task for example every 10 hours. The following classes register scheduled tasks:","text":"Scheduled Alarm Manager registered?","context":"9450"},"detailList":[{"detail":["com.dianxinos.dxservice.stat.a","com.estrongs.android.pop.FexApplication"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Location (inactive)"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Signature Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs system/signature permissions? ","context":"180"},"detailList":[{"detail":["WRITE_MEDIA_STORAGE (Allows an application to write to internal media storage.) "]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Static URL-Passwords","resultClass":"Communication security","name":"URL Checks","detail":"App contains static passwords in URLs, which is bad practice for published Apps in general. Sometimes these are leftovers of development and could be used to gain access to development infrastructures for finding a way to add malware functions to the application unnoticed. ","text":"Static passwords in URLs found?","context":"6000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://www.flickr.com/services/rest","http://update.estrongs.com/up/?id=100&v=0","http://dwz.cn/create.php","http://yandex.com/images/","http://www.estrongs.com/console/service/sample/index.php","http://passport.baidu.com/phoenix/account/startlogin?","http://url.ds.duapps.com/duplay/share_feature_gp","http://update.estrongs.com/up?id=1&l=","http://www.estrongs.com/channel?iid=","http://www.flickr.com:80/services/rest","http://nrc.sd.duapps.com/get","http://api.mobula.sdk.duapps.com/adunion/slot/getTPC?","http://www.amazon.com/gp/mas/dl/android?p=","http://www.yandex.com/images/search?text=%1s","http://sandbox.duapps.com:8124/recommend/get","http://nrc.tapas.net/get","http://pasta.ds.duapps.com/feedback","http://www.google.com/search?safe=strict&q=%1s","http://www.estrongs.com/privacyStatement/cn/index.htm","http://www.estrongs.com/console/service/app_folder?v=","http://m.baidu.com/s?st=11n041&tn=xsd&pn=0&pu=sz@1320_1001&ssid=0&from=1648a&bd_page_type=1&word=%1s","http://api.mobula.sd.duapps.com/adunion/slot/coinswall?","http://www.estrongs.com/eshelp/en/ES_File_Explorer_User_Manual3.0.htm","http://m.baidu.com/app?from=1000364e&pu=osname@esbrowser","http://rts.mobula.sdk.duapps.com/orts/rp?","http://www.youtube.com/results?search_query=%1s","http://m.baidu.com/s?from=1648a&word=%1s","http://m.baidu.com/s?from=1648a&vit=union&st=103041&word=%1s","http://pasta.ds.duapps.com/api/tokens","http://www.mysearch.com/web?mgct=hp&o=APN11955&q=document","http://m.baidu.com/app?action=search&from=1000364e&pu=osname@esbrowser#word=%1s","http://update.estrongs.com/console/service/themes2/?","http://m.baidu.com/book/?ref=es_file_explorer&from=1648a","http://www.estrongs.com/console/service/cards/?t=","http://pasta.sd.duapps.com/api/tokens","http://pasta.dianxinos.com/feedback","http://pasta.sd.duapps.com/feedback","http://api.mobula.sdk.duapps.com/adunion/rtb/getInmobiAd?","http://market.android.com/details?id=","http://m.baidu.com/video?from=1648a&word=%1s","http://pasta.dianxinos.com/api/tokens","http://dwz.cn/query.php","http://api.mobula.sdk.duapps.com/adunion/slot/getDlAd?","http://sandbox.sjws.baidu.com:8080/api/data","http://www.flickr.com/services/oauth/request_token","http://sandbox.duapps.com:8124/adunion/slot/getTPC?","http://www.estrongs.com/console/service/0918/?iid=","http://flickr.com/buddyicons/","http://www.estrongs.com/console/service/searchaddrs?v=","http://www.estrongs.com/channel?aid=","http://m.baidu.com/api?","http://goo.gl/gTCquG","http://rec.in.tira.cn:8000/recommend/get","http://sandbox.duapps.com:8124/adunion/slot/getDlAd?","http://www.estrongs.com/console/service/0918/?aid=","http://m.baidu.com/news?from=1648a","http://passport.baidu.com/phoenix/account/afterauth","http://m.video.yandex.com/#!/search?text=%1s","http://common.duapps.com/appLock/getConf","http://sandbox.duapps.com:8124/adunion/slot/getSrcPrio?","http://wappass.baidu.com/passport/?getpass","http://www.mysearch.com/web?mgct=hp&o=APN11955&q=weather","http://www.amazon.com/s/field-keywords=%1s","http://nrc.ds.duapps.com/get","http://www.estrongs.com/download.html","http://www.google.com/search?safe=strict&tbm=isch&q=%1s","http://www.estrongs.com/privacyStatement/en/index.htm","http://pasta.esfile.duapps.com/api/data","http://www.flickr.com/services/oauth/access_token","http://0.esfileexplorer.duapp.com/notify/1t","http://www.estrongs.com/channel?","http://www.estrongs.com/console/service/app_folder/share.php?f=%s&a=%s&i=%s","http://www.mysearch.com/pictures?mgct=hp&o=APN11895&q=%1s","http://v.17186.cn/test.jsp","http://m.baidu.com/s?from=1648a","http://conf.international.baidu.com/index.php/Sample/getConf","http://sandbox.sjws.baidu.com:8080/statistics_feedback","http://www.estrongs.com/eshelp/cn/ES_File_Explorer_User_Manual3.0.htm","http://www.estrongs.com/console/service/0918/?","http://www.mysearch.com/web?mgct=hp&o=APN11955&q=video","http://www.estrongs.com/privacyStatement/ru/index.htm","http://rt.api.glispa.com/native/v1/ad","http://sandbox.duapps.com:8124/orts/rp?","http://pasta.ds.duapps.com/api/data","http://www.estrongs.com/console/service/cards/?t=-","http://m.hao123.com/a/tupian/?tagid=shenghuo_shoujibizhi","http://www.mysearch.com/web?mgct=hp&o=APN11955","http://www.estrongs.com/esshare?s=","http://api.mobula.sdk.duapps.com/adunion/rtb/fetchAd?","http://www.estrongs.com/resources/","http://m.baidu.com/s?from=1648a&word=天气","http://yandex.com/video/","http://rts.mobula.sdk.duapps.com/orts/rpb?","http://pasta.sd.duapps.com/api/data","http://pasta.dianxinos.com/api/data","http://www.mysearch.com/web?mgct=hp&o=APN11955&q=image","http://down.znds.com/plus/search.php?kwtype=0&q=%1s&searchtype=title","http://www.mysearch.com/web?mgct=hp&o=APN11955&q=%1s","http://www.mysearch.com/videos?mgct=hp&o=APN11895&q=%1s","http://m.shafa.com/search?kw=%1s","http://api.flickr.com/services/upload/","http://www.mysearch.com/web?mgct=hp&o=APN11955&q=music","http://api.flickr.com:80/services/upload/","http://www.yandex.com/touchsearch?text=%1s","http://sandbox.duapps.com:8124/orts/rpb?","http://sandbox.sjws.baidu.com:8080/api/tokens","http://pasta.esfile.duapps.com/feedback","http://sandbox.duapps.com:8124/adunion/rtb/fetchAd?","http://www.baidu.com/jump.html","http://www.mysearch.com/web?mgct=hp&o=APN11955&q=apk","http://pasta.esfile.duapps.com/api/tokens","http://www.amazon.com/appstore","http://sandbox.duapps.com:8124/adunion/rtb/getInmobiAd?","http://api.mobula.sdk.duapps.com/adunion/slot/getSrcPrio?","http://sandbox.duapps.com:8124/adunion/slot/coinswall?","http://cq01-duapps-qa-2016-09.epc.baidu.com:8888/appLock/getConf","http://m.flickr.com/#/explore/interesting/","http://tv.baidu.com/m?from=es_file_explorer","http://www.mysearch.com/web?mgct=hp&o=APN11955&q=news"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected Query Access","resultClass":"Privacy","name":"URL Checks","detail":"App contains URL(s) that indicate an unprotected HTTP access to search providers. The transmitted search query parameters to the following web search providers are in this case accesible by third parties: ","text":"Unprotected web queries?","context":"0"},"detailList":[{"detail":["Google"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"yes","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"Reasons for category violations of default policy: ","text":"Violations of default policy?","context":"0"},"detailList":[{"detail":["Detected risks are not compliant to security policy requirements for apps managing files. ","Estimated overall app risk for the enterprise exceeds the security policy threshold due to detected risks and flaws exploitable by skilled attackers without the existence of additional supporting factors. "]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: App contains insecure code for communication protection with SSL/TLS. Common source for flawed communication protection against man-in-the-middle attacks. ","Possible flaw: unintended use of insecure HTTP protocol for transmissions of parameters to servers capable of HTTPS. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["App tries to access the device phone number which can be use to identify the owner remotely.","Unprotected Access: Disclosure of location or web query data though unprotected communication with service providers. ","App Listing: Usage of detected functionality to access list of installed apps poses a privacy risk for detected app type."]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["App contains hard-coded communication secrets (e.g. passwords in URLs).","Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. ","Crypto: Electronic codebook (ECB) mode detected. It should be avoided in cryptographic protocols because it does not hide data patterns well and therefore poses a risk for unauthorized information retrieval about encrypted corporate data. ","Crypto: Embedded static encryption key found, which can be extracted by attackers to revert the encryption or fake the signature of the content it is used for.","Crypto: Constant initialization vector detected. This should be avoided, as it allows an attacker to infer relationships between segments of encrypted messages if encrypted with the same key and initialization vector. ","Crypto: Overall quality of cryptographic implementation aspects is rated poor and should be inspected in detail."]}]}]},{"attr":{"os":"Android","appId":"com.google.android.calendar:5.5.18-131833137-release","name":"Google Kalender","version":"5.5.18-131833137-release","model":"Organizer","store_url":"https://play.google.com/store/apps/details?id=com.google.android.calendar"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"yes","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"App requests permission READ_CONTACTS to access the phones address book.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Google Analytics"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"ok","testID":"Bootcompleted Components Test","resultClass":"Runtime Security","name":"Application autostart receiver","detail":"The Application has the permission to start automatically after booting the device. The application can execute code without userinteraction or prevention.","text":"Executed component after Phone Reboot: ","context":"0"},"resultList":[{"result":["com.android.calendar.alerts.AlertReceiver","com.google.android.calendar.timely.report.DebugCleanupReceiver","com.android.calendar.SyncUpgradeReceiver","com.android.calendar.AllPrefsUpgradeReceiver","com.android.calendar.ToneUpgradeReceiver","com.android.calendar.alerts.GrooveAlertReceiver"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["calendar.google.com","keep.google.com","maps.googleapis.com","plus.google.com","ssl.gstatic.com","support.google.com","www.google.com","www.googleapis.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["https://keep.google.com/?reminder=","https://maps.googleapis.com/maps/api/place/details/json?reference=[REFERENCE_ID]&sensor=true&key=","https://maps.googleapis.com/maps/api/place/photo?photoreference=[PHOTO_REFERENCE]&maxwidth=[WIDTH]&maxheight=[HEIGHT]&sensor=true&key=","https://maps.googleapis.com/maps/api/staticmap?size=[WIDTH]x[HEIGHT]&maptype=roadmap&sensor=true&key=","https://support.google.com/calendar/?p=add_attachments_android","https://support.google.com/calendar/?p=add_attachments_android&hl=es#topic=6076998","https://support.google.com/calendar/?p=add_attachments_android&hl=fr","https://support.google.com/calendar/?p=add_attachments_android?hl=hr","https://support.google.com/хуанли/?p=нэмэх_хавсралтууд_android"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["MANAGE_ACCOUNTS (Allows an application to manage the list of accounts in the AccountManager.) ","USE_CREDENTIALS (Allows an application to request authtokens from the AccountManager.) ","SUBSCRIBED_FEEDS_WRITE (Allows an application to allow access the subscribed feedsContentProvider.) ","READ_CALENDAR (Allows an application to read the user's calendar data.) ","WRITE_CALENDAR (Allows an application to write (but not read) the user's calendar data.) ","READ_CONTACTS (Allows an application to read the user's contacts data.) ","ACCESS_COARSE_LOCATION (Allows an app to access approximate location derived from network location sources such as cell towers and Wi-Fi.) ","INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 2 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["United States","Ireland"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["java.net.URLClassLoader(...)","ClassLoader.loadClass(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"ok","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"The application or application components define specific type filter for handling different file types. If different applications define the same filter types the user has to decide which application should handle the file. ","text":"App can handle documents of mimeType: ","context":"0"},"resultList":[{"result":["vnd.android.cursor.dir/event","vnd.android.cursor.item/event"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["VIBRATE (Allows access to the vibrator.) ","WRITE_SYNC_SETTINGS (Allows applications to write the sync settings.) ","READ_SYNC_SETTINGS (Allows applications to read the sync settings.) ","RECEIVE_BOOT_COMPLETED (Allows an application to receive the android.content.Intent ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting. If you don't request this permission, you will not receive the broadcast at that time. Though holding this permission does not have any security implications, it can have a negative impact on the user experience by increasing the amount of time it takes the system to start and allowing applications to have themselves running without the user being aware of them. As such, you must explicitly declare your use of this facility to make that visible to the user.) ","GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","READ_SYNC_STATS (Allows applications to read the sync stats.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["ACCESS_COARSE_LOCATION","SUBSCRIBED_FEEDS_WRITE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.google.android.libraries.social.licenses.LicenseMenuActivity","com.android.calendar.event.LaunchInfoActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.google.android.googleapps.permission.GOOGLE_AUTH","android.permission.SUBSCRIBED_FEEDS_READ","com.google.android.gm.permission.READ_GMAIL","com.google.android.c2dm.permission.RECEIVE","com.google.android.gm.exchange.BIND","com.google.android.calendar.permission.C2D_MESSAGE","com.google.android.providers.gsf.permission.READ_GSERVICES"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build product","build fingerprint","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"SHARED UID TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"Application with the same shared user ID and signed with the same certificate can access each other's data and, if desired, run in the same process. This means one application can access the private local stored data from another one. The following shared user ID is used:","text":"Shared user ID defined?","context":"0"},"detailList":[{"detail":["com.google.android.calendar.uid.shared"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different sensors. This allows the application to track the user and/or determine the environment of the user.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["WIFI-Based Location"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://www.google.com/calendar/feeds/%/events/%","http://www.google.com/intl/%s/policies/terms","http://www.google.com/calendar/feeds/","http://www.google.com/intl/%s/policies/privacy"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default error handling for SSL/TLS client communication. Error-prone modifications can be ruled out. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.google.android.apps.pdfviewer:2.2.841.27.70","name":"Google PDF Viewer","version":"2.2.841.27.70","model":"File Viewer","store_url":"https://play.google.com/store/apps/details?id=com.google.android.apps.pdfviewer"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is disabled. This means no backup or restore of the application will ever be performed, even by a full-system backup that would otherwise cause all application data to be saved via adb backup function.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["x86 32bit: lib/x86/libbitmap_parcel.so","x86 32bit: lib/x86/libfoxit.so"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"none","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"No indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["\\w*\\.(google|youtube)(\\.co(m","accounts.google.com","plus.google.com","ssl.google-analytics.com","viewer.google.com","www.facebook.com","www.google-analytics.com","www.google.com","zxing.appspot.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems.","text":"Client communication used?","context":"10000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"ok","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"The application defines an unprotected content provider. From this interface other application can read or write data to or from the application. The listed content provider names allow access on application data by external apps without permissions. ","text":"Content provider accessible without permission: ","context":"98"},"resultList":[{"result":["com.google.android.apps.viewer.fetcher.FileProvider"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","USE_CREDENTIALS (Allows an application to request authtokens from the AccountManager.) ","INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 3 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["United States","Ireland","unknown"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.google.android.apps.viewer.afw.PdfViewerAfwActivity"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build fingerprint"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Location (inactive)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default error handling for SSL/TLS client communication. Error-prone modifications can be ruled out. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Security risks?","context":"0"}}]},{"attr":{"os":"Android","appId":"com.google.android.apps.docs.editors.sheets:1.6.352.11.73","name":"Google Tabellen","version":"1.6.352.11.73","model":"File Viewer","store_url":"https://play.google.com/store/apps/details?id=com.google.android.apps.docs.editors.sheets"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["x86 32bit: lib/x86/librawpixeldata_native.so","x86 32bit: lib/x86/libritz_ndk1.so","x86 32bit: lib/x86/libwebp_android.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"yes","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"App requests permission READ_CONTACTS to access the phones address book.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"none","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"No indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["accounts\\.google(\\.co(m","csi.gstatic.com","docs.google.com","docs.googleusercontent.com","drive.google.com","drive.google.com からウェブ上のファイルにアクセスできます。","dummy.com","fake.com","images-docs-opensocial.googleusercontent.com","lh3.googleusercontent.com","maps.googleapis.com","play.google.com","spreadsheets.google.com","ssl.gstatic.com","support.google.com","this.is-a-simple-domain-xyzzy.name","www.ecma-international.org","www.google.com","www.googleapis.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://fake.com/?e=","http://support.google.com/drive/?hl=%s&p=drive_mobile_data","https://docs.google.com/feeds/default/private/full/-/folder?showdeleted=true&showroot=true","https://docs.google.com/feeds/default/private/full?showdeleted=true&showroot=true","https://docs.google.com/feeds/download/documents/export/Export?id=%s&exportFormat=pdf&format=pdf","https://docs.google.com/feeds/download/drawings/Export?id=%s&exportFormat=pdf","https://docs.google.com/feeds/download/presentations/Export?id=%s&exportFormat=pdf","https://docs.google.com/feeds/metadata/default?nocontent=true","https://docs.google.com/spreadsheets/export?id=%s&exportFormat=pdf","https://drive.google.com/folderview?id=%1attrs","https://drive.google.com/open?id=","https://play.google.com/store/apps/details?id=","https://play.google.com/store/apps/details?id=%1attrs&rdid=%1attrs&rdot=%2attrd","https://play.google.com/store/apps/details?id=com.google.android.apps.photos","https://support.google.com/docs/?hl=%s&p=android_sheets_help","https://support.google.com/docs/?p=explore_sheets","https://www.google.com/cloudprint/dialog.html?skin=holo","https://www.google.com/settings/storage?hl=%s","https://www.googleapis.com/drive/v2internal/files/%s?alt=media","https://www.googleapis.com/upload/drive/v2/files/%s?uploadType=resumable","https://www.googleapis.com/upload/drive/v2/files?uploadType=resumable","market://details?id="]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["SUBSCRIBED_FEEDS_WRITE (Allows an application to allow access the subscribed feedsContentProvider.) ","READ_CONTACTS (Allows an application to read the user's contacts data.) ","AUTHENTICATE_ACCOUNTS (Allows an application to act as an AccountAuthenticator for the AccountManager.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","MANAGE_ACCOUNTS (Allows an application to manage the list of accounts in the AccountManager.) ","USE_CREDENTIALS (Allows an application to request authtokens from the AccountManager.) ","INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 6 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Netherlands","United States","Ireland","United Kingdom","Switzerland","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://fake.com/?e=","http://support.google.com/drive/?hl=%s&p=drive_mobile_data"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"ok","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"The application or application components define specific type filter for handling different file types. If different applications define the same filter types the user has to decide which application should handle the file. ","text":"App can handle documents of mimeType: ","context":"0"},"resultList":[{"result":["application/vnd.google-apps"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"MIXED_URL-TEST","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Mixed usage of HTTP and HTTPS: Protected and unprotected submission of parameters to the same domain. Indicates implementation flaw or weak communication protection. ","text":"Domains accessed with http AND https: ","context":"7000"},"resultList":[{"result":["support.google.com"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["READ_SYNC_SETTINGS (Allows applications to read the sync settings.) ","READ_SYNC_STATS (Allows applications to read the sync stats.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","WRITE_SYNC_SETTINGS (Allows applications to write the sync settings.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","VIBRATE (Allows access to the vibrator.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["AUTHENTICATE_ACCOUNTS","SUBSCRIBED_FEEDS_WRITE","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.google.android.libraries.social.licenses.LicenseMenuActivity","com.google.android.apps.docs.editors.shared.widgets.shortcuts.NewFileShortcutActivity","com.google.android.apps.docs.editors.shared.documentopener.EditorDocumentOpenerActivityProxy","com.google.android.apps.docs.editors.shared.documentcreation.GDocCreatorActivity","com.google.android.apps.docs.editors.shared.documentcreation.ExternalDocumentCreatorActivity","com.google.android.apps.docs.app.detailpanel.DetailActivity","com.google.android.apps.docs.help.ReportAbuseActivity","com.google.android.apps.docs.editors.shared.openurl.EditorOpenUrlActivity","com.google.android.apps.docs.app.PaymentsActivity","com.google.android.apps.docs.doclist.unifiedactions.UnifiedActionsActivity","com.google.android.apps.docs.editors.shared.details.ShowBasicDetailsPanelActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.google.android.googleapps.permission.GOOGLE_AUTH","android.permission.DOWNLOAD_WITHOUT_NOTIFICATION","com.google.android.googleapps.permission.GOOGLE_AUTH.ALL_SERVICES","com.google.android.googleapps.permission.GOOGLE_AUTH.writely","android.permission.SUBSCRIBED_FEEDS_READ","com.android.launcher.permission.INSTALL_SHORTCUT","com.google.android.providers.gsf.permission.READ_GSERVICES","com.google.android.googleapps.permission.GOOGLE_AUTH.OTHER_SERVICES","com.google.android.apps.docs.editors.trix.permission.SYNC_STATUS","com.google.android.apps.docs.editors.trix.permission.READ_MY_DATA","android.permission.WRITE_SYNC_STATS","com.google.android.googleapps.permission.GOOGLE_AUTH.wise","com.google.android.gm.permission.READ_GMAIL"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build serial","build fingerprint","build brand","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Location (inactive)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://www.google.com/intl/%s/policies/privacy/","http://www.google.com/intl/%s/policies/terms/","http://support.google.com/drive/?hl=%s&p=drive_mobile_data"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"yes","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"Reasons for category violations of default policy: ","text":"Violations of default policy?","context":"0"},"detailList":[{"detail":["Detected risks are not compliant to security policy requirements for apps managing files. "]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: unintended use of insecure HTTP protocol for transmissions of parameters to servers capable of HTTPS. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"de.myhermes.app:3.6.1","name":"Hermes Paket Versand & Empfang","version":"3.6.1","model":"Messenger","store_url":"https://play.google.com/store/apps/details?id=de.myhermes.app"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"yes","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"App requests permission READ_CONTACTS to access the phones address book.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Doubleclick"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["app-measurement.com","appinstall.webtrekk.net","csi.gstatic.com","fussball.hermesworld.com","googleads.g.doubleclick.net","hermeslogistik01.wt-eu02.net","m.youtube.com","maps.google.com","maps.googleapis.com","play.google.com","plus.google.com","site.adform.com","track.adform.net","twitter.com","www.facebook.com","www.hermesworld.com","www.myhermes.de","www.twitter.com","www.youtube-nocookie.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://maps.google.com/maps?saddr=","http://maps.googleapis.com/maps/api/geocode/json?address=","http://maps.googleapis.com/maps/api/staticmap?sensor=false&mobile=true&zoom=15&¢er=","https://m.youtube.com/#/playlist?list=PLRrGAQNM_E2tXe_hErXdpp_UC35SJA1Kk","https://play.google.com/store/apps/details?id=","https://play.google.com/store/apps/details?id=%s&pt=343601&ct=WEM-App-%s|TW|EM&mt=8","https://track.adform.net/Serving/TrackPoint/?pm=","https://twitter.com/share?text=","https://www.facebook.com/sharer/sharer.php?t=","https://www.youtube-nocookie.com/embed/8Ja4dDX-Mfo?hl=de&showinfo=0","market://details?id=","market://details?id=%s"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","ACCESS_FINE_LOCATION (Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.) ","CAMERA (Required to be able to access the camera device. This will automatically enforce the uses-feature manifest element for all camera features. If you do not require all camera features or can properly operate if a camera is not available, then you must modify your manifest as appropriate in order to install on devices that don't support all camera features.) ","READ_CONTACTS (Allows an application to read the user's contacts data.) ","ACCESS_COARSE_LOCATION (Allows an app to access approximate location derived from network location sources such as cell towers and Wi-Fi.) ","INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 4 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["United States","Ireland","Denmark","Germany"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://maps.google.com/maps?saddr=","http://maps.googleapis.com/maps/api/geocode/json?address=","http://maps.googleapis.com/maps/api/staticmap?sensor=false&mobile=true&zoom=15&¢er="]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["ClassLoader.loadClass(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","VIBRATE (Allows access to the vibrator.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["ACCESS_FINE_LOCATION","READ_CONTACTS","ACCESS_COARSE_LOCATION","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["de.myhermes.app.MainActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.google.android.c2dm.permission.RECEIVE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build display","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different sensors. This allows the application to track the user and/or determine the environment of the user.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera","WIFI-Based Location","GPS Location"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://site.adform.com/privacy-policy/de","http://maps.googleapis.com/maps/api/geocode/json?address=","http://maps.google.com/maps?saddr=","http://maps.googleapis.com/maps/api/staticmap?sensor=false&mobile=true&zoom=15&¢er=","http://www.twitter.com/hermesDE","http://appinstall.webtrekk.net/appinstall/v1/install?"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected Maps Access","resultClass":"Privacy","name":"URL Checks","detail":"App contains URL(s) that indicate an unprotected HTTP access to map providers. The transmitted location query parameters to the following map providers are in this case accesible by third parties: ","text":"Unprotected map queries?","context":"0"},"detailList":[{"detail":["Google Maps"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["Unprotected Access: Disclosure of location or web query data though unprotected communication with service providers. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.hp.printercontrol:3.8.121","name":"HP All-in-One Printer Remote","version":"3.8.121","model":"Generic","store_url":"https://play.google.com/store/apps/details?id=com.hp.printercontrol"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi/libPdfGenerator.so","ARM 32 bit: lib/armeabi/libpageLiftKernel.so","x86 32bit: lib/x86/libPdfGenerator.so","x86 32bit: lib/x86/libpageLiftKernel.so","ARM 32 bit: lib/armeabi-v7a/libpageLiftKernelNeon.so","ARM 32 bit: lib/armeabi-v7a/libPdfGenerator.so","ARM 32 bit: lib/armeabi-v7a/libpageLiftKernel.so"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"none","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"No indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["123.hp.com","123.hpconnected.com","accounts.google.com","activate-dev2.hpconnecteddev.com","activate-pie1.hpconnectedpie.com","activate-stage1.hpconnectedstage.com","activate-test1.hpconnectedtest.com","android.myapp.com","app-measurement.com","app.mi.com","google.com","h22203.www2.hp.com","hp.com","instantink.hpconnected.com","login.live.com","login.yahoo.com","lstest2.pogoplug.com","market.android.com","oss.hpconnected.com","oss.hpconnectedpie.com","oss.hpconnectedstage.com","oss.hpconnectedtest.com","pam-dev2.hpconnecteddev.com","pam-pie1.hpconnectedpie.com","pam-stage1.hpconnectedstage.com","pam-test1.hpconnectedtest.com","play.google.com","plus.google.com","sbdstaging.external.hp.com","services-dev2.hpconnecteddev.com","services-pci.hpconnected.com","services-pie1.hpconnectedpie.com","services-stage1.hpconnectedstage.com","services-test1.hpconnectedtest.com","shouji.baidu.com","ssl.google-analytics.com","stage01epc.hpconnectedstage.com","support.hp.com","susuwebservitg.itcs.hp.com","switcherservice.external.hp.com","twitter.com","webauth-dev2.hpconnecteddev.com","webauth-pie1.hpconnectedpie.com","webauth-stage1.hpconnectedstage.com","webauth-test1.hpconnectedtest.com","webauth.hpconnected.com","www.amazon.com","www.facebook.com","www.google-analytics.com","www.google.com","www.googleapis.com","www.googletagmanager.com","www.hp.com","www.hpconnected.com","www.linkedin.com","www.paypal.com","www.pwg.org","www8.hp.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["amzn://apps/android?p=%s","amzn://apps/android?p=com.hp.android.print","amzn://apps/android?p=com.hp.android.printservice","http://123.hp.com?source=AiOAnd","http://android.myapp.com/myapp/detail.htm?apkName=com.hp.android.printservice","http://app.mi.com/detail/77927?ref=search","http://shouji.baidu.com/software/item?docid=7994677&from=as","https://instantink.hpconnected.com/?jumpid=in_r11549_aiomoobe_060116","https://instantink.hpconnected.com/?jumpid=in_r11549_ii2_aioiitab_030116","https://instantink.hpconnected.com/?jumpid=in_r11549_ii2_aiotour_030116","https://market.android.com/details?id=com.hp.android.print&hl=en","https://market.android.com/details?id=com.hp.android.printservice&hl=en","https://play.google.com/store/apps/details?id=com.hp.android.printservice","https://play.google.com/store/apps/details?id=com.hp.printercontrol","https://www.amazon.com/gp/mas/dl/android?p=com.hp.android.print","https://www.amazon.com/gp/mas/dl/android?p=com.hp.android.printservice","market://details?id=%s","market://details?id=com.hp.android.print","market://details?id=com.hp.android.printservice","market://details?id=com.hp.esupplies","market://details?id=com.hp.newsstand","market://details?id=com.hp.printercontrol","market://details?id=com.neat.android","market://details?id=om.hp.photohive"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"RSA/None/OAEPWithSHA1AndMGF1Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","CHANGE_WIFI_STATE (Allows applications to change Wi-Fi connectivity state.) ","CHANGE_WIFI_MULTICAST_STATE (Allows applications to enter Wi-Fi Multicast mode.) ","INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 7 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Netherlands","Austria","United States","Ireland","China","United Kingdom","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://123.hp.com?source=AiOAnd","http://android.myapp.com/myapp/detail.htm?apkName=com.hp.android.printservice","http://app.mi.com/detail/77927?ref=search","http://shouji.baidu.com/software/item?docid=7994677&from=as"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","CHANGE_NETWORK_STATE (Allows applications to change network connectivity state.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["CHANGE_NETWORK_STATE","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.hp.printercontrol.base.UiDrawerBaseAct"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.hp.pps.htmlprintservice.PRINT","android.permission.ACCESS_NETWORK_STATE_STATE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build fingerprint","build brand","MAC address(es)","Wifi-MAC address","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no Permission defined for camera usage, but the application contains specific API calls accessing the camera. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera (inactive)","Location (inactive)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://app.mi.com/detail/77927?ref=search","http://www.pwg.org/schemas/2010/12/sm","http://hp.com/go/privacy","http://support.hp.com/us-en/document/c02890475","http://support.hp.com/us-en/document/c01712401","http://support.hp.com/us-en/document/c01154408","http://support.hp.com/us-en/document/c04516168","http://support.hp.com/us-en/document/c01135910","http://www8.hp.com/us/en/m/privacy/ww-privacy.html","http://www.google.com/policies/privacy/partners/","http://shouji.baidu.com/software/item?docid=7994677&from=as","http://support.hp.com/us-en/document/c01626936","http://support.hp.com/us-en/document/c01370564","http://www.hp.com/schemas/imaging/con/ledm/iomgmt/2008/11/30","http://support.hp.com/us-en/document/c01886213","http://support.hp.com/us-en/document/c02959380","http://android.myapp.com/myapp/detail.htm?apkName=com.hp.android.printservice","http://www.hp.com/schemas/imaging/con/wifi/2009/06/26","http://twitter.com/intent/tweet","http://support.hp.com/us-en/document/c03246473","http://www.hp.com/schemas/imaging/ljs/shopforsuppliesrequest/2007/11/07","http://support.hp.com/us-en/document/c04354093"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Faulty custom SSL error handling detected. The Class WebViewClient is extended and onReceiveSslError(...) is overwritten with an insecure implementation. ","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: App contains insecure code for communication protection with SSL/TLS. Common source for flawed communication protection against man-in-the-middle attacks. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.hp.android.printservice:2.13-2.1.1-11c-16.2.15-86","name":"HP Druckdienst-Plug-In","version":"2.13-2.1.1-11c-16.2.15-86","model":"Generic","store_url":"https://play.google.com/store/apps/details?id=com.hp.android.printservice"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi/libioshpmpbsnmp.so","ARM 32 bit: lib/armeabi/libhogweed.so","ARM 32 bit: lib/armeabi/libioshpmpcjson.so","ARM 32 bit: lib/armeabi/libioshpmpexpat.so","ARM 32 bit: lib/armeabi/libioshpmpjpeg.so","ARM 32 bit: lib/armeabi/libioshpmp.so","ARM 32 bit: lib/armeabi/libioshpmppdfium.so","ARM 32 bit: lib/armeabi/libnettle.so","ARM 32 bit: lib/armeabi/libgnutls.so","ARM 32 bit: lib/armeabi/libioshpmpcups.so","ARM 32 bit: lib/armeabi/libgmp.so","x86 32bit: lib/x86/libioshpmpbsnmp.so","x86 32bit: lib/x86/libhogweed.so","x86 32bit: lib/x86/libioshpmpcjson.so","x86 32bit: lib/x86/libioshpmpexpat.so","x86 32bit: lib/x86/libioshpmpjpeg.so","x86 32bit: lib/x86/libioshpmp.so","x86 32bit: lib/x86/libioshpmppdfium.so","x86 32bit: lib/x86/libnettle.so","x86 32bit: lib/x86/libgnutls.so","x86 32bit: lib/x86/libioshpmpcups.so","x86 32bit: lib/x86/libgmp.so"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"none","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"No indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation provider used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"In general code obfuscation is done automatically by different obfuscation frameworks or obfuscation service providers. Detailed information to the detected framework Proguard can be found under: http://developer.android.com/tools/help/proguard.html","text":"Obfuscation framework used: ","context":"4997"},"resultList":[{"result":["Proguard"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["app-measurement.com","ePrint.hp.com","h20615.www2.hp.com","hp.com","ssl.google-analytics.com","susuwebservitg.itcs.hp.com","switcherservice.external.hp.com","www.google-analytics.com","www.hp.com","www.pwg.org"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["amzn://apps/android?p=%s","market://details?id=%s"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["INTERNET (Allows applications to open network sockets.) ","NFC (Allows applications to perform I/O operations over NFC.) ","CHANGE_WIFI_STATE (Allows applications to change Wi-Fi connectivity state.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 3 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["United States","Ireland","unknown"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"Full remote auto backup include test","resultClass":"Privacy","name":"Full remote auto backup include test","detail":"In this application full remote auto backup is enabled. There will be a remote backup of specified, possibly sensitive application data like database entries. The backup will be stored in the Google Cloud. The application defines the whitelisting of files in the backup configuration. The following specified files in the whitelisting will will be remotely stored in the Google Cloud:","text":"Remote auto backup with include enabled?","context":"0"},"detailList":[{"detail":["database:AddedPrintersDB","sharedpref:"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","CHANGE_NETWORK_STATE (Allows applications to change network connectivity state.) ","VIBRATE (Allows access to the vibrator.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["CHANGE_NETWORK_STATE","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.hp.android.printservice.backDoor.BackDoorPrinterOptionsAct","com.hp.android.printservice.ActivityAndroidPrintOptions","com.hp.android.printservice.ActivitySettings","com.hp.android.printservice.ActivityAndroidPrinterInfo","com.hp.android.printservice.ActivityLegalNotice","com.hp.sure.supply.lib.ActivitySureSupplyRedirect","com.hp.android.printservice.ActivityAndroidPrintSettings","com.hp.android.printservice.ActivityAbout","com.hp.android.printservice.ActivityAndroidPrintAddPrinter","com.hp.android.printservice.usb.ActivityUSBDeviceAttached"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["hp.enterprise.print.extension.permission","android.permission.ACCESS_NETWORK_STATE_STATE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","Wifi-MAC address"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Location (inactive)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://www.pwg.org/schemas/2010/12/sm","http://hp.com/go/privacy","http://www.hp.com/schemas/imaging/con/ledm/iomgmt/2008/11/30","http://www.hp.com/schemas/imaging/con/wifi/2009/06/26","http://www.hp.com/schemas/imaging/con/cloud/onramp/2009/12/20","http://www.hp.com/schemas/imaging/ljs/shopforsuppliesrequest/2007/11/07"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default error handling for SSL/TLS client communication. Error-prone modifications can be ruled out. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"yes","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"There is a possible risk for devices with WiFi-Direct enabled on android due to a buffer overflow vulnerability in the wpa_supplicant module responsible for wlan management (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service). Possible risks are denial of service, data leakage and possibly remote code execution.","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.qisiemoji.inputmethod:5.5.6.1454","name":"Kika Keyboard – Emoji, GIFs
","version":"5.5.6.1454","model":"Emoji","store_url":"https://play.google.com/store/apps/details?id=com.qisiemoji.inputmethod"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi-v7a/libun7z.so","ARM 32 bit: lib/armeabi-v7a/libjni_latinime.so","ARM 32 bit: lib/armeabi-v7a/libgifflen.so","ARM 32 bit: lib/armeabi-v7a/libjni_pinyinime.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"yes","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"App requests permission READ_CONTACTS to access the phones address book.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Alibaba","Crashlytics","Doubleclick","Umeng"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Alarm with Intervals test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The scheduled task gets repeated in the following intervals: ","text":"Alarm intervals dynamically?","context":"9420"},"detailList":[{"detail":["Dynamic interval(s)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation provider used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"In general code obfuscation is done automatically by different obfuscation frameworks or obfuscation service providers. Detailed information to the detected framework Proguard can be found under: http://developer.android.com/tools/help/proguard.html","text":"Obfuscation framework used: ","context":"4997"},"resultList":[{"result":["Proguard"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"ok","testID":"Bootcompleted Components Test","resultClass":"Runtime Security","name":"Application autostart receiver","detail":"The Application has the permission to start automatically after booting the device. The application can execute code without userinteraction or prevention.","text":"Executed component after Phone Reboot: ","context":"0"},"resultList":[{"result":["com.qisi.datacollect.receiver.AgentReceiver","com.qisi.receiver.BootCompletedReceiver"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","abtest.kika-backend.com","alog.umeng.co","alog.umeng.com","api-pre.kikakeyboard.com","api.appsflyer.com","api.keen.io","api.kika-backend.com","api.kikakeyboard.com","api.riffsy.com","api.tinyhoneybee.com","api.yun.galaxyfont.com","app.adjust.com","cdn.kikakeyboard.com","cdn.yun.galaxyfont.com","cdn5.xinmei365.com","cdn6.xinmei365.com","csi.gstatic.com","dc.kika-backend.com","e.crashlytics.com","events.appsflyer.com","facebook.com","googleads.g.doubleclick.net","graph-video.%s","graph.%s","graph.%s.facebook.com","graph.facebook.com","kika.zendesk.com","kikaapi.kika-backend.com","lh5.ggpht.com","log.umsns.com","oc.umeng.co","oc.umeng.com","pagead2.googlesyndication.com","play.google.com","plus.google.com","preapi.kika-backend.com","recommend.kikakeyboard.com","register.appsflyer.com","sb-ssl.google.com","settings.crashlytics.com","smart.tinyhoneybee.com","ssl.google-analytics.com","stat.kika-backend.com","stats.appsflyer.com","t.appsflyer.com","testapi.tinyhoneybee.com","upaicdn.xinmei365.com","w3.org","www.%s.facebook.com","www.facebook.com","www.google","www.google-analytics.com","www.google.com","www.googleapis.com","www.googletagmanager.com","www.kikakeyboard.com","www.kikatech.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://api.kikakeyboard.com/Recommendtheme/v2recommend?package_name=%s&device_id=%s&country=%s&lang=%s&version=%s","http://api.kikakeyboard.com/assets/getAssets?packageName=","http://api.yun.galaxyfont.com/index/min_ttf?appKey=%s&fontIdNo=%s&str=%s&type=%s","http://cdn5.xinmei365.com/cdndata/sdkapi/appAllFont?app_key=%s&country=%s&type=%s","http://cdn5.xinmei365.com/cdndata/sdkapi/appcategory?app_key=%s&country=%s","http://cdn5.xinmei365.com/cdndata/sdkapi/categoryFont?app_key=%s&cate_id=%s","http://cdn6.xinmei365.com/cdndata/sdkfontlist/sdkfontlist?channel_mark=%s&type=%s","http://kikaapi.kika-backend.com/pub/pubinfo?package_name=%s&last_max_pub_id=%d&device_id=%s&country=%s&lang=%s&inactive_day=%d&version=%s&user_push_switch=%d","http://play.google.com/store/apps/details?id=%1attrs","http://play.google.com/store/apps/details?id=com.facebook.orca","https://play.google.com/store/apps/details?id=","https://play.google.com/store/apps/details?id=%1attrs","https://play.google.com/store/apps/details?id=com.kika.wallpaper&referrer=utm_source%3Dkika%2520keyboard","https://play.google.com/store/apps/details?id=com.monotype.android.font.coolemoji&referrer=%1attrs&utm_source=%1attrs","https://play.google.com/store/apps/details?id=com.qisiemoji.inputmethod&referrer=utm_source%3Dapp_pop_up","https://play.google.com/store/apps/details?id=com.qisiemoji.inputmethod&referrer=utm_source%3Dkeyboard_emoji","https://play.google.com/store/apps/details?id=com.qisiemoji.inputmethod&referrer=utm_source%3Dkeyboard_menu","https://play.google.com/store/apps/details?id=com.qisiemoji.inputmethod&referrer=utm_source%3Dwarning_bar","market://details?id=","market://details?id=%s","market://details?id=com.facebook.orca","market://details?id=com.google.android.gms.ads","market://details?id=kik.android"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Constant initialization vectors found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Use of constant initialization vectors is a bad practice. The following initialization vectors were found: ","text":"Constant initialization vectors found?","context":"998"},"detailList":[{"detail":["10,1,11,5,4,15,7,9,23,3,1,6,8,12,13,91"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\"","\"AES/CBC/PKCS7Padding\"","\"Blowfish/ECB/PKCS5Padding\"","\"RSA/ECB/PKCS1Padding\"","\"RSA/NONE/PKCS1Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["ACCESS_COARSE_LOCATION (Allows an app to access approximate location derived from network location sources such as cell towers and Wi-Fi.) ","READ_PROFILE (Allows an application to read the user's personal profile data.) ","READ_USER_DICTIONARY (Allows an application to read the user dictionary. This should really only be required by an IME, or a dictionary editor like the Settings app.) ","ACCESS_FINE_LOCATION (Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.) ","CAMERA (Required to be able to access the camera device. This will automatically enforce the uses-feature manifest element for all camera features. If you do not require all camera features or can properly operate if a camera is not available, then you must modify your manifest as appropriate in order to install on devices that don't support all camera features.) ","INTERNET (Allows applications to open network sockets.) ","READ_CONTACTS (Allows an application to read the user's contacts data.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","RECORD_AUDIO (Allows an application to record audio.) ","SYSTEM_ALERT_WINDOW (Allows an application to open windows using the type android.view.WindowManager.LayoutParams TYPE_SYSTEM_ALERT, shown on top of all other applications. Very few applications should use this permission; these windows are intended for system-level interaction with the user.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 7 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Hong Kong","United States","China","Ireland","United Kingdom","Germany","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://api.kikakeyboard.com/Recommendtheme/v2recommend?package_name=%s&device_id=%s&country=%s&lang=%s&version=%s","http://api.kikakeyboard.com/assets/getAssets?packageName=","http://api.yun.galaxyfont.com/index/min_ttf?appKey=%s&fontIdNo=%s&str=%s&type=%s","http://cdn5.xinmei365.com/cdndata/sdkapi/appAllFont?app_key=%s&country=%s&type=%s","http://cdn5.xinmei365.com/cdndata/sdkapi/appcategory?app_key=%s&country=%s","http://cdn5.xinmei365.com/cdndata/sdkapi/categoryFont?app_key=%s&cate_id=%s","http://cdn6.xinmei365.com/cdndata/sdkfontlist/sdkfontlist?channel_mark=%s&type=%s","http://kikaapi.kika-backend.com/pub/pubinfo?package_name=%s&last_max_pub_id=%d&device_id=%s&country=%s&lang=%s&inactive_day=%d&version=%s&user_push_switch=%d","http://play.google.com/store/apps/details?id=%1attrs","http://play.google.com/store/apps/details?id=com.facebook.orca"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)","load(...)","loadLibrary(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"MIXED_URL-TEST","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Mixed usage of HTTP and HTTPS: Protected and unprotected submission of parameters to the same domain. Indicates implementation flaw or weak communication protection. ","text":"Domains accessed with http AND https: ","context":"7000"},"resultList":[{"result":["play.google.com"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["FLASHLIGHT (Allows access to the flashlight.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","WRITE_USER_DICTIONARY (Allows an application to write to the user dictionary.) ","GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) ","RECEIVE_BOOT_COMPLETED (Allows an application to receive the android.content.Intent ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting. If you don't request this permission, you will not receive the broadcast at that time. Though holding this permission does not have any security implications, it can have a negative impact on the user experience by increasing the amount of time it takes the system to start and allowing applications to have themselves running without the user being aware of them. As such, you must explicitly declare your use of this facility to make that visible to the user.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","VIBRATE (Allows access to the vibrator.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["FLASHLIGHT","SYSTEM_ALERT_WINDOW","READ_PROFILE","ACCESS_FINE_LOCATION","ACCESS_COARSE_LOCATION","PACKAGE_USAGE_STATS","CAMERA","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.qisi.inputmethod.dictionarypack.DownloadOverMeteredDialog","com.android.inputmethod.latin.settings.customtheme.CustomThemeActivity2","com.qisi.share.MessageShareActivity","com.qisi.cropimage.CropImageActivity","com.facebook.CustomTabActivity","com.qisi.inputmethod.dictionarypack.DictionarySettingsActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["android.permission.DOWNLOAD_WITHOUT_NOTIFICATION","com.google.android.c2dm.permission.RECEIVE","com.qisiemoji.inputmethod.permission.C2D_MESSAGE","com.android.vending.BILLING"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build serial","build hardware","build display","build fingerprint","build brand","IMEI/MEID","SIM card serial","Wifi-MAC address","country code + mobile network code for SIM provider","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"The SSL trust management for socket communication is modified in an insecure way. The following implementations of the X509TrustManager interface should be checked: ","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"},"detailList":[{"detail":["Lcom/voicebox/android/sdk/internal/e/a/i;","Lcom/voicebox/android/sdk/internal/e/e;"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarm Serivce test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The alarm manager has been initialized properly. ","text":"Alarm Manager initialized dynamically?","context":"9410"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"ok","testID":"Scheduled Alarm Types test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"","text":"Alarm repeating types: ","context":"9440"},"resultList":[{"result":["RTC","ELAPSED_REALTIME_WAKEUP"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application contains a registered scheduled alarm. With such an alarm the application repeats the execution of the registered task for example every 10 hours. The following classes register scheduled tasks:","text":"Scheduled Alarm Manager registered?","context":"9450"},"detailList":[{"detail":["com.qisi.datacollect.service.a","com.qisi.datacollect.receiver.AgentReceiver"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually. Application defines a permission ( android.permission.RECORD_AUDIO ) accessing the microphone, but there were no specific API calls found. This could be an indication for overprivileges, developer missconfiguration or confused deputy attack.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["WIFI-Based Location","GPS Location"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Signature Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs system/signature permissions? ","context":"180"},"detailList":[{"detail":["PACKAGE_USAGE_STATS (Allows an application to collect component usage statistics.) "]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://cdn5.xinmei365.com/cdndata/sdkapi/categoryFont?app_key=%s&cate_id=%s","http://upaicdn.xinmei365.com/fontzip/","http://cdn5.xinmei365.com/cdndata/sdkapi/appcategory?app_key=%s&country=%s","http://cdn5.xinmei365.com/cdndata/sdkapi/appAllFont?app_key=%s&country=%s&type=%s","http://api.kikakeyboard.com/assets/getAssets?packageName=","http://recommend.kikakeyboard.com/list","http://testapi.tinyhoneybee.com/api/getADConfig","http://www.kikakeyboard.com/thanks.html","http://smart.tinyhoneybee.com/log/receive","http://www.kikatech.com/conditions.html","http://api.riffsy.com/v1/","http://kikaapi.kika-backend.com/pub/pubinfo?package_name=%s&last_max_pub_id=%d&device_id=%s&country=%s&lang=%s&inactive_day=%d&version=%s&user_push_switch=%d","http://w3.org/1999/xhtml","http://oc.umeng.com/check_config_update","http://upaicdn.xinmei365.com/fontAPK/","http://api.kika-backend.com/api/getStatisticStrategy","http://play.google.com/store/apps/details?id=%1attrs","http://log.umsns.com/share/api/","http://preapi.kika-backend.com/dic_list.php","http://api.tinyhoneybee.com/api/getADResource","http://stat.kika-backend.com/stat/addStat","http://api.yun.galaxyfont.com/index/min_ttf?appKey=%s&fontIdNo=%s&str=%s&type=%s","http://cdn6.xinmei365.com/cdndata/sdkfontlist/sdkfontlist?channel_mark=%s&type=%s","http://alog.umeng.com/app_logs","http://alog.umeng.co/app_logs","http://abtest.kika-backend.com/ab.php","http://oc.umeng.co/check_config_update","http://api.tinyhoneybee.com/api/getADConfig","http://dc.kika-backend.com/api.php","http://api.tinyhoneybee.com/api/adUsage","http://api.tinyhoneybee.com/api/getADConfig?","http://api.kikakeyboard.com/Recommendtheme/v2recommend?package_name=%s&device_id=%s&country=%s&lang=%s&version=%s"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: App contains insecure code for communication protection with SSL/TLS. Common source for flawed communication protection against man-in-the-middle attacks. ","Possible flaw: unintended use of insecure HTTP protocol for transmissions of parameters to servers capable of HTTPS. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. ","Crypto: Constant initialization vector detected. This should be avoided, as it allows an attacker to infer relationships between segments of encrypted messages if encrypted with the same key and initialization vector. "]}]}]},{"attr":{"os":"Android","appId":"telefonica.de.blau:1.0.3","name":"Mein Blau","version":"1.0.3","model":"Network Tool","store_url":"https://play.google.com/store/apps/details?id=telefonica.de.blau"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"yes","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"App requests permission READ_CONTACTS to access the phones address book.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Doubleclick"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["a.andy.sandbox.cloudmade.com","a.tile.cloudmade.com","accounts.google.com","apps.blau.de","auth.cloudmade.com","b.andy.sandbox.cloudmade.com","b.tile.cloudmade.com","beta-apps.blau.de","c.andy.sandbox.cloudmade.com","c.tile.cloudmade.com","cdn2.spatialbuzz.com","login.blau.de","login.live.com","login.yahoo.com","maps.google.com","maps.googleapis.com","mlav0.o2online.de","mt3.google.com","otile1.mqcdn.com","otile2.mqcdn.com","otile3.mqcdn.com","otile4.mqcdn.com","overlay.openstreetmap.nl","play.google.com","plus.google.com","speedchecker.o2.de","ssl.google-analytics.com","tah.openstreetmap.org","tile.openstreetmap.org","tile.xn--pnvkarte-m4a.de","topo.geofabrik.de","topo.openstreetmap.de","twitter.com","www.PLACEYOURDOMAINHERE.com","www.facebook.com","www.google-analytics.com","www.googleapis.com","www.googletagmanager.com","www.linkedin.com","www.o2online.de","www.openstreetmap.org","www.paypal.com","www.slf4j.org","www.topografix.com","www.vertriebspartner.de.o2.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://a.tile.cloudmade.com/%s/%d/%d/%d/%d/%d%s?token=%s","http://b.tile.cloudmade.com/%s/%d/%d/%d/%d/%d%s?token=%s","http://c.tile.cloudmade.com/%s/%d/%d/%d/%d/%d%s?token=%s","http://maps.google.com/maps?f=d&saddr=","http://www.vertriebspartner.de.o2.com/shopsuche/webservices/ShopSearchService.svc/JsonExecute?lat=","http://www.vertriebspartner.de.o2.com/shopsuche/webservices/ShopSearchService.svc/JsonExecute?zip=","https://maps.googleapis.com/maps/api/geocode/json?address=","https://maps.googleapis.com/maps/api/geocode/json?latlng=","https://play.google.com/store/apps/details?id=","https://play.google.com/store/apps/details?id=de.nudged.blau","market://details?id=","market://search?q=pdf"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Usage of RC4 was identified. RC4 is a weak algorithm and it's use should be avoided.","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\"","\"DES/ECB/NoPadding\"","\"RC4/NONE/NoPadding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["SEND_SMS (Allows an application to send SMS messages.) ","READ_CONTACTS (Allows an application to read the user's contacts data.) ","READ_SMS (Allows an application to read SMS messages.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","INTERNET (Allows applications to open network sockets.) ","WRITE_SMS (Allows an application to write SMS messages.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 8 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Austria","Netherlands","United States","Ireland","Brazil","United Kingdom","Germany","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://a.tile.cloudmade.com/%s/%d/%d/%d/%d/%d%s?token=%s","http://b.tile.cloudmade.com/%s/%d/%d/%d/%d/%d%s?token=%s","http://c.tile.cloudmade.com/%s/%d/%d/%d/%d/%d%s?token=%s","http://maps.google.com/maps?f=d&saddr=","http://www.vertriebspartner.de.o2.com/shopsuche/webservices/ShopSearchService.svc/JsonExecute?lat=","http://www.vertriebspartner.de.o2.com/shopsuche/webservices/ShopSearchService.svc/JsonExecute?zip="]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","REORDER_TASKS (Allows an application to change the Z-order of tasks.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["SEND_SMS","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["canvasm.myo2.SplashActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["telefonica.de.blau.permission.C2D_MESSAGE","telefonica.de.blau.permission.READ_GSERVICES","com.google.android.c2dm.permission.RECEIVE","com.google.android.providers.gsf.permission.READ_GSERVICES"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build brand","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"The SSL trust management for socket communication is modified in an insecure way. The following implementations of the X509TrustManager interface should be checked: ","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"},"detailList":[{"detail":["Lcanvasm/myo2/app_requests/_base/BaseClientProviderattrTrustAllSSLSocketFactoryattr1;","Lcanvasm/myo2/app_globals/AppGlobalDataProviderattrTrustAllSSLSocketFactoryattr1;","Lch/boye/httpclientandroidlib/conn/ssl/SSLContextBuilderattrTrustManagerDelegate;"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Location (inactive)","Acceleration/Light"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://www.vertriebspartner.de.o2.com/shopsuche/webservices/ShopSearchService.svc/JsonExecute?zip=","http://otile4.mqcdn.com/tiles/1.0.0/osm/","http://cdn2.spatialbuzz.com/api/","http://tile.xn--pnvkarte-m4a.de/tilegen/","http://overlay.openstreetmap.nl/basemap/","http://topo.openstreetmap.de/topo/","http://b.andy.sandbox.cloudmade.com/tiles/cycle/","http://otile3.mqcdn.com/tiles/1.0.0/osm/","http://overlay.openstreetmap.nl/openfietskaart-overlay/","http://overlay.openstreetmap.nl/roads/","http://www.vertriebspartner.de.o2.com/shopsuche/webservices/ShopSearchService.svc/JsonExecute?lat=","http://otile2.mqcdn.com/tiles/1.0.0/osm/","http://tah.openstreetmap.org/Tiles/tile/","http://www.topografix.com/GPX/1/1","http://speedchecker.o2.de/cgi-bin/mobile_upload","http://otile1.mqcdn.com/tiles/1.0.0/osm/","http://auth.cloudmade.com/token/","http://topo.openstreetmap.de/base/","http://c.andy.sandbox.cloudmade.com/tiles/cycle/","http://www.slf4j.org/codes.html","http://a.andy.sandbox.cloudmade.com/tiles/cycle/","http://topo.geofabrik.de/hills/","http://maps.google.com/maps?f=d&saddr=","http://www.openstreetmap.org/api/0.5/gpx/create","http://www.PLACEYOURDOMAINHERE.com/anyfolder/gpxuploader/upload.php"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default error handling for SSL/TLS client communication. Error-prone modifications can be ruled out. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: App contains insecure code for communication protection with SSL/TLS. Common source for flawed communication protection against man-in-the-middle attacks. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"canvasm.myo2:6.1.2","name":"Mein o2","version":"6.1.2","model":"Network Tool","store_url":"https://play.google.com/store/apps/details?id=canvasm.myo2"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"yes","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"App requests permission READ_CONTACTS to access the phones address book.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Doubleclick"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["a.andy.sandbox.cloudmade.com","a.tile.cloudmade.com","accounts.google.com","apps.o2online.de","auth.cloudmade.com","b.andy.sandbox.cloudmade.com","b.tile.cloudmade.com","beta.apps.o2online.de","c.andy.sandbox.cloudmade.com","c.tile.cloudmade.com","cdn2.spatialbuzz.com","login-e2e2.o2online.de","login.live.com","login.o2online.de","login.yahoo.com","maps.google.com","maps.googleapis.com","mlav0.o2online.de","mt3.google.com","otile1.mqcdn.com","otile2.mqcdn.com","otile3.mqcdn.com","otile4.mqcdn.com","overlay.openstreetmap.nl","play.google.com","plus.google.com","speedchecker.o2.de","ssl.google-analytics.com","tah.openstreetmap.org","tile.openstreetmap.org","tile.xn--pnvkarte-m4a.de","topo.geofabrik.de","topo.openstreetmap.de","twitter.com","www.PLACEYOURDOMAINHERE.com","www.facebook.com","www.google-analytics.com","www.googleapis.com","www.googletagmanager.com","www.linkedin.com","www.o2online.de","www.openstreetmap.org","www.paypal.com","www.slf4j.org","www.topografix.com","www.vertriebspartner.de.o2.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://a.tile.cloudmade.com/%s/%d/%d/%d/%d/%d%s?token=%s","http://b.tile.cloudmade.com/%s/%d/%d/%d/%d/%d%s?token=%s","http://c.tile.cloudmade.com/%s/%d/%d/%d/%d/%d%s?token=%s","http://maps.google.com/maps?f=d&saddr=","http://www.vertriebspartner.de.o2.com/shopsuche/webservices/ShopSearchService.svc/JsonExecute?lat=","http://www.vertriebspartner.de.o2.com/shopsuche/webservices/ShopSearchService.svc/JsonExecute?zip=","https://maps.googleapis.com/maps/api/geocode/json?address=","https://maps.googleapis.com/maps/api/geocode/json?latlng=","https://play.google.com/store/apps/details?id=canvasm.myo2","market://details?id=canvasm.myo2","market://search?q=pdf"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Usage of RC4 was identified. RC4 is a weak algorithm and it's use should be avoided.","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\"","\"DES/ECB/NoPadding\"","\"RC4/NONE/NoPadding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["SEND_SMS (Allows an application to send SMS messages.) ","ACCESS_FINE_LOCATION (Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.) ","WRITE_SMS (Allows an application to write SMS messages.) ","READ_CONTACTS (Allows an application to read the user's contacts data.) ","READ_SMS (Allows an application to read SMS messages.) ","ACCESS_COARSE_LOCATION (Allows an app to access approximate location derived from network location sources such as cell towers and Wi-Fi.) ","READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 8 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Austria","Netherlands","United States","Ireland","Brazil","United Kingdom","Germany","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://a.tile.cloudmade.com/%s/%d/%d/%d/%d/%d%s?token=%s","http://b.tile.cloudmade.com/%s/%d/%d/%d/%d/%d%s?token=%s","http://c.tile.cloudmade.com/%s/%d/%d/%d/%d/%d%s?token=%s","http://maps.google.com/maps?f=d&saddr=","http://www.vertriebspartner.de.o2.com/shopsuche/webservices/ShopSearchService.svc/JsonExecute?lat=","http://www.vertriebspartner.de.o2.com/shopsuche/webservices/ShopSearchService.svc/JsonExecute?zip="]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","REORDER_TASKS (Allows an application to change the Z-order of tasks.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["SEND_SMS","GET_ACCOUNTS","READ_EXTERNAL_STORAGE","READ_PHONE_STATE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["canvasm.myo2.SplashActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["canvasm.myo2.permission.READ_GSERVICES","canvasm.myo2.permission.C2D_MESSAGE","com.google.android.c2dm.permission.RECEIVE","com.google.android.providers.gsf.permission.READ_GSERVICES"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build brand","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"The SSL trust management for socket communication is modified in an insecure way. The following implementations of the X509TrustManager interface should be checked: ","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"},"detailList":[{"detail":["Lch/boye/httpclientandroidlib/conn/ssl/SSLContextBuilderattrTrustManagerDelegate;","Lcanvasm/myo2/app_requests/_base/BaseClientProviderattrTrustAllSSLSocketFactoryattr1;","Lcanvasm/myo2/app_globals/AppGlobalDataProviderattrTrustAllSSLSocketFactoryattr1;"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different sensors. This allows the application to track the user and/or determine the environment of the user.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["WIFI-Based Location","GPS Location","Acceleration/Light"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://www.vertriebspartner.de.o2.com/shopsuche/webservices/ShopSearchService.svc/JsonExecute?zip=","http://otile4.mqcdn.com/tiles/1.0.0/osm/","http://cdn2.spatialbuzz.com/api/","http://tile.xn--pnvkarte-m4a.de/tilegen/","http://overlay.openstreetmap.nl/basemap/","http://topo.openstreetmap.de/topo/","http://b.andy.sandbox.cloudmade.com/tiles/cycle/","http://otile3.mqcdn.com/tiles/1.0.0/osm/","http://overlay.openstreetmap.nl/openfietskaart-overlay/","http://overlay.openstreetmap.nl/roads/","http://www.vertriebspartner.de.o2.com/shopsuche/webservices/ShopSearchService.svc/JsonExecute?lat=","http://otile2.mqcdn.com/tiles/1.0.0/osm/","http://tah.openstreetmap.org/Tiles/tile/","http://www.topografix.com/GPX/1/1","http://speedchecker.o2.de/cgi-bin/mobile_upload","http://otile1.mqcdn.com/tiles/1.0.0/osm/","http://auth.cloudmade.com/token/","http://topo.openstreetmap.de/base/","http://c.andy.sandbox.cloudmade.com/tiles/cycle/","http://www.slf4j.org/codes.html","http://a.andy.sandbox.cloudmade.com/tiles/cycle/","http://topo.geofabrik.de/hills/","http://maps.google.com/maps?f=d&saddr=","http://www.openstreetmap.org/api/0.5/gpx/create","http://www.PLACEYOURDOMAINHERE.com/anyfolder/gpxuploader/upload.php"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default error handling for SSL/TLS client communication. Error-prone modifications can be ruled out. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"yes","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"Reasons for category violations of default policy: ","text":"Violations of default policy?","context":"0"},"detailList":[{"detail":["Estimated overall app risk for the enterprise exceeds the security policy threshold due to detected risks and flaws exploitable by skilled attackers without the existence of additional supporting factors. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: App contains insecure code for communication protection with SSL/TLS. Common source for flawed communication protection against man-in-the-middle attacks. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["Sensor Access: Usage of smartphone sensors violates rules for detected app type and poses a potential risk by gaining access to sensitive data. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"com.microsoft.office.outlook:2.1.74","name":"Microsoft Outlook","version":"2.1.74","model":"Organizer","store_url":"https://play.google.com/store/apps/details?id=com.microsoft.office.outlook"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is disabled. This means no backup or restore of the application will ever be performed, even by a full-system backup that would otherwise cause all application data to be saved via adb backup function.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"yes","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"App requests permission READ_CONTACTS to access the phones address book.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Flurry","HockeyApp"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"ok","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Administration policies allow the application to do system privilege operations. The detected policies allow the application to activate storage encryption, specifiy the minimum device password length and password quality and lock your device (activate lock screen) (this policy entry need to be verified manually because of inconsistency with code and configuration specification). ","text":"Device administration policy entries: ","context":"1999"},"resultList":[{"result":["encrypted-storage","limit-password","force-lock"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","a.wunderlist.com","accounts.google.com","aka.ms","api.acompli.com","api.box.com","api.diagnostics.office.com","api.dropboxapi.com","api.login.yahoo.com","api.office.com","apis.live.net","app.adjust.com","app.box.com","bit.ly","cdn.uservoice.com","data.flurry.com","dev0-powerlift.acompli.net","dropbox.acompli.org","facebook.com","go.microsoft.com","graph-video.%s","graph.%s","graph.microsoft.com","intunemam.microsoftonline.com","join.skype.com","login.live.com","login.microsoftonline.com","login.windows-ppe.net","login.windows.net","mobile.pipe.aria.microsoft.com","msmamservice.api.application","outlook.office.com","outlook.office365.com","pf.directory.live.com","platform.bing.com","play.google.com","plus.google.com","prod-powerlift.acompli.net","rink.hockeyapp.net","sdfpilot.outlook.com","sdk.hockeyapp.net","social.yahooapis.com","ssl.google-analytics.com","stg-powerlift.acompli.net","support.apple.com","support.google.com","windows.microsoft.com","www.acompli.com","www.dropbox.com","www.evernote.com","www.facebook.com","www.google-analytics.com","www.googleapis.com","www.googletagmanager.com","www.mi","www.microsoft.com","www.wunderlist.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["/oauth20_authorize.srf?client_id=0000000048170EF2&scope=service::outlook.office.com::MBI_SSL&response_type=token&redirect_uri=https://login.live.com/oauth20_desktop.srf&display=touch","/oauth20_authorize.srf?client_id=d92fe772-5bd5-4d05-bb77-780eb82ae0b7&scope=service::outlook.office.com::MBI_SSL&response_type=token&redirect_uri=https://login.live.com/oauth20_desktop.srf&display=touch","https://go.microsoft.com/fwlink/?LinkID=533051&clcid=0x409","https://play.google.com/store/apps/details?id=","https://support.google.com/a/answer/22370?hl=en","market://details?id=","market://details?id=com.microsoft.office.outlook","market://details?id=com.microsoft.windowsintune.companyportal","market://details?id=com.microsoft.windowsintune.companyportal&referrer="]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\"","\"DESEDE\"","\"RSA/ECB/PKCS1Padding\""]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Cryptographic keys found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"It is considered as a bad practice to use hard-coded cryptographic keys in the application. The following hard-coded cryptographic keys were found: ","text":"Cryptographic keys found?","context":"999"},"detailList":[{"detail":["\"H2X2qYs6DWuSdSZ3POlhXABQpx6A7IWOXsRSFO5o\"","\"sdk\""]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Cryptographic salt values found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Use of constant salts can make application vulnerable to bruteforce attacks. The following constant salts were found: ","text":"Cryptographic salt values found?","context":"997"},"detailList":[{"detail":["\"salty\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["WRITE_CALENDAR (Allows an application to write (but not read) the user's calendar data.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","CALL_PHONE (Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call being placed.) ","MANAGE_ACCOUNTS (Allows an application to manage the list of accounts in the AccountManager.) ","READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","READ_PROFILE (Allows an application to read the user's personal profile data.) ","READ_CALENDAR (Allows an application to read the user's calendar data.) ","ACCESS_FINE_LOCATION (Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.) ","WRITE_CONTACTS (Allows an application to write (but not read) the user'scontacts data.) ","READ_CONTACTS (Allows an application to read the user's contacts data.) ","AUTHENTICATE_ACCOUNTS (Allows an application to act as an AccountAuthenticator for the AccountManager.) ","USE_CREDENTIALS (Allows an application to request authtokens from the AccountManager.) ","INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 6 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Netherlands","United States","Ireland","United Kingdom","Germany","unknown"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["ClassLoader.loadClass(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Key derivation iteration count: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Key derivation functions with less than 1000 interations are considered vulnerable to bruteforce attacks. Therefore, this app with 100 iterations is considered vulnerable.","text":"Key derivation iteration count: ","context":"995"},"resultList":[{"result":["100"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"ok","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"The application or application components define specific type filter for handling different file types. If different applications define the same filter types the user has to decide which application should handle the file. ","text":"App can handle documents of mimeType: ","context":"0"},"resultList":[{"result":["time/epoch","*/*","vnd.android.cursor.item/event"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["VIBRATE (Allows access to the vibrator.) ","READ_SYNC_STATS (Allows applications to read the sync stats.) ","READ_SYNC_SETTINGS (Allows applications to read the sync settings.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","WRITE_SYNC_SETTINGS (Allows applications to write the sync settings.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_CONTACTS","READ_SYNC_SETTINGS","WRITE_CALENDAR","READ_CALENDAR","READ_PROFILE","WRITE_CONTACTS","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.acompli.acompli.ui.event.create.DraftEventActivity","com.acompli.acompli.ComposeActivity","com.acompli.acompli.ui.onboarding.Office365LoginActivity","com.acompli.acompli.appwidget.inbox.ConfigureInboxWidgetActivity","com.acompli.acompli.appwidget.agenda.ConfigureAgendaWidgetActivity","com.acompli.acompli.CentralActivity","com.acompli.acompli.DeepLinkActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":[".permission.C2D_MESSAGE","com.google.android.c2dm.permission.RECEIVE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build display","build fingerprint","build brand","IMEI/MEID","Wifi-MAC address","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different sensors. This allows the application to track the user and/or determine the environment of the user.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["GPS Location"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://aka.ms/Dcupce","http://stg-powerlift.acompli.net:2550/incidents","http://dev0-powerlift.acompli.net:2550/incidents","http://prod-powerlift.acompli.net:2550/incidents","http://windows.microsoft.com/en-US/windows/outlook/add-alias-account"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"yes","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"Reasons for category violations of default policy: ","text":"Violations of default policy?","context":"0"},"detailList":[{"detail":["Detected risks are not compliant to security policy requirements for organizer apps. "]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. ","Crypto: Embedded static encryption key found, which can be extracted by attackers to revert the encryption or fake the signature of the content it is used for.","Crypto: Constant salt detected. This should be avoided, as it can make app vulnerable to bruteforce attacks.","Crypto: Overall quality of cryptographic implementation aspects is rated poor and should be inspected in detail."]}]}]},{"attr":{"os":"Android","appId":"com.surpax.ledflashlight.panel:1.1.0","name":"Superhelle LED Taschenlampe","version":"1.1.0","model":"Flashlight","store_url":"https://play.google.com/store/apps/details?id=com.surpax.ledflashlight.panel"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi/libnmsp_speex.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Amazon Ad System","AppsFlyer","Appsdt","Asiatone","Doubleclick","Flurry","LiveRail","Mo+","Nexage","Smaato","TapJoy","inMobi ADs","inneractive","mopub"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","a.ai.inmobi.com","ad6.%s.liverail.com","ad6.liverail.com","adelh.smaato.com","ads.nexage.com","amazon-adsystem.amazon.com","amazon-adsystem.com","analytics.mopub.com","api.appsflyer.com","api.asiatone.net","api.crispwireless.com","app-measurement.com","app.getsentry.com","avr.smaato.net","cdn1.crispadvertising.com","connect.tapjoy.com","content-js.tapjoy.com","csi.gstatic.com","d.appsdt.com","data.flurry.com","dmp.starbolt.io","dock.inmobi.com","dwxjayoxbnyrr.cloudfront.net","e-ltvp.inmobi.com","events.appsflyer.com","facebook.com","googleads.g.doubleclick.net","graph-video.%s","graph.%s","graph.%s.facebook.com","graph.facebook.com","i.w.inmobi.com","i.xx.openx.com","inmobisdk-a.akamaihd.net","kitty.ihandysoft.com","m.google.com","my.mobfox.com","placements.tapjoy.com","play.google.com","plus.google.com","proton.flurry.com","puppy.ihandysoft.com","relay.mobile.toboads.com","rpc.tapjoy.com","rules-ltvp.inmobi.com","sdk-services.appsflyer.com","sdk.starbolt.io","sdkm.w.inmobi.com","smaato-android-sdk.s3.amazonaws.com","soma-assets.smaato.net","soma.smaato.net","spark.ihandysoft.com","stats.appsflyer.com","t.appsflyer.com","token.mopl.us","track.appsflyer.com","twitter.com","ws.tapjoyads.com","wv.inner-active.mobi","www.%s.facebook.com","www.facebook.com","www.google.com","www.googleapis.com","www.mopub.com","www.smaato.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://adelh.smaato.com/lg.php?bannerid=57708&campaignid=3692&zoneid=0&loc=1&referer=http%3A%2F%2Fadelh.smaato.com%2Faxmlrpc.php%3Fsize%3Dxlarge%26img%3Dtrue%26carrier%3DT-Mobile%2B%2528WiFi%252FWLAN%2529&cb=6af462c795&r_id=20b1af536e51079d611b279e5e2e5a7e&r_ts=ln8ydk","http://adelh.smaato.com/lg.php?bannerid=60196&campaignid=3692&zoneid=0&loc=1&referer=http%3A%2F%2Fadelh.smaato.com%2Faxmlrpc.php%3Fsize%3Dxlarge%26img%3Dtrue%26carrier%3DT-Mobile%2B%2528WiFi%252FWLAN%2529&cb=8a7475eb48&r_id=c161faf29bc4cd1b964223995850ece4&r_ts=ln8y6l","http://api.crispwireless.com/adRequest/control/ad.gif?sitekey=DEFAULT&partnerkey=afa1a1efc4977cc8bc83a8fe6a952a39&zid=1418&publisherid=374","http://api.crispwireless.com/adRequest/control/noscript.gif?sitekey=DEFAULT&partnerkey=afa1a1efc4977cc8bc83a8fe6a952a39&zid=1418&publisherid=374","http://play.google.com/store/apps/details?id=","http://play.google.com/store/apps/details?id=com.facebook.orca","http://twitter.com/home?status=","https://events.appsflyer.com/api/v3/androidevent?buildnumber=3.0&app_id=","https://m.google.com/app/plus/x/?v=compose&content=","https://play.google.com/store/apps/details?id=","https://t.appsflyer.com/api/v3/androidevent?buildnumber=3.0&app_id=","https://track.appsflyer.com/api/v3/uninstall?buildnumber=3.0","https://www.facebook.com/dialog/feed?app_id=181821551957328&link=","market://details?id=","market://details?id=%s","market://details?id=com.facebook.orca","market://details?id=com.google.android.gms.ads"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"ECB mode usage identified. This mode has the disadvantage, that identical plaintext blocks are encrypted into identical ciphertext blocks. Therefore it does not hide patterns well and this mode is not recommended for use in cryptographic protocols at all. ","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\"","\"AES/CBC/PKCS7Padding\"","\"AES/ECB/PKCS7Padding\"","\"RSA/ECB/nopadding\""]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Cryptographic keys found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"It is considered as a bad practice to use hard-coded cryptographic keys in the application. The following hard-coded cryptographic keys were found: ","text":"Cryptographic keys found?","context":"999"},"detailList":[{"detail":["\"\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["INTERNET (Allows applications to open network sockets.) ","CAMERA (Required to be able to access the camera device. This will automatically enforce the uses-feature manifest element for all camera features. If you do not require all camera features or can properly operate if a camera is not available, then you must modify your manifest as appropriate in order to install on devices that don't support all camera features.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 7 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Netherlands","Austria","United States","Ireland","China","Germany","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://adelh.smaato.com/lg.php?bannerid=57708&campaignid=3692&zoneid=0&loc=1&referer=http%3A%2F%2Fadelh.smaato.com%2Faxmlrpc.php%3Fsize%3Dxlarge%26img%3Dtrue%26carrier%3DT-Mobile%2B%2528WiFi%252FWLAN%2529&cb=6af462c795&r_id=20b1af536e51079d611b279e5e2e5a7e&r_ts=ln8ydk","http://adelh.smaato.com/lg.php?bannerid=60196&campaignid=3692&zoneid=0&loc=1&referer=http%3A%2F%2Fadelh.smaato.com%2Faxmlrpc.php%3Fsize%3Dxlarge%26img%3Dtrue%26carrier%3DT-Mobile%2B%2528WiFi%252FWLAN%2529&cb=8a7475eb48&r_id=c161faf29bc4cd1b964223995850ece4&r_ts=ln8y6l","http://api.crispwireless.com/adRequest/control/ad.gif?sitekey=DEFAULT&partnerkey=afa1a1efc4977cc8bc83a8fe6a952a39&zid=1418&publisherid=374","http://api.crispwireless.com/adRequest/control/noscript.gif?sitekey=DEFAULT&partnerkey=afa1a1efc4977cc8bc83a8fe6a952a39&zid=1418&publisherid=374","http://play.google.com/store/apps/details?id=","http://play.google.com/store/apps/details?id=com.facebook.orca","http://twitter.com/home?status="]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelatePackageManagerChecks","value":"yes","testID":"Lists installed applications","resultClass":"Privacy","name":"Package Manager Test","detail":"The Application gathers a list of installed applications. Even though some legitimate applications may use this functionality, it can be misused to send this information to third parties.","text":"Installed app list accessed?","context":"5000"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"MIXED_URL-TEST","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Mixed usage of HTTP and HTTPS: Protected and unprotected submission of parameters to the same domain. Indicates implementation flaw or weak communication protection. ","text":"Domains accessed with http AND https: ","context":"7000"},"resultList":[{"result":["play.google.com"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["WRITE_SETTINGS (Allows an application to read or write the system settings.) ","FLASHLIGHT (Allows access to the flashlight.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["CHANGE_CONFIGURATION","FLASHLIGHT","WRITE_SETTINGS"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.surpax.ledflashlight.FlashlightActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.surpax.ledflashlight.panel.permission.C2D_MESSAGE","com.google.android.c2dm.permission.RECEIVE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build serial","build display","build fingerprint","build brand","IMEI/MEID","Wifi-MAC address","country code + mobile network code for SIM provider","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"The SSL trust management for socket communication is modified in an insecure way. The following implementations of the X509TrustManager interface should be checked: ","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"},"detailList":[{"detail":["Lcom/facebook/ads/internal/util/qattr1;"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera","Location (inactive)","Acceleration/Light"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Signature Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs system/signature permissions? ","context":"180"},"detailList":[{"detail":["CHANGE_CONFIGURATION (Allows an application to modify the current configuration, such as locale.) "]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://twitter.com/home?status=","http://dock.inmobi.com/carb/v1/o","http://kitty.ihandysoft.com/MobileAppServlet","http://dock.inmobi.com/carb/v1/i","http://my.mobfox.com/request.php","http://token.mopl.us/token","http://spark.ihandysoft.com:8080/MobileAppServlet/MobileAppServlet","http://a.ai.inmobi.com/v2/ad.html","http://api.asiatone.net/rao","http://play.google.com/store/apps/details?id=","http://puppy.ihandysoft.com/rao","http://avr.smaato.net/report","http://api.asiatone.net/token","http://soma.smaato.net/oapi/reqAd.jsp?"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected JS Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following JavaScript files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected JavaScripts?","context":"0"},"detailList":[{"detail":["http://soma-assets.smaato.net/js/ormma.js","http://cdn1.crispadvertising.com/afw/2.1/framework/client/adrequest.js","http://soma-assets.smaato.net/js/ormma_bridge.js"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"yes","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"Reasons for category violations of default policy: ","text":"Violations of default policy?","context":"0"},"detailList":[{"detail":["Estimated overall app risk for the enterprise exceeds the security policy threshold due to detected risks and flaws exploitable by skilled attackers without the existence of additional supporting factors. "]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: App contains insecure code for communication protection with SSL/TLS. Common source for flawed communication protection against man-in-the-middle attacks. ","Possible flaw: unintended use of insecure HTTP protocol for transmissions of parameters to servers capable of HTTPS. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["Extensive Advertisement/Tracking: App uses more than 10 advertisement and tracking providers. ","App Listing: Usage of detected functionality to access list of installed apps poses a privacy risk for detected app type."]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. ","Crypto: Embedded static encryption key found, which can be extracted by attackers to revert the encryption or fake the signature of the content it is used for."]}]}]},{"attr":{"os":"Android","appId":"com.touchtype.swiftkey:6.4.2.58","name":"SwiftKey Tastatur","version":"6.4.2.58","model":"Generic","store_url":"https://play.google.com/store/apps/details?id=com.touchtype.swiftkey"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is disabled. This means no backup or restore of the application will ever be performed, even by a full-system backup that would otherwise cause all application data to be saved via adb backup function.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["x86 32bit: lib/x86/libswiftkeysdk-java-internal.so"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Crashlytics"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation provider used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"In general code obfuscation is done automatically by different obfuscation frameworks or obfuscation service providers. Detailed information to the detected framework Proguard can be found under: http://developer.android.com/tools/help/proguard.html","text":"Obfuscation framework used: ","context":"4997"},"resultList":[{"result":["Proguard"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"ok","testID":"Bootcompleted Components Test","resultClass":"Runtime Security","name":"Application autostart receiver","detail":"The Application has the permission to start automatically after booting the device. The application can execute code without userinteraction or prevention.","text":"Executed component after Phone Reboot: ","context":"0"},"resultList":[{"result":["com.touchtype.BootReceiver"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["accounts.google.com","android.googlesource.com","api.twitter.com","app.adjust.com","beta.swiftkey.com","citadel-eeyore-staging.touchtype-fluency.com","citadel-tigger-staging.touchtype-fluency.com","citadel-winnie-staging.touchtype-fluency.com","code.google.com","crashlytics.com","developers.facebook.com","e.crashlytics.com","eeyore-citadel.touchtype-fluency.com","facebook.github.io","font.com","github.com","graph.facebook.com","mail.google.com email profile","newswiftkeystaging.swiftkey.com","owl-citadel.touchtype-fluency.com","personalization-staging.touchtype-fluency.com","personalization.touchtype-fluency.com","play.google.com","plus.google.com","pns-registration.touchtype-fluency.com","profiler-cards.api.swiftkey.com","profiler-cards.staging.swiftkey.com","public-resources.touchtype-fluency.com","settings.crashlytics.com","site.icu-project.org","skslm.swiftkey.net","source.android.com","source.icu-project.org","ssl.google-analytics.com","support.swiftkey.com","swiftkey-android.iris.touchtype-fluency.com","swiftkey-sync-production.touchtype-fluency.com","swiftkey.com","telemetry.api.swiftkey.com","telemetry.staging.swiftkey.com","test-auth-a.touchtype-fluency.com","test-auth-b.touchtype-fluency.com","test-owl.touchtype-fluency.com","test1-sync-vpcstaging.touchtype-fluency.com","tigger-citadel.touchtype-fluency.com","tokens-auth.touchtype-fluency.com","try.crashlytics.com","users-auth.touchtype-fluency.com","userstats.iris.touchtype-fluency.com","vip.swiftkey.com","winnie-citadel.touchtype-fluency.com","www.boost.org","www.evernote.com","www.facebook.com","www.google-analytics.com","www.googleapis.com","www.googletagmanager.com","www.khronos.org","www.stlport.org","www.swiftkey.com","www.twitter.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["https://accounts.google.com/o/oauth2/auth?scope=","https://graph.facebook.com/me?fields=name","https://graph.facebook.com/me?fields=name&","https://play.google.com/store/apps/details?id=%s","https://www.facebook.com/dialog/oauth?client_id=","https://www.swiftkey.com/en/keyboard-terms?_src=an","market://details?id=%s"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Constant initialization vectors found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Use of constant initialization vectors is a bad practice. The following initialization vectors were found: ","text":"Constant initialization vectors found?","context":"998"},"detailList":[{"detail":["16,74,71,-80,32,101,-47,72,117,-14,0,-29,70,65,-12,74"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"ECB mode usage identified. This mode has the disadvantage, that identical plaintext blocks are encrypted into identical ciphertext blocks. Therefore it does not hide patterns well and this mode is not recommended for use in cryptographic protocols at all. ","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\"","\"AES/ECB/PKCS7Padding\""]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Cryptographic salt values found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Use of constant salts can make application vulnerable to bruteforce attacks. The following constant salts were found: ","text":"Cryptographic salt values found?","context":"997"},"detailList":[{"detail":["72,85,-104,91,-32,-9,-57,118,111,31,84,97,-100,-24,-102,117,-29,19,-69"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["READ_SMS (Allows an application to read SMS messages.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 4 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["United States","Ireland","Germany","unknown"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.PathClassLoader(...)","ClassLoader.loadClass(...)","load(...)","loadLibrary(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Key derivation iteration count: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Key derivation function used in the app with an amount of 1024 iterations is considered secure.","text":"Key derivation iteration count: ","context":"995"},"resultList":[{"result":["1024"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["VIBRATE (Allows access to the vibrator.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","RECEIVE_BOOT_COMPLETED (Allows an application to receive the android.content.Intent ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting. If you don't request this permission, you will not receive the broadcast at that time. Though holding this permission does not have any security implications, it can have a negative impact on the user experience by increasing the amount of time it takes the system to start and allowing applications to have themselves running without the user being aware of them. As such, you must explicitly declare your use of this facility to make that visible to the user.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.touchtype.onboarding.OnboardingBrandRecognition","com.touchtype.deeplinking.DeepLinkingHandlerActivity","com.touchtype.preferences.heatmap.HeatmapActivity","com.touchtype.billing.ui.StoreActivity","com.touchtype.installer.none.NoInstaller","com.touchtype.LauncherActivity","com.touchtype.cloud.ui.CloudSetupActivity","com.touchtype.installer.InstallerExtras"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.android.vending.BILLING","com.touchtype.swiftkey.permission.C2D_MESSAGE","com.swiftkey.swiftkeyconfigurator.READCONFIG","com.google.android.c2dm.permission.RECEIVE","com.swiftkey.languageprovider.READLANG"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build serial","build display","build fingerprint","build brand","IMEI/MEID","Wifi-MAC address","country code + mobile network code for SIM provider","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Location (inactive)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://www.stlport.org/doc/license.html","http://code.google.com/apis/protocolbuffers/","http://facebook.github.io/rebound/","http://source.icu-project.org/repos/icu/icu/trunk/license.html"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default error handling for SSL/TLS client communication. Error-prone modifications can be ruled out. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. ","Crypto: Constant initialization vector detected. This should be avoided, as it allows an attacker to infer relationships between segments of encrypted messages if encrypted with the same key and initialization vector. ","Crypto: Constant salt detected. This should be avoided, as it can make app vulnerable to bruteforce attacks.","Crypto: Overall quality of cryptographic implementation aspects is rated poor and should be inspected in detail."]}]}]},{"attr":{"os":"Android","appId":"com.wunderkinder.wunderlistandroid:3.4.5","name":"Wunderlist: To-Do Liste","version":"3.4.5","model":"Organizer","store_url":"https://play.google.com/store/apps/details?id=com.wunderkinder.wunderlistandroid"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is disabled. This means no backup or restore of the application will ever be performed, even by a full-system backup that would otherwise cause all application data to be saved via adb backup function.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi-v7a/librsjni.so","ARM 32 bit: lib/armeabi-v7a/libRSSupport.so","MIPS I: lib/mips/librsjni.so","MIPS I: lib/mips/libRSSupport.so","x86 32bit: lib/x86/librsjni.so","x86 32bit: lib/x86/libRSSupport.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"yes","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"App requests permission READ_CONTACTS to access the phones address book.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Crashlytics"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"ok","testID":"Bootcompleted Components Test","resultClass":"Runtime Security","name":"Application autostart receiver","detail":"The Application has the permission to start automatically after booting the device. The application can execute code without userinteraction or prevention.","text":"Executed component after Phone Reboot: ","context":"0"},"resultList":[{"result":["com.wunderkinder.wunderlistandroid.receiver.BootCompletedReceiver"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","500px.com","a.wunderlist.com","accounts.google.com","api.facebook.com","artcore-illustrations.de","bo0xvn.deviantart.com","code.google.com","d1fap3gq5z98tc.cloudfront.net","duncandavidson.com","e.crashlytics.com","facebook.com","fiftyfootshadows.net","github.com","graph-video.%s","graph.%s","graph.facebook.com","login.live.com","login.yahoo.com","m.facebook.com","opensource.org","play.google.com","plus.google.com","settings.crashlytics.com","source.android.com","square.github.io","support.wunderlist.com","twitter.com","weibo.com","wunderlist.uservoice.com","www.dropbox.com","www.dvq.co.nz","www.facebook.com","www.flickr.com","www.googleapis.com","www.jinnavanringen.com","www.justinkiner.com","www.linkedin.com","www.paypal.com","www.slf4j.org","www.twitter.com","www.wunderlist.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=com.wunderkinder.wunderlistandroid","https://accounts.google.com/o/oauth2/revoke?token=","https://www.wunderlist.com/privacy-policy?embedded=1","https://www.wunderlist.com/terms-of-use?embedded=1","market://details?id=com.dropbox.android","market://details?id=com.wunderkinder.wunderlistandroid"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"ECB mode usage identified. This mode has the disadvantage, that identical plaintext blocks are encrypted into identical ciphertext blocks. Therefore it does not hide patterns well and this mode is not recommended for use in cryptographic protocols at all. ","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/ECB/PKCS7Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","READ_CONTACTS (Allows an application to read the user's contacts data.) ","INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 9 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Canada","Netherlands","Austria","Hong Kong","United States","Ireland","United Kingdom","Germany","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://play.google.com/store/apps/details?id=com.wunderkinder.wunderlistandroid"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"ok","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"The application or application components define specific type filter for handling different file types. If different applications define the same filter types the user has to decide which application should handle the file. ","text":"App can handle documents of mimeType: ","context":"0"},"resultList":[{"result":["text/plain"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) ","RECEIVE_BOOT_COMPLETED (Allows an application to receive the android.content.Intent ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting. If you don't request this permission, you will not receive the broadcast at that time. Though holding this permission does not have any security implications, it can have a negative impact on the user experience by increasing the amount of time it takes the system to start and allowing applications to have themselves running without the user being aware of them. As such, you must explicitly declare your use of this facility to make that visible to the user.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","VIBRATE (Allows access to the vibrator.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_CONTACTS","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.wunderkinder.wunderlistandroid.dashclock.WLDashclockSettingsActivity","com.wunderkinder.wunderlistandroid.activity.WLNoteToSelfActivity","com.wunderkinder.wunderlistandroid.activity.WLBackgroundPickerFragmentActivity","com.wunderkinder.wunderlistandroid.activity.WLProAccountFragmentActivity","com.wunderkinder.wunderlistandroid.activity.WLAddTaskActivity","com.wunderkinder.wunderlistandroid.activity.settings.WLSettingsNotificationsActivity","com.wunderkinder.wunderlistandroid.activity.WLSharingFragmentActivity","com.wunderkinder.wunderlistandroid.activity.WLStartViewFragmentActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.android.vending.BILLING","com.google.android.c2dm.permission.RECEIVE","com.wunderkinder.wunderlistandroid.permission.C2D_MESSAGE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build brand","IMEI/MEID","Wifi-MAC address","country code + mobile network code for SIM provider","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Faulty Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"Faulty custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of trust management found. Interface X509TrustManager is implemented or extended. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Location (inactive)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://square.github.io/okhttp/","http://500px.com/constantin_gololobov","http://www.facebook.com/Wunderlist","http://www.twitter.com/Wunderlist","http://wunderlist.uservoice.com/forums/136230-general","http://weibo.com/wunderlist","http://square.github.io/picasso/","http://www.twitter.com/Wunderlist_JP","http://opensource.org/licenses/BSD-3-Clause","http://opensource.org/licenses/MIT","http://www.flickr.com/photos/tycn","http://500px.com/Actionjesus","http://500px.com/pat138241"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. ","Crypto: Electronic codebook (ECB) mode detected. It should be avoided in cryptographic protocols because it does not hide data patterns well and therefore poses a risk for unauthorized information retrieval about encrypted corporate data. "]}]}]},{"attr":{"os":"Android","appId":"com.autoscout24:8.0.10","name":"AutoScout24: mobile Auto Suche","version":"8.0.10","model":"Shop","store_url":"https://play.google.com/store/apps/details?id=com.autoscout24"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["360 Dialog","Doubleclick","HockeyApp","ScorecardResearch"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"ok","testID":"Bootcompleted Components Test","resultClass":"Runtime Security","name":"Application autostart receiver","detail":"The Application has the permission to start automatically after booting the device. The application can execute code without userinteraction or prevention.","text":"Executed component after Phone Reboot: ","context":"0"},"resultList":[{"result":["com.autoscout24.business.sync.SystemBroadcastReceiver","com.optimizely.OptlyIoReceiver"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["angebot.autoscout24.de","angebote.autoscout24.de","app-measurement.com","app.adjust.com","as24cfg-dev.getcredit.de","as24cfg-testing.getcredit.de","as24cfg.getcredit.de","b.scorecardresearch.com","cdn.krxd.net","cdn.optimizely.com","csi.gstatic.com","d2zah9y47r7bi2.cloudfront.net","dmytrodanylyk.com","errors.client.optimizely.com","events.mobile.optimizely.com","github.com","goo.gl","googleads.g.doubleclick.net","graph.%s.facebook.com","graph.facebook.com","live.finanzen.immobilienscout24.de","optimizely.s3.amazonaws.com","pagead2.googlesyndication.com","plus.google.com","rink.hockeyapp.net","sb-ssl.google.com","sb.scorecardresearch.com","sdk.hockeyapp.net","secure.apps.scout24.com","ssl.google-analytics.com","udm.scorecardresearch.com","www.%s.facebook.com","www.autoscout24.de","www.facebook.com","www.financescout24.de","www.google-analytics.com","www.google.com","www.googleapis.com","www.googletagmanager.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["https://fino:fino2015@as24cfg-dev.getcredit.de/scripts/app.js","https://fino:fino2015@as24cfg-dev.getcredit.de/scripts/vendor.js","https://fino:fino2015@as24cfg-dev.getcredit.de/styles/app.css","https://fino:fino2015@as24cfg-dev.getcredit.de/styles/vendor.css","https://fino:fino2015@as24cfg-dev.getcredit.de/vendor/hbci/jsHBCI.js","https://fino:fino2015@as24cfg-testing.getcredit.de/scripts/app.js","https://fino:fino2015@as24cfg-testing.getcredit.de/scripts/vendor.js","https://fino:fino2015@as24cfg-testing.getcredit.de/styles/app.css","https://fino:fino2015@as24cfg-testing.getcredit.de/styles/vendor.css","https://fino:fino2015@as24cfg-testing.getcredit.de/vendor/hbci/jsHBCI.js","https://live.finanzen.immobilienscout24.de/index.html?amount=2000&utm_medium=satellite&utm_source=autoscout24&utm_campaign=vehicles_expose_android_testbutton&utm_content=finance_instantloan#kreditvergleich,finanzierung","https://www.financescout24.de/lp/autoscout24-2?kreditbetrag={PRICE}&laufzeit=60&fahrzeugtype={VEHICLE_TYPE}","is24://retargetShowSearchForm?referrer=as24","market://details?id=%s","market://details?id=com.google.android.gms.ads"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\"","\"RSA/ECB/PKCS1PADDING\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["READ_PHONE_STATE (Allows read only access to phone state. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","ACCESS_FINE_LOCATION (Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.) ","MANAGE_ACCOUNTS (Allows an application to manage the list of accounts in the AccountManager.) ","AUTHENTICATE_ACCOUNTS (Allows an application to act as an AccountAuthenticator for the AccountManager.) ","INTERNET (Allows applications to open network sockets.) ","ACCESS_COARSE_LOCATION (Allows an app to access approximate location derived from network location sources such as cell towers and Wi-Fi.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 5 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Netherlands","United States","Ireland","Germany","unknown"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["java.net.URLClassLoader(...)","dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["READ_SYNC_SETTINGS (Allows applications to read the sync settings.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","GET_ACCOUNTS (Allows access to the list of accounts in the Accounts Service.) ","RECEIVE_BOOT_COMPLETED (Allows an application to receive the android.content.Intent ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting. If you don't request this permission, you will not receive the broadcast at that time. Though holding this permission does not have any security implications, it can have a negative impact on the user experience by increasing the amount of time it takes the system to start and allowing applications to have themselves running without the user being aware of them. As such, you must explicitly declare your use of this facility to make that visible to the user.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","WRITE_SYNC_SETTINGS (Allows applications to write the sync settings.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.squareup.leakcanary.internal.DisplayLeakActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.autoscout24.release.permission.push","com.google.android.c2dm.permission.RECEIVE","com.autoscout24.permission.C2D_MESSAGE","com.google.android.providers.gsf.permission.READ_GSERVICES"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build serial","build hardware","build display","build fingerprint","build brand","IMEI/MEID","SIM card serial","Wifi-MAC address","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different sensors. This allows the application to track the user and/or determine the environment of the user.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["WIFI-Based Location","GPS Location"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Static URL-Passwords","resultClass":"Communication security","name":"URL Checks","detail":"App contains static passwords in URLs, which is bad practice for published Apps in general. Sometimes these are leftovers of development and could be used to gain access to development infrastructures for finding a way to add malware functions to the application unnoticed. ","text":"Static passwords in URLs found?","context":"6000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://www.autoscout24.de/meinautomoment","http://angebote.autoscout24.de/regional/","http://dmytrodanylyk.com/pages/portfolio/portfolio-process-button.html","http://udm.scorecardresearch.com/offline","http://b.scorecardresearch.com/p2?"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["App contains hard-coded communication secrets (e.g. passwords in URLs).","Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"de.burgerking.kingfinder:5.1.0","name":"BURGER KING®","version":"5.1.0","model":"Shop","store_url":"https://play.google.com/store/apps/details?id=de.burgerking.kingfinder"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is disabled. This means no backup or restore of the application will ever be performed, even by a full-system backup that would otherwise cause all application data to be saved via adb backup function.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Doubleclick","HockeyApp"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","accounts.google.com","app.adjust.com","bk.pgtb.me","bkpromotions.pgtb.me","burger-king-app.firebaseio.com","csi.gstatic.com","d1d4tjva9m478f.cloudfront.net","de.burger-king.ch","facebook.com","fr.burger-king.ch","googleads.g.doubleclick.net","graph-video.%s","graph.%s","it.burger-king.ch","login.live.com","login.yahoo.com","maps.google.com","pagead2.googlesyndication.com","play.google.com","plus.google.com","sb-ssl.google.com","sdk.hockeyapp.net","ssl.google-analytics.com","twitter.com","www.bk-feedback-de.com","www.bk-feedback-nl.com","www.bklieferservice.at","www.burger-king.ch","www.burgerking.at","www.burgerking.com.mx","www.burgerking.de","www.burgerking.hu","www.burgerking.nl","www.burgerkingpr.com","www.facebook.com","www.google-analytics.com","www.google.com","www.googleapis.com","www.linkedin.com","www.myburgerking.cz","www.paypal.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://maps.google.com/maps?daddr=","http://play.google.com/store/apps/details?id=com.facebook.orca","market://details?id=com.facebook.orca","market://details?id=com.google.android.gms.ads"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Constant initialization vectors found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Use of constant initialization vectors is a bad practice. The following initialization vectors were found: ","text":"Constant initialization vectors found?","context":"998"},"detailList":[{"detail":["\"undefined\""]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/NoPadding\"","\"AES/CBC/PKCS5Padding\""]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Cryptographic keys found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"It is considered as a bad practice to use hard-coded cryptographic keys in the application. The following hard-coded cryptographic keys were found: ","text":"Cryptographic keys found?","context":"999"},"detailList":[{"detail":["\"undefined\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["INTERNET (Allows applications to open network sockets.) ","ACCESS_FINE_LOCATION (Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.) ","ACCESS_COARSE_LOCATION (Allows an app to access approximate location derived from network location sources such as cell towers and Wi-Fi.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 6 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Czech Republic","Hungary","United States","Ireland","Germany","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://maps.google.com/maps?daddr=","http://play.google.com/store/apps/details?id=com.facebook.orca"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) "]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.google.android.gms.appinvite.PreviewActivity","de.xroot.burgerking.ui.activity.MainActivity","com.google.android.gms.tagmanager.TagManagerPreviewActivity","de.xroot.burgerking.ui.activity.SearchActivity","de.xroot.burgerking.ui.activity.CampaignsActivity","de.xroot.burgerking.ui.activity.KingFinderActivity","de.xroot.burgerking.ui.activity.CouponsActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["de.burgerking.kingfinder.permission.C2D_MESSAGE","com.google.android.c2dm.permission.RECEIVE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build display","build fingerprint","build brand","Wifi-MAC address","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"no","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"No indicators for overprivilege/redundant permissions found! The defined permission can not abused by foreign apps.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using manual domain name verification?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different sensors. This allows the application to track the user and/or determine the environment of the user.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["WIFI-Based Location","GPS Location"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://www.myburgerking.cz/akce/mobilni-aplikace/","http://www.burger-king.ch/share/coupon/%1attrs","http://www.burgerking.hu/cikkek/ajanlatok/%1attrs","http://www.burgerking.com.mx/ofertas-y-promociones","http://bk.pgtb.me/TS6Lg3","http://www.burgerking.at/share/campaign/%1attrs","http://www.burgerking.de/share/coupon/%1attrs","http://www.burgerkingpr.com/ofertas-y-promociones","http://www.burger-king.ch/share/campaign/%1attrs","http://www.burgerking.de/share/campaign/%1attrs","http://it.burger-king.ch/submenu/famiglia-bambini","http://www.burgerking.nl/share/coupon/%1attrs","http://www.burgerking.at/share/coupon/%1attrs","http://www.burgerking.hu/kupon/%1attrs","http://www.myburgerking.cz/akce/","http://www.burgerking.nl/share/campaign/%1attrs","http://maps.google.com/maps?daddr=","http://fr.burger-king.ch/submenu/familles-et-enfants"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected Maps Access","resultClass":"Privacy","name":"URL Checks","detail":"App contains URL(s) that indicate an unprotected HTTP access to map providers. The transmitted location query parameters to the following map providers are in this case accesible by third parties: ","text":"Unprotected map queries?","context":"0"},"detailList":[{"detail":["Google Maps"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["Unprotected Access: Disclosure of location or web query data though unprotected communication with service providers. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. ","Crypto: Embedded static encryption key found, which can be extracted by attackers to revert the encryption or fake the signature of the content it is used for.","Crypto: Constant initialization vector detected. This should be avoided, as it allows an attacker to infer relationships between segments of encrypted messages if encrypted with the same key and initialization vector. "]}]}]},{"attr":{"os":"Android","appId":"de.pixelhouse:2.6.1","name":"Chefkoch - Rezepte & Kochen","version":"2.6.1","model":"Generic","store_url":"https://play.google.com/store/apps/details?id=de.pixelhouse"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Doubleclick","HockeyApp","INFOnline"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":["accounts.google.com","api.chefkoch.de","appadmin-preview-api.prod.chefkoch.de","appinstall.webtrekk.net","box.emsmobile.de","bsplus.srowen.com","code.google.com","config.ioam.de","csi.gstatic.com","de.ioam.de","featureversionierung.api.intern.dev.chefkoch.de","frontend.bamboo-deployed.intern.dev.chefkoch.de","github.com","google.com","googleads.g.doubleclick.net","iam-agof-app.irquest.com","login.live.com","login.yahoo.com","master.api.intern.dev.chefkoch.de","mobile-test.intern.dev.chefkoch.de","mobile.chefkoch.de","play.google.com","plus.google.com","pubads.g.doubleclick.net","s0.2mdn.net","sdk.hockeyapp.net","ssl.google-analytics.com","twitter.com","video.chefkoch-cdn.de","www.chefkoch-app.de","www.chefkoch.de","www.facebook.com","www.google","www.google-analytics.com","www.google.com","www.googleapis.com","www.googletagmanager.com","www.intern.dev.chefkoch.de","www.linkedin.com","www.paypal.com","zxing.appspot.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://frontend.bamboo-deployed.intern.dev.chefkoch.de/mychefkoch/einkaufsliste/drucken/?X-CHEFKOCH-API-TOKEN=AUTHTOKEN#?listId=LISTID","http://play.google.com/store/apps/details?id=","http://pubads.g.doubleclick.net/gampad/ads?sz=400x300&iu=%2F6062%2Fhanna_MA_group%2Fvideo_comp_app&ciu_szs=&impl=s&gdfp_req=1&env=vp&output=xml_vast2&unviewed_position_start=1&m_ast=vast&url=[referrer_url]&correlator=[timestamp]","http://www.google.com/books?id=","http://www.google.com/books?vid=isbn","https://bsplus.srowen.com/ss?c=","https://www.googleapis.com/books/v1/volumes?q=isbn:","market://details?id=","market://details?id=com.google.android.gms.ads","market://details?id=com.srowen.bs.android","market://details?id=de.pixelhouse","��https://pubads.g.doubleclick.net/gampad/ads?sz=400x300&iu=/6032/[adunit]&ciu_szs=&impl=s&gdfp_req=1&env=vp&output=vmap&unviewed_position_start=1&url=[referrer_url]&correlator=[timestamp]&hl=","��https://pubads.g.doubleclick.net/gampad/ads?sz=480x360&iu=/6032/[adunit]&ciu_szs=&impl=s&gdfp_req=1&env=vp&output=vmap&unviewed_position_start=1&url=[referrer_url]&correlator=[timestamp]&hl="]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","CAMERA (Required to be able to access the camera device. This will automatically enforce the uses-feature manifest element for all camera features. If you do not require all camera features or can properly operate if a camera is not available, then you must modify your manifest as appropriate in order to install on devices that don't support all camera features.) ","INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 4 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["United States","Ireland","Germany","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://frontend.bamboo-deployed.intern.dev.chefkoch.de/mychefkoch/einkaufsliste/drucken/?X-CHEFKOCH-API-TOKEN=AUTHTOKEN#?listId=LISTID","http://play.google.com/store/apps/details?id=","http://pubads.g.doubleclick.net/gampad/ads?sz=400x300&iu=%2F6062%2Fhanna_MA_group%2Fvideo_comp_app&ciu_szs=&impl=s&gdfp_req=1&env=vp&output=xml_vast2&unviewed_position_start=1&m_ast=vast&url=[referrer_url]&correlator=[timestamp]","http://www.google.com/books?id=","http://www.google.com/books?vid=isbn"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelatePackageManagerChecks","value":"yes","testID":"Lists installed applications","resultClass":"Privacy","name":"Package Manager Test","detail":"The Application gathers a list of installed applications. Even though some legitimate applications may use this functionality, it can be misused to send this information to third parties.","text":"Installed app list accessed?","context":"5000"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"MIXED_URL-TEST","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Mixed usage of HTTP and HTTPS: Protected and unprotected submission of parameters to the same domain. Indicates implementation flaw or weak communication protection. ","text":"Domains accessed with http AND https: ","context":"7000"},"resultList":[{"result":["pubads.g.doubleclick.net"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","ACCESS_WIFI_STATE (Allows applications to access information about Wi-Fi networks) ","FLASHLIGHT (Allows access to the flashlight.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["FLASHLIGHT","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["de.pixelhouse.chefkoch.iab.IabShopActivity_","com.google.zxing.client.android.CaptureActivity","de.pixelhouse.chefkoch.MagazinArticleActivity_","de.pixelhouse.chefkoch.SearchActivity_","de.pixelhouse.chefkoch.RecipeActivity_","de.pixelhouse.chefkoch.CookbookActivity_","de.pixelhouse.chefkoch.ShoppingListActivity_"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.android.vending.BILLING"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build hardware","build display","build fingerprint","build brand","IMEI/MEID","Wifi-MAC address","country code + mobile network code for SIM provider","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different Sensors. This allows the application to track the user and/or determine the environment of the user. There was no permission defined for location sensors, but the application contains API calls accessing location information. Missing permissions despite of API calls could be an indication for missconfiguration or plugin/library code which is not used. For more detailed information application has to be reviewed manually.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera","Location (inactive)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://www.google.com/books?id=","http://www.chefkoch.de/userdatalost.php","http://zxing.appspot.com/generator/","http://frontend.bamboo-deployed.intern.dev.chefkoch.de/mychefkoch/einkaufsliste/drucken/?X-CHEFKOCH-API-TOKEN=AUTHTOKEN#?listId=LISTID","http://mobile.chefkoch.de/ms/s0o3/Rezepte.html","http://appinstall.webtrekk.net/appinstall/v1/install?","http://zxing.appspot.com/scan","http://code.google.com/p/zxing","http://appadmin-preview-api.prod.chefkoch.de/v2","http://play.google.com/store/apps/details?id=","http://mobile.chefkoch.de/mobile/mobile-impressum.php","http://box.emsmobile.de/jws/","http://www.intern.dev.chefkoch.de:8989/v2","http://video.chefkoch-cdn.de/ck.de/videos/","http://master.api.intern.dev.chefkoch.de/v2","http://master.api.intern.dev.chefkoch.de:82/v2","http://google.com/books","http://www.google.com/books?vid=isbn","http://featureversionierung.api.intern.dev.chefkoch.de/v2","http://s0.2mdn.net/instream/html5/native/native_sdk_v3.html","http://www.chefkoch.de/magazin/artikel/4164,0/Chefkoch-App/Nie-wieder-Bannerwerbung.html","http://api.chefkoch.de/v2","http://mobile-test.intern.dev.chefkoch.de:8989/v2","http://pubads.g.doubleclick.net/gampad/ads?sz=400x300&iu=%2F6062%2Fhanna_MA_group%2Fvideo_comp_app&ciu_szs=&impl=s&gdfp_req=1&env=vp&output=xml_vast2&unviewed_position_start=1&m_ast=vast&url=[referrer_url]&correlator=[timestamp]"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category implementation flaws: ","text":"Implementation flaws?","context":"0"},"detailList":[{"detail":["Possible flaw: unintended use of insecure HTTP protocol for transmissions of parameters to servers capable of HTTPS. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["App Listing: Usage of detected functionality to access list of installed apps may poses a privacy risk."]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. "]}]}]},{"attr":{"os":"Android","appId":"de.deutschlandcard.app:1.8.1","name":"DeutschlandCard","version":"1.8.1","model":"Shop","store_url":"https://play.google.com/store/apps/details?id=de.deutschlandcard.app"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is enabled. This means the application and all application data will be included when performing a device backup. In case the application contains sensitive information these can be extracted from the backup archive or cloned onto other devices.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi-v7a/libbitmaps.so","ARM 32 bit: lib/armeabi-v7a/libgifimage.so","ARM 32 bit: lib/armeabi-v7a/libimagepipeline.so","ARM 32 bit: lib/armeabi-v7a/libwebpimage.so","ARM 32 bit: lib/armeabi-v7a/libwebp.so","ARM 32 bit: lib/armeabi-v7a/libmemchunk.so","x86 32bit: lib/x86/libbitmaps.so","x86 32bit: lib/x86/libgifimage.so","x86 32bit: lib/x86/libimagepipeline.so","x86 32bit: lib/x86/libwebpimage.so","x86 32bit: lib/x86/libwebp.so","x86 32bit: lib/x86/libmemchunk.so","x86 64bit: lib/x86_64/libbitmaps.so","x86 64bit: lib/x86_64/libgifimage.so","x86 64bit: lib/x86_64/libimagepipeline.so","x86 64bit: lib/x86_64/libwebpimage.so","x86 64bit: lib/x86_64/libwebp.so","x86 64bit: lib/x86_64/libmemchunk.so","ARMv8 64 bit: lib/arm64-v8a/libbitmaps.so","ARMv8 64 bit: lib/arm64-v8a/libgifimage.so","ARMv8 64 bit: lib/arm64-v8a/libimagepipeline.so","ARMv8 64 bit: lib/arm64-v8a/libwebpimage.so","ARMv8 64 bit: lib/arm64-v8a/libwebp.so","ARMv8 64 bit: lib/arm64-v8a/libmemchunk.so","ARM 32 bit: lib/armeabi/libbitmaps.so","ARM 32 bit: lib/armeabi/libgifimage.so","ARM 32 bit: lib/armeabi/libimagepipeline.so","ARM 32 bit: lib/armeabi/libwebpimage.so","ARM 32 bit: lib/armeabi/libwebp.so","ARM 32 bit: lib/armeabi/libmemchunk.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["HockeyApp"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Obfuscation levels are rated as LOW, MEDIUM, ABOVE MEDIUM, HIGH or UNKNOWN. The detected obfuscation level of HIGH provides sophisticated protection against manual analysis which requires a high effort and deep knowledge to reverse the functionality of the app. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["HIGH"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","abtasty-for-app.readme.io","api.ad4s.local","api|SERVER|.accengage.com","appgewinnspiel.deutschlandcard.de","apptrk.a4.tl","apptrk.ad4s.local","data.altbeacon.org","deutschlandcard01.wt-eu02.net","docs.google.com","facebook.com","graph-video.%s","graph.%s","graph.facebook.com","maps.google.com","play.google.com","plus.google.com","preprodapi.a4.tl","preprodapptrk.a4.tl","sdk.hockeyapp.net","ssl.google-analytics.com","tippspiel.deutschlandcard.de","ws.deutschlandcard.de","www.amazon.com","www.deutschlandcard.de","www.facebook.com","www.frandroid.com","www.google-analytics.com","www.googleapis.com","www.googletagmanager.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://api.ad4s.local:8000/routes?partnerId=|partnerId|&sharedId=|sharedId|&version=|version|","http://apptrk.ad4s.local/api/event/?partnerId=|partnerId|","http://preprodapi.a4.tl/routes?partnerId=|partnerId|&sharedId=|sharedId|&version=|version|","http://preprodapptrk.a4.tl/api/event/?partnerId=|partnerId|","http://www.amazon.com/gp/mas/dl/android?p=","http://www.frandroid.com/culture-patates?id=2","http://www.frandroid.com/culture-tech?id=2","https://api|SERVER|.accengage.com/routes?partnerId=|partnerId|&sharedId=|sharedId|&version=|version|","https://apptrk.a4.tl/api/event/?partnerId=|partnerId|","https://docs.google.com/forms/d/12-_OXOCjyTdV8D6ALgpOb-dCuaSM7Bqt4cBcndteOew/viewform?entry.1649964727&entry.1072759240&entry.1957934241&entry.1676747997=","https://play.google.com/store/apps/details?id=","https://play.google.com/store/apps/details?id=de.deutschlandcard.app","https://www.deutschlandcard.de/201603-ostern-tnb-app?suppressHeader=1&suppressFooter=1","https://www.deutschlandcard.de/Datenschutz-201503?suppressHeader=1&suppressFooter=1","https://www.deutschlandcard.de/Datenschutz-201503?suppressHeader=1&suppressFooter=1&#smartbanner=1","https://www.deutschlandcard.de/Datenschutz_App?suppressHeader=1&suppressFooter=1&#smartbanner=1","https://www.deutschlandcard.de/Haeufige-Fragen_App?suppressHeader=1&suppressFooter=1&#smartbanner=1","https://www.deutschlandcard.de/Impressum?suppressHeader=1&suppressFooter=1&#smartbanner=1","https://www.deutschlandcard.de/Newsletter-Bedingungen?suppressHeader=1&suppressFooter=1","https://www.deutschlandcard.de/Teilnahmebedingungen?suppressHeader=1&suppressFooter=1","https://www.deutschlandcard.de/Teilnahmebedingungen?suppressHeader=1&suppressFooter=1&#smartbanner=1","https://www.deutschlandcard.de/aktion-web-view?suppressHeader=1&suppressFooter=1&#smartbanner=1","https://www.deutschlandcard.de/teilnahmebedingungen_puep?suppressHeader=1&suppressFooter=1&#smartbanner=1","market://details?id=","market://details?id=de.deutschlandcard.app"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Constant initialization vectors found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Use of constant initialization vectors is a bad practice. The following initialization vectors were found: ","text":"Constant initialization vectors found?","context":"998"},"detailList":[{"detail":["\"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdvmLrVeu/wHpscTzjVh6Z61lUmvAGGHRKF+KRF9ZhfUvDrS/T4vxetFx4gRU2ofYVOoLFsFWPIzsZKL3G9bLQnsmGFsiqjAiOWUmm5TbozwGtISsB4OKMtM+lMoC44SIUWx1dpwh5N0F92gMRS4HJPmvhEAXEkvsAvH3cOUqsrwIDAQAB\""]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"ECB mode usage identified. This mode has the disadvantage, that identical plaintext blocks are encrypted into identical ciphertext blocks. Therefore it does not hide patterns well and this mode is not recommended for use in cryptographic protocols at all. Usage of RSA was identified. RSA without padding is considered weak. ","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\"","\"AES/ECB/PKCS7Padding\"","\"RSA/ECB/PKCS1Padding\"","\"RSA/NONE/NoPadding\""]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Cryptographic keys found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"It is considered as a bad practice to use hard-coded cryptographic keys in the application. The following hard-coded cryptographic keys were found: ","text":"Cryptographic keys found?","context":"999"},"detailList":[{"detail":["\"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdvmLrVeu/wHpscTzjVh6Z61lUmvAGGHRKF+KRF9ZhfUvDrS/T4vxetFx4gRU2ofYVOoLFsFWPIzsZKL3G9bLQnsmGFsiqjAiOWUmm5TbozwGtISsB4OKMtM+lMoC44SIUWx1dpwh5N0F92gMRS4HJPmvhEAXEkvsAvH3cOUqsrwIDAQAB\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["ACCESS_FINE_LOCATION (Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.) ","CAMERA (Required to be able to access the camera device. This will automatically enforce the uses-feature manifest element for all camera features. If you do not require all camera features or can properly operate if a camera is not available, then you must modify your manifest as appropriate in order to install on devices that don't support all camera features.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","INTERNET (Allows applications to open network sockets.) ","ACCESS_COARSE_LOCATION (Allows an app to access approximate location derived from network location sources such as cell towers and Wi-Fi.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 5 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["United States","Ireland","France","Germany","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://api.ad4s.local:8000/routes?partnerId=|partnerId|&sharedId=|sharedId|&version=|version|","http://apptrk.ad4s.local/api/event/?partnerId=|partnerId|","http://preprodapi.a4.tl/routes?partnerId=|partnerId|&sharedId=|sharedId|&version=|version|","http://preprodapptrk.a4.tl/api/event/?partnerId=|partnerId|","http://www.amazon.com/gp/mas/dl/android?p=","http://www.frandroid.com/culture-patates?id=2","http://www.frandroid.com/culture-tech?id=2"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Key derivation iteration count: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Key derivation function used in the app with an amount of 1000 iterations is considered secure.","text":"Key derivation iteration count: ","context":"995"},"resultList":[{"result":["1000"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains no specific exported activity. The application has only launchable activities which are implicit exported. This means there are no activities which can be accessed by an external application. The start activity is: ","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["de.deutschlandcard.app.activities.DCLaunchActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.sonyericsson.home.permission.BROADCAST_BADGE","com.htc.launcher.permission.READ_SETTINGS","de.deutschlandcard.app.permission.C2D_MESSAGE","de.deutschlandcard.app.permission.A4S_SEND","com.majeur.launcher.permission.UPDATE_BADGE","com.htc.launcher.permission.UPDATE_SHORTCUT","com.sec.android.provider.badge.permission.WRITE","com.sec.android.provider.badge.permission.READ","com.anddoes.launcher.permission.UPDATE_COUNT","com.google.android.c2dm.permission.RECEIVE"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build display","build brand","country code + mobile network code for SIM provider","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application does not contain a scheduled alarm. ","text":"Scheduled Alarm Manager registered?","context":"9450"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different sensors. This allows the application to track the user and/or determine the environment of the user.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera","WIFI-Based Location","GPS Location"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://www.frandroid.com/culture-tech?id=2","http://preprodapi.a4.tl/routes?partnerId=|partnerId|&sharedId=|sharedId|&version=|version|","http://preprodapptrk.a4.tl/api/event/?partnerId=|partnerId|","http://maps.google.com/maps?","http://apptrk.ad4s.local/api/event/?partnerId=|partnerId|","http://api.ad4s.local:8000/routes?partnerId=|partnerId|&sharedId=|sharedId|&version=|version|","http://www.frandroid.com/culture-patates?id=2","http://www.amazon.com/gp/mas/dl/android?p="]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Privacy risks?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. ","Crypto: Embedded static encryption key found, which can be extracted by attackers to revert the encryption or fake the signature of the content it is used for.","Crypto: Constant initialization vector detected. This should be avoided, as it allows an attacker to infer relationships between segments of encrypted messages if encrypted with the same key and initialization vector. ","Crypto: Overall quality of cryptographic implementation aspects is rated poor and should be inspected in detail."]}]}]},{"attr":{"os":"Android","appId":"com.hm:2.28","name":"H&M","version":"2.28","model":"Shop","store_url":"https://play.google.com/store/apps/details?id=com.hm"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is disabled. This means no backup or restore of the application will ever be performed, even by a full-system backup that would otherwise cause all application data to be saved via adb backup function.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARMv8 64 bit: lib/arm64-v8a/libiconv.so","ARMv8 64 bit: lib/arm64-v8a/libpl_droidsonroids_gif.so","ARMv8 64 bit: lib/arm64-v8a/libzbarjni.so","ARM 32 bit: lib/armeabi/libiconv.so","ARM 32 bit: lib/armeabi/libpl_droidsonroids_gif.so","ARM 32 bit: lib/armeabi/libzbarjni.so","ARM 32 bit: lib/armeabi-v7a/libiconv.so","ARM 32 bit: lib/armeabi-v7a/libpl_droidsonroids_gif.so","ARM 32 bit: lib/armeabi-v7a/libzbarjni.so","MIPS I: lib/mips/libpl_droidsonroids_gif.so","MIPS I: lib/mips64/libpl_droidsonroids_gif.so","x86 32bit: lib/x86/libiconv.so","x86 32bit: lib/x86/libpl_droidsonroids_gif.so","x86 32bit: lib/x86/libzbarjni.so","x86 64bit: lib/x86_64/libpl_droidsonroids_gif.so"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Doubleclick","HockeyApp","Xtify"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Alarm with Intervals test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The scheduled task gets repeated in the following intervals: ","text":"Alarm intervals dynamically?","context":"9420"},"detailList":[{"detail":["Dynamic interval(s)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation provider used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"In general code obfuscation is done automatically by different obfuscation frameworks or obfuscation service providers. Detailed information to the detected framework Kobil can be found under: null","text":"Obfuscation framework used: ","context":"4997"},"resultList":[{"result":["Kobil"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","about.hm.com","accounts.google.com","android.hm.com","api.hm.com","api.ibm.xtify.com","api.twitter.com","app.optimizely.com","cdn.optimizely.com","csi.gstatic.com","errors.client.optimizely.com","euapi.xtify.com","events.mobile.optimizely.com","facebook.com","gate.hockeyapp.net","googleads.g.doubleclick.net","graph-video.%s","graph.%s","img.youtube.com","login.live.com","login.yahoo.com","lp.hm.com","maps.google.com","optimizely.s3.amazonaws.com","play.google.com","plus.google.com","qaapi.ibm.xtify.com","qasdk.api.xtify.com","sdk.api.xtify.com","sdk.hockeyapp.net","ssl.google-analytics.com","twitter.com","www.facebook.com","www.google-analytics.com","www.google.com","www.googleapis.com","www.googletagmanager.com","www.linkedin.com","www.optimizelysockets.com","www.paypal.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["%s://tags.tiqcdn.com/utag/%s/%s/%s/mobile.html?%s=%s&%s=%s&%s=%s","http://lp.hm.com/hmprod?set=source[/josh/media/sys_master/9437500997662/general_menu_icon_search.png],&set=key[size],value[100x100]&call=url[file:/mobile/v1/generic]","http://maps.google.com/maps?daddr=","http://play.google.com/store/apps/details?id=com.facebook.orca","http://sdk.api.xtify.com/2.0/rn/%1attrs/details?appKey=%2attrs&mid=%3attrs","http://www.youtube.com/watch?v=%1attrs&autoplay=1","http://www.youtube.com/watch?v=%s","market://details?id=com.facebook.orca","market://details?id=com.google.android.gms.ads","��https://www.googleapis.com/youtube/v3/playlistItems?part=contentDetails&playlistId=%1attrs&key=%2attrs&maxResults=%3attrs&fields=nextPageToken,pageInfo/totalResults,items/contentDetails/video","��https://www.googleapis.com/youtube/v3/playlistItems?part=contentDetails&playlistId=%1attrs&key=%2attrs&maxResults=%3attrs&pageToken=%4attrs&fields=nextPageToken,pageInfo/totalResults,items/contentDetails/video","��https://www.googleapis.com/youtube/v3/playlists?part=snippet,contentDetails&channelId=%1attrs&key=%2attrs&maxResults=%3attrs&fields=items/id,items/snippet/tit"]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Constant initialization vectors found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Use of constant initialization vectors is a bad practice. The following initialization vectors were found: ","text":"Constant initialization vectors found?","context":"998"},"detailList":[{"detail":["\"fldsjfodasjifudslfjdsaofshaufihadsf\""]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"none","testID":"Content provider protection","resultClass":"Data security","name":"Content provider protection","detail":"Every ContentProvider defined in the application is protected by a permission. To access the interface from an external application it must request access to it. The interface is only available if an application defines these permissions. ","text":"Content provider accessible without permission: ","context":"98"}},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"ok","testID":"Cryptographic Primitives: ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"ECB mode usage identified. This mode has the disadvantage, that identical plaintext blocks are encrypted into identical ciphertext blocks. Therefore it does not hide patterns well and this mode is not recommended for use in cryptographic protocols at all. ","text":"Cryptographic Primitives: ","context":"1000"},"resultList":[{"result":["\"AES/CBC/PKCS5Padding\"","\"AES/ECB/PKCS5Padding\""]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"DEBUG ALLOWED TEST","resultClass":"Runtime Security","name":"Android manifest flags","detail":"In the AndroidManifest.xml file the debuggable option is disabled. This prevents some attempts for debugging the application over the adb debug bridge with jdb. Depending of the used Android operating system this flag is not mandatory, in custom ROMs or rooted devices the OS may ignore this flag. On a non stock Android ROM this can still be misused for dynamic analyzes of the application or for doing runtime manipulation. This option should be disabled in released applications.","text":"Allow app debugging Flag?","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Dangerous Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: DANGEROUS","text":"Application needs dangerous permissions? ","context":"190"},"detailList":[{"detail":["CAMERA (Required to be able to access the camera device. This will automatically enforce the uses-feature manifest element for all camera features. If you do not require all camera features or can properly operate if a camera is not available, then you must modify your manifest as appropriate in order to install on devices that don't support all camera features.) ","ACCESS_COARSE_LOCATION (Allows an app to access approximate location derived from network location sources such as cell towers and Wi-Fi.) ","ACCESS_FINE_LOCATION (Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.) ","WRITE_EXTERNAL_STORAGE (Allows an application to write to external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","INTERNET (Allows applications to open network sockets.) "]}]},{"attr":{"rev":"7365","checkClass":"AndroidCorrelateEndpointsToGeoLocation","value":"ok","testID":"Endpoint Countries","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"App communicates with servers in 4 countries. ","text":"Communication with country: ","context":"8999"},"resultList":[{"result":["Netherlands","United States","Ireland","unknown"]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"HTTP Access","resultClass":"Communication security","name":"URL Checks","detail":"The unprotected communication of the App via http connections can be eavesdroped or maliciously modified. ","text":"Unprotected communication?","context":"0"},"detailList":[{"detail":["http://lp.hm.com/hmprod?set=source[/josh/media/sys_master/9437500997662/general_menu_icon_search.png],&set=key[size],value[100x100]&call=url[file:/mobile/v1/generic]","http://maps.google.com/maps?daddr=","http://play.google.com/store/apps/details?id=com.facebook.orca","http://sdk.api.xtify.com/2.0/rn/%1attrs/details?appKey=%2attrs&mid=%3attrs"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"yes","testID":"Java Native Interface Test","resultClass":"Runtime Security","name":"Java Native Interface Usage","detail":"Indicators found for dynamic code loading. The application loads executable code during runtime from a local or external source. ","text":"Dynamically loaded code at runtime?","context":"100"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateJniChecks","value":"ok","testID":"Java Native Interface Usage","resultClass":"Runtime Security","name":"Dynamic code loading invokes","detail":"Android dalvik code is loaded dynamically by the listed methods. Native code by Java Native Interface (for dynamic loading) is used. ","text":"Dynamically loaded code at runtime type(s): ","context":"99"},"resultList":[{"result":["dalvik.system.DexClassLoader(...)","ClassLoader.loadClass(...)","loadLibrary(...)"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateLoginformation","value":"yes","testID":"Log Statement Enabled","resultClass":"Privacy","name":"Log Statement Enabled","detail":"Logging statements found in app. This might leak security or privacy relevant information. ","text":"Log Statement Enabled?","context":"0"}},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"none","testID":"MIMTYPE FILTER","resultClass":"Input interface security","name":"Android manifest flags","detail":"No indicators for file handling found. The app does not define a filter scheme to process specific files.","text":"App can handle documents of mimeType: ","context":"0"}},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Normal Permission","resultClass":"Data security","name":"Android Permissions","detail":"The application requires the following permissions from the protectionlevel: NORMAL","text":"Application needs normal permissions? ","context":"200"},"detailList":[{"detail":["READ_EXTERNAL_STORAGE (Allows an application to read from external storage. Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission. Currently, this permission is not enforced and all apps still have access to read from external storage without this permission. That will change in a future release and apps will require this permission to read from external storage. Note: If both minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants this permission to the app.) ","WAKE_LOCK (Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.) ","ACCESS_NETWORK_STATE (Allows applications to access information about networks.) ","VIBRATE (Allows access to the vibrator.) "]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Overprivileged permission yes/no","resultClass":"Data security","name":"Redundant permissions","detail":"","text":"Overprivileged permissions: ","context":"160"},"resultList":[{"result":["CAMERA","READ_EXTERNAL_STORAGE"]}]},{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"yes","testID":"PUBLIC ACCESSIBLE ACTIVITY TEST","resultClass":"Privacy","name":"Android manifest flags","detail":"The application contains components (Activities) which are exported. This means these parts of the application are accessible or executable by other applications. An external app can write or read information/data to or from this app. Additionally components of this application can be executed. Following Activities are exported:","text":"App provides public accessible activities?","context":"0"},"detailList":[{"detail":["com.hm.app.MainActivity","com.hm.preview.PreviewLauncherActivity","com.hm.features.notifications.InboxViewerActivity"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"ok","testID":"Permission correlation","resultClass":"Data security","name":"Userdefined permissions","detail":"Application uses userdefined permissions. Application can access data of a foreign application which requires this permission to access data.","text":"Userdefined permission usage: ","context":"170"},"resultList":[{"result":["com.hm.NOTIFICATION_INBOX_VIEWER","com.hm.permission.C2D_MESSAGE","com.google.android.c2dm.permission.RECEIVE","com.google.android.providers.gsf.permission.READ_GSERVICES"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateIdentifier","value":"ok","testID":"Read uids","resultClass":"Privacy","name":"Read uids","detail":"Application reads out different unique device Ids. These unique identifiers allows to identify the device and to distinguish it from other devices. Another option for reading out these IDs allow to determine the environment. The application can determine if it is running on a real device or on a virtual/emulated device. ","text":"Accessed unique identifier(s): ","context":"0"},"resultList":[{"result":["build model","build manufacturer","build product","build display","build fingerprint","build brand","MMC (Mobile Country Code)","unique Android ID"]}]},{"attr":{"rev":"7191","checkClass":"AndroidCorrelatePermissionChecks","value":"yes","testID":"Redundant permission correlation","resultClass":"Data security","name":"Redundant permissions","detail":"Application is propably overprivileged. Application has too much permissions. Foreign applications may be able to abuse this permission.","text":"Is application overprivileged?","context":"150"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL Hostname Verification Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Correct verification of the corresponding client hostname is important for SSL/TLS security. The app changes the secure default hostname verification by the following: ","text":"SSL/TLS using manual domain name verification?","context":"0"},"detailList":[{"detail":["Interface HostnameVerifier is implemented or extended."]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"SSL Trust Management Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"App uses the secure default SSL/TLS implementation for client communication. Error-prone modifications were not detected. ","text":"Custom SSL/TLS trust manager implemented?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"SSL/TLS Usage","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Usage of SSL/TLS can protect the App's communication from adversaries. Tests indicate that communication is at least partly protected with SSL/TLS.","text":"SSL/TLS used?","context":"8000"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"no","testID":"Scheduled Alarm Serivce test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The alarm manager has been initialized properly. ","text":"Alarm Manager initialized dynamically?","context":"9410"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"ok","testID":"Scheduled Alarm Types test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"","text":"Alarm repeating types: ","context":"9440"},"resultList":[{"result":["ELAPSED_REALTIME_WAKEUP"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Scheduled Alarms registered?","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The application contains a registered scheduled alarm. With such an alarm the application repeats the execution of the registered task for example every 10 hours. The following classes register scheduled tasks:","text":"Scheduled Alarm Manager registered?","context":"9450"},"detailList":[{"detail":["com.xtify.sdk.alarm.LocationIntentService"]}]},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateScreenshotProtectionChecks","value":"no","testID":"Screenshot Prevention","resultClass":"Input interface security","name":"Screenshot Prevention","detail":"The app does not use protection measures for preventing screenshots. For apps displaying sensitive data it is recommended to disable screenshots.","text":"Screenshot protection used?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateSensorChecks","value":"ok","testID":"Sensor Usage","resultClass":"Privacy","name":"Sensor Usage","detail":"Application reads information from different sensors. This allows the application to track the user and/or determine the environment of the user.","text":"Sensor usage: ","context":"0"},"resultList":[{"result":["Camera","WIFI-Based Location","GPS Location"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateTapJackingChecks","value":"no","testID":"Tap Jacking Protection implemented?","resultClass":"Input interface security","name":"Tap Jacking Protection implemented?","detail":"The application is vulnerable to tapjacking. When the protection is not used inside an exported activity another application is able to redirect touch events to the exported activity without the users consent.","text":"Tap Jacking Protection used?","context":"0"}},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected HTML Load","resultClass":"Communication security","name":"URL Checks","detail":"The app loads the following HTML files via unprotected communication (http), which can be exploited by attackers to remotely change the displayed content and functionality of the app: ","text":"Unprotected HTML?","context":"0"},"detailList":[{"detail":["http://sdk.api.xtify.com/2.0/rn/%1attrs/details?appKey=%2attrs&mid=%3attrs","http://lp.hm.com/hmprod?set=source[/josh/media/sys_master/9437500997662/general_menu_icon_search.png],&set=key[size],value[100x100]&call=url[file:/mobile/v1/generic]","http://about.hm.com/rest/mobile/storelocator/1/locale/%1attrs%2attrs%3attrs","http://android.hm.com/238","http://img.youtube.com/vi/","http://about.hm.com/rest/mobile/storedepartments/1.0/locale/%s","http://maps.google.com/maps?daddr="]}]},{"attr":{"rev":"6803","checkClass":"AndroidCorrelateCriticalURLs","value":"yes","testID":"Unprotected Maps Access","resultClass":"Privacy","name":"URL Checks","detail":"App contains URL(s) that indicate an unprotected HTTP access to map providers. The transmitted location query parameters to the following map providers are in this case accesible by third parties: ","text":"Unprotected map queries?","context":"0"},"detailList":[{"detail":["Google Maps"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"Modifications of the SSL error handling detected: Class WebViewClient is extended and onReceivedSslError(...) is overwritten. ","text":"SSL/TLS using custom error handling?","context":"0"}},{"attr":{"rev":"7042","checkClass":"AndroidCorrelateWifiDirectChecks","value":"no","testID":"WiFi-Direct mode enabled?","resultClass":"Data security","name":"WiFi-Direct mode enabled?","detail":"Wifi-Direct is not enabled. There is no risk for exploiting a vulnerability in the wpa_supplicant module responsible for the wlan management. (http://www.coresecurity.com/advisories/android-wifi-direct-denial-service)","text":"WiFi-Direct enabled?","context":"0"}},{"attr":{"rev":"7642","checkClass":"AndroidCorrelateBlacklistChecks","value":"no","testID":"defaultPolicy","resultClass":"Blacklisted by policy","name":"Blacklisted","detail":"","text":"Violations of default policy?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"no","testID":"faulty WebViewClient SSL Error Handling Test","resultClass":"Communication security","name":"SSL/TLS Usage","detail":"","text":"SSL/TLS using faulty custom error handling?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"no","testID":"implementation-flaw-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"","text":"Implementation flaws?","context":"0"}},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"privacy-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category privacy risks: ","text":"Privacy risks?","context":"0"},"detailList":[{"detail":["Unprotected Access: Disclosure of location or web query data though unprotected communication with service providers. "]}]},{"attr":{"rev":"7808","checkClass":"AndroidCorrelateRiskChecks","value":"yes","testID":"security-risk","resultClass":"App risks for enterprise usage","name":"Risk detected","detail":"Reasons for category security risks: ","text":"Security risks?","context":"0"},"detailList":[{"detail":["Unprotected Web Content: App loads active web content (e.g. JavaScript or HTML files) without integrity protection. This poses a risk as man-in-the-middle attackers can modify the loaded web content and change the functionality of the app. ","Crypto: Constant initialization vector detected. This should be avoided, as it allows an attacker to infer relationships between segments of encrypted messages if encrypted with the same key and initialization vector. "]}]}]},{"attr":{"os":"Android","appId":"com.ikea.catalogue.android:17.00","name":"IKEA Katalog","version":"17.00","model":"Shop","store_url":"https://play.google.com/store/apps/details?id=com.ikea.catalogue.android"},"indicator":[{"attr":{"rev":"7323","checkClass":"AndroidCorrelateManifestSettings","value":"no","testID":"ALLOW BACKUP DISABLED","resultClass":"Privacy","name":"Android manifest flags","detail":"In this application the allow backup option is disabled. This means no backup or restore of the application will ever be performed, even by a full-system backup that would otherwise cause all application data to be saved via adb backup function.","text":"Backup of app is allowed?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateNativeBinariesChecks","value":"yes","testID":"APK ELF library entries","resultClass":"Runtime Security","name":"APK ELF library entries","detail":"Loadable libraries found:","text":"Contains native libraries: ","context":"0"},"detailList":[{"detail":["ARM 32 bit: lib/armeabi-v7a/libaudioplugingvrunity.so","ARM 32 bit: lib/armeabi-v7a/libconceal.so","ARM 32 bit: lib/armeabi-v7a/libgvrunity.so","ARM 32 bit: lib/armeabi-v7a/libmain.so","ARM 32 bit: lib/armeabi-v7a/libmono.so","ARM 32 bit: lib/armeabi-v7a/libpano_video_renderer.so","ARM 32 bit: lib/armeabi-v7a/libunity.so","ARM 32 bit: lib/armeabi-v7a/libVuforia.so","ARM 32 bit: lib/armeabi-v7a/libVuforiaUnityPlayer.so","ARM 32 bit: lib/armeabi-v7a/libVuforiaWrapper.so","ARM 32 bit: lib/armeabi-v7a/libxwalkcore.so","ARM 32 bit: lib/armeabi-v7a/libxwalkdummy.so"]}]},{"attr":{"rev":"6930","checkClass":"AndroidCorrelateSignatureChecks","value":"yes","testID":"APK Outdated Signature Test","resultClass":"Runtime Security","name":"APK Entries Signature Test","detail":"The app is signed with a key that has a strength of 1024 bits. Google recommends to use a key with a strength of 2048 bit or more.","text":"App uses outdated signature key?","context":"0"}},{"attr":{"rev":"6804","checkClass":"AndroidCorrelateAddressbookChecks","value":"no","testID":"Addressbook Usage","resultClass":"Privacy","name":"Addressbook Usage","detail":"Permission READ_CONTACTS not used.","text":"Permission to access address book?","context":"0"}},{"attr":{"rev":"6555","checkClass":"AndroidCorrelateTrackingFrameworkChecks","value":"ok","testID":"Advertisment/Tracking Usage","resultClass":"Privacy","name":"Advertisment/Tracking Usage","detail":"Indicators for usage of advertisement/tracking framework were found.","text":"Advertisment-/tracking frameworks found: ","context":"0"},"resultList":[{"result":["Doubleclick","Google Analytics"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateScheduledAlarmChecks","value":"yes","testID":"Alarm with Intervals test","resultClass":"Runtime Security","name":"Scheduled Alarms registered?","detail":"The scheduled task gets repeated in the following intervals: ","text":"Alarm intervals dynamically?","context":"9420"},"detailList":[{"detail":["Dynamic interval(s)"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateDeviceAdminChecks","value":"none","testID":"Android Administrative Privileges","resultClass":"Privacy","name":"Android Device Administrator Checks","detail":"Device administration features not used. ","text":"Device administration policy entries: ","context":"1999"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Android JavaScript interface","resultClass":"Data security","name":"JavaScript bridging usage","detail":"Indicator for JavaScript bridge to Android API usage found. JavaScript used in the application (localy stored or loaded dynamicaly) may access and execute Android SDK API calls.","text":"JavaScript to SDK API bridge usage?","context":"80"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"yes","testID":"Android Obfuscation Used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"Code obfuscation techniques were detected for the app.","text":"Obfuscation used?","context":"4999"}},{"attr":{"rev":"7153","checkClass":"AndroidCorrelateObfuscationChecks","value":"ok","testID":"Android Obfuscation level used","resultClass":"Privacy","name":"Android Obfuscation Checks","detail":"The obfuscation level UNKNOWN means that the application has the capability to dynamically load code from outside, which currently is not part of the analysis. Therefore, the obfuscation strength is not evaluated. ","text":"Obfuscation level is: ","context":"4998"},"resultList":[{"result":["UNKNOWN"]}]},{"attr":{"rev":"7093","checkClass":"AndroidCorrelatePublicComponentAccess","value":"yes","testID":"Application defines content provider","resultClass":"Data security","name":"Application defines content provider","detail":"The application uses a content provider for interacting with data set structures. Content providers are the standard interface that connects data in one process with code running in another process. ","text":"Application defines content provider?","context":"100"}},{"attr":{"rev":"7093","checkClass":"AndroidCorrelateAutostartChecks","value":"no","testID":"Boot permission Test","resultClass":"Runtime Security","name":"Application has autostart","detail":"","text":"Allow autoexecute after Phone Reboot?","context":"0"}},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"ok","testID":"COMMUNICATION-ENDPOINT-TEST","resultClass":"Communication security","name":"Detected Communication Endpoints","detail":"Communication endpoints is a list of all potential communication endpoints Appicaptor was able to detect. This allows quick enumeration of suspicious domains, raw IP Addresses, etc..","text":"Communication endpoints: ","context":"9000"},"resultList":[{"result":[".facebook.com","apilocate.amap.com","app.getsentry.com","aps.amap.com","catalogue.redpeppercorn.se","cbk0.google.com","cgicol.amap.com","clients4.google.com","csi.gstatic.com","d325ty7uqiufcm.cloudfront.net","ds.mapabc.com","engine.redpeppercorn.se","facebook.com","g.co","geo0.ggpht.com","google.com","graph-video.%s","graph.%s","history.google.com","kh.google.com","lh5.ggpht.com","maps.google.com","maps.googleapis.com","mst01.is.autonavi.com","mst02.is.autonavi.com","mst03.is.autonavi.com","mst04.is.autonavi.com","play.google.com","plus.google.com","restapi.amap.com","ssl.google-analytics.com","support.google.com","tinyurl.com","tm.mapabc.com","tmds.mapabc.com","viewer.zizera.com","webrd01.is.autonavi.com","webrd02.is.autonavi.com","webrd03.is.autonavi.com","webrd04.is.autonavi.com","wprd01.is.autonavi.com","wprd02.is.autonavi.com","wprd03.is.autonavi.com","wprd04.is.autonavi.com","www.google-analytics.com","www.google.com","www.googleapis.com","www.googletagmanager.com"]}]},{"attr":{"rev":"7804","checkClass":"AndroidCorrelateSslChecks","value":"yes","testID":"Client Communication Recognized","resultClass":"Communication security","name":"Client Communication Recognized","detail":"Client communication detected. The application can establish a network connection to one or more specific host systems. URLs with parameters found: ","text":"Client communication used?","context":"10000"},"detailList":[{"detail":["http://3e4d8f708e3a4ef7872d7aae337559e4:421ee77898074d01a6030143cc9a22ee@engine.redpeppercorn.se:9000/4","http://cgicol.amap.com/collection/writedata?ver=v1.0_ali&","http://maps.google.com/maps?saddr=","http://maps.googleapis.com/maps/api/geocode/json?latlng=","http://play.google.com/store/apps/details?id=","http://play.google.com/store/apps/details?id=com.facebook.orca","http://tinyurl.com/api-create.php?url=","http://viewer.zizera.com/ikea/v1/api/versions?where=model+is+androidapp-3dmodels","https://cbk0.google.com/cbk?cb_client=an_mobile&output=report&panoid=","https://maps.google.com/maps?saddr=&daddr=","https://play.google.com/store/apps/details?id=","https://support.google.com/gmm/?p=android_home_set_home","https://support.google.com/gmm/?p=android_home_sign_in","https://support.google.com/gmm/?p=android_home_web_history","https://support.google.com/gmm/?p=place_questions","https://support.google.com/gmm/?p=questions_help","https://support.google.com/maps/?p=ios_send_to_phone","market://details?id=","market://details?id=com.facebook.orca","market://details?id=com.google.vr.vrcore","market://details?id=com.pinterest","weixin://registerapp?appid=","weixin://sendreq?appid=","weixin://sendresp?appid=","weixin://unregisterapp?appid="]}]},{"attr":{"rev":"none","checkClass":"AndroidCorrelateCryptoMisuseChecks","value":"yes","testID":"Constant initialization vectors found? ","resultClass":"Data security","name":"Does application contains cryptographic problems? ","detail":"Use of constant initialization vectors is a bad practice. The following initialization vectors were found: ","text":"Constant initialization vectors found?","context":"998"},"detailList":[{"detail":["\"_a+m-a=p?a>pp