ANDROID

STATIC ANALYSIS REPORT

 Poczta (1.0)

File Name: fefd353bac6e06b45a4593b22a03b57b3b1d28c25edde151ace8dee06fadd9ac.apk

Package Name: tgffsznnfaqz.uigqoxhqdhzw.stijcdihrnxemufcckfnwskrgta

Average CVSS Score: 5.7

App Security Score: 75/100 (LOW RISK)

Trackers Detection: 2/285

 FILE INFORMATION
File Name: fefd353bac6e06b45a4593b22a03b57b3b1d28c25edde151ace8dee06fadd9ac.apk
Size: 1.54MB
MD5: 1b75faf2adfc63ee8448b57bdf23d48e
SHA1: 3f72a4dd42cdf126e27dbd843847f0f3af39bf29
SHA256: fefd353bac6e06b45a4593b22a03b57b3b1d28c25edde151ace8dee06fadd9ac

 APP INFORMATION
App Name: Poczta
Package Name: tgffsznnfaqz.uigqoxhqdhzw.stijcdihrnxemufcckfnwskrgta
Main Activity: sniaean.azaskhuucmmuid.okrk.bhzetnyubga
Target SDK: 29
Min SDK: 15
Max SDK:
Android Version Name: 1.0
Android Version Code: 1

 APP COMPONENTS
Activities: 38
Services: 8
Receivers: 3
Providers: 0
Exported Activities: 1
Exported Services: 0
Exported Receivers: 0
Exported Providers: 0

 CERTIFICATE INFORMATION
APK is signed
v1 signature: True
v2 signature: False
v3 signature: False
Found 1 unique certificates
Subject: C=US, ST=California, L=Mountain View, O=Android, OU=Android, CN=Android, [email protected]
Signature Algorithm: rsassa_pkcs1v15
Valid From: 2008-02-29 01:33:46+00:00
Valid To: 2035-07-17 01:33:46+00:00
Issuer: C=US, ST=California, L=Mountain View, O=Android, OU=Android, CN=Android, [email protected]
Serial Number: 0x936eacbe07f201df
Hash Algorithm: sha1
md5: e89b158e4bcf988ebd09eb83f5378e87
sha1: 61ed377e85d386a8dfee6b864bd85b0bfaa5af81
sha256: a40da80a59d170caa950cf15c18c454d47a39b26989d8b640ecd745ba71bf5dc
sha512:
5216ccb62004c4534f35c780ad7c582f4ee528371e27d4151f0553325de9ccbe6b34ec4233f5f640703581053abfea303977272d17958704d89b7711292a4569
Certificate Status: Bad
Description: The app is signed with SHA1withRSA. SHA1 hash algorithm is known to have collision issues.

 APPLICATION PERMISSIONS

PERMISSION STATUS INFO DESCRIPTION

Allows an application to disable the key

lock and any associated password
security. A legitimate example of this is
android.permission.DISABLE_KEYGUARD dangerous disable key lock the phone disabling the key lock when
receiving an incoming phone call, then re-
enabling the key lock when the call is
finished.

Permission an application must hold in

android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS normal
order to use

Allows the application to access the

phone features of the device. An
read phone application with this permission can
android.permission.READ_PHONE_STATE dangerous state and determine the phone number and serial
identity number of this phone, whether a call is
active, the number that call is connected
to and so on.

Allows an application to receive packets

allow Wi-Fi not directly addressed to your device.
android.permission.CHANGE_WIFI_MULTICAST_STATE dangerous Multicast This can be useful when discovering
reception services offered nearby. It uses more
power than the non-multicast mode.

prevent phone Allows an application to prevent the

android.permission.WAKE_LOCK dangerous
from sleeping phone from going to sleep.

Allows an application to start itself as

soon as the system has finished booting.
automatically This can make it take longer to start the
android.permission.RECEIVE_BOOT_COMPLETED normal
start at boot phone and allow the application to slow
down the overall phone by always
running.

Allows application to send SMS messages.

send SMS Malicious applications may cost you
android.permission.SEND_SMS dangerous
messages money by sending messages without
your confirmation.

Allows an application to move tasks to the

reorder
foreground and background. Malicious
android.permission.REORDER_TASKS dangerous applications
applications can force themselves to the
running
front without your control.
PERMISSION STATUS INFO DESCRIPTION

Allows the application to call phone

numbers without your intervention.
directly call
Malicious applications may cause
android.permission.CALL_PHONE dangerous phone
unexpected calls on your phone bill. Note
numbers
that this does not allow the application to
call emergency numbers.

control Near- Allows an application to communicate

android.permission.NFC dangerous Field with Near-Field Communication (NFC)
Communication tags, cards and readers.

full Internet Allows an application to create network

android.permission.INTERNET dangerous
access sockets.

Allows an application to read all of the

read contact contact (address) data stored on your
android.permission.READ_CONTACTS dangerous
data phone. Malicious applications can use
this to send your data to other people.

Allows application to read SMS messages

read SMS or stored on your phone or SIM card.
android.permission.READ_SMS dangerous
MMS Malicious applications may read your
confidential messages.

Allows application to receive and process

SMS messages. Malicious applications
android.permission.RECEIVE_SMS dangerous receive SMS
may monitor your messages or delete
them without showing them to you.

Allows an application to request deleting

android.permission.REQUEST_DELETE_PACKAGES normal
packages. Apps targeting APIs

 APKID ANALYSIS

FILE DETAILS

FINDINGS DETAILS
classes.dex

Compiler dexlib 2.x

 BROWSABLE ACTIVITIES

ACTIVITY INTENT

sniaean.azaskhuucmmuid.okrk.ckiwrpemditft Schemes: sms://, mms://, mmsto://, smsto://,

 MANIFEST ANALYSIS

ISSUE SEVERITY DESCRIPTION

The app intends to use cleartext network traffic, such as cleartext

HTTP, FTP stacks, DownloadManager, and MediaPlayer. The default
value for apps that target API level 27 or lower is "true". Apps that
Clear text traffic is Enabled For App
high target API level 28 or higher default to "false". The key reason for
[android:usesCleartextTraffic=true]
avoiding cleartext traffic is the lack of confidentiality, authenticity, and
protections against tampering; a network attacker can eavesdrop on
transmitted data and also modify it without being detected.

This flag allows anyone to backup your application data via adb. It
Application Data can be Backed up
medium allows users who have enabled USB debugging to copy application
[android:allowBackup=true]
data off of the device.

An Activity is found to be shared with other apps on the device

Activity (sniaean.azaskhuucmmuid.okrk.ckiwrpemditft)
therefore leaving it accessible to any other application on the device.
is not Protected. high
The presence of intent-filter indicates that the Activity is explicitly
An intent-filter exists.
exported.

An Activity should not be having the launch mode attribute set to

Launch Mode of Activity "singleTask/singleInstance" as it becomes root Activity and it is
(sniaean.azaskhuucmmuid.okrk.ewqngluwcaqxzd.ofbzz) high possible for other applications to read the contents of the calling
is not standard. Intent. So it is required to use the "standard" launch mode attribute
when sensitive information is included in an Intent.

High Intent Priority (121) By setting an intent priority higher than another intent, the app
medium
[android:priority] effectively overrides other requests.

High Intent Priority (979) By setting an intent priority higher than another intent, the app
medium
[android:priority] effectively overrides other requests.

 CODE ANALYSIS

ISSUE SEVERITY STANDARDS FILES

ru/auto/ara/plugin/launch/DictionaryPlugin.java
CVSS V2: 7.4 (high)
ru/auto/ara/plugin/launch/LogAppLaunchPlugin.jav
Files may contain hardcoded CWE: CWE-312 - Cleartext Storage of
a
sensitive informations like high Sensitive Information
ru/auto/ara/data/preferences/DefaultPreferences.ja
usernames, passwords, keys etc. OWASP Top 10: M9: Reverse Engineering
va
OWASP MASVS: MSTG-STORAGE-14
com/adjust/sdk/sigv2/KeystoreHelper.java
ISSUE SEVERITY STANDARDS FILES

ru/auto/ara/utils/logger/SoftWrapDebugTree.java
ru/yandex/searchlib/util/Log.java
com/adjust/sdk/sigv2/Crypt.java
com/bumptech/glide/Glide.java
com/bumptech/glide/GeneratedAppGlideModuleIm
pl.java
CVSS V2: 7.5 (high) com/bumptech/glide/manager/c.java
The App logs information.
CWE: CWE-532 - Insertion of Sensitive com/bumptech/glide/manager/h.java
Sensitive information should info
Information into Log File com/bumptech/glide/manager/d.java
never be logged.
OWASP MASVS: MSTG-STORAGE-3 com/bumptech/glide/manager/i.java
com/bumptech/glide/manager/j.java
com/bumptech/glide/manager/RequestTracker.java
com/bumptech/glide/request/d.java
com/bumptech/glide/request/target/c.java
com/bumptech/glide/request/target/ViewTarget.jav
a

ru/yandex/searchlib/informers/main/RatesInforme
rResponse.java
ru/yandex/searchlib/json/HistoryStreamAdapter.jav
a
ru/yandex/searchlib/json/HomeApiJsonReaderMain
InformersResponseJsonAdapter.java
ru/yandex/searchlib/json/YandexJsonReaderNaviga
This App uses Java Hash Code. CVSS V2: 2.3 (low)
tionResponseJsonAdapter.java
It's a weak hash function and CWE: CWE-327 - Use of a Broken or
warning ru/yandex/searchlib/json/MainActivityHistoryParse
should never be used in Secure Risky Cryptographic Algorithm
r.java
Crypto Implementation. OWASP MASVS: MSTG-CRYPTO-4
ru/yandex/searchlib/json/JsonReaderTrendRespons
eJsonAdapter.java
ru/yandex/searchlib/history/HistoryItem.java
com/annimon/stream/c.java
com/flipboard/bottomsheet/commons/IntentPicker
SheetView.java
com/bumptech/glide/request/d.java

 DOMAIN MALWARE CHECK

DOMAIN STATUS GEOLOCATION

IP: 93.158.134.158
Country: Russian Federation
Region: Moskva
autoru-mag-data.s3.yandex.net good City: Moscow
Latitude: 55.75222
Longitude: 37.615559
View: Google Map

IP: 213.180.204.188
Country: Russian Federation
Region: Moskva
m.auto.ru good City: Moscow
Latitude: 55.75222
Longitude: 37.615559
View: Google Map
DOMAIN STATUS GEOLOCATION

IP: 213.180.193.188
Country: Russian Federation
Region: Moskva
m.test.avto.ru good City: Moscow
Latitude: 55.75222
Longitude: 37.615559
View: Google Map

IP: 186.2.163.83
Country: Russian Federation
Region: Rostovskaya oblast'
suggestions.dadata.ru good City: Rostov-na-Donu
Latitude: 47.23563
Longitude: 39.712189
View: Google Map

IP: 178.154.131.215
Country: Russian Federation
Region: Moskva
api.yastatic.net good City: Moscow
Latitude: 55.75222
Longitude: 37.615559
View: Google Map

 URLS

URL FILE

https://suggestions.dadata.ru/
ru/auto/ara/di/module/ApiModule.java
https://autoru-mag-data.s3.yandex.net/json/

https://m.auto.ru/
http://m.auto.ru/
ru/auto/ara/utils/ServerChooseHelper.java
https://m.test.avto.ru/
http://m.test.avto.ru/

www.)?drive2 ru/auto/data/util/StringUtils.java

https://api.yastatic.net/morda-logo/i/yandex-app/weather/wgt_android/%s.4.png ru/yandex/searchlib/informers/main/WeatherIconMapper.java

 TRACKERS

TRACKER URL

Adjust https://reports.exodus-privacy.eu.org/trackers/52

AppMetrica https://reports.exodus-privacy.eu.org/trackers/140
App Security Score Calculation
Every app is given an ideal score of 100 to begin with.
For every findings with severity high we reduce 15 from the score.
For every findings with severity warning we reduce 10 from the score.
For every findings with severity good we add 5 to the score.
If the calculated score is greater than 100, then the app security score is considered as 100.
And if the calculated score is less than 0, then the app security score is considered as 10.

Risk Calculation

APP SECURITY SCORE RISK

0 - 15 CRITICAL

16 - 40 HIGH

41 - 70 MEDIUM

71 - 100 LOW

Report Generated by - MobSF v3.0.7 Beta

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security
assessment framework capable of performing static and dynamic analysis.

© 2020 Mobile Security Framework - MobSF | Ajin Abraham | OpenSecurity.