-
Notifications
You must be signed in to change notification settings - Fork 3
/
com.imo.android.imous.apk-575ca1fbd72b1a4f72bfc5d958692d17-cleaned.json
executable file
·1 lines (1 loc) · 44.7 KB
/
com.imo.android.imous.apk-575ca1fbd72b1a4f72bfc5d958692d17-cleaned.json
1
{"version": "v3.0.4 Beta", "title": "Static Analysis", "file_name": "com.imo.android.imous.apk", "app_name": "imo HD", "app_type": "apk", "size": "11.32MB", "md5": "575ca1fbd72b1a4f72bfc5d958692d17", "sha1": "079231d87fe1bc361e12c59c38a6952f9da1073d", "sha256": "57530b273a5f33d91233ad94f81847e9304c946181a5e415198e879b2b092a06", "package_name": "com.imo.android.imous", "main_activity": "com.imo.android.imoim.activities.Home", "activities": ["com.imo.android.imoim.activities.ManageSpaceActivity", "com.imo.android.imoim.activities.Home", "com.imo.android.imoim.views.AccountPreferencesView", "com.imo.android.imoim.views.Privacy", "com.imo.android.imoim.activities.CaptureActivity", "com.imo.android.imoim.activities.ChatColors", "com.imo.android.imoim.activities.UsernameActivity", "com.imo.android.imoim.activities.DownloadAllActivity", "com.imo.android.imoim.activities.DownloadChatActivity", "com.imo.android.imoim.views.DataUsage", "com.imo.android.imoim.activities.Storage", "com.imo.android.imoim.activities.CallData", "com.imo.android.imoim.activities.Refer", "com.imo.android.imoim.activities.Premium", "com.imo.android.imoim.views.About", "com.imo.android.imoim.views.AccountRequestNameChangeView", "com.imo.android.imoim.activities.ChangeGroupName", "com.imo.android.imoim.views.DeleteAccountView", "com.imo.android.imoim.activities.DeleteAccountFeedback", "com.imo.android.imoim.activities.Welcome", "com.imo.android.imoim.activities.VideoPlayerActivity", "com.imo.android.imoim.activities.PhoneActivationActivity", "com.imo.android.imoim.activities.PhoneGalleryActivity", "com.imo.android.imoim.activities.NameAgeActivity", "com.imo.android.imoim.activities.ProfileActivity", "com.imo.android.imoim.activities.GenderActivity", "com.imo.android.imoim.activities.GrouperSignup", "com.imo.android.imoim.activities.SignupActivity2", "com.imo.android.imoim.activities.ChangePhone", "com.imo.android.imoim.activities.StrangerProfileWrapper", "com.imo.android.imoim.activities.StrangerProfileWrapperSingleTop", "com.imo.android.imoim.activities.OwnProfileActivity", "com.imo.android.imoim.fragments.GroupProfileFragment", "com.imo.android.imoim.views.UpdateActivity", "com.imo.android.imoim.activities.UpdateActivity2", "com.imo.android.imoim.activities.GDPRActivity", "com.imo.android.imoim.activities.PhotosGridView", "com.imo.android.imoim.views.PhotosGalleryView", "com.imo.android.imoim.activities.FullScreenPhoto", "com.imo.android.imoim.activities.FullScreenProfileActivity", "com.imo.android.imoim.activities.SuggestInvite", "com.imo.android.imoim.activities.SuggestUninstall", "com.imo.android.imoim.activities.SuggestPremium", "com.imo.android.imoim.activities.SuggestShare", "com.imo.android.imoim.activities.Sharer", "com.imo.android.imoim.activities.Panda", "com.imo.android.imoim.activities.Searchable", "com.imo.android.imoim.activities.NewChat", "com.imo.android.imoim.activities.BeastCallActivity", "com.imo.android.imoim.activities.BeastCallGroupActivity", "com.imo.android.imoim.activities.SelectContactActivity", "com.imo.android.imoim.av.ui.AVActivity", "com.imo.android.imoim.av.ui.AudioActivity", "com.imo.android.imoim.av.ui.GroupAVActivity", "com.imo.android.imoim.av.ui.LiveStreamActivity", "com.imo.android.imoim.activities.Live", "com.imo.android.imoim.activities.LiveProfileActivity", "com.imo.android.imoim.activities.Inviter2", "com.imo.android.imoim.activities.ChatsCloser", "com.imo.android.imoim.activities.UnblockActivity", "com.imo.android.imoim.activities.DeviceListActivity", "com.imo.android.imoim.activities.AddFriendsActivity", "com.imo.android.imoim.activities.AddPhoneActivity", "com.imo.android.imoim.activities.ReverseFriendsActivity", "com.imo.android.imoim.activities.BeastCreateGroup", "com.imo.android.imoim.activities.SharingActivity", "com.imo.android.imoim.activities.PopupScreen", "com.imo.android.imoim.activities.IMActivity", "com.imo.android.imoim.activities.BurgerActivity", "com.imo.android.imoim.activities.AuthenticatorActivity", "com.imo.android.imoim.camera.CameraActivity2", "com.imo.android.imoim.camera.CameraEditActivity", "com.imo.android.imoim.activities.ShortcutCreator", "com.imo.android.imoim.activities.StreamAdActivity", "com.imo.android.imoim.activities.StreamBroadCastActivity", "com.imo.android.imoim.activities.StreamAlbumActivity", "com.imo.android.imoim.activities.SelectStoryActivity", "com.imo.android.imoim.activities.WebViewActivity", "com.imo.android.imoim.activities.StickerProfileActivity", "com.imo.android.imoim.activities.Grouper", "com.imo.android.imoim.activities.NewGrouper", "com.imo.android.imoim.activities.GroupLink", "com.imo.android.imoim.activities.JoinGrouper", "com.imo.android.imoim.activities.SelectBuddiesActivity", "com.imo.android.imoim.activities.Sender", "com.imo.android.imoim.activities.StorySettingActivity", "com.amazon.device.ads.DTBActivity", "com.facebook.ads.AudienceNetworkActivity", "com.facebook.ads.internal.ipc.RemoteANActivity", "com.google.android.gms.auth.api.signin.internal.SignInHubActivity", "com.google.android.gms.ads.AdActivity", "com.google.android.gms.common.api.GoogleApiActivity"], "receivers": ["com.google.android.gms.gcm.GcmReceiver", "com.imo.android.imoim.receivers.DismissReceiver", "com.imo.android.imoim.util.IMOBattery", "com.imo.android.imoim.ReferReceiver", "com.imo.android.imoim.AppUpdateReceiver", "com.imo.android.imoim.receivers.MyPackageReplaced", "com.imo.android.imoim.av.HeadsetReceiver", "com.imo.android.imoim.av.GroupHeadsetReceiver", "com.imo.android.imoim.AutoStarter", "com.imo.android.imoim.Alarms", "com.imo.android.imoim.receivers.ConnReceiver"], "providers": ["com.imo.android.imoim.syncadapter.StubProvider", "android.support.v4.content.FileProvider"], "services": ["com.imo.android.imoim.network.MyJobService", "com.imo.android.imoim.DummyService", "com.imo.android.imoim.AlarmService", "com.imo.android.imoim.SignupService", "com.imo.android.imoim.UploadService", "com.imo.android.imoim.av.services.ActiveCallService", "com.imo.android.imoim.syncadapter.AuthenticatorService", "com.imo.android.imoim.syncadapter.SyncService", "com.imo.android.imoim.syncadapter.SyncContactService", "com.imo.android.imoim.gcm.MyInstanceIDListenerService", "com.imo.android.imoim.gcm.MyGCMListenerService", "com.imo.android.imoim.syncadapter.ImoChooserTargetService", "com.facebook.ads.internal.ipc.AdsProcessPriorityService", "com.facebook.ads.internal.ipc.AdsMessengerService", "com.google.android.gms.auth.api.signin.RevocationBoundService"], "libraries": [], "target_sdk": "28", "max_sdk": "", "min_sdk": "14", "version_name": "9.8.000000010915", "version_code": "1940", "permissions": {"android.permission.INTERNET": {"status": "dangerous", "info": "full Internet access", "description": "Allows an application to create network sockets."}, "android.permission.ACCESS_NETWORK_STATE": {"status": "normal", "info": "view network status", "description": "Allows an application to view the status of all networks."}, "android.permission.VIBRATE": {"status": "normal", "info": "control vibrator", "description": "Allows the application to control the vibrator."}, "android.permission.RECORD_AUDIO": {"status": "dangerous", "info": "record audio", "description": "Allows application to access the audio record path."}, "android.permission.CAMERA": {"status": "dangerous", "info": "take pictures and videos", "description": "Allows application to take pictures and videos with the camera. This allows the application to collect images that the camera is seeing at any time."}, "android.permission.FOREGROUND_SERVICE": {"status": "normal", "info": "", "description": "Allows a regular application to use Service.startForeground"}, "android.permission.SYSTEM_ALERT_WINDOW": {"status": "dangerous", "info": "display system-level alerts", "description": "Allows an application to show system-alert windows. Malicious applications can take over the entire screen of the phone."}, "android.permission.RECEIVE_BOOT_COMPLETED": {"status": "normal", "info": "automatically start at boot", "description": "Allows an application to start itself as soon as the system has finished booting. This can make it take longer to start the phone and allow the application to slow down the overall phone by always running."}, "com.android.launcher.permission.INSTALL_SHORTCUT": {"status": "normal", "info": "", "description": "Allows an application to install a shortcut in Launcher."}, "android.permission.ACCESS_WIFI_STATE": {"status": "normal", "info": "view Wi-Fi status", "description": "Allows an application to view the information about the status of Wi-Fi."}, "android.permission.WAKE_LOCK": {"status": "dangerous", "info": "prevent phone from sleeping", "description": "Allows an application to prevent the phone from going to sleep."}, "android.permission.WRITE_EXTERNAL_STORAGE": {"status": "dangerous", "info": "read/modify/delete SD card contents", "description": "Allows an application to write to the SD card."}, "android.permission.GET_ACCOUNTS": {"status": "normal", "info": "discover known accounts", "description": "Allows an application to access the list of accounts known by the phone."}, "android.permission.READ_PROFILE": {"status": "dangerous", "info": "read the user's personal profile data", "description": "Allows an application to read the user's personal profile data."}, "android.permission.READ_CONTACTS": {"status": "dangerous", "info": "read contact data", "description": "Allows an application to read all of the contact (address) data stored on your phone. Malicious applications can use this to send your data to other people."}, "android.permission.WRITE_CONTACTS": {"status": "dangerous", "info": "write contact data", "description": "Allows an application to modify the contact (address) data stored on your phone. Malicious applications can use this to erase or modify your contact data."}, "android.permission.CALL_PHONE": {"status": "dangerous", "info": "directly call phone numbers", "description": "Allows the application to call phone numbers without your intervention. Malicious applications may cause unexpected calls on your phone bill. Note that this does not allow the application to call emergency numbers."}, "android.permission.READ_PHONE_STATE": {"status": "dangerous", "info": "read phone state and identity", "description": "Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on."}, "android.permission.MODIFY_AUDIO_SETTINGS": {"status": "dangerous", "info": "change your audio settings", "description": "Allows application to modify global audio settings, such as volume and routing."}, "android.permission.ACCESS_FINE_LOCATION": {"status": "dangerous", "info": "fine (GPS) location", "description": "Access fine location sources, such as the Global Positioning System on the phone, where available. Malicious applications can use this to determine where you are and may consume additional battery power."}, "android.permission.ACCESS_COARSE_LOCATION": {"status": "dangerous", "info": "coarse (network-based) location", "description": "Access coarse location sources, such as the mobile network database, to determine an approximate phone location, where available. Malicious applications can use this to determine approximately where you are."}, "android.permission.BLUETOOTH": {"status": "dangerous", "info": "create Bluetooth connections", "description": "Allows an application to view configuration of the local Bluetooth phone and to make and accept connections with paired devices."}, "android.permission.BROADCAST_STICKY": {"status": "normal", "info": "send sticky broadcast", "description": "Allows an application to send sticky broadcasts, which remain after the broadcast ends. Malicious applications can make the phone slow or unstable by causing it to use too much memory."}, "android.permission.NFC": {"status": "dangerous", "info": "control Near-Field Communication", "description": "Allows an application to communicate with Near-Field Communication (NFC) tags, cards and readers."}, "com.google.android.c2dm.permission.RECEIVE": {"status": "signature", "info": "C2DM permissions", "description": "Permission for cloud to device messaging."}, "com.google.android.providers.gsf.permission.READ_GSERVICES": {"status": "dangerous", "info": "Unknown permission from android reference", "description": "Unknown permission from android reference"}, "android.permission.READ_SYNC_SETTINGS": {"status": "normal", "info": "read sync settings", "description": "Allows an application to read the sync settings, such as whether sync is enabled for Contacts."}, "android.permission.WRITE_SYNC_SETTINGS": {"status": "dangerous", "info": "write sync settings", "description": "Allows an application to modify the sync settings, such as whether sync is enabled for Contacts."}, "android.permission.AUTHENTICATE_ACCOUNTS": {"status": "dangerous", "info": "act as an account authenticator", "description": "Allows an application to use the account authenticator capabilities of the Account Manager, including creating accounts as well as obtaining and setting their passwords."}, "android.permission.MANAGE_ACCOUNTS": {"status": "dangerous", "info": "manage the accounts list", "description": "Allows an application to perform operations like adding and removing accounts and deleting their password."}, "com.android.vending.BILLING": {"status": "dangerous", "info": "Unknown permission from android reference", "description": "Unknown permission from android reference"}, "com.sec.android.provider.badge.permission.READ": {"status": "dangerous", "info": "Unknown permission from android reference", "description": "Unknown permission from android reference"}, "com.sec.android.provider.badge.permission.WRITE": {"status": "dangerous", "info": "Unknown permission from android reference", "description": "Unknown permission from android reference"}, "com.htc.launcher.permission.READ_SETTINGS": {"status": "dangerous", "info": "Unknown permission from android reference", "description": "Unknown permission from android reference"}, "com.htc.launcher.permission.UPDATE_SHORTCUT": {"status": "dangerous", "info": "Unknown permission from android reference", "description": "Unknown permission from android reference"}, "com.sonyericsson.home.permission.BROADCAST_BADGE": {"status": "dangerous", "info": "Unknown permission from android reference", "description": "Unknown permission from android reference"}, "com.sonymobile.home.permission.PROVIDER_INSERT_BADGE": {"status": "dangerous", "info": "Unknown permission from android reference", "description": "Unknown permission from android reference"}, "com.anddoes.launcher.permission.UPDATE_COUNT": {"status": "dangerous", "info": "Unknown permission from android reference", "description": "Unknown permission from android reference"}, "com.majeur.launcher.permission.UPDATE_BADGE": {"status": "dangerous", "info": "Unknown permission from android reference", "description": "Unknown permission from android reference"}, "com.huawei.android.launcher.permission.CHANGE_BADGE": {"status": "dangerous", "info": "Unknown permission from android reference", "description": "Unknown permission from android reference"}, "com.huawei.android.launcher.permission.READ_SETTINGS": {"status": "dangerous", "info": "Unknown permission from android reference", "description": "Unknown permission from android reference"}, "com.huawei.android.launcher.permission.WRITE_SETTINGS": {"status": "dangerous", "info": "modify global system settings", "description": "Allows an application to modify the system's settings data. Malicious applications can corrupt your system's configuration."}, "android.permission.READ_APP_BADGE": {"status": "dangerous", "info": "Unknown permission from android reference", "description": "Unknown permission from android reference"}, "com.oppo.launcher.permission.READ_SETTINGS": {"status": "dangerous", "info": "Unknown permission from android reference", "description": "Unknown permission from android reference"}, "com.oppo.launcher.permission.WRITE_SETTINGS": {"status": "dangerous", "info": "modify global system settings", "description": "Allows an application to modify the system's settings data. Malicious applications can corrupt your system's configuration."}, "me.everything.badger.permission.BADGE_COUNT_READ": {"status": "dangerous", "info": "Unknown permission from android reference", "description": "Unknown permission from android reference"}, "me.everything.badger.permission.BADGE_COUNT_WRITE": {"status": "dangerous", "info": "Unknown permission from android reference", "description": "Unknown permission from android reference"}}, "certificate_analysis": {"certificate_info": "APK is signed\nv1 signature: True\nv2 signature: True\nv3 signature: False\nFound 1 unique certificates\nSubject: C=US, ST=CA, L=Palo Alto, O=imo.im\nSignature Algorithm: rsassa_pkcs1v15\nValid From: 2010-07-28 01:07:55+00:00\nValid To: 2050-07-18 01:07:55+00:00\nIssuer: C=US, ST=CA, L=Palo Alto, O=imo.im\nSerial Number: 0x4c4f82eb\nHash Algorithm: sha1\nmd5: 866b4199f7db774e43068f64c0fc3789\nsha1: 8f9708e52eae3881f5e4b9469eb5413b784fdcf3\nsha256: 44483f98c17bf49fbde08d3376af09c6fc1f9370c7a046c35a3dca45f5785150\nsha512: 64a5d1af3b2b05a51deeb20a4de7dfdd3c8bc373957f5a18884176a04534b282e6aae59446284182c9652a4ce9ea1f3dcc308e8495b34b5c209a101fa50b1730\nPublicKey Algorithm: rsa\nBit Size: 1024\nFingerprint: 606afd643ce646acb267d206a81e4cb87c3f830936a46216422e96b600bff9b1", "certificate_status": "bad", "description": "The app is signed with SHA1withRSA. SHA1 hash algorithm is known to have collision issues."}, "manifest_analysis": [{"title": "Launch Mode of Activity (com.imo.android.imoim.activities.PhoneActivationActivity) is not standard.", "stat": "high", "desc": "An Activity should not be having the launch mode attribute set to \"singleTask/singleInstance\" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the \"standard\" launch mode attribute when sensitive information is included in an Intent.", "name": "Launch Mode of Activity is not standard.", "component": ["com.imo.android.imoim.activities.PhoneActivationActivity"]}, {"title": "Launch Mode of Activity (com.imo.android.imoim.activities.NameAgeActivity) is not standard.", "stat": "high", "desc": "An Activity should not be having the launch mode attribute set to \"singleTask/singleInstance\" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the \"standard\" launch mode attribute when sensitive information is included in an Intent.", "name": "Launch Mode of Activity is not standard.", "component": ["com.imo.android.imoim.activities.NameAgeActivity"]}, {"title": "Launch Mode of Activity (com.imo.android.imoim.activities.ProfileActivity) is not standard.", "stat": "high", "desc": "An Activity should not be having the launch mode attribute set to \"singleTask/singleInstance\" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the \"standard\" launch mode attribute when sensitive information is included in an Intent.", "name": "Launch Mode of Activity is not standard.", "component": ["com.imo.android.imoim.activities.ProfileActivity"]}, {"title": "<strong>Activity</strong> (com.imo.android.imoim.activities.OwnProfileActivity) is not Protected.<br>An intent-filter exists.", "stat": "high", "desc": "An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.", "name": "is not Protected.An intent-filter exists.", "component": ["Activity", "com.imo.android.imoim.activities.OwnProfileActivity"]}, {"title": "<strong>Activity</strong> (com.imo.android.imoim.activities.Searchable) is not Protected.<br>An intent-filter exists.", "stat": "high", "desc": "An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.", "name": "is not Protected.An intent-filter exists.", "component": ["Activity", "com.imo.android.imoim.activities.Searchable"]}, {"title": "Launch Mode of Activity (com.imo.android.imoim.av.ui.AVActivity) is not standard.", "stat": "high", "desc": "An Activity should not be having the launch mode attribute set to \"singleTask/singleInstance\" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the \"standard\" launch mode attribute when sensitive information is included in an Intent.", "name": "Launch Mode of Activity is not standard.", "component": ["com.imo.android.imoim.av.ui.AVActivity"]}, {"title": "<strong>Activity</strong> (com.imo.android.imoim.av.ui.AVActivity) is not Protected.<br>An intent-filter exists.", "stat": "high", "desc": "An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.", "name": "is not Protected.An intent-filter exists.", "component": ["Activity", "com.imo.android.imoim.av.ui.AVActivity"]}, {"title": "<strong>Activity</strong> (com.imo.android.imoim.av.ui.AudioActivity) is not Protected.<br>An intent-filter exists.", "stat": "high", "desc": "An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.", "name": "is not Protected.An intent-filter exists.", "component": ["Activity", "com.imo.android.imoim.av.ui.AudioActivity"]}, {"title": "Launch Mode of Activity (com.imo.android.imoim.av.ui.GroupAVActivity) is not standard.", "stat": "high", "desc": "An Activity should not be having the launch mode attribute set to \"singleTask/singleInstance\" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the \"standard\" launch mode attribute when sensitive information is included in an Intent.", "name": "Launch Mode of Activity is not standard.", "component": ["com.imo.android.imoim.av.ui.GroupAVActivity"]}, {"title": "Launch Mode of Activity (com.imo.android.imoim.av.ui.LiveStreamActivity) is not standard.", "stat": "high", "desc": "An Activity should not be having the launch mode attribute set to \"singleTask/singleInstance\" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the \"standard\" launch mode attribute when sensitive information is included in an Intent.", "name": "Launch Mode of Activity is not standard.", "component": ["com.imo.android.imoim.av.ui.LiveStreamActivity"]}, {"title": "<strong>Activity</strong> (com.imo.android.imoim.activities.SharingActivity) is not Protected.<br>An intent-filter exists.", "stat": "high", "desc": "An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.", "name": "is not Protected.An intent-filter exists.", "component": ["Activity", "com.imo.android.imoim.activities.SharingActivity"]}, {"title": "Launch Mode of Activity (com.imo.android.imoim.activities.PopupScreen) is not standard.", "stat": "high", "desc": "An Activity should not be having the launch mode attribute set to \"singleTask/singleInstance\" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the \"standard\" launch mode attribute when sensitive information is included in an Intent.", "name": "Launch Mode of Activity is not standard.", "component": ["com.imo.android.imoim.activities.PopupScreen"]}, {"title": "<strong>Activity</strong> (com.imo.android.imoim.activities.ShortcutCreator) is not Protected.<br>An intent-filter exists.", "stat": "high", "desc": "An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.", "name": "is not Protected.An intent-filter exists.", "component": ["Activity", "com.imo.android.imoim.activities.ShortcutCreator"]}, {"title": "<strong>Activity</strong> (com.imo.android.imoim.activities.WebViewActivity) is not Protected.<br>An intent-filter exists.", "stat": "high", "desc": "An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.", "name": "is not Protected.An intent-filter exists.", "component": ["Activity", "com.imo.android.imoim.activities.WebViewActivity"]}, {"title": "<strong>Service</strong> (com.imo.android.imoim.network.MyJobService) is Protected by a permission, but the protection level of the permission should be checked.</br><strong>Permission: </strong>android.permission.BIND_JOB_SERVICE <br>[android:exported=true]", "stat": "high", "desc": "A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.", "name": "is Protected by a permission, but the protection level of the permission should be checked.[android:exported=true]", "component": ["Service", "com.imo.android.imoim.network.MyJobService", "<strong>Permission: </strong>android.permission.BIND_JOB_SERVICE"]}, {"title": "<strong>Service</strong> (com.imo.android.imoim.syncadapter.AuthenticatorService) is not Protected. <br>[android:exported=true]", "stat": "high", "desc": "A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.", "name": "is not Protected. [android:exported=true]", "component": ["Service", "com.imo.android.imoim.syncadapter.AuthenticatorService"]}, {"title": "<strong>Service</strong> (com.imo.android.imoim.syncadapter.SyncService) is not Protected. <br>[android:exported=true]", "stat": "high", "desc": "A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.", "name": "is not Protected. [android:exported=true]", "component": ["Service", "com.imo.android.imoim.syncadapter.SyncService"]}, {"title": "<strong>Service</strong> (com.imo.android.imoim.syncadapter.SyncContactService) is not Protected. <br>[android:exported=true]", "stat": "high", "desc": "A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.", "name": "is not Protected. [android:exported=true]", "component": ["Service", "com.imo.android.imoim.syncadapter.SyncContactService"]}, {"title": "<strong>Broadcast Receiver</strong> (com.google.android.gms.gcm.GcmReceiver) is Protected by a permission, but the protection level of the permission should be checked.</br><strong>Permission: </strong>com.google.android.c2dm.permission.SEND <br>[android:exported=true]", "stat": "high", "desc": "A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.", "name": "is Protected by a permission, but the protection level of the permission should be checked.[android:exported=true]", "component": ["Broadcast Receiver", "com.google.android.gms.gcm.GcmReceiver", "<strong>Permission: </strong>com.google.android.c2dm.permission.SEND"]}, {"title": "<strong>Broadcast Receiver</strong> (com.imo.android.imoim.util.IMOBattery) is not Protected. <br>[android:exported=true]", "stat": "high", "desc": "A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.", "name": "is not Protected. [android:exported=true]", "component": ["Broadcast Receiver", "com.imo.android.imoim.util.IMOBattery"]}, {"title": "<strong>Broadcast Receiver</strong> (com.imo.android.imoim.ReferReceiver) is not Protected.<br>An intent-filter exists.", "stat": "high", "desc": "A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.", "name": "is not Protected.An intent-filter exists.", "component": ["Broadcast Receiver", "com.imo.android.imoim.ReferReceiver"]}, {"title": "<strong>Broadcast Receiver</strong> (com.imo.android.imoim.AppUpdateReceiver) is not Protected.<br>An intent-filter exists.", "stat": "high", "desc": "A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.", "name": "is not Protected.An intent-filter exists.", "component": ["Broadcast Receiver", "com.imo.android.imoim.AppUpdateReceiver"]}, {"title": "<strong>Broadcast Receiver</strong> (com.imo.android.imoim.receivers.MyPackageReplaced) is not Protected.<br>An intent-filter exists.", "stat": "high", "desc": "A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.", "name": "is not Protected.An intent-filter exists.", "component": ["Broadcast Receiver", "com.imo.android.imoim.receivers.MyPackageReplaced"]}, {"title": "<strong>Broadcast Receiver</strong> (com.imo.android.imoim.av.HeadsetReceiver) is not Protected.<br>An intent-filter exists.", "stat": "high", "desc": "A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.", "name": "is not Protected.An intent-filter exists.", "component": ["Broadcast Receiver", "com.imo.android.imoim.av.HeadsetReceiver"]}, {"title": "<strong>Broadcast Receiver</strong> (com.imo.android.imoim.av.GroupHeadsetReceiver) is not Protected.<br>An intent-filter exists.", "stat": "high", "desc": "A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.", "name": "is not Protected.An intent-filter exists.", "component": ["Broadcast Receiver", "com.imo.android.imoim.av.GroupHeadsetReceiver"]}, {"title": "<strong>Broadcast Receiver</strong> (com.imo.android.imoim.AutoStarter) is not Protected.<br>An intent-filter exists.", "stat": "high", "desc": "A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.", "name": "is not Protected.An intent-filter exists.", "component": ["Broadcast Receiver", "com.imo.android.imoim.AutoStarter"]}, {"title": "<strong>Broadcast Receiver</strong> (com.imo.android.imoim.Alarms) is not Protected. <br>[android:exported=true]", "stat": "high", "desc": "A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.", "name": "is not Protected. [android:exported=true]", "component": ["Broadcast Receiver", "com.imo.android.imoim.Alarms"]}, {"title": "<strong>Broadcast Receiver</strong> (com.imo.android.imoim.receivers.ConnReceiver) is not Protected.<br>An intent-filter exists.", "stat": "high", "desc": "A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.", "name": "is not Protected.An intent-filter exists.", "component": ["Broadcast Receiver", "com.imo.android.imoim.receivers.ConnReceiver"]}, {"title": "<strong>Service</strong> (com.google.android.gms.auth.api.signin.RevocationBoundService) is Protected by a permission, but the protection level of the permission should be checked.</br><strong>Permission: </strong>com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION <br>[android:exported=true]", "stat": "high", "desc": "A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.", "name": "is Protected by a permission, but the protection level of the permission should be checked.[android:exported=true]", "component": ["Service", "com.google.android.gms.auth.api.signin.RevocationBoundService", "<strong>Permission: </strong>com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION"]}, {"title": "High Intent Priority (2000000000)<br>[android:priority]", "stat": "medium", "desc": "By setting an intent priority higher than another intent, the app effectively overrides other requests.", "name": "High Intent Priority [android:priority]", "component": ["2000000000"]}, {"title": "High Intent Priority (2000000000)<br>[android:priority]", "stat": "medium", "desc": "By setting an intent priority higher than another intent, the app effectively overrides other requests.", "name": "High Intent Priority [android:priority]", "component": ["2000000000"]}], "binary_analysis": [], "file_analysis": [], "code_analysis": {"The App logs information. Sensitive information should never be logged.": {"path": ["me/leolin/shortcutbadger/c.java", "com/bumptech/glide/GeneratedAppGlideModuleImpl.java", "com/bumptech/glide/d.java", "com/bumptech/glide/e/e.java", "com/bumptech/glide/a/a.java", "com/bumptech/glide/i/a/a.java", "com/bumptech/glide/h/a.java", "com/bumptech/glide/d/f.java", "com/bumptech/glide/d/l.java", "com/bumptech/glide/d/k.java", "com/bumptech/glide/d/o.java", "com/bumptech/glide/d/e.java", "com/bumptech/glide/b/d.java", "com/bumptech/glide/b/e.java", "com/bumptech/glide/g/i.java", "com/bumptech/glide/g/a/j.java", "com/bumptech/glide/c/a/b.java", "com/bumptech/glide/c/a/l.java", "com/bumptech/glide/c/a/j.java", "com/bumptech/glide/c/a/a/c.java", "com/bumptech/glide/c/a/a/e.java", "com/bumptech/glide/c/d/e/d.java", "com/bumptech/glide/c/d/e/a.java", "com/bumptech/glide/c/d/e/j.java", "com/bumptech/glide/c/d/a/c.java", "com/bumptech/glide/c/d/a/l.java", "com/bumptech/glide/c/d/a/k.java", "com/bumptech/glide/c/d/a/t.java", "com/bumptech/glide/c/d/a/i.java", "com/bumptech/glide/c/d/a/o.java", "com/bumptech/glide/c/b/y.java", "com/bumptech/glide/c/b/p.java", "com/bumptech/glide/c/b/h.java", "com/bumptech/glide/c/b/g.java", "com/bumptech/glide/c/b/j.java", "com/bumptech/glide/c/b/a/k.java", "com/bumptech/glide/c/b/a/j.java", "com/bumptech/glide/c/b/b/i.java", "com/bumptech/glide/c/b/b/e.java", "com/bumptech/glide/c/b/c/a.java", "com/bumptech/glide/c/c/f.java", "com/bumptech/glide/c/c/s.java", "com/bumptech/glide/c/c/c.java", "com/bumptech/glide/c/c/d.java", "com/bumptech/glide/c/c/t.java", "com/imo/android/imoim/camera/CameraActivity2.java", "com/imo/android/imoim/n/a.java", "com/imo/android/imoim/views/PullToRefreshListView.java", "com/imo/android/imoim/mic/a.java", "com/imo/android/imoim/activities/Live.java", "com/imo/android/imoim/util/ag.java", "com/imo/android/imoim/util/l.java", "com/imo/android/imoim/util/JniBitmapHolder.java", "com/imo/android/imoim/util/a/f.java", "com/imo/android/imoim/util/a/b.java", "com/imo/android/imoim/util/a/c.java", "com/imo/android/imoim/util/a/a.java", "com/imo/android/imoim/util/a/h.java", "com/imo/android/imoim/util/a/i.java", "com/imo/android/imoim/util/a/e.java", "com/imo/android/imoim/u/a.java", "com/devbrackets/android/exomedia/core/video/ResizingTextureView.java", "com/devbrackets/android/exomedia/core/video/ResizingSurfaceView.java", "com/devbrackets/android/exomedia/core/video/a/a.java", "com/devbrackets/android/exomedia/core/video/mp/a.java", "com/devbrackets/android/exomedia/core/c/a.java", "com/hannesdorfmann/swipeback/SwipeBack.java", "com/amazon/device/ads/v.java", "android/a/b/c.java", "se/emilsjolander/stickylistheaders/StickyListHeadersListView.java"], "level": "info", "cvss": 7.5, "cwe": "CWE-532", "owasp": ""}, "This App uses Java Hash Code. It's a weak hash function and should never be used in Secure Crypto Implementation.": {"path": ["com/bumptech/glide/i/i.java", "com/bumptech/glide/i/g.java", "com/bumptech/glide/h/c.java", "com/bumptech/glide/g/i.java", "com/bumptech/glide/c/i.java", "com/bumptech/glide/c/j.java", "com/bumptech/glide/c/d/e/f.java", "com/bumptech/glide/c/d/a/n.java", "com/bumptech/glide/c/d/a/m.java", "com/bumptech/glide/c/d/a/h.java", "com/bumptech/glide/c/d/a/g.java", "com/bumptech/glide/c/b/w.java", "com/bumptech/glide/c/b/c.java", "com/bumptech/glide/c/b/m.java", "com/bumptech/glide/c/b/a/n.java", "com/bumptech/glide/c/b/a/c.java", "com/bumptech/glide/c/b/a/j.java", "com/bumptech/glide/c/c/m.java", "com/bumptech/glide/c/c/g.java", "com/bumptech/glide/c/c/j.java", "com/imo/android/imoim/IMO.java", "com/imo/android/imoim/a/bx.java", "com/imo/android/imoim/a/cl.java", "com/imo/android/imoim/a/w.java", "com/imo/android/imoim/a/u.java", "com/imo/android/imoim/a/ak.java", "com/imo/android/imoim/a/bn.java", "com/imo/android/imoim/a/az.java", "com/imo/android/imoim/a/bf.java", "com/imo/android/imoim/a/bq.java", "com/imo/android/imoim/a/af.java", "com/imo/android/imoim/a/ac.java", "com/imo/android/imoim/a/aa.java", "com/imo/android/imoim/o/aa.java", "com/imo/android/imoim/o/j.java", "com/imo/android/imoim/activities/Sender.java", "com/imo/android/imoim/activities/StreamBroadCastActivity.java", "com/imo/android/imoim/util/bp.java", "com/imo/android/imoim/data/c.java", "com/imo/android/imoim/data/k.java", "com/imo/android/imoim/data/z.java", "com/imo/android/imoim/data/ab.java", "com/imo/android/imoim/glide/f.java", "com/b/a/a/e.java", "com/b/a/a/b/g.java", "org/a/d/h.java", "org/a/c/a.java", "se/emilsjolander/stickylistheaders/a.java"], "level": "warning", "cvss": 2.3, "cwe": "CWE-327", "owasp": ""}, "Files may contain hardcoded sensitive informations like usernames, passwords, keys etc.": {"path": ["com/bumptech/glide/c/i.java", "com/bumptech/glide/c/b/w.java", "com/bumptech/glide/c/b/c.java", "com/bumptech/glide/c/b/o.java"], "level": "high", "cvss": 7.4, "cwe": "CWE-312", "owasp": "M9: Reverse Engineering"}, "The App uses an insecure Random Number Generator.": {"path": ["com/imo/android/imoim/b.java", "com/imo/android/imoim/camera/b.java", "com/imo/android/imoim/activities/SignupActivity2.java", "com/imo/android/imoim/util/ag.java", "com/imo/android/imoim/util/ai.java", "com/imo/android/imoim/util/bs.java", "com/imo/android/imoim/l/c.java", "com/imo/android/imoim/l/e.java", "com/imo/android/imoim/c/j.java", "org/a/a/b.java"], "level": "high", "cvss": 7.5, "cwe": "CWE-330", "owasp": "M5: Insufficient Cryptography"}, "App can read/write to External Storage. Any App can read data written to External Storage.": {"path": ["com/imo/android/imoim/o/ar.java", "com/imo/android/imoim/util/bp.java", "com/imo/android/imoim/util/a/a.java", "com/imo/android/imoim/data/f.java", "com/imo/android/imoim/truck/a.java"], "level": "high", "cvss": 5.5, "cwe": "CWE-276", "owasp": "M2: Insecure Data Storage"}, "App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.": {"path": ["com/imo/android/imoim/o/a.java", "com/imo/android/imoim/util/x.java", "com/imo/android/imoim/util/ab.java"], "level": "high", "cvss": 5.9, "cwe": "CWE-89", "owasp": "M7: Client Code Quality"}, "MD5 is a weak hash known to have hash collisions.": {"path": ["com/imo/android/imoim/o/h.java", "com/imo/android/imoim/util/bp.java"], "level": "high", "cvss": 7.4, "cwe": "CWE-327", "owasp": "M5: Insufficient Cryptography"}, "App creates temp file. Sensitive information should never be written into a temp file.": {"path": ["com/imo/android/imoim/mic/e.java", "com/imo/android/imoim/util/bp.java"], "level": "high", "cvss": 5.5, "cwe": "CWE-276", "owasp": "M2: Insecure Data Storage"}, "This App uses RSA Crypto without OAEP padding. The purpose of the padding scheme is to prevent a number of attacks on RSA that only work when the encryption is performed without padding.": {"path": ["com/imo/android/imoim/h/a.java"], "level": "high", "cvss": 5.9, "cwe": "CWE-780", "owasp": "M5: Insufficient Cryptography"}, "This App copies data to clipboard. Sensitive data should not be copied to clipboard as other applications can access it.": {"path": ["com/imo/android/imoim/activities/GroupLink.java", "com/imo/android/imoim/activities/IMActivity.java"], "level": "info", "cvss": 0, "cwe": "", "owasp": ""}, "SHA-1 is a weak hash known to have hash collisions.": {"path": ["com/amazon/device/ads/n.java"], "level": "high", "cvss": 5.9, "cwe": "CWE-327", "owasp": "M5: Insufficient Cryptography"}}, "exported_count": {"exported_activities": 7, "exported_services": 5, "exported_receivers": 10, "exported_providers": 0}, "trackers": {"detected_trackers": 4, "total_trackers": 285, "trackers": [{"Amazon Advertisement": "https://reports.exodus-privacy.eu.org/trackers/92"}, {"Facebook Ads": "https://reports.exodus-privacy.eu.org/trackers/65"}, {"Google Ads": "https://reports.exodus-privacy.eu.org/trackers/71"}, {"Google DoubleClick": "https://reports.exodus-privacy.eu.org/trackers/5"}]}, "playstore_details": {"title": "imo free HD video calls and chat", "appId": "com.imo.android.imous", "url": "https://play.google.com/store/apps/details?id=com.imo.android.imous&hl=en&gl=us", "description": "Message and video call your friends and family for free, no matter what device they are on!\r\n\r\n- High-quality video and voice calls on Android and iPhone\r\n- Free and unlimited messages and video and voice calls over 2G, 3G, 4G* or Wi-Fi\r\n- Group video calls with friends, family and others\r\n- Fast photo and video sharing\r\n- Hundreds of free stickers!\r\n- Avoid SMS and phone call charges\r\n\r\n*Data charges may apply", "summary": "Message and video call your family and friends for free in HD!", "summaryHTML": "Message and video call your family and friends for free in HD!", "installs": "5,000,000+", "minInstalls": 5000000, "score": 3.8459044, "ratings": 105475, "reviews": 29825, "histogram": [23917, 3540, 4224, 6990, 66803], "price": 0, "free": true, "currency": "USD", "offersIAP": true, "size": "Varies with device", "androidVersion": "4.0", "androidVersionText": "4.0 and up", "developer": "Baby Penguin", "developerId": "5440031783419136609", "developerEmail": "androidsupport@imoapp.com", "developerWebsite": "https://imoapp.com", "developerAddress": "555 Bryant St. #233 Palo Alto, CA 94301", "privacyPolicy": "https://imoapp.com/privacy", "developerInternalID": "5440031783419136609", "genre": "Communication", "genreId": "COMMUNICATION", "icon": "https://lh3.googleusercontent.com/uL2suDkNZWrUR-5n-laPW8KdjdWsJQEI5VKUU9a7GFeL3J_OBFFvEYGGCvpH247zhR0", "headerImage": "https://lh3.googleusercontent.com/_IH-D7fxqD4jyD6aLIN3QtEPw0OGNCnLLmgoVAkSRSIijrJ79K7A7smouV6CWtBZBps", "screenshots": ["https://lh3.googleusercontent.com/jIywrYbAlDNoa3QPVwlCvjyNZC3f3N5aGwZNgQL2nKRLv1jilAMbJBESmHPQE-P1Rg", "https://lh3.googleusercontent.com/v72P4FzRz2HxHhp3urfQnMtDOd0R5NgBNi4QLrzBJ8cHmB-0m4YvOzsG8T5Auz2vNgk"], "video": null, "videoImage": null, "contentRating": "Teen", "contentRatingDescription": null, "adSupported": true, "containsAds": true, "released": "Aug 27, 2018", "updated": 1583298898, "version": "9.8.000000010915", "recentChanges": "bug fixes and performance improvements", "recentChangesHTML": "bug fixes and performance improvements", "error": false}, "average_cvss": 6.1, "security_score": 10}