Dynamic Analysis

iOS Dynamic Analysis

Android Dynamic analysis is the testing and evaluation of an Android application by executing data in real-time. The objective is to find errors in the application while it is running, rather than by repeatedly examining the code offline.

Dynamic Analysis results are displayed in json objects with the following names:

  • kind“: Type of analysis test (static or dynamic)
  • key“: Contains the value of the static analysis test title used for testing purposes
  • title“: Title of the specific static analysis test
  • category“: Category of the specific static analysis test
  • summary“: Summary of the specific static analysis test
  • cvss“: Common Vulnerability Scoring System (CVSS) The universal, open and standardized method for rating IT vulnerabilities and determining the urgency of response
  • regulatory“: Security and compliance regulations

If a specific dynamic analysis test is found vulnerable, a json array with the following names under the regulatory category:

  • cwe“: The “CWE” or “Common Weakness Enumeration category is displayed in a json array with id and url of each specifc software weakness(es) found during static analysis.

  • owasp“: The “OWASP” or “Open Web Application Security Project” category is displayed in a json array with id and url of each specific mobile security risk(s) found during static analysis.

Example:

{
    "kind": "dynamic",
    "key": "ipa_sensitive_data_no_encryption",
    "title": "Sensitive Data in Transit (no Encryption)",
    "category": "network",
    "summary": "\n    Traffic is analyzed to determine if any sensitive data is transmitted insecurely over the network without encryption (i.e. HTTP).\n    Sensitive data that is searched currently includes Username, Password, GPS Coordinates,\n    Wifi Mac Address, IMEI, Device Serial Number, and Phone number.\n  ",
    "cvss": 8.2,
    "regulatory": {}

If an application was not found to be vulnerable or affected by this specific dynamic analysis test, the results will display in json objects with the following names and values:

  • affected“: Boolean value (true or false) that states whether the application is affected by the specific static analysis test
  • severity“: If the application is not vulnerable to a specific static analysis test, the severity value will display “pass”
  • description“: Description of the static analysis test result

Example:

"affected": false,
    "severity": "pass",
    "description": "\n    None of the sensitive values that were searched were recovered from unencrypted application traffic.\n  "
  }

If an application was found to be vulnerable and affected by this specific dynamic analysis test, the results will display in json objects with the following names and values:

  • affected“: Boolean value (true or false) that states whether the application is affected by the specific static analysis test
  • category“: Category of the specific static analysis test
  • severity“: If the application is vulnerable to a specific static analysis test, the severity values range from “high”, “medium”, and “low”
  • cvss“: Common Vulnerability Scoring System (CVSS) The universal, open and standardized method for rating IT vulnerabilities and determining the urgency of response
  • title“: Title of the specific static analysis test
  • cwe“: The “CWE” or “Common Weakness Enumeration category is displayed in a json array with id and url of each specifc software weakness(es) found during static analysis.
  • description“: Description of the static analysis test result
  • recommendation“: Recommendation on how to fix the issue or vulnerability

Example:

{
    "affected": true,
    "issue": {
      "category": "network",
      "severity": "high",
      "cvss": 8.2,
      "title": "Sensitive data intercepted in transit without encryption",
      "description": "\n    One or more sensitive values were intercepted in transit. This is a high risk vulnerability as it is possible for an attacker on the same network to easily retrieve this information.\n    It is encouraged to review the table below, which displays the type of data that was intercepted, whether it is sent in plain text or a special encoding, the actual value that was recovered, and the URL related to this violation.\n  ",
      "pass": "\n    None of the sensitive values that were searched were recovered from unencrypted application traffic.\n  ",
      "recommendation": "\n    Enforce the use of SSL/TLS for all transport channels in which sensitive information, session tokens, or other sensitive data is going to be communicated to a backend API or web service. \n    Properly validate the SSL/TLS certificate to ensure it is signed by a trusted certificate authority (CA) as well as contains the correct hostname.\n    An even more secure approach is to use Certificate Pinning to mitigate the possibility of SSL/TLS weaknesses. Certificate Pinning is making sure the client checks the server's certificate against a known copy of that certificate. Simply bundle your server's certificate inside your application, and make sure any SSL/TLS request first validates that the server's certificate exactly matches the bundle's certificate.\n    For some apps, Certificate Pinning may be impossible to do. If your app allows users to enter in their own domain names to connect to services, then you have no opportunity to embed that certificate. However, if your app is intended to connect to a known server, or set of servers, you have all the information you need to guarantee that client is indeed talking directly to the server and without a man in the middle eavesdropping.\n  "
    },
    "severity": "high",
    "description": "\n    One or more sensitive values were intercepted in transit. This is a high risk vulnerability as it is possible for an attacker on the same network to easily retrieve this information.\n    It is encouraged to review the table below, which displays the type of data that was intercepted, whether it is sent in plain text or a special encoding, the actual value that was recovered, and the URL related to this violation.\n  ",
    "recommendation": "\n    Enforce the use of SSL/TLS for all transport channels in which sensitive information, session tokens, or other sensitive data is going to be communicated to a backend API or web service. \n    Properly validate the SSL/TLS certificate to ensure it is signed by a trusted certificate authority (CA) as well as contains the correct hostname.\n    An even more secure approach is to use Certificate Pinning to mitigate the possibility of SSL/TLS weaknesses. Certificate Pinning is making sure the client checks the server's certificate against a known copy of that certificate. Simply bundle your server's certificate inside your application, and make sure any SSL/TLS request first validates that the server's certificate exactly matches the bundle's certificate.\n    For some apps, Certificate Pinning may be impossible to do. If your app allows users to enter in their own domain names to connect to services, then you have no opportunity to embed that certificate. However, if your app is intended to connect to a known server, or set of servers, you have all the information you need to guarantee that client is indeed talking directly to the server and without a man in the middle eavesdropping.\n  ",
    "context": {
      "rows": [
        {
          "issue": "sensitive_data_leak",
          "full_url": "http://ad.spcleaner.info/v3/config?pubid=514&android_id=47edfe1b30cd46d7&pkg_name=mobi.supo.cleaner&pkg_ver=28&sdk_version=2&first_time=1483454380&update_time=1483454380&new_user=1&lc=en_US&config=conf&func=import&bid=96",
          "searched_data": "/v3/config?pubid=514&android_id=47edfe1b30cd46d7&pkg_name=mobi.supo.cleaner&pkg_ver=28&sdk_version=2&first_time=1483454380&update_time=1483454380&new_user=1&lc=en_US&config=conf&func=import&bid=96",
          "encoded_format": "original",
          "data_value_type": "android_id",
          "additional_context": [
            "Contained in HTTP URL path"
          ],
          "sensitive_data_value": "47edfe1b30cd46d7"
        }

Sensitive Data in Transit (no encryption)

  • Traffic is analyzed to determine if any sensitive data is transmitted insecurely over the network without encryption (i.e. HTTP). Sensitive data that is searched currently includes Username, Password, GPS Coordinates, Wifi Mac Address, IMEI, Device Serial Number, and Phone number.

Example:

{
    "kind": "dynamic",
    "key": "ipa_sensitive_data_no_encryption",
    "title": "Sensitive Data in Transit (no Encryption)",
    "category": "network",
    "summary": "\n    Traffic is analyzed to determine if any sensitive data is transmitted insecurely over the network without encryption (i.e. HTTP).\n    Sensitive data that is searched currently includes Username, Password, GPS Coordinates,\n    Wifi Mac Address, IMEI, Device Serial Number, and Phone number.\n  ",
    "cvss": 8.2,
    "regulatory": {},
    "affected": true,
    "issue": {
      "category": "network",
      "severity": "high",
      "cvss": 8.2,
      "title": "Sensitive data intercepted in transit without encryption",
      "description": "\n    One or more sensitive values were intercepted in transit. This is a high risk vulnerability as it is possible for an attacker on the same network to easily retrieve this information.\n    It is encouraged to review the table below, which displays the type of data that was intercepted, whether it is sent in plain text or a special encoding, the actual value that was recovered, and the URL related to this violation.\n  ",
      "pass": "\n    None of the sensitive values that were searched were recovered from unencrypted application traffic.\n  ",
      "recommendation": "\n    Enforce the use of SSL/TLS for all transport channels in which sensitive information, session tokens, or other sensitive data is going to be communicated to a backend API or web service. \n    Properly validate the SSL/TLS certificate to ensure it is signed by a trusted certificate authority (CA) as well as contains the correct hostname.\n    An even more secure approach is to use Certificate Pinning to mitigate the possibility of SSL/TLS weaknesses. Certificate Pinning is making sure the client checks the server's certificate against a known copy of that certificate. Simply bundle your server's certificate inside your application, and make sure any SSL/TLS request first validates that the server's certificate exactly matches the bundle's certificate.\n    For some apps, Certificate Pinning may be impossible to do. If your app allows users to enter in their own domain names to connect to services, then you have no opportunity to embed that certificate. However, if your app is intended to connect to a known server, or set of servers, you have all the information you need to guarantee that client is indeed talking directly to the server and without a man in the middle eavesdropping.\n  "
    },
    "severity": "high",
    "description": "\n    One or more sensitive values were intercepted in transit. This is a high risk vulnerability as it is possible for an attacker on the same network to easily retrieve this information.\n    It is encouraged to review the table below, which displays the type of data that was intercepted, whether it is sent in plain text or a special encoding, the actual value that was recovered, and the URL related to this violation.\n  ",
    "recommendation": "\n    Enforce the use of SSL/TLS for all transport channels in which sensitive information, session tokens, or other sensitive data is going to be communicated to a backend API or web service. \n    Properly validate the SSL/TLS certificate to ensure it is signed by a trusted certificate authority (CA) as well as contains the correct hostname.\n    An even more secure approach is to use Certificate Pinning to mitigate the possibility of SSL/TLS weaknesses. Certificate Pinning is making sure the client checks the server's certificate against a known copy of that certificate. Simply bundle your server's certificate inside your application, and make sure any SSL/TLS request first validates that the server's certificate exactly matches the bundle's certificate.\n    For some apps, Certificate Pinning may be impossible to do. If your app allows users to enter in their own domain names to connect to services, then you have no opportunity to embed that certificate. However, if your app is intended to connect to a known server, or set of servers, you have all the information you need to guarantee that client is indeed talking directly to the server and without a man in the middle eavesdropping.\n  ",
    "context": {
      "rows": [
        {
          "issue": "sensitive_data_leak",
          "full_url": "http://ad.spcleaner.info/v3/config?pubid=514&android_id=47edfe1b30cd46d7&pkg_name=mobi.supo.cleaner&pkg_ver=28&sdk_version=2&first_time=1483454380&update_time=1483454380&new_user=1&lc=en_US&config=conf&func=import&bid=96",
          "searched_data": "/v3/config?pubid=514&android_id=47edfe1b30cd46d7&pkg_name=mobi.supo.cleaner&pkg_ver=28&sdk_version=2&first_time=1483454380&update_time=1483454380&new_user=1&lc=en_US&config=conf&func=import&bid=96",
          "encoded_format": "original",
          "data_value_type": "android_id",
          "additional_context": [
            "Contained in HTTP URL path"
          ],
          "sensitive_data_value": "47edfe1b30cd46d7"
        }

Sensitive Data in Transit (with encryption)

  • Searches for sensitive data that can be intercepted over the network due to improper certificate validation. Sensitive data currently includes Username, Password, GPS Coordinates, Wifi Mac Address, IMEI, Device Serial Number, and Phone number. This is related to the Broken SSL issue.
{
    "kind": "dynamic",
    "key": "sensitive_data_cert_validation",
    "title": "Sensitive Data in Transit (with encryption)",
    "category": "network",
    "summary": "\n    This test determines whether the application is performing proper \n    certificate validation or hostname verification. Lack of proper cert \n    validation could result in sensitive data being intercepted by a \n    man-in-the-middle attack. If we are able to decrypt the application's \n    traffic, it is searched for sensitive values, including Username, \n    Password, GPS Coordinates, Wifi Mac Address, IMEI, Device Serial Number, \n    and Phone number.\n  ",
    "cvss": 7.4,
    "regulatory": {},
    "affected": false,
    "severity": "pass",
    "description": "\n    None of the sensitive values that were searched were recovered from the decrypted applications traffic, and therefore your application is not vulnerable to this particular man-in-the-middle attack.\n  "
  }

TLS Traffic With Sensitive Data

  • This test utilizes methods to proxy all TLS/SSL communications sent by the application. During this process, we search the traffic for sensitive search values, including Username, Password, GPS coordinates, WiFi Mac Address, IMEI, Serial Number, and Phone Number.
{
    "kind": "dynamic",
    "key": "ipa_sensitive_data_cert_validation",
    "title": "TLS Traffic with sensitive data",
    "category": "network",
    "summary": "\n      This test utilizes methods to proxy all TLS/SSL communications sent by the application. During this process, we search\n      the traffic for sensitive search values, including Username, Password, GPS coordinates, WiFi Mac Address, IMEI, Serial\n      Number, and Phone Number.\n      \n      **Note:  During this test, we are not checking for certificate validation or pinning. We are bypassing any validation or\n      pinning techniques in order to successfully proxy app communications. Checks for certificate validation are in development\n      and will be included in a future release.**\n    ",
    "cvss": 1.6,
    "regulatory": {},
    "affected": false,
    "severity": "pass",
    "description": "\n    None of the sensitive values that were searched were recovered from the proxied SSL/TLS app communications.\n  "
  }

Example:

{
    "kind": "dynamic",
    "key": "ipa_sensitive_data_cert_validation",
    "title": "TLS Traffic with sensitive data",
    "category": "network",
    "summary": "\n      This test utilizes methods to proxy all TLS/SSL communications sent by the application. During this process, we search\n      the traffic for sensitive search values, including Username, Password, GPS coordinates, WiFi Mac Address, IMEI, Serial\n      Number, and Phone Number.\n      \n      **Note:  During this test, we are not checking for certificate validation or pinning. We are bypassing any validation or\n      pinning techniques in order to successfully proxy app communications. Checks for certificate validation are in development\n      and will be included in a future release.**\n    ",
    "cvss": 1.6,
    "regulatory": {},
    "affected": true,
    "issue": {
      "category": "network",
      "severity": "low",
      "cvss": 1.6,
      "title": "Sensitive Values Retrieved from Encrypted HTTPS Traffic",
      "description": "\n    One or more sensitive values were intercepted while proxying SSL/TLS app communications. If certificate validation or\n    pinning has been properly implemented, this item is informational. If the application is not doing any type of \n    certificate validation, the risk is much higher, as it would be possible for an attacker on the same network to intercept\n    this data.\n  ",
      "pass": "\n    None of the sensitive values that were searched were recovered from the proxied SSL/TLS app communications.\n  ",
      "recommendation": "\n    If the application is already doing certificate validation/pinning, no recommendation is required. Otherwise, it is recommended to properly validate the SSL/TLS certificate to ensure it is signed by a trusted certificate authority (CA) as well as contains the correct hostname.\n    An even more secure approach is to use Certificate Pinning to mitigate the possibility of SSL/TLS weaknesses. Certificate Pinning is making sure the client checks the server's certificate against a known copy of that certificate. Simply bundle your server's certificate inside your application, and make sure any SSL/TLS request first validates that the server's certificate exactly matches the bundle's certificate.\n    For some apps, Certificate Pinning may be impossible to do. If your app allows users to enter in their own domain names to connect to services, then you have no opportunity to embed that certificate. However, if your app is intended to connect to a known server, or set of servers, you have all the information you need to guarantee that client is indeed talking directly to the server and without a man in the middle eavesdropping.\n  "
    },
    "severity": "low",
    "description": "\n    One or more sensitive values were intercepted while proxying SSL/TLS app communications. If certificate validation or\n    pinning has been properly implemented, this item is informational. If the application is not doing any type of \n    certificate validation, the risk is much higher, as it would be possible for an attacker on the same network to intercept\n    this data.\n  ",
    "recommendation": "\n    If the application is already doing certificate validation/pinning, no recommendation is required. Otherwise, it is recommended to properly validate the SSL/TLS certificate to ensure it is signed by a trusted certificate authority (CA) as well as contains the correct hostname.\n    An even more secure approach is to use Certificate Pinning to mitigate the possibility of SSL/TLS weaknesses. Certificate Pinning is making sure the client checks the server's certificate against a known copy of that certificate. Simply bundle your server's certificate inside your application, and make sure any SSL/TLS request first validates that the server's certificate exactly matches the bundle's certificate.\n    For some apps, Certificate Pinning may be impossible to do. If your app allows users to enter in their own domain names to connect to services, then you have no opportunity to embed that certificate. However, if your app is intended to connect to a known server, or set of servers, you have all the information you need to guarantee that client is indeed talking directly to the server and without a man in the middle eavesdropping.\n  ",
    "context": {
      "rows": [
        {
          "src": {
            "ip": "172.17.0.1",
            "port": 48041
          },
          "date": "2017-02-15T15:44:55.458515",
          "dest": {
            "name": "graph.facebook.com",
            "port": 443
          },
          "issue": "sensitive_data_flow",
          "base64": true,
          "content": "SURGQV9GTEFHPTEmTkVUV09SS19UWVBFPTEmT1NWRVJTPTguNCZJREZBPURFQURCRUVGLTEyMzQtMTIzNC0xMjM0LTEyMzQ1Njc4OUFCQyZTRUNVUklUWV9ESVNBQkxFRD0xJlNES19DQVBBQklMSVRZPSU1QjMlMkM0JTJDNSUyQzclMkM5JTJDMTAlMkMxMiU1RCZIRUlHSFQ9LTEmU0NSRUVOX0hFSUdIVD01NjgmQlVORExFPWNvbS5pamluc2hhbi5iZWlqaW5nLmtiYXR0ZXJ5ZG9jdG9yJkFQUEJVSUxEPTcuNC44LjMmbG9jYWxlPWVuJlNDUkVFTl9XSURUSD0zMjAmT1M9aU9TJkFQUFZFUlM9Ny40LjgmTUFLRT1BcHBsZSZBREFQVEVSUz1BTiZERU5TSVRZPTIuMDAwMDAwJlNESz1pb3MmUExBQ0VNRU5UX0lEPTMzNjkmTlVNX0FEU19SRVFVRVNURUQ9MyZURU1QTEFURV9JRD0yMDAmQ09QUEE9MCZTREtfVkVSU0lPTj00LjE0LjAmV0lEVEg9LTEmTU9ERUw9aVBob25lNiUyQzEmVk9MVU1FPTAuNSZDTElFTlRfRVZFTlRTPQ==",
          "headers": {
            "host": "graph.facebook.com",
            "Accept": "*/*",
            "Connection": "keep-alive",
            "User-Agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12H143 [FBAN/AudienceNetworkForiOS;FBDV/iPhone6,1;FBMD/N51AP;FBSN/iPhone OS;FBSV/8.4;FBLC/en;FBAB/com.ijinshan.beijing.kbatterydoctor;FBAV/7.4.8;FBBV/7.4.8.3]",
            "Content-Type": "application/x-www-form-urlencoded",
            "Content-Length": "466",
            "Accept-Encoding": "gzip, deflate",
            "Accept-Language": "en-us",
            "Proxy-Connection": "keep-alive"
          },
          "full_url": "https://graph.facebook.com/network_ads_common/",
          "protocol": "http",
          "searched_data": "IDFA_FLAG=1&NETWORK_TYPE=1&OSVERS=8.4&IDFA=DEADBEEF-1234-1234-1234-123456789ABC&SECURITY_DISABLED=1&SDK_CAPABILITY=%5B3%2C4%2C5%2C7%2C9%2C10%2C12%5D&HEIGHT=-1&SCREEN_HEIGHT=568&BUNDLE=com.ijinshan.beijing.kbatterydoctor&APPBUILD=7.4.8.3&locale=en&SCREEN_WIDTH=320&OS=iOS&APPVERS=7.4.8&MAKE=Apple&ADAPTERS=AN&DENSITY=2.000000&SDK=ios&PLACEMENT_ID=3369&NUM_ADS_REQUESTED=3&TEMPLATE_ID=200&COPPA=0&SDK_VERSION=4.14.0&WIDTH=-1&MODEL=iPhone6%2C1&VOLUME=0.5&CLIENT_EVENTS=",
          "encoded_format": "original",
          "data_value_type": "devinfo:iosVersion",
          "additional_context": [
            "Found in HTTPS traffic",
            "Contained in HTTP Content body"
          ],
          "sensitive_data_value": "8.4"
        }

Arbitrary Code Execution

  • Checks for arbitrary code execution. When executable code is world writable, another app could swap the file and gain code execution in the context of another app.
{
    "kind": "dynamic",
    "key": "arbitrary_code_execution_check",
    "title": "Arbitrary Code Execution Check",
    "category": "permissions",
    "summary": "\n    Checks for arbitrary code execution. When executable code is world writable, another app could swap the file and gain code execution in the context of another app.\n  ",
    "cvss": 10,
    "regulatory": {},
    "affected": false,
    "severity": "pass",
    "description": "\n    No arbitrary code execution issues found.\n  "
  }

Runs Root Check

  • The application did not attempt to execute root commands by running “su”.
{
    "kind": "dynamic",
    "key": "runs_root_command_check",
    "title": "Runs Root Check",
    "category": "permissions",
    "summary": "\n    The application did not attempt to execute root commands by running \"su\".\n  ",
    "cvss": 10,
    "regulatory": {},
    "affected": false,
    "severity": "pass",
    "description": "\n    No root command issues found.\n  "
  }

Sensitive Data in Transit (no Encryption)

  • Traffic is analyzed to determine if any sensitive data is transmitted insecurely over the network without encryption (i.e. HTTP). Sensitive data that is searched currently includes Username, Password, GPS Coordinates, Wifi Mac Address, IMEI, Device Serial Number, and Phone number.
{
    "kind": "dynamic",
    "key": "ipa_sensitive_data_no_encryption",
    "title": "Sensitive Data in Transit (no Encryption)",
    "category": "network",
    "summary": "\n    Traffic is analyzed to determine if any sensitive data is transmitted insecurely over the network without encryption (i.e. HTTP).\n    Sensitive data that is searched currently includes Username, Password, GPS Coordinates,\n    Wifi Mac Address, IMEI, Device Serial Number, and Phone number.\n  ",
    "cvss": 8.2,
    "regulatory": {},
    "affected": true,
    "issue": {
      "category": "network",
      "severity": "high",
      "cvss": 8.2,
      "title": "Sensitive data intercepted in transit without encryption",
      "description": "\n    One or more sensitive values were intercepted in transit. This is a high risk vulnerability as it is possible for an attacker on the same network to easily retrieve this information.\n    It is encouraged to review the table below, which displays the type of data that was intercepted, whether it is sent in plain text or a special encoding, the actual value that was recovered, and the URL related to this violation.\n  ",
      "pass": "\n    None of the sensitive values that were searched were recovered from unencrypted application traffic.\n  ",
      "recommendation": "\n    Enforce the use of SSL/TLS for all transport channels in which sensitive information, session tokens, or other sensitive data is going to be communicated to a backend API or web service. \n    Properly validate the SSL/TLS certificate to ensure it is signed by a trusted certificate authority (CA) as well as contains the correct hostname.\n    An even more secure approach is to use Certificate Pinning to mitigate the possibility of SSL/TLS weaknesses. Certificate Pinning is making sure the client checks the server's certificate against a known copy of that certificate. Simply bundle your server's certificate inside your application, and make sure any SSL/TLS request first validates that the server's certificate exactly matches the bundle's certificate.\n    For some apps, Certificate Pinning may be impossible to do. If your app allows users to enter in their own domain names to connect to services, then you have no opportunity to embed that certificate. However, if your app is intended to connect to a known server, or set of servers, you have all the information you need to guarantee that client is indeed talking directly to the server and without a man in the middle eavesdropping.\n  "
    },
    "severity": "high",
    "description": "\n    One or more sensitive values were intercepted in transit. This is a high risk vulnerability as it is possible for an attacker on the same network to easily retrieve this information.\n    It is encouraged to review the table below, which displays the type of data that was intercepted, whether it is sent in plain text or a special encoding, the actual value that was recovered, and the URL related to this violation.\n  ",
    "recommendation": "\n    Enforce the use of SSL/TLS for all transport channels in which sensitive information, session tokens, or other sensitive data is going to be communicated to a backend API or web service. \n    Properly validate the SSL/TLS certificate to ensure it is signed by a trusted certificate authority (CA) as well as contains the correct hostname.\n    An even more secure approach is to use Certificate Pinning to mitigate the possibility of SSL/TLS weaknesses. Certificate Pinning is making sure the client checks the server's certificate against a known copy of that certificate. Simply bundle your server's certificate inside your application, and make sure any SSL/TLS request first validates that the server's certificate exactly matches the bundle's certificate.\n    For some apps, Certificate Pinning may be impossible to do. If your app allows users to enter in their own domain names to connect to services, then you have no opportunity to embed that certificate. However, if your app is intended to connect to a known server, or set of servers, you have all the information you need to guarantee that client is indeed talking directly to the server and without a man in the middle eavesdropping.\n  ",
    "context": {
      "rows": [
        {
          "issue": "sensitive_data_leak",
          "full_url": "http://ad.spcleaner.info/v3/config?pubid=514&android_id=47edfe1b30cd46d7&pkg_name=mobi.supo.cleaner&pkg_ver=28&sdk_version=2&first_time=1483454380&update_time=1483454380&new_user=1&lc=en_US&config=conf&func=import&bid=96",
          "searched_data": "/v3/config?pubid=514&android_id=47edfe1b30cd46d7&pkg_name=mobi.supo.cleaner&pkg_ver=28&sdk_version=2&first_time=1483454380&update_time=1483454380&new_user=1&lc=en_US&config=conf&func=import&bid=96",
          "encoded_format": "original",
          "data_value_type": "android_id",
          "additional_context": [
            "Contained in HTTP URL path"
          ],
          "sensitive_data_value": "47edfe1b30cd46d7"
        }

Writable Executable Check

  • Checks for writable executable file permissions. A writable executable file is not a vulnerability all by itself, but if the application has a writable_executable and another bug, such as a network zip download, then your app could be vulnerable to remote code execution.
{
    "kind": "dynamic",
    "key": "writable_executable_files_check",
    "title": "Writable Executable Check",
    "category": "permissions",
    "summary": "\n    Checks for writable executable file permissions. A writable executable file is not a vulnerability all by itself, but if the\n    application has a writable_executable and another bug, such as a network zip\n    download, then your app could be vulnerable to remote code execution.\n  ",
    "cvss": 7.7,
    "regulatory": {},
    "affected": true,
    "issue": {
      "category": "fs",
      "severity": "high",
      "cvss": 7.7,
      "title": "Writable Executable Files",
      "description": "\n    Writeable executable files were discovered in the application. \n  ",
      "recommendation": "\n    If possible, do not allow app to have write access to executable files. This type of issue in \n    combination with another (such as transmitting zip files over the network) could lead to remote code execution. \n    Many times apps actually need write permissions as they write the file. As soon as the file is written,\n    permissions should be changed to read-only for scripted or interpreted code like Dex files or .jar; and \n    change to read and execute permissions for native binaries.\n  ",
      "pass": "\n    No world-executable files were found.\n  "
    },
    "severity": "high",
    "description": "\n    Writeable executable files were discovered in the application. \n  ",
    "recommendation": "\n    If possible, do not allow app to have write access to executable files. This type of issue in \n    combination with another (such as transmitting zip files over the network) could lead to remote code execution. \n    Many times apps actually need write permissions as they write the file. As soon as the file is written,\n    permissions should be changed to read-only for scripted or interpreted code like Dex files or .jar; and \n    change to read and execute permissions for native binaries.\n  ",
    "context": {
      "title": "Violations",
      "fields": {
        "cmd": {
          "title": "Command"
        }
      },
      "rows": [
        {
          "mode": 384,
          "path": "/data/data/mobi.supo.cleaner/cache/1470286953684.jar",
          "fs_event": {
            "p": 3557,
            "ts": 1483454405138308,
            "pid": 3557,
            "ret": 85,
            "args": [
              "/data/data/mobi.supo.cleaner/cache/1470286953684.jar",
              194,
              384
            ],
            "call": "open",
            "timestamp": 1483454405138
          },
          "violation": "writable_executable"
        },
        {
          "mode": 384,
          "path": "/data/data/mobi.supo.cleaner/cache/1470286953684.jar",
          "fs_event": {
            "p": 3557,
            "ts": 1483454405139102,
            "pid": 3557,
            "ret": 85,
            "args": [
              "/data/data/mobi.supo.cleaner/cache/1470286953684.jar",
              577,
              384
            ],
            "call": "open",
            "timestamp": 1483454405140
          },
          "violation": "writable_executable"
        }
      ]
    }
  }

World Writable Files Check

  • Checks for files with world-writable permissions. Creating world-writable files is dangerous as it could allow other applications to have write access to that file.
{
    "kind": "dynamic",
    "key": "world_writable_files_check",
    "title": "World Writable Files Check",
    "category": "permissions",
    "summary": "\n    Checks for files with world-writable permissions. Creating world-writable files is dangerous as it could allow other applications\n    to have write access to that file. \n  ",
    "cvss": 7.7,
    "regulatory": {
      "cwe": [
        {
          "id": 264,
          "url": "https://cwe.mitre.org/data/definitions/264.html"
        },
        {
          "id": 250,
          "url": "https://cwe.mitre.org/data/definitions/250.html"
        }
      ],
      "niap": [
        {
          "id": "FMT_CFG_EXT.1.2",
          "url": "https://www.niap-ccevs.org/pp/pp_app_v1.1_table-reqs.htm#FMT_CFG_EXT.1.2"
        },
        {
          "id": "FPT_AEX_EXT.1.2",
          "url": "https://www.niap-ccevs.org/pp/pp_app_v1.1_table-reqs.htm#FPT_AEX_EXT.1.2"
        },
        {
          "id": "FPT_AEX_EXT.1.4",
          "url": "https://www.niap-ccevs.org/pp/pp_app_v1.1_table-reqs.htm#FPT_AEX_EXT.1.4"
        }
      ],
      "owasp": [
        {
          "id": "M2-Insecure Data Storage",
          "url": "https://www.owasp.org/index.php/Mobile_Top_10_2014-M2"
        }
      ]
    },
    "affected": true,
    "issue": {
      "category": "fs",
      "severity": "high",
      "cvss": 7.7,
      "cwe": [
        {
          "id": 264,
          "url": "https://cwe.mitre.org/data/definitions/264.html"
        },
        {
          "id": 250,
          "url": "https://cwe.mitre.org/data/definitions/250.html"
        }
      ],
      "owasp": [
        {
          "id": "M2-Insecure Data Storage",
          "url": "https://www.owasp.org/index.php/Mobile_Top_10_2014-M2"
        }
      ],
      "niap": [
        {
          "id": "FMT_CFG_EXT.1.2",
          "url": "https://www.niap-ccevs.org/pp/pp_app_v1.1_table-reqs.htm#FMT_CFG_EXT.1.2"
        },
        {
          "id": "FPT_AEX_EXT.1.2",
          "url": "https://www.niap-ccevs.org/pp/pp_app_v1.1_table-reqs.htm#FPT_AEX_EXT.1.2"
        },
        {
          "id": "FPT_AEX_EXT.1.4",
          "url": "https://www.niap-ccevs.org/pp/pp_app_v1.1_table-reqs.htm#FPT_AEX_EXT.1.4"
        }
      ],
      "title": "World Writable Files",
      "description": "\n    The application created or modified a file such that the file has\n    permissions that allow other apps to write to it. The content below\n    shows specifically where these violations occurred.\n  ",
      "recommendation": "\n    Creating world-writable files is very dangerous, likely to cause security holes in applications, and is strongly discouraged. Instead, applications should use more formal mechanism for interactions such as ContentProvider, BroadcastReceiver, and Service.\n    There are also no guarantees that this access mode will remain on a file, such as when it goes through a backup and restore, so code that relies on this can fail unexpectedly.\n   ",
      "pass": "\n    No world-writable files were found.\n  "
    },
    "severity": "high",
    "description": "\n    The application created or modified a file such that the file has\n    permissions that allow other apps to write to it. The content below\n    shows specifically where these violations occurred.\n  ",
    "recommendation": "\n    Creating world-writable files is very dangerous, likely to cause security holes in applications, and is strongly discouraged. Instead, applications should use more formal mechanism for interactions such as ContentProvider, BroadcastReceiver, and Service.\n    There are also no guarantees that this access mode will remain on a file, such as when it goes through a backup and restore, so code that relies on this can fail unexpectedly.\n   ",
    "context": {
      "title": "Violations",
      "fields": {
        "cmd": {
          "title": "Command"
        }
      },
      "rows": [
        {
          "mode": 384,
          "path": "/sdcard/Android/data/mobi.supo.cleaner/cache/.nomedia",
          "fs_event": {
            "p": 3020,
            "ts": 1483454384603366,
            "pid": 3020,
            "ret": 42,
            "args": [
              "/storage/emulated/0/Android/data/mobi.supo.cleaner/cache/.nomedia",
              194,
              384
            ],
            "call": "open",
            "timestamp": 1483454384603
          },
          "violation": "world_writable"
        },
        {
          "mode": 438,
          "path": "/data/data/mobi.supo.cleaner/cache/1470286953684.dex.flock",
          "fs_event": {
            "p": 3557,
            "ts": 1483454405150943,
            "pid": 3557,
            "ret": 85,
            "args": [
              "/data/data/mobi.supo.cleaner/cache/1470286953684.dex.flock",
              66,
              438
            ],
            "call": "open",
            "timestamp": 1483454405151
          },
          "violation": "world_writable"
        },
        {
          "mode": 384,
          "path": "/sdcard/swift.txt",
          "fs_event": {
            "p": 3557,
            "ts": 1483454407789462,
            "pid": 3557,
            "ret": 79,
            "args": [
              "/storage/emulated/0/swift.txt",
              194,
              384
            ],
            "call": "open",
            "timestamp": 1483454407789
          },
          "violation": "world_writable"
        },
        {
          "mode": 438,
          "path": "/data/data/mobi.supo.cleaner/files/tempDir/result.xml",
          "fs_event": {
            "p": 3557,
            "ts": 1483454408182589,
            "pid": 3557,
            "ret": 76,
            "args": [
              "/data/data/mobi.supo.cleaner/files/tempDir/result.xml",
              578,
              438
            ],
            "call": "open",
            "timestamp": 1483454408182
          },
          "violation": "world_writable"
        },
        {
          "mode": 384,
          "path": "/sdcard/Android/data/mobi.supo.cleaner/cache/602159882.tmp",
          "fs_event": {
            "p": 3557,
            "ts": 1483454411486697,
            "pid": 3557,
            "ret": 162,
            "args": [
              "/storage/emulated/0/Android/data/mobi.supo.cleaner/cache/602159882.tmp",
              577,
              384
            ],
            "call": "open",
            "timestamp": 1483454411486
          },
          "violation": "world_writable"
        },
        {
          "mode": 384,
          "path": "/sdcard/Android/data/mobi.supo.cleaner/cache/-1332272783.tmp",
          "fs_event": {
            "p": 3557,
            "ts": 1483454411546756,
            "pid": 3557,
            "ret": 166,
            "args": [
              "/storage/emulated/0/Android/data/mobi.supo.cleaner/cache/-1332272783.tmp",
              577,
              384
            ],
            "call": "open",
            "timestamp": 1483454411546
          },
          "violation": "world_writable"
        },
        {
          "mode": 384,
          "path": "/sdcard/Tencent/mta/.mid.txt",
          "fs_event": {
            "p": 3557,
            "ts": 1483454412149905,
            "pid": 3557,
            "ret": 70,
            "args": [
              "/storage/emulated/0/Tencent/mta/.mid.txt",
              577,
              384
            ],
            "call": "open",
            "timestamp": 1483454412149
          },
          "violation": "world_writable"
        },
        {
          "mode": 384,
          "path": "/sdcard/swift.txt",
          "fs_event": {
            "p": 3557,
            "ts": 1483454422052401,
            "pid": 3557,
            "ret": 159,
            "args": [
              "/storage/emulated/0/swift.txt",
              194,
              384
            ],
            "call": "open",
            "timestamp": 1483454422052
          },
          "violation": "world_writable"
        },
        {
          "mode": 384,
          "path": "/sdcard/swift.txt",
          "fs_event": {
            "p": 3557,
            "ts": 1483454422077945,
            "pid": 3557,
            "ret": 157,
            "args": [
              "/storage/emulated/0/swift.txt",
              194,
              384
            ],
            "call": "open",
            "timestamp": 1483454422078
          },
          "violation": "world_writable"
        },
        {
          "mode": 384,
          "path": "/sdcard/Android/data/mobi.supo.cleaner/cache/.nomedia",
          "fs_event": {
            "p": 6877,
            "ts": 1483454690801211,
            "pid": 6877,
            "ret": 43,
            "args": [
              "/storage/emulated/0/Android/data/mobi.supo.cleaner/cache/.nomedia",
              194,
              384
            ],
            "call": "open",
            "timestamp": 1483454690801
          },
          "violation": "world_writable"
        },
        {
          "mode": 384,
          "path": "/sdcard/Tencent/mta/.mid.txt",
          "fs_event": {
            "p": 6877,
            "ts": 1483454691011844,
            "pid": 6877,
            "ret": 45,
            "args": [
              "/storage/emulated/0/Tencent/mta/.mid.txt",
              577,
              384
            ],
            "call": "open",
            "timestamp": 1483454691011
          },
          "violation": "world_writable"
        },
        {
          "mode": 384,
          "path": "/sdcard/swift.txt",
          "fs_event": {
            "p": 6877,
            "ts": 1483454704058383,
            "pid": 6877,
            "ret": 83,
            "args": [
              "/storage/emulated/0/swift.txt",
              194,
              384
            ],
            "call": "open",
            "timestamp": 1483454704058
          },
          "violation": "world_writable"
        },
        {
          "mode": 438,
          "path": "/data/data/mobi.supo.cleaner/files/tempDir/result.xml",
          "fs_event": {
            "p": 6877,
            "ts": 1483454704448214,
            "pid": 6877,
            "ret": 56,
            "args": [
              "/data/data/mobi.supo.cleaner/files/tempDir/result.xml",
              578,
              438
            ],
            "call": "open",
            "timestamp": 1483454704448
          },
          "violation": "world_writable"
        },
        {
          "mode": 384,
          "path": "/sdcard/swift.txt",
          "fs_event": {
            "p": 9382,
            "ts": 1483454943327700,
            "pid": 9382,
            "ret": 29,
            "args": [
              "/storage/emulated/0/swift.txt",
              194,
              384
            ],
            "call": "open",
            "timestamp": 1483454943327
          },
          "violation": "world_writable"
        },
        {
          "mode": 438,
          "path": "/data/data/mobi.supo.cleaner/files/tempDir/result.xml",
          "fs_event": {
            "p": 9382,
            "ts": 1483454943628665,
            "pid": 9382,
            "ret": 50,
            "args": [
              "/data/data/mobi.supo.cleaner/files/tempDir/result.xml",
              578,
              438
            ],
            "call": "open",
            "timestamp": 1483454943628
          },
          "violation": "world_writable"
        },
        {
          "mode": 384,
          "path": "/sdcard/swift.txt",
          "fs_event": {
            "p": 9886,
            "ts": 1483454982627963,
            "pid": 9886,
            "ret": 47,
            "args": [
              "/storage/emulated/0/swift.txt",
              194,
              384
            ],
            "call": "open",
            "timestamp": 1483454982628
          },
          "violation": "world_writable"
        },
        {
          "mode": 438,
          "path": "/data/data/mobi.supo.cleaner/files/tempDir/result.xml",
          "fs_event": {
            "p": 9886,
            "ts": 1483454983106753,
            "pid": 9886,
            "ret": 58,
            "args": [
              "/data/data/mobi.supo.cleaner/files/tempDir/result.xml",
              578,
              438
            ],
            "call": "open",
            "timestamp": 1483454983106
          },
          "violation": "world_writable"
        }
      ]
    }
  }

Broken SSL Check

  • Determines whether the application is performing proper certificate validation and hostname verification. Lack of proper certificate validation could result in sensitive data being intercepted by a man-in-the-middle attack.

Example:

{
    "kind": "dynamic",
    "key": "ipa_broken_ssl",
    "title": "Broken SSL Check",
    "category": "network",
    "summary": "\n    Determines whether the application is performing proper \n    certificate validation and hostname verification. Lack of proper \n    certificate validation could result in sensitive data being intercepted \n    by a man-in-the-middle attack.\n  ",
    "cvss": 7.4,
    "regulatory": {
      "cwe": [
        {
          "id": 319,
          "url": "https://cwe.mitre.org/data/definitions/319.html"
        }
      ],
      "owasp": [
        {
          "id": "Mobile Top 10: M3-Insufficient Transport Layer Protection",
          "url": "https://www.owasp.org/index.php/Mobile_Top_10_2014-M3"
        }
      ]
    },
    "affected": false,
    "severity": "pass",
    "description": "\n    For the connections that were observed during the analysis of this app (see URLs below), broken SSL issues were not identified. \n    This indicates the application is performing proper certificate validation and hostname verification for these connections. By\n    exercising additional app functionality, it is possible that there are other connections with broken ssl.\n  "
  }

World Readable Files Check

  • Checks for files with world-readable permissions. Creating world-readable files is dangerous as it could allow other applications to have read access to that file.
{
    "kind": "dynamic",
    "key": "world_readable_files_check",
    "title": "World Readable Files Check",
    "category": "permissions",
    "summary": "\n    Checks for files with world-readable permissions. Creating world-readable files is dangerous as it could allow other applications\n    to have read access to that file.\n  ",
    "cvss": 6.8,
    "regulatory": {
      "cwe": [
        {
          "id": 264,
          "url": "https://cwe.mitre.org/data/definitions/264.html"
        },
        {
          "id": 250,
          "url": "https://cwe.mitre.org/data/definitions/250.html"
        }
      ],
      "niap": [
        {
          "id": "FMT_CFG_EXT.1.2",
          "url": "https://www.niap-ccevs.org/pp/pp_app_v1.1_table-reqs.htm#FMT_CFG_EXT.1.2"
        }
      ],
      "owasp": [
        {
          "id": "M2-Insecure Data Storage",
          "url": "https://www.owasp.org/index.php/Mobile_Top_10_2014-M2"
        }
      ]
    },
    "affected": true,
    "issue": {
      "category": "fs",
      "severity": "medium",
      "cvss": 6.8,
      "cwe": [
        {
          "id": 264,
          "url": "https://cwe.mitre.org/data/definitions/264.html"
        },
        {
          "id": 250,
          "url": "https://cwe.mitre.org/data/definitions/250.html"
        }
      ],
      "owasp": [
        {
          "id": "M2-Insecure Data Storage",
          "url": "https://www.owasp.org/index.php/Mobile_Top_10_2014-M2"
        }
      ],
      "niap": [
        {
          "id": "FMT_CFG_EXT.1.2",
          "url": "https://www.niap-ccevs.org/pp/pp_app_v1.1_table-reqs.htm#FMT_CFG_EXT.1.2"
        }
      ],
      "title": "World-readable violations",
      "description": "\n    The application created or modified a file such that the file has\n    permissions that allow other apps to read it. The content below\n    shows specifically where these violations occurred.\n  ",
      "recommendation": "\n    Creating world-readable files is very dangerous, likely to cause security holes in applications, and is strongly discouraged. Instead, applications should use more formal mechanism for interactions such as ContentProvider, BroadcastReceiver, and Service.\n    There are also no guarantees that this access mode will remain on a file, such as when it goes through a backup and restore, so code that relies on this can fail unexpectedly.\n   ",
      "pass": "\n    No world-readable files were found.\n  "
    },
    "severity": "medium",
    "description": "\n    The application created or modified a file such that the file has\n    permissions that allow other apps to read it. The content below\n    shows specifically where these violations occurred.\n  ",
    "recommendation": "\n    Creating world-readable files is very dangerous, likely to cause security holes in applications, and is strongly discouraged. Instead, applications should use more formal mechanism for interactions such as ContentProvider, BroadcastReceiver, and Service.\n    There are also no guarantees that this access mode will remain on a file, such as when it goes through a backup and restore, so code that relies on this can fail unexpectedly.\n   ",
    "context": {
      "title": "Violations",
      "fields": {
        "cmd": {
          "title": "Command"
        }
      },
      "rows": [
        {
          "mode": 384,
          "path": "/sdcard/Android/data/mobi.supo.cleaner/cache/.nomedia",
          "fs_event": {
            "p": 3020,
            "ts": 1483454384603366,
            "pid": 3020,
            "ret": 42,
            "args": [
              "/storage/emulated/0/Android/data/mobi.supo.cleaner/cache/.nomedia",
              194,
              384
            ],
            "call": "open",
            "timestamp": 1483454384603
          },
          "violation": "world_readable"
        },
        {
          "mode": 16893,
          "path": "/data/data/com.google.android.gms/app_chimera",
          "fs_event": {
            "p": 3557,
            "ts": 1483454404478030,
            "pid": 3557,
            "ret": -1,
            "args": [
              -100,
              "/data/user/0/com.google.android.gms/app_chimera",
              16893,
              0
            ],
            "call": "fchmodat",
            "timestamp": 1483454404478,
            "resolvedPath": "/data/data/com.google.android.gms/app_chimera"
          },
          "violation": "world_readable"
        },
        {
          "mode": 16893,
          "path": "/data/data/com.google.android.gms/app_chimera",
          "fs_event": {
            "p": 3557,
            "ts": 1483454404478244,
            "pid": 3557,
            "ret": -1,
            "args": [
              "/data/data/com.google.android.gms/app_chimera",
              16893
            ],
            "call": "chmod",
            "timestamp": 1483454404478
          },
          "violation": "world_readable"
        },
        {
          "mode": 16893,
          "path": "/data/data/com.google.android.gms/app_chimera",
          "fs_event": {
            "p": 3557,
            "ts": 1483454404632083,
            "pid": 3557,
            "ret": -1,
            "args": [
              -100,
              "/data/user/0/com.google.android.gms/app_chimera",
              16893,
              0
            ],
            "call": "fchmodat",
            "timestamp": 1483454404632,
            "resolvedPath": "/data/data/com.google.android.gms/app_chimera"
          },
          "violation": "world_readable"
        },
        {
          "mode": 16893,
          "path": "/data/data/com.google.android.gms/app_chimera",
          "fs_event": {
            "p": 3557,
            "ts": 1483454404632449,
            "pid": 3557,
            "ret": -1,
            "args": [
              "/data/data/com.google.android.gms/app_chimera",
              16893
            ],
            "call": "chmod",
            "timestamp": 1483454404632
          },
          "violation": "world_readable"
        },
        {
          "mode": 16893,
          "path": "/data/data/com.google.android.gms/app_chimera",
          "fs_event": {
            "p": 3557,
            "ts": 1483454404633944,
            "pid": 3557,
            "ret": -1,
            "args": [
              -100,
              "/data/user/0/com.google.android.gms/app_chimera",
              16893,
              0
            ],
            "call": "fchmodat",
            "timestamp": 1483454404634,
            "resolvedPath": "/data/data/com.google.android.gms/app_chimera"
          },
          "violation": "world_readable"
        },
        {
          "mode": 16893,
          "path": "/data/data/com.google.android.gms/app_chimera",
          "fs_event": {
            "p": 3557,
            "ts": 1483454404636874,
            "pid": 3557,
            "ret": -1,
            "args": [
              "/data/data/com.google.android.gms/app_chimera",
              16893
            ],
            "call": "chmod",
            "timestamp": 1483454404636
          },
          "violation": "world_readable"
        },
        {
          "mode": 438,
          "path": "/data/data/mobi.supo.cleaner/cache/1470286953684.dex.flock",
          "fs_event": {
            "p": 3557,
            "ts": 1483454405150943,
            "pid": 3557,
            "ret": 85,
            "args": [
              "/data/data/mobi.supo.cleaner/cache/1470286953684.dex.flock",
              66,
              438
            ],
            "call": "open",
            "timestamp": 1483454405151
          },
          "violation": "world_readable"
        },
        {
          "mode": 420,
          "path": "/data/data/mobi.supo.cleaner/app_webview/Web Data",
          "fs_event": {
            "p": 3557,
            "ts": 1483454405677035,
            "pid": 3557,
            "ret": 114,
            "args": [
              "/data/data/mobi.supo.cleaner/app_webview/Web Data",
              655426,
              420
            ],
            "call": "open",
            "timestamp": 1483454405677
          },
          "violation": "world_readable"
        },
        {
          "mode": 420,
          "path": "/data/data/mobi.supo.cleaner/app_webview/Cookies",
          "fs_event": {
            "p": 3557,
            "ts": 1483454405717776,
            "pid": 3557,
            "ret": 117,
            "args": [
              "/data/data/mobi.supo.cleaner/app_webview/Cookies",
              655426,
              420
            ],
            "call": "open",
            "timestamp": 1483454405717
          },
          "violation": "world_readable"
        },
        {
          "mode": 384,
          "path": "/sdcard/swift.txt",
          "fs_event": {
            "p": 3557,
            "ts": 1483454407789462,
            "pid": 3557,
            "ret": 79,
            "args": [
              "/storage/emulated/0/swift.txt",
              194,
              384
            ],
            "call": "open",
            "timestamp": 1483454407789
          },
          "violation": "world_readable"
        },
        {
          "mode": 438,
          "path": "/data/data/mobi.supo.cleaner/files/tempDir/result.xml",
          "fs_event": {
            "p": 3557,
            "ts": 1483454408182589,
            "pid": 3557,
            "ret": 76,
            "args": [
              "/data/data/mobi.supo.cleaner/files/tempDir/result.xml",
              578,
              438
            ],
            "call": "open",
            "timestamp": 1483454408182
          },
          "violation": "world_readable"
        },
        {
          "mode": 384,
          "path": "/sdcard/Android/data/mobi.supo.cleaner/cache/602159882.tmp",
          "fs_event": {
            "p": 3557,
            "ts": 1483454411486697,
            "pid": 3557,
            "ret": 162,
            "args": [
              "/storage/emulated/0/Android/data/mobi.supo.cleaner/cache/602159882.tmp",
              577,
              384
            ],
            "call": "open",
            "timestamp": 1483454411486
          },
          "violation": "world_readable"
        },
        {
          "mode": 384,
          "path": "/sdcard/Android/data/mobi.supo.cleaner/cache/-1332272783.tmp",
          "fs_event": {
            "p": 3557,
            "ts": 1483454411546756,
            "pid": 3557,
            "ret": 166,
            "args": [
              "/storage/emulated/0/Android/data/mobi.supo.cleaner/cache/-1332272783.tmp",
              577,
              384
            ],
            "call": "open",
            "timestamp": 1483454411546
          },
          "violation": "world_readable"
        },
        {
          "mode": 384,
          "path": "/sdcard/Tencent/mta/.mid.txt",
          "fs_event": {
            "p": 3557,
            "ts": 1483454412149905,
            "pid": 3557,
            "ret": 70,
            "args": [
              "/storage/emulated/0/Tencent/mta/.mid.txt",
              577,
              384
            ],
            "call": "open",
            "timestamp": 1483454412149
          },
          "violation": "world_readable"
        },
        {
          "mode": 384,
          "path": "/sdcard/swift.txt",
          "fs_event": {
            "p": 3557,
            "ts": 1483454422052401,
            "pid": 3557,
            "ret": 159,
            "args": [
              "/storage/emulated/0/swift.txt",
              194,
              384
            ],
            "call": "open",
            "timestamp": 1483454422052
          },
          "violation": "world_readable"
        },
        {
          "mode": 384,
          "path": "/sdcard/swift.txt",
          "fs_event": {
            "p": 3557,
            "ts": 1483454422077945,
            "pid": 3557,
            "ret": 157,
            "args": [
              "/storage/emulated/0/swift.txt",
              194,
              384
            ],
            "call": "open",
            "timestamp": 1483454422078
          },
          "violation": "world_readable"
        },
        {
          "mode": 384,
          "path": "/sdcard/Android/data/mobi.supo.cleaner/cache/.nomedia",
          "fs_event": {
            "p": 6877,
            "ts": 1483454690801211,
            "pid": 6877,
            "ret": 43,
            "args": [
              "/storage/emulated/0/Android/data/mobi.supo.cleaner/cache/.nomedia",
              194,
              384
            ],
            "call": "open",
            "timestamp": 1483454690801
          },
          "violation": "world_readable"
        },
        {
          "mode": 384,
          "path": "/sdcard/Tencent/mta/.mid.txt",
          "fs_event": {
            "p": 6877,
            "ts": 1483454691011844,
            "pid": 6877,
            "ret": 45,
            "args": [
              "/storage/emulated/0/Tencent/mta/.mid.txt",
              577,
              384
            ],
            "call": "open",
            "timestamp": 1483454691011
          },
          "violation": "world_readable"
        },
        {
          "mode": 384,
          "path": "/sdcard/swift.txt",
          "fs_event": {
            "p": 6877,
            "ts": 1483454704058383,
            "pid": 6877,
            "ret": 83,
            "args": [
              "/storage/emulated/0/swift.txt",
              194,
              384
            ],
            "call": "open",
            "timestamp": 1483454704058
          },
          "violation": "world_readable"
        },
        {
          "mode": 438,
          "path": "/data/data/mobi.supo.cleaner/files/tempDir/result.xml",
          "fs_event": {
            "p": 6877,
            "ts": 1483454704448214,
            "pid": 6877,
            "ret": 56,
            "args": [
              "/data/data/mobi.supo.cleaner/files/tempDir/result.xml",
              578,
              438
            ],
            "call": "open",
            "timestamp": 1483454704448
          },
          "violation": "world_readable"
        },
        {
          "mode": 384,
          "path": "/sdcard/swift.txt",
          "fs_event": {
            "p": 9382,
            "ts": 1483454943327700,
            "pid": 9382,
            "ret": 29,
            "args": [
              "/storage/emulated/0/swift.txt",
              194,
              384
            ],
            "call": "open",
            "timestamp": 1483454943327
          },
          "violation": "world_readable"
        },
        {
          "mode": 438,
          "path": "/data/data/mobi.supo.cleaner/files/tempDir/result.xml",
          "fs_event": {
            "p": 9382,
            "ts": 1483454943628665,
            "pid": 9382,
            "ret": 50,
            "args": [
              "/data/data/mobi.supo.cleaner/files/tempDir/result.xml",
              578,
              438
            ],
            "call": "open",
            "timestamp": 1483454943628
          },
          "violation": "world_readable"
        },
        {
          "mode": 384,
          "path": "/sdcard/swift.txt",
          "fs_event": {
            "p": 9886,
            "ts": 1483454982627963,
            "pid": 9886,
            "ret": 47,
            "args": [
              "/storage/emulated/0/swift.txt",
              194,
              384
            ],
            "call": "open",
            "timestamp": 1483454982628
          },
          "violation": "world_readable"
        },
        {
          "mode": 438,
          "path": "/data/data/mobi.supo.cleaner/files/tempDir/result.xml",
          "fs_event": {
            "p": 9886,
            "ts": 1483454983106753,
            "pid": 9886,
            "ret": 58,
            "args": [
              "/data/data/mobi.supo.cleaner/files/tempDir/result.xml",
              578,
              438
            ],
            "call": "open",
            "timestamp": 1483454983106
          },
          "violation": "world_readable"
        }
      ]
    }
  }

Path Traversal

  • Inter Process Communication allows functionality to be discovered and invoked on the fly, granting end users the ability to replace applications with others that offer similar functionality. To allow this, applications must be able to contract out operations to other applications. This is accomplished through the use of various mechanisms such as Intents, Bundles, and Binders.
{
    "kind": "dynamic",
    "key": "directory_traversal_content_providers",
    "title": "Path Traversal",
    "category": "ipc",
    "summary": "\n    Inter Process Communication allows functionality to be discovered and invoked \n    on the fly, granting end users the ability to replace applications with others \n    that offer similar functionality. To allow this, applications must be able to \n    contract out operations to other applications. This is accomplished through the \n    use of various mechanisms such as Intents, Bundles, and Binders.\n  ",
    "cvss": 6.2,
    "regulatory": {
      "cwe": [
        {
          "id": 22,
          "url": "https://cwe.mitre.org/data/definitions/22.html"
        }
      ],
      "owasp": [
        {
          "id": "M2-Insecure Data Storage",
          "url": "https://www.owasp.org/index.php/Mobile_Top_10_2014-M2"
        },
        {
          "id": "M4-Unintended Data Leakage",
          "url": "https://www.owasp.org/index.php/Mobile_Top_10_2014-M4"
        },
        {
          "id": "M8-Security Decisions vis Untrusted Inpurts",
          "url": "https://www.owasp.org/index.php/Mobile_Top_10_2014-M8"
        }
      ]
    },
    "affected": false,
    "severity": "pass",
    "description": "\n    Your application does not use Content Providers or they are not vulnerable to Path Traversal because of correct permissions being set.\n  "
  }

Zip files sent in transit

  • Detects whether zip files are being sent by the application in transit. Zip files can lead to a remote arbitrary file write, which could allow an attacker remote code execution.
{
    "kind": "dynamic",
    "key": "zip_file_in_transit_check",
    "title": "Zip files sent in transit",
    "category": "network",
    "summary": "\n    Detects whether zip files are being sent by the application in transit. Zip\n    files can lead to a remote arbitrary file write, which could allow an\n    attacker remote code execution.\n  ",
    "cvss": 5.4,
    "regulatory": {},
    "affected": true,
    "issue": {
      "category": "network",
      "severity": "medium",
      "cvss": 5.4,
      "title": "Zip files sent in transit",
      "description": "\n    The application was found to transmit zip files over the network. An application downloading a zip file in plaintext or broken https\n    is not a high risk issue by itself. Somebody with the ability to alter network traffic could swap the files in the zip archive\n    out just as they could alter an html or css document.\n    \n    It is encouraged to review the output in the table below to determine whether these files are transmitted using HTTP or HTTPS. \n    This issues in combination with others (such as Writeable Executable) could lead to a Remote Code Execution vulnerability.\n  ",
      "pass": "\n    The application as not found to transmit zip files over the network.\n  ",
      "recommendation": "\n  Avoid transmitting zip files over the network in an insecure manner. If necessary, ensure SSL/TLS is used along with\n  proper certificate validation or pinning techniques.\n  "
    },
    "severity": "medium",
    "description": "\n    The application was found to transmit zip files over the network. An application downloading a zip file in plaintext or broken https\n    is not a high risk issue by itself. Somebody with the ability to alter network traffic could swap the files in the zip archive\n    out just as they could alter an html or css document.\n    \n    It is encouraged to review the output in the table below to determine whether these files are transmitted using HTTP or HTTPS. \n    This issues in combination with others (such as Writeable Executable) could lead to a Remote Code Execution vulnerability.\n  ",
    "recommendation": "\n  Avoid transmitting zip files over the network in an insecure manner. If necessary, ensure SSL/TLS is used along with\n  proper certificate validation or pinning techniques.\n  ",
    "context": {
      "rows": [
        {
          "issue": "zip_file",
          "full_url": "http://vmatrix.s3.amazonaws.com/dynamic_test_file.zip?AWSAccessKeyId=AKIAJFZDPUUUUM5DRORA&Expires=1657025179&Signature=6tL70jhV2NX95qcA4OkrI7WA43o%3D",
          "additional_context": []
        },
        {
          "issue": "zip_file",
          "full_url": "http://vmatrix.s3.amazonaws.com/dynamic_test_file.zip?AWSAccessKeyId=AKIAJFZDPUUUUM5DRORA&Expires=1657025179&Signature=6tL70jhV2NX95qcA4OkrI7WA43o%3D",
          "additional_context": []
        },
        {
          "issue": "zip_file",
          "full_url": "http://vmatrix.s3.amazonaws.com/dynamic_test_file.zip?AWSAccessKeyId=AKIAJFZDPUUUUM5DRORA&Expires=1657025179&Signature=6tL70jhV2NX95qcA4OkrI7WA43o%3D",
          "additional_context": []
        }
      ],
      "fields": {
        "full_url": {
          "title": "Full URL"
        }
      }
    }
  }

Sensitive Data in Local Files

  • This test inspects local application files and external storage locations for sensitive user/application data and then alerts on any sensitive data it finds.
{
    "kind": "dynamic",
    "key": "leaked_data_in_files",
    "title": "Sensitive Data in Local Files",
    "category": "info",
    "summary": "This test inspects local application files and external storage locations for sensitive user/application data and then alerts on any sensitive data it finds.",
    "cvss": "4.4",
    "regulatory": {},
    "affected": true,
    "issue": {
      "category": "code",
      "severity": "medium",
      "cvss": "4.4",
      "title": "Sensitive Data in Local Files",
      "pass": "No sensitive data was recovered from the local application files, or found to be stored on external storage.",
      "description": "A sensitive piece of data has been found, using values provided from the configuration, on the device. You can review the output below to determine where each value was found.",
      "recommendation": "Sensitive data should be transmitted and displayed but not persisted to memory. This is typically achieved by storeing sensitive data in RAM (clear at application close) or encrypting the data using strong encryption.\n\n  It is also important to note that external storage such as SD Card has no fine grained permissions and that any app by default has read access to the storage and can read all files. Since Android 4.4 apps can store data on the SD Card in a protected way under certain circumstances [see [http://source.android.com/devices/tech/storage/](http://source.android.com/devices/tech/storage/)]."
    },
    "severity": "medium",
    "description": "A sensitive piece of data has been found, using values provided from the configuration, on the device. You can review the output below to determine where each value was found.",
    "recommendation": "Sensitive data should be transmitted and displayed but not persisted to memory. This is typically achieved by storeing sensitive data in RAM (clear at application close) or encrypting the data using strong encryption.\n\n  It is also important to note that external storage such as SD Card has no fine grained permissions and that any app by default has read access to the storage and can read all files. Since Android 4.4 apps can store data on the SD Card in a protected way under certain circumstances [see [http://source.android.com/devices/tech/storage/](http://source.android.com/devices/tech/storage/)].",
    "context": {
      "title": "Sensitive Data in Local Files",
      "fields": {
        "encoding": {
          "title": "Encoding"
        },
        "type": {
          "title": "Search Term"
        },
        "filename": {
          "title": "Locations(s)"
        }
      },
      "rows": [
        {
          "type": "android_id",
          "encoding": "original",
          "filename": "/data/data/mobi.supo.cleaner/shared_prefs/mopub_ad_pref.xml"
        },
        {
          "type": "imei",
          "encoding": "original",
          "filename": "/data/data/mobi.supo.cleaner/shared_prefs/mopub_ad_pref.xml"
        },
        {
          "type": "serial",
          "encoding": "original",
          "filename": "/data/data/mobi.supo.cleaner/databases/analyticsdb.db"
        },
        {
          "type": "android_id",
          "encoding": "original",
          "filename": "/data/data/mobi.supo.cleaner/databases/analyticsdb.db"
        },
        {
          "type": "localWifiMAC",
          "encoding": "original",
          "filename": "/data/data/mobi.supo.cleaner/databases/analyticsdb.db"
        },
        {
          "type": "imei",
          "encoding": "original",
          "filename": "/data/data/mobi.supo.cleaner/databases/analyticsdb.db"
        },
        {
          "type": "gpsLatitude",
          "encoding": "original",
          "filename": "/data/data/mobi.supo.cleaner/cache/volley/-5363192891527077478"
        },
        {
          "type": "gpsLongitude",
          "encoding": "original",
          "filename": "/data/data/mobi.supo.cleaner/cache/volley/-5363192891527077478"
        },
        {
          "type": "gpsLatitude",
          "encoding": "original",
          "filename": "/data/data/mobi.supo.cleaner/cache/volley/-9822519221613153488"
        },
        {
          "type": "gpsLongitude",
          "encoding": "original",
          "filename": "/data/data/mobi.supo.cleaner/cache/volley/-9822519221613153488"
        },
        {
          "type": "android_id",
          "encoding": "original",
          "filename": "/data/data/mobi.supo.cleaner/shared_prefs/appsflyer-data.xml"
        },
        {
          "type": "imei",
          "encoding": "original",
          "filename": "/data/data/mobi.supo.cleaner/shared_prefs/appsflyer-data.xml"
        },
        {
          "type": "lastname",
          "encoding": "original",
          "filename": "/data/data/mobi.supo.cleaner/files/AVL_CONFIG/avl/d_avl_exh"
        },
        {
          "type": "imei",
          "encoding": "original",
          "filename": "/data/data/mobi.supo.cleaner/databases/bugly_db_"
        },
        {
          "type": "android_id",
          "encoding": "original",
          "filename": "/data/data/mobi.supo.cleaner/files/AFRequestCache/1483454693391"
        },
        {
          "type": "imei",
          "encoding": "original",
          "filename": "/data/data/mobi.supo.cleaner/files/AFRequestCache/1483454693391"
        },
        {
          "type": "android_id",
          "encoding": "original",
          "filename": "/data/data/mobi.supo.cleaner/files/AFRequestCache/1483454933557"
        },
        {
          "type": "imei",
          "encoding": "original",
          "filename": "/data/data/mobi.supo.cleaner/files/AFRequestCache/1483454933557"
        },
        {
          "type": "gpsLatitude",
          "encoding": "original",
          "filename": "/data/data/mobi.supo.cleaner/databases/analyticsdb.db"
        },
        {
          "type": "gpsLongitude",
          "encoding": "original",
          "filename": "/data/data/mobi.supo.cleaner/databases/analyticsdb.db"
        }
      ]
    }
  }

Sensitive Data in System Logs

  • Debug logs are generally designed to be used to detect and correct flaws in an application. These logs can leak sensitive information that may help an attacker create a more powerful attack. Additionally, any application on that device with the “READ_LOGS” permission can interrogate the logs, and in more recent versions of Android, the log files have been more carefully isolated and do not require system level permissions to be requested. In this test, the system log files are analyzed for existence of sensitive user or application data.
{
    "kind": "dynamic",
    "key": "leaked_logcat_data",
    "title": "Sensitive Data in System Logs",
    "category": "code",
    "summary": "Debug logs are generally designed to be used to detect and correct flaws in\n    an application. These logs can leak sensitive information that may help an\n    attacker create a more powerful attack. Additionally, any application on\n    that device with the \"READ_LOGS\" permission can interrogate the logs, and in\n    more recent versions of Android, the log files have been more carefully\n    isolated and do not require system level permissions to be requested. In this\n    test, the system log files are analyzed for existence of sensitive user or\n    application data.\n  ",
    "cvss": 4.4,
    "regulatory": {},
    "affected": true,
    "issue": {
      "category": "code",
      "severity": "medium",
      "cvss": 4.4,
      "title": "Sensitive Data in System Logs",
      "description": "\n    One or more of the search terms for this application were recovered from\n    the system log files on the device. The table below displays each data\n    type, the actual value that was recovered, whether this value was\n    recovered in plain text form or a specific encoding, and some output\n    directly from the log file to show contextual information around how this\n    search term was logged.\n  ",
      "pass": "\n    None of the search terms for this application were recovered from the\n    system log files on the device.\n  ",
      "recommendation": "\n  To prevent this sensitive information from being compromised (such as by\n  another application or process running on the same device), it is recommended\n  that debug logs be disabled in a production environment. One method involves\n  leveraging ProGuard or DexGuard (or an alternative) to completely remove the\n  method calls to the Log class, thus stripping all calls to Log.d, Log.i,\n  Log.v, Log.e methods. One example is use add the following snippet to\n  `proguard.cfg`:\n\n  ```\n  -assumenosideeffects class android.util.Log {\n    public static *** d(...);\n    public static *** v(...);\n    public static *** i(...);\n    public static *** e(...);\n  }\n  ```\n  "
    },
    "severity": "medium",
    "description": "\n    One or more of the search terms for this application were recovered from\n    the system log files on the device. The table below displays each data\n    type, the actual value that was recovered, whether this value was\n    recovered in plain text form or a specific encoding, and some output\n    directly from the log file to show contextual information around how this\n    search term was logged.\n  ",
    "recommendation": "\n  To prevent this sensitive information from being compromised (such as by\n  another application or process running on the same device), it is recommended\n  that debug logs be disabled in a production environment. One method involves\n  leveraging ProGuard or DexGuard (or an alternative) to completely remove the\n  method calls to the Log class, thus stripping all calls to Log.d, Log.i,\n  Log.v, Log.e methods. One example is use add the following snippet to\n  `proguard.cfg`:\n\n  ```\n  -assumenosideeffects class android.util.Log {\n    public static *** d(...);\n    public static *** v(...);\n    public static *** i(...);\n    public static *** e(...);\n  }\n  ```\n  ",
    "context": {
      "title": "Code Locations",
      "rows": [
        {
          "issue": "sensitive_data_leak",
          "searched_data": "NeighborEvent{elapsedMs=57189, 192.168.68.1, [00900B2DD51F], RTM_NEWNEIGH, NUD_STALE}",
          "encoded_format": "original",
          "data_value_type": "dns1",
          "sensitive_data_value": "192.168.68.1"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "NeighborEvent{elapsedMs=63479, 192.168.68.1, [00900B2DD51F], RTM_NEWNEIGH, NUD_REACHABLE}",
          "encoded_format": "original",
          "data_value_type": "dns1",
          "sensitive_data_value": "192.168.68.1"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "data: {\"device\":\"flo\",\"firstLaunchDate\":\"2017-01-03_1440+0000\",\"installDate\":\"2017-01-03_1439+0000\",\"sdk\":\"23\",\"carrier\":\"\",\"deviceFingerPrintId\":\"ffffffff-f40e-5f8b-ffff-ffff99e1614c\",\"date1\":\"2017-01-03_1439+0000\",\"af_preinstalled\":\"false\",\"advertiserIdEnabled\":\"true\",\"af_sdks\":\"0000000000\",\"iaecounter\":\"0\",\"lang_code\":\"en\",\"appsflyerKey\":\"EL****************4gmm\",\"imei\":\"358239051198804\",\"app_version_name\":\"1.0.28.1227\",\"lang\":\"English\",\"timepassedsincelastlaunch\":\"0\",\"dkh\":\"ELctKLYr\",\"android_id\":\"47edfe1b30cd46d7\",\"advertiserId\":\"88b89329-891a-42b9-a002-93785f97f3ea\",\"isGaidWithGps\":\"true\",\"deviceType\":\"user\",\"af_v\":\"ec618d11e33e65f56d85b3a652712db6672f2c23\",\"app_version_code\":\"28\",\"af_events_api\":\"1\",\"platformextension\":\"android_native\",\"network\":\"WIFI\",\"operator\":\"\",\"country\":\"US\",\"date2\":\"2017-01-03_1439+0000\",\"brand\":\"google\",\"af_timestamp\":\"1483454403836\",\"uid\":\"1483454380601-4722336625152257399\",\"isFirstCall\":\"true\",\"counter\":\"1\",\"model\":\"Nexus 7\",\"product\":\"razor\"}",
          "encoded_format": "original",
          "data_value_type": "android_id",
          "sensitive_data_value": "47edfe1b30cd46d7"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "data: {\"device\":\"flo\",\"firstLaunchDate\":\"2017-01-03_1440+0000\",\"installDate\":\"2017-01-03_1439+0000\",\"sdk\":\"23\",\"carrier\":\"\",\"deviceFingerPrintId\":\"ffffffff-f40e-5f8b-ffff-ffff99e1614c\",\"date1\":\"2017-01-03_1439+0000\",\"af_preinstalled\":\"false\",\"advertiserIdEnabled\":\"true\",\"af_sdks\":\"0000000000\",\"iaecounter\":\"0\",\"lang_code\":\"en\",\"appsflyerKey\":\"EL****************4gmm\",\"imei\":\"358239051198804\",\"app_version_name\":\"1.0.28.1227\",\"lang\":\"English\",\"timepassedsincelastlaunch\":\"0\",\"dkh\":\"ELctKLYr\",\"android_id\":\"47edfe1b30cd46d7\",\"advertiserId\":\"88b89329-891a-42b9-a002-93785f97f3ea\",\"isGaidWithGps\":\"true\",\"deviceType\":\"user\",\"af_v\":\"ec618d11e33e65f56d85b3a652712db6672f2c23\",\"app_version_code\":\"28\",\"af_events_api\":\"1\",\"platformextension\":\"android_native\",\"network\":\"WIFI\",\"operator\":\"\",\"country\":\"US\",\"date2\":\"2017-01-03_1439+0000\",\"brand\":\"google\",\"af_timestamp\":\"1483454403836\",\"uid\":\"1483454380601-4722336625152257399\",\"isFirstCall\":\"true\",\"counter\":\"1\",\"model\":\"Nexus 7\",\"product\":\"razor\"}",
          "encoded_format": "original",
          "data_value_type": "imei",
          "sensitive_data_value": "358239051198804"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "Use AdRequest.Builder.addTestDevice(\"9813E8942932607977A8516DB909B48C\") to get test ads on this device.",
          "encoded_format": "md5",
          "data_value_type": "android_id",
          "sensitive_data_value": "9813E8942932607977A8516DB909B48C"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "notifyLocationResult:Coordinator{lat=38.88972091674805, lon=-98.85722351074219}",
          "encoded_format": "original",
          "data_value_type": "gpsLatitude",
          "sensitive_data_value": "98.8"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "notifyLocationResult:Coordinator{lat=38.88972091674805, lon=-98.85722351074219}",
          "encoded_format": "original",
          "data_value_type": "gpsLongitude",
          "sensitive_data_value": "38.8"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "notifyLocationResult:Coordinator{lat=38.88972091674805, lon=-98.85722351074219}",
          "encoded_format": "original",
          "data_value_type": "gpsLatitude",
          "sensitive_data_value": "98.8"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "notifyLocationResult:Coordinator{lat=38.88972091674805, lon=-98.85722351074219}",
          "encoded_format": "original",
          "data_value_type": "gpsLongitude",
          "sensitive_data_value": "38.8"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "NeighborEvent{elapsedMs=128269, 192.168.68.1, [00900B2DD51F], RTM_NEWNEIGH, NUD_STALE}",
          "encoded_format": "original",
          "data_value_type": "dns1",
          "sensitive_data_value": "192.168.68.1"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "NeighborEvent{elapsedMs=134359, 192.168.68.1, [00900B2DD51F], RTM_NEWNEIGH, NUD_REACHABLE}",
          "encoded_format": "original",
          "data_value_type": "dns1",
          "sensitive_data_value": "192.168.68.1"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "NeighborEvent{elapsedMs=148289, 192.168.68.1, [00900B2DD51F], RTM_NEWNEIGH, NUD_STALE}",
          "encoded_format": "original",
          "data_value_type": "dns1",
          "sensitive_data_value": "192.168.68.1"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "NeighborEvent{elapsedMs=201259, 192.168.68.1, [00900B2DD51F], RTM_NEWNEIGH, NUD_REACHABLE}",
          "encoded_format": "original",
          "data_value_type": "dns1",
          "sensitive_data_value": "192.168.68.1"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "NeighborEvent{elapsedMs=208349, 192.168.68.1, [00900B2DD51F], RTM_NEWNEIGH, NUD_STALE}",
          "encoded_format": "original",
          "data_value_type": "dns1",
          "sensitive_data_value": "192.168.68.1"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "NeighborEvent{elapsedMs=217089, 192.168.68.1, [00900B2DD51F], RTM_NEWNEIGH, NUD_PROBE}",
          "encoded_format": "original",
          "data_value_type": "dns1",
          "sensitive_data_value": "192.168.68.1"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "NeighborEvent{elapsedMs=227469, 192.168.68.1, [00900B2DD51F], RTM_NEWNEIGH, NUD_STALE}",
          "encoded_format": "original",
          "data_value_type": "dns1",
          "sensitive_data_value": "192.168.68.1"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "NeighborEvent{elapsedMs=293219, 192.168.68.1, [00900B2DD51F], RTM_NEWNEIGH, NUD_REACHABLE}",
          "encoded_format": "original",
          "data_value_type": "dns1",
          "sensitive_data_value": "192.168.68.1"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "NeighborEvent{elapsedMs=311669, 192.168.68.1, [00900B2DD51F], RTM_NEWNEIGH, NUD_STALE}",
          "encoded_format": "original",
          "data_value_type": "dns1",
          "sensitive_data_value": "192.168.68.1"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "NeighborEvent{elapsedMs=337210, 192.168.68.1, [00900B2DD51F], RTM_NEWNEIGH, NUD_REACHABLE}",
          "encoded_format": "original",
          "data_value_type": "dns1",
          "sensitive_data_value": "192.168.68.1"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "NeighborEvent{elapsedMs=371209, 192.168.68.1, [00900B2DD51F], RTM_NEWNEIGH, NUD_STALE}",
          "encoded_format": "original",
          "data_value_type": "dns1",
          "sensitive_data_value": "192.168.68.1"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "data: {\"device\":\"flo\",\"firstLaunchDate\":\"2017-01-03_1444+0000\",\"installDate\":\"2017-01-03_1444+0000\",\"sdk\":\"23\",\"carrier\":\"\",\"deviceFingerPrintId\":\"ffffffff-f40e-5f8b-ffff-ffff99e1614c\",\"date1\":\"2017-01-03_1444+0000\",\"af_preinstalled\":\"false\",\"advertiserIdEnabled\":\"true\",\"af_sdks\":\"0000000000\",\"iaecounter\":\"0\",\"lang_code\":\"en\",\"appsflyerKey\":\"EL****************4gmm\",\"imei\":\"358239051198804\",\"app_version_name\":\"1.0.28.1227\",\"lang\":\"English\",\"timepassedsincelastlaunch\":\"0\",\"dkh\":\"ELctKLYr\",\"android_id\":\"47edfe1b30cd46d7\",\"advertiserId\":\"88b89329-891a-42b9-a002-93785f97f3ea\",\"isGaidWithGps\":\"true\",\"deviceType\":\"user\",\"af_v\":\"77fa9da8f647add6fedb4aa3ca8a4081c11a22b3\",\"app_version_code\":\"28\",\"af_events_api\":\"1\",\"platformextension\":\"android_native\",\"network\":\"WIFI\",\"operator\":\"\",\"country\":\"US\",\"date2\":\"2017-01-03_1444+0000\",\"brand\":\"google\",\"af_timestamp\":\"1483454692437\",\"uid\":\"1483454683129-3885839200860118018\",\"isFirstCall\":\"true\",\"counter\":\"1\",\"model\":\"Nexus 7\",\"product\":\"razor\"}",
          "encoded_format": "original",
          "data_value_type": "android_id",
          "sensitive_data_value": "47edfe1b30cd46d7"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "data: {\"device\":\"flo\",\"firstLaunchDate\":\"2017-01-03_1444+0000\",\"installDate\":\"2017-01-03_1444+0000\",\"sdk\":\"23\",\"carrier\":\"\",\"deviceFingerPrintId\":\"ffffffff-f40e-5f8b-ffff-ffff99e1614c\",\"date1\":\"2017-01-03_1444+0000\",\"af_preinstalled\":\"false\",\"advertiserIdEnabled\":\"true\",\"af_sdks\":\"0000000000\",\"iaecounter\":\"0\",\"lang_code\":\"en\",\"appsflyerKey\":\"EL****************4gmm\",\"imei\":\"358239051198804\",\"app_version_name\":\"1.0.28.1227\",\"lang\":\"English\",\"timepassedsincelastlaunch\":\"0\",\"dkh\":\"ELctKLYr\",\"android_id\":\"47edfe1b30cd46d7\",\"advertiserId\":\"88b89329-891a-42b9-a002-93785f97f3ea\",\"isGaidWithGps\":\"true\",\"deviceType\":\"user\",\"af_v\":\"77fa9da8f647add6fedb4aa3ca8a4081c11a22b3\",\"app_version_code\":\"28\",\"af_events_api\":\"1\",\"platformextension\":\"android_native\",\"network\":\"WIFI\",\"operator\":\"\",\"country\":\"US\",\"date2\":\"2017-01-03_1444+0000\",\"brand\":\"google\",\"af_timestamp\":\"1483454692437\",\"uid\":\"1483454683129-3885839200860118018\",\"isFirstCall\":\"true\",\"counter\":\"1\",\"model\":\"Nexus 7\",\"product\":\"razor\"}",
          "encoded_format": "original",
          "data_value_type": "imei",
          "sensitive_data_value": "358239051198804"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "NeighborEvent{elapsedMs=384179, 192.168.68.1, [00900B2DD51F], RTM_NEWNEIGH, NUD_REACHABLE}",
          "encoded_format": "original",
          "data_value_type": "dns1",
          "sensitive_data_value": "192.168.68.1"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "NeighborEvent{elapsedMs=418289, 192.168.68.1, [00900B2DD51F], RTM_NEWNEIGH, NUD_STALE}",
          "encoded_format": "original",
          "data_value_type": "dns1",
          "sensitive_data_value": "192.168.68.1"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "NeighborEvent{elapsedMs=428509, 192.168.68.1, [00900B2DD51F], RTM_NEWNEIGH, NUD_REACHABLE}",
          "encoded_format": "original",
          "data_value_type": "dns1",
          "sensitive_data_value": "192.168.68.1"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "NeighborEvent{elapsedMs=437829, 192.168.68.1, [00900B2DD51F], RTM_NEWNEIGH, NUD_STALE}",
          "encoded_format": "original",
          "data_value_type": "dns1",
          "sensitive_data_value": "192.168.68.1"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "NeighborEvent{elapsedMs=497909, 192.168.68.1, [00900B2DD51F], RTM_NEWNEIGH, NUD_REACHABLE}",
          "encoded_format": "original",
          "data_value_type": "dns1",
          "sensitive_data_value": "192.168.68.1"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "NeighborEvent{elapsedMs=517969, 192.168.68.1, [00900B2DD51F], RTM_NEWNEIGH, NUD_STALE}",
          "encoded_format": "original",
          "data_value_type": "dns1",
          "sensitive_data_value": "192.168.68.1"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "NeighborEvent{elapsedMs=614789, 192.168.68.1, [00900B2DD51F], RTM_NEWNEIGH, NUD_REACHABLE}",
          "encoded_format": "original",
          "data_value_type": "dns1",
          "sensitive_data_value": "192.168.68.1"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "data: {\"device\":\"flo\",\"firstLaunchDate\":\"2017-01-03_1444+0000\",\"installDate\":\"2017-01-03_1444+0000\",\"sdk\":\"23\",\"carrier\":\"\",\"deviceFingerPrintId\":\"ffffffff-f40e-5f8b-ffff-ffff99e1614c\",\"date1\":\"2017-01-03_1444+0000\",\"af_preinstalled\":\"false\",\"advertiserIdEnabled\":\"true\",\"iaecounter\":\"0\",\"lang_code\":\"en\",\"appsflyerKey\":\"EL****************4gmm\",\"imei\":\"358239051198804\",\"app_version_name\":\"1.0.28.1227\",\"lang\":\"English\",\"timepassedsincelastlaunch\":\"240\",\"dkh\":\"ELctKLYr\",\"android_id\":\"47edfe1b30cd46d7\",\"advertiserId\":\"88b89329-891a-42b9-a002-93785f97f3ea\",\"isGaidWithGps\":\"true\",\"deviceType\":\"user\",\"af_v\":\"a9933ab71a71791b3c7f838a8790ef207638b4c8\",\"app_version_code\":\"28\",\"af_events_api\":\"1\",\"platformextension\":\"android_native\",\"network\":\"WIFI\",\"operator\":\"\",\"country\":\"US\",\"date2\":\"2017-01-03_1444+0000\",\"brand\":\"google\",\"af_timestamp\":\"1483454932578\",\"uid\":\"1483454683129-3885839200860118018\",\"isFirstCall\":\"true\",\"counter\":\"2\",\"model\":\"Nexus 7\",\"product\":\"razor\"}",
          "encoded_format": "original",
          "data_value_type": "android_id",
          "sensitive_data_value": "47edfe1b30cd46d7"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "data: {\"device\":\"flo\",\"firstLaunchDate\":\"2017-01-03_1444+0000\",\"installDate\":\"2017-01-03_1444+0000\",\"sdk\":\"23\",\"carrier\":\"\",\"deviceFingerPrintId\":\"ffffffff-f40e-5f8b-ffff-ffff99e1614c\",\"date1\":\"2017-01-03_1444+0000\",\"af_preinstalled\":\"false\",\"advertiserIdEnabled\":\"true\",\"iaecounter\":\"0\",\"lang_code\":\"en\",\"appsflyerKey\":\"EL****************4gmm\",\"imei\":\"358239051198804\",\"app_version_name\":\"1.0.28.1227\",\"lang\":\"English\",\"timepassedsincelastlaunch\":\"240\",\"dkh\":\"ELctKLYr\",\"android_id\":\"47edfe1b30cd46d7\",\"advertiserId\":\"88b89329-891a-42b9-a002-93785f97f3ea\",\"isGaidWithGps\":\"true\",\"deviceType\":\"user\",\"af_v\":\"a9933ab71a71791b3c7f838a8790ef207638b4c8\",\"app_version_code\":\"28\",\"af_events_api\":\"1\",\"platformextension\":\"android_native\",\"network\":\"WIFI\",\"operator\":\"\",\"country\":\"US\",\"date2\":\"2017-01-03_1444+0000\",\"brand\":\"google\",\"af_timestamp\":\"1483454932578\",\"uid\":\"1483454683129-3885839200860118018\",\"isFirstCall\":\"true\",\"counter\":\"2\",\"model\":\"Nexus 7\",\"product\":\"razor\"}",
          "encoded_format": "original",
          "data_value_type": "imei",
          "sensitive_data_value": "358239051198804"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "NeighborEvent{elapsedMs=631149, 192.168.68.1, [00900B2DD51F], RTM_NEWNEIGH, NUD_STALE}",
          "encoded_format": "original",
          "data_value_type": "dns1",
          "sensitive_data_value": "192.168.68.1"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "NeighborEvent{elapsedMs=641880, 192.168.68.1, [00900B2DD51F], RTM_NEWNEIGH, NUD_PROBE}",
          "encoded_format": "original",
          "data_value_type": "dns1",
          "sensitive_data_value": "192.168.68.1"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "NeighborEvent{elapsedMs=650719, 192.168.68.1, [00900B2DD51F], RTM_NEWNEIGH, NUD_STALE}",
          "encoded_format": "original",
          "data_value_type": "dns1",
          "sensitive_data_value": "192.168.68.1"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "NeighborEvent{elapsedMs=663249, 192.168.68.1, [00900B2DD51F], RTM_NEWNEIGH, NUD_REACHABLE}",
          "encoded_format": "original",
          "data_value_type": "dns1",
          "sensitive_data_value": "192.168.68.1"
        },
        {
          "issue": "sensitive_data_leak",
          "searched_data": "NeighborEvent{elapsedMs=685269, 192.168.68.1, [00900B2DD51F], RTM_NEWNEIGH, NUD_STALE}",
          "encoded_format": "original",
          "data_value_type": "dns1",
          "sensitive_data_value": "192.168.68.1"
        }
      ],
      "fields": {
        "issue": {
          "title": "Issue"
        },
        "data_value_type": {
          "title": "Type"
        },
        "sensitive_data_value": {
          "title": "Value"
        },
        "encoded_format": {
          "title": "Encoding"
        },
        "searched_data": {
          "title": "Searched Data"
        }
      }
    }
  }

Network Connections

  • As the application is running, we monitor the app communications in order to understand where the application is sending its data.
{
    "kind": "dynamic",
    "key": "snoop_network_hosts",
    "title": "Network Connections",
    "category": "artifact",
    "summary": "As the application is running, we monitor the app communications in order to understand where the application is sending its data.",
    "regulatory": {},
    "affected": true,
    "context": {
      "fields": {
        "domain": {
          "title": "Domain"
        },
        "host": {
          "title": "Host"
        },
        "ips": {
          "title": "IPs"
        },
        "org": {
          "title": "Organization"
        },
        "location": {
          "title": "Location"
        }
      },
      "rows": [
        {
          "domain": "google.com",
          "host": "googleads.g.doubleclick.net",
          "ips": "216.58.217.226",
          "org": "Google Inc.",
          "location": "Mountain View, California, US"
        },
        {
          "domain": "google.com",
          "host": "pagead2.googlesyndication.com",
          "ips": "216.58.192.162",
          "org": "Google Inc.",
          "location": "Mountain View, California, US"
        }
      ]
    }
  }

Files Stored on SD Card

  • Files were found to be stored in an external storage location. External storage, such as an SD Card, lacks fine-tuned permissions, which allows any app to access and read files in external storage by default. Android versions 4.4 and later do provide functionality that, under certain circumstances, allows apps to securely store data on the SD Card

```{ “kind”: “dynamic”, “key”: “sdcard_file_list”, “title”: “Files Stored on SD Card”, “category”: “artifact”, “summary”: “Files were found to be stored in an external storage location. External storage, such as an SD Card, lacks fine-tuned permissions, which allows any app to access and read files in external storage by default. Android versions 4.4 and later do provide functionality that, under certain circumstances, allows apps to securely store data on the SD Card [see http://source.android.com/devices/tech/storage/].“, “regulatory”: {}, “affected”: true, “context”: { “title”: “Files”, “pre”: “/sdcard/Android/data/mobi.supo.cleaner/cache/.nomedia\n/sdcard/Tencent/mta/.mid.txt\n/sdcard/swift.txt\n/sdcard/TWRP\n/sdcard/Android\n/sdcard/mobi.supo.cleaner\n/sdcard/TWRP/BACKUPS\n/sdcard/Android/data\n/sdcard/mobi.supo.cleaner/cleaner\n/sdcard/TWRP/BACKUPS/09267e0a\n/sdcard/Android/data/mobi.supo.cleaner\n/sdcard/TWRP/BACKUPS/09267e0a/provisioned\n/sdcard/Android/data/mobi.supo.cleaner/cache\n/sdcard/Android/data/mobi.supo.cleaner/cache/602159882.tmp\n/sdcard/Android/data/mobi.supo.cleaner/cache/602159882\n/sdcard/Android/data/mobi.supo.cleaner/cache/-1332272783.tmp\n/sdcard/Android/data/mobi.supo.cleaner/cache/-1332272783\n/sdcard/.ktv/apk\n/sdcard/.LeStore/download\n/sdcard/.YoudaoNote/App\n/sdcard/.aptoide/apks\n/sdcard/.dongji/dongjiMarket/cache/apk\n/sdcard/.iqiyigame/game\n/sdcard/.pps/PPStv_pad_update\n/sdcard/.pps/PPStv_update\n/sdcard/.pps/apk_cache\n/sdcard/.pps/game\n/sdcard/.ppsgamecenter\n/sdcard/.qiyi/plugin\n/sdcard/.qzonedownload\n/sdcard/115wangpan/download\n/sdcard/2345手机助手/apk\n/sdcard/360Download\n/sdcard/360Video/download\n/sdcard/360launcher/upgrade\n/sdcard/360union/360UnionDownload\n/sdcard/3CHYDownload/Software\n/sdcard/5sing/radio/apk\n/sdcard/91 WireLess/PandaSpace/apps\n/sdcard/91market/apps\n/sdcard/Android/data/cn.com.vapk.vstore.client/files/apk\n/sdcard/Android/data/com.amazon.mshop.android/files/apks\n/sdcard/Android/data/com.amazon.venezia/files/apks\n/sdcard/Android/data/com.dianping.v1/cache/QihooUpdate\n/sdcard/Android/data/com.ludashi.benchmark/files\n/sdcard/Android/data/com.mydrivers.newsclient/cache/apks\n/sdcard/Android/data/com.renren.mobile.android/cache/downloads\n/sdcard/Android/data/com.slideme.sam.manager/files\n/sdcard/Android/data/com.ss.android.article.news/files\n/sdcard/Android/data/com.tencent.qqlive/cache/update/update\n/sdcard/Android/data/com.tmall.wireless/files\n/sdcard/Android/data/com.tmall.wireless/files/plugin\n/sdcard/Android/data/com.wumii.android.mimi/files/tmp\n/sdcard/Android/data/com.xiaomi.hm.health/files/Download\n/sdcard/Android/data/com.youku.phone/cache\n/sdcard/Android/data/de.amazon.mshop.android/files/apks\n/sdcard/Android/data/fr.amazon.mshop.android/files/apks\n/sdcard/Android/data/jp.amazon.mshop.android/files/apks\n/sdcard/Android/data/uk.amazon.mshop.android/files/apks\n/sdcard/AndroidOptimizer/apkdownloader\n/sdcard/Android/data/com.mobile.indiapp/apk\n/sdcard/Baidu/searchbox/downloads\n/sdcard/Baidu_music/download\n/sdcard/BaiduLebo/apkcache\n/sdcard/baidu/AppSearch/downloads\n/sdcard/BaiduMap/cache\n/sdcard/BaiduNavi\n/sdcard/Be-on-road/updates\n/sdcard/Coolpad/coolmart\n/sdcard/Coolpad/coolmart/Apk\n/sdcard/DolphinBrowserCN/download\n/sdcard/Download\n/sdcard/Download/.um/apk\n/sdcard/EasyDownloader/APKs\n/sdcard/EasyDownloaderPro/APKs\n/sdcard/Jing/WebCache/update\n/sdcard/KVDownload\n/sdcard/LEWA/download\n/sdcard/Mercury/Downloads/Applications\n/sdcard/MiniWeather/App\n/sdcard/NearMeMarket/application\n/sdcard/QQBrowser\n/sdcard/QQBrowser/安装包\n/sdcard/QQGame\n/sdcard/ShoujiKong/Downloadapk\n/sdcard/SogouDownload\n/sdcard/TaoUpdate\n/sdcard/Tencent/TMAssistantSDK/Download\n/sdcard/UCDownloads\n/sdcard/WifiMasterKey/apk\n/sdcard/Xueba/download\n/sdcard/Yingyonghui/apk\n/sdcard/Yixin/apk\n/sdcard/ZAKER/apk\n/sdcard/aliUnion_apk\n/sdcard/android/data/com.baidu.netdisk/cache/.apk\n/sdcard/android/data/com.muzhiwan.market/updates\n/sdcard/Android/data/com.sxiaoao.car3d3.englishNGP/cache/apk\n/sdcard/Android/data/com.tenone.ZombieCrisis3D/cache/apk\n/sdcard/Android/data/org.cocos2dx.UCRun/cache/apk\n/sdcard/Android/data/com.appon.zombiebusterssquad/cache/apk\n/sdcard/Android/data/com.nazara.cbchallenge_9game/cache/apk\n/sdcard/Android/data/com.dumadugames.parking/cache/apk\n/sdcard/Android/data/com.fivemobile.thescore/app\n/sdcard/Android/data/com.huawei.appmarket/AppCache\n/sdcard/Android/data/com.rovio.BadPiggiesHD/app\n/sdcard/Android/data/com.rovio.BadPiggiesHD/files/app\n/sdcard/Android/data/com.subwayquicksurfers.game/cache/apk\n/sdcard/Android/data/com.tencent.news/files/market\n/sdcard/Android/data/com.renren.mobile.android/files/downloads\n/sdcard/Android/data/com.taobao.taobao/cache/TaoUpdate\n/sdcard/Android/data/kr.co.shiftworks.vguardweb/files/app\n/sdcard/Android/data/com.suning.mobile.ebuy/cache/files\n/sdcard/Android/data/com.hexin.plat.android/cache/10jqka/downApk\n/sdcard/Android/data/com.mydream.wifi/files/downloading\n/sdcard/anzhi/download\n/sdcard/aoramarket/downloadApk\n/sdcard/app-update\n/sdcard/appcenter/app\n/sdcard/appdownload/apk\n/sdcard/AppSearch/downloads\n/sdcard/autohomemain/apks\n/sdcard/baidu/AndroidStore/downloads\n/sdcard/blackmart/downloads\n/sdcard/cmblife/apk\n/sdcard/com.appeggs\n/sdcard/com.corp21cn.flowpay/download\n/sdcard/com.eg.android.AlipayGphone/downloads\n/sdcard/com.eg.android.AlipayGphone/update\n/sdcard/com.goapk.market\n/sdcard/com.ifafa.globalradio/DownloadApk\n/sdcard/digua/downs\n/sdcard/downloadapp\n/sdcard/download/APK\n/sdcard/download/cjwifi\n/sdcard/duoku/GameSearch/downloads\n/sdcard/dxcontent/apks\n/sdcard/easou_plus/apk\n/sdcard/egame/downloader\n/sdcard/estream/app\n/sdcard/freenote_temp\n/sdcard/gamebox/application\n/sdcard/gewara/download\n/sdcard/gfan/market\n/sdcard/gomarket/download\n/sdcard/hao123/down/apk\n/sdcard/hiapk_market/app/download\n/sdcard/htc/videos\n/sdcard/ifengnews/down\n/sdcard/idothing/apks\n/sdcard/jz/jzSDK/downloads\n/sdcard/kaiqi/Application\n/sdcard/kaixin001/Update\n/sdcard/kbrowser/download/App\n/sdcard/kbrowser/kbrowser_apk\n/sdcard/kuaishou/kuaishou/gameapp\n/sdcard/mgyapp/apk\n/sdcard/mobcent/com.appbyme.app47745/cache/ad\n/sdcard/mobogenie/app\n/sdcard/mobomarket/apps\n/sdcard/moxiu/update\n/sdcard/mumayi/download\n/sdcard/netease/newsreader/netease_temp_file\n/sdcard/onemobile_download\n/sdcard/photowonder/temp\n/sdcard/pp/download/app\n/sdcard/portfoliopdf/APK\n/sdcard/pp/downloader/apk\n/sdcard/pptv/download\n/sdcard/pris/download\n/sdcard/qqmusic/upgrade\n/sdcard/qqplazasimple/Apk\n/sdcard/qqtheme/apk\n/sdcard/qvod/ad_apps\n/sdcard/qvod/apk\n/sdcard/sina/weibo/SinaAppMarket/APK\n/sdcard/skymarket/com.release_ua.appstore/download\n/sdcard/sogouappmall/downloads\n/sdcard/sohu.wrestore/download\n/sdcard/sprite/apk\n/sdcard/taoapp/com.taobao.appcenter/update_cache\n/sdcard/taobao/com.taobao.taobao/update_cache\n/sdcard/taobao/update\n/sdcard/taobao/update_cache\n/sdcard/tencent/.qqdownload/newApkDir\n/sdcard/tencent/MicroMsg\n/sdcard/tencent/MicroMsg/Download\n/sdcard/tencent/.qqdownload/newapkdir\n/sdcard/tencent/QQHD/Plugin/Market/apk\n/sdcard/tencent/QQfile_recv\n/sdcard/Tencent/kingsoft_appstore/apk\n/sdcard/tencent/QQifile_recv\n/sdcard/tencent/TMAssistantSDK/Download/com.qzone\n/sdcard/tencent/TMAssistantSDK/Download/com.tencent.mobileqq\n/sdcard/tencent/tassistant\n/sdcard/tencent/tassistant/apk\n/sdcard/tencent/tencentnews/market\n/sdcard/tianqitong/Downloads\n/sdcard/tigermap/download\n/sdcard/ting/update\n/sdcard/tingshu/null\n/sdcard/ttpod/app\n/sdcard/Android/data/com.sohu.tv/update\n/sdcard/ucappstore/apk\n/sdcard/ugame/ugameSDK/download\n/sdcard/uucun/download\n/sdcard/wandoujia/app\n/sdcard/wandoujia/plugin\n/sdcard/wandoujia/videoProviderApk\n/sdcard/wostore\n/sdcard/wybb/downloads\n/sdcard/xtuone/friday/download\n/sdcard/youku/app\n/sdcard/yunos/com.yunos.tvhelper/download\n/sdcard/zuimei/apps\n/sdcard/tmp\n/sdcard/Android/data/com.Qunar/cache/qrsanapk\n/sdcard/微盘\n/sdcard/Yingyonghui/yyhdownload\n/sdcard/wostore/download/apk\n/sdcard/Adview/download/apps\n/sdcard/.expand\n/sdcard/Dopooltv/thirdapp\n/sdcard/xiu8/xiu8load/html\n/sdcard/Android/data/com.baidu.iknow/files/apk\n/sdcard/zzenglish/AppDownload\n/sdcard/ganji/apk\n/sdcard/ctrip.android.view/download\n/sdcard/Android/data/icmweather/apps\n/sdcard/Download/mizhuan\n/sdcard/360freewifi/appstore\n/sdcard/tencent/zebra\n/sdcard/YinbiaoDownloads\n/sdcard/com.anguanjia.safe/download\n/sdcard/mosecurity\n/sdcard/闪传收件箱/应用\n/sdcard/mgyun/root/app\n/sdcard/HuaQian/download\n/sdcard/.QQGame/Apk\n/sdcard/TencentPowermanager\n/sdcard/smartmanager\n/sdcard/tencent/tassistant/file\n/sdcard/download/QooApp\n/sdcard/Android/data/com.duotin.fm/files/Recommend\n/sdcard/funshion/ad/apk\n/sdcard/kuaikan/download\n/sdcard/Android/data/com.Qunar/files/caches\n/sdcard/AndroidReader/download/software\n/sdcard/GGBook/app\n/sdcard/sina/reader/apk\n/sdcard/tencent/QQGame/happymj\n/sdcard/easouclient/newDownloads\n/sdcard/Android/data/com.cyjh.gundam/files\n/sdcard/tencent/MidasPay\n/sdcard/netease/ldxy.fg\n/sdcard/Android/data/cn.mucang.kaka.android/files\n/sdcard/YOUNI_ADS\n/sdcard/advert/apk\n/sdcard/YJFDownloads\n/sdcard/gmq_download\n/sdcard/baihe/apk\n/sdcard/GDTDOWNLOAD/apk\n/sdcard/tencent/TMAssistantSDK/Download/com.tencent.lightapp.nba\n/sdcard/vlocker/update\n/sdcard/MzwDownloads\n/sdcard/kuaiyouxi/datas\n/sdcard/muzhiwan/com.muzhiwan.market/gpk\n/sdcard/tudou/game_center\n/sdcard/DMDownload\n/sdcard/Doreso/app\n/sdcard/u360/apk\n/sdcard/com/cn21/ecloud/file/download/finished\n/sdcard/ThunderDownload\n/sdcard/PandaAudio/download\n/sdcard/dancisuoping/download\n/sdcard/yingyushuo/update\n/sdcard/appshare.ilisten/plugin\n/sdcard/hzdownload\n/sdcard/combudejiewww/down\n/sdcard/u17phone/game/apk\n/sdcard/.didiCache/download\n/sdcard/fyzb/download/apps\n/sdcard/360Video/apkFile\n/sdcard/ddReader/apk\n/sdcard/download_cache\n/sdcard/duoku_singlesdk_download\n/sdcard/2cloo\n/sdcard/tiebaMini\n/sdcard/download/ad/apk\n/sdcard/netease/ldxy.baidu\n/sdcard/zhenai/download\n/sdcard/weaver/downloadApp\n/sdcard/download/vcs-installer\n/sdcard/tongtong/downloadfile/.appfile\n/sdcard/bf/market/downloads\n/sdcard/Fetion/Fetion/Game\n/sdcard/tencent/qqphonebook/temp\n/sdcard/365Shengri/AppRecommend\n/sdcard/Android/data/com.baidu.video/apkfile\n/sdcard/vker/files\n/sdcard/PandaHome2/downloads\n/sdcard/gb\n/sdcard/CCTV3/dl/CCTV3\n/sdcard/Android/data/cn.pipi.mobile.pipiplayer/files/apk\n/sdcard/Baidu_music/download/cache\n/sdcard/MxBrowser/Downloads\n/sdcard/2345Browser/2345Packages\n/sdcard/downloadApk\n/sdcard/PandaHome2ThemeLib/Packages\n/sdcard/youxi\n/sdcard/ddcaches\n/sdcard/Android/data/com.huawei.gamebox/AppCache\n/sdcard/kacha/app\n/sdcard/com.iplay.assistant/downloads\n/sdcard/GprsPush/Update\n/sdcard/25az/apps\n/sdcard/wgc/app\n/sdcard/.cn.coupon.kfc/apps\n/sdcard/MTGIF/.temp/download\n/sdcard/.bluecrane/apk\n/sdcard/miaowu\n/sdcard/kuaidi/apks\n/sdcard/bddownload\n/sdcard/bdwallcache2\n/sdcard/kuxun/apks\n/sdcard/8684/update\n/sdcard/unsdk/cn.chinabus.main/downloader/apk\n/sdcard/baidu/Keyguard/downloads\n/sdcard/BaiduLauncher/app\n/sdcard/launcher/AppRes/apk\n/sdcard/download/download_wifi\n/sdcard/baoruan_download/shangcheng/soft\n/sdcard/Dianxinos/market/downloads\n/sdcard/Android/data/com.mofangge.arena/download\n/sdcard/vzy\n/sdcard/pinche/download\n/sdcard/market/files/download\n/sdcard/meishij\n/sdcard/kkshow\n/sdcard/4399Game/market\n/sdcard/Android/data/com.jingdong.app.reader/files/update\n/sdcard/xiami/apps\n/sdcard/Android/data/com.huawei.appmarket/appcache\n/sdcard/gameunion/.cache/apk\n/sdcard/kugouFM/download/apk\n/sdcard/kugouhd/market\n/sdcard/iaround/apkcache\n/sdcard/pptv/apk\n/sdcard/pptv/app\n/sdcard/TouchPalv5/emoji_plugin\n/sdcard/TouchPal_OEM/emoji_plugin\n/sdcard/TouchPal_OEM/present_apk\n/sdcard/tencent/TMAssistantSDK/Download/com.tencent.qqlive\n/sdcard/ViberInstaller\n/sdcard/wandoujia_adnetwork/app\n/sdcard/eDaiJia\n/sdcard/vqs/DOWN\n/sdcard/QQSecureDownload\n/sdcard/jingdong/file\n/sdcard/.iqiyigamecenter\n/sdcard/appmaster/backup\n/sdcard/tencent/MobileQQ/arkapp\n/sdcard/qqpim/apks\n/sdcard/android/data/com.ximalaya.ting.android/files/update\n/sdcard/360download\n/sdcard/download/4399\n/sdcard/91 wireless/pandaspace/apps\n/sdcard/pandahome2/wifidownload\n/sdcard/icm/bazaar\n/sdcard/daumappcenter\n/sdcard/Android/data/com.estrongs.android.pop/.apps\n/sdcard/.estrongs/theme/com.estrongs.android.pop.classic\n/sdcard/.estrongs/theme/com.estrongs.android.pop.theme.ics\n/sdcard/.estrongs/theme/com.estrongs.android.pop.classic.material\n/sdcard/frostwire/applications\n/sdcard/golauncherex/gorecommendwidget\n/sdcard/golauncherex/game\n/sdcard/air/download\n/sdcard/gopowermaster/appwidgetapk\n/sdcard/gopowermaster/download\n/sdcard/mobogenie/apk\n/sdcard/myket/downloads\n/sdcard/Android/data/com.nhn.android.ndrive/cache/temp/app\n/sdcard/ota-updater\n/sdcard/.incrupdate\n/sdcard/qqbrowser/安装包\n/sdcard/qqbrowser/apk\n/sdcard/tencent/qzone/apk\n/sdcard/ucdownloads/upgrade2\n/sdcard/wifimasterkey/apk\n/sdcard/oovoo/.plugin\n/sdcard/.lestore/download\n/sdcard/Android/data/com.dropbox.android/cache/updates\n/sdcard/toolbox/apk\n/sdcard/Android/data/com.qunar/files/caches\n/sdcard/dodol/launcher/app_pack\n/sdcard/appgame/gomarket/gostore/download\n/sdcard/Android/data/com.quvideo.xiaoying/cache/download\n/sdcard/bao/apk\n/sdcard/bao/.plugin\n/sdcard/Android/data/com.outfit7.mytalkingtomfree/files/apk\n/sdcard/mypeople/.custom_files/.nomedia\n/sdcard/mzwdownloads/datas\n/sdcard/com.sohu.sohuvideo/download\n/sdcard/Android/data/com.sohu.inputmethod.sogou/files/platform/apkcache\n/sdcard/Android/data/com.sohu.inputmethod.sogou/files/download\n/sdcard/sogou/recommend/apkcache\n/sdcard/com.eg.android.alipaygphone/downloads\n/sdcard/sina/weibo/download\n/sdcard/sina/weibo/sinaappmarket/apk\n/sdcard/sina/weibo/apks\n/sdcard/wangxin/apk\n/sdcard/hispace/application\n/sdcard/hispace/app\n/sdcard/barcodescanner/tmp\n/sdcard/Android/data/com.cleanmaster.mguard_cn/files/download\n/sdcard/baidu/searchbox/safeurl\n/sdcard/baidu/appsearch/downloads\n/sdcard/androidoptimizer/apkdownloader\n/sdcard/Android/data/com.roidapp.photogrid/files/download\n/sdcard/kittyplayex/download/apk\n/sdcard/touchpalv5/present_apk\n/sdcard/mxbroswer/downloads\n/sdcard/kugou/market\n/sdcard/Android/data/com.cleanmaster.mguard/files/cleanmaster\n/sdcard/gpk\n/sdcard/youku/game_center\n/sdcard/sogou/download\n/sdcard/appgame/gomarketsdk52/download\n/sdcard/muzhiwan/market/gsf\n/sdcard/4399game/market\n/sdcard/Android/data/cn.wps.moffice_eng/.cache/kingsoftoffice/apkdownload\n/sdcard/sogou/source\n/sdcard/center.com.eg.android.alipaygphone/cmd/download\n/sdcard/.mediacache\n/sdcard/Android/data/cn.wps.moffice_i18n/.cache/kingsoftoffice/apkdownload\n/sdcard/aliunion_apk\n/sdcard/com.snda.wifilocating/apk\n/sdcard/Android/data/com.ucmobile.intl/cache/apk\n/sdcard/mine/appwall/apk\n/sdcard/baodownload\n/sdcard/tencent/tmassistantsdk/download/com.tencent.qqmusic\n/sdcard/taobao/gamecenter\n/sdcard/doodledoodle/doodledoodle_files\n/sdcard/.iqiyigamecenter/game\n/sdcard/Android/data/com.huawei.appmarket/appcache/tmp\n/sdcard/Android/data/com.huawei.gamebox/appcache\n/sdcard/tencent/assistant/apk\n/sdcard/autonavidata70/plugindownload\n/sdcard/kekemarket/application\n/sdcard/Android/data/com.lazyswipe/files/upgrade\n/sdcard/cmlauncher/downloadedapk\n/sdcard/holalauncher/app\n/sdcard/Android/data/com.surpax.ledflashlight.panel/cache/apk\n/sdcard/91 wireless/mobomarket/apps\n/sdcard/Android/data/com.turkcell.uygulamalar/cache/downloads/.apps\n/sdcard/Android/data/com.turkcell.uygulamalar/cacheupdater_downloads\n/sdcard/divar/divar/apk\n/sdcard/.afmobi/apk\n/sdcard/mobogeniemarkets/app\n/sdcard/Android/data/com.farsitel.bazaar/files\n/sdcard/data/com.iconnect.app.pts.a/apk_download\n/sdcard/touchpal2015/present_apk\n/sdcard/clouddrive/update\n/sdcard/Android/data/com.tencent.qqmusic/files/qqmusic/apk\n/sdcard/mtmarket/app\n/sdcard/wandoujia/tiny\n/sdcard/lestoredownloads\n/sdcard/nearmemarket/application\n/sdcard/youku/app_center\n/sdcard/.trendingapps\n/sdcard/snaptube/app\n/sdcard/touchpal_oem/present_apk\n/sdcard/download/oculus_downloaded_apks\n/sdcard/9appspro/downloader/apk\n/sdcard/tts_source\n/sdcard/Tencent\n/sdcard/Tencent/mta\n/sdcard/Android/data/com.google.android.gms\n/sdcard/Android/data/com.google.android.gms/files\n/sdcard/tencent/mta\n/sdcard/Android/data/com.google.android.youtube\n/sdcard/Android/data/com.google.android.youtube/cache\n/sdcard/Android/data/com.google.android.youtube/files\n/sdcard/Android/data/com.google.android.youtube/cache/exo” } }


### System Log Messages

* Debug logs are generally designed to be used to detect and correct flaws in an application. These logs can leak sensitive information that may help an attacker create a more powerful attack.  In this test, the system log files are analyzed for existence of sensitive user or application data.

**Example**:

{ “kind”: “dynamic”, “key”: “asl”, “title”: “System Log Messages”, “category”: “artifact”, “summary”: “Debug logs are generally designed to be used to detect and correct flaws in an application. These logs can leak sensitive information that may help an attacker create a more powerful attack. In this test, the system log files are analyzed for existence of sensitive user or application data.”, “regulatory”: {}, “affected”: true, “context”: { “fields”: { “Message”: { “title”: “Messages” } }, “rows”: [ { “Message”: “[Crashlytics] Version 3.8.1 (117)” }, { “Message”: “[INFO/SDK]: MySpinServerSDK Version: 1.3.5.2 (none)” }, { “Message”: “[ERROR/SDK]: -[EDManager applyLaunchOptions] [Line 1189] EDManager not started yet. Cannot call method -[EDManager applyLaunchOptions].” }, { “Message”: “[1] SDLIAPTransport Listening For Events” }, { “Message”: “[1] SDLIAPTransport Init” }, { “Message”: “[1] Attempting To Connect” }, { “Message”: “[1] No accessory supporting a required sync protocol was found.” }, { “Message”: “[1] SDLProxy initWithTransport” }, { “Message”: “| RAPI: WARNING: [RAPIEntertainmentAppLink setAppName] called while not being connnected to the car” }, { “Message”: “| RAPI: [IF] setAppName:‘Spotify’” }, { “Message”: “| RAPI: [IF] postAudioServiceAvailability:2” }, { “Message”: “*** -[NSKeyedUnarchiver initForReadingWithData:]: data is NULL” }, { “Message”: “08:59:04.321 ERROR: [Main thread] 235: error -66748 from registration server” }, { “Message”: “\t[Adjust]a: PRODUCTION: Adjust is running in Production mode. Use this setting only for the build that you want to publish. Set the environment to sandbox if you want to test your app!” }, { “Message”: “\t[Adjust]d: Delegate implements adjustEventTrackingSucceeded:” }, { “Message”: “\t[Adjust]d: Delegate implements adjustEventTrackingFailed:” }, { “Message”: “\t[Adjust]d: Delegate implements adjustSessionTrackingSucceeded:” }, { “Message”: “\t[Adjust]d: Delegate implements adjustSessionTrackingFailed:” }, { “Message”: “ SecTrustEvaluate [leaf AnchorTrusted]” }, { “Message”: “[INFO/SDK]: MySpinServerSDK Version: 1.3.5.2 (none)” }, { “Message”: “[ERROR/SDK]: -[MySpinServerSDK start] [Line 445] mySPIN Server already started” } ] } }

### Network Connections

* As the application is running, we monitor the app communications in order to understand where the application is sending its data.

**Example**:

{ “kind”: “dynamic”, “key”: “geoip”, “title”: “Network Connections”, “category”: “artifact”, “summary”: “As the application is running, we monitor the app communications in order to understand where the application is sending its data.”, “regulatory”: {}, “affected”: true, “context”: { “fields”: { “domain”: { “title”: “Domain” }, “ip”: { “title”: “IP” }, “org”: { “title”: “Organization” }, “location”: { “title”: “Location” } }, “rows”: [ { “domain”: “amazon.com”, “ip”: “107.21.220.89”, “org”: “Amazon.com Inc.”, “location”: “Ashburn, Virginia, US” }, { “domain”: “google.com”, “ip”: “104.154.127.47”, “org”: “Google Inc.”, “location”: “Mountain View, California, US” }, { “domain”: “leaseweb.com”, “ip”: “178.162.216.177”, “org”: “LeaseWeb Deutschland GmbH”, “location”: “Frankfurt am Main, Hessen, DE” }, { “domain”: “akamai.com”, “ip”: “104.113.62.61”, “org”: “Akamai Technologies Inc.”, “location”: “Warsaw, Mazowieckie, PL” }, { “domain”: “amazon.com”, “ip”: “52.85.112.141”, “org”: “Amazon Technologies Inc.”, “location”: “Camby, Indiana, US” } ] } }


### AFNetworking Implementation
* Checks the security of the AFNetworking library's implementation setting, which allows developers to add networking functionality to their applications.

**Example**:

{ “kind”: “dynamic”, “key”: “afnetworking”, “title”: “AFNetworking Implementation”, “category”: “code”, “summary”: “Checks the security of the AFNetworking library’s implementation setting, which allows developers to add networking functionality to their applications.”, “cvss”: “7.1”, “regulatory”: {}, “affected”: false, “severity”: “pass”, “description”: “Your application is using an updated version of the AFNetworking library.”, “context”: { “title”: “Tests”, “fields”: { “name”: { “title”: “Name” }, “tests”: { “title”: “Tests” } }, “rows”: [ { “name”: “PodIntercom_AFSecurityPolicy”, “tests”: [ “testDefaultPolicyIsSetToAFSSLPinningModeNone: true”, “testDefaultPolicyFailsToEvaluateServerTrustFromSelfSignedCertificate: true” ] } ] } }


### Run Summary

* Summary of start/stop time, taskIDs, and various other parameters that provides meta information and diagnostic data during analysis.

**Example**:

“run_summary”: { “apk_info”: { “md5”: “679d9b8865565f27bcf93beb811a0da0”, “sha1”: “cfc701e1cf9346d4cdc29f2f9d8e0c581a0505e9”, “minSDK”: 15, “sha256”: “4d2be7271a8ad560696dc1be4e405463a6ff1d6224352ee24dab7ab3f196d247”, “services”: [ “com.dynamic.behaviors.SmsService” ], “receivers”: [], “targetSDK”: 16, “activities”: [ “fuzion24.dynamictestapp.MainActivity” ], “packageName”: “fuzion24.dynamictestapp”, “permissions”: [ “android.permission.INTERNET”, “android.permission.READ_PHONE_STATE”, “android.permission.SEND_SMS”, “android.permission.READ_SMS”, “android.permission.ACCESS_WIFI_STATE”, “android.permission.CHANGE_WIFI_STATE”, “android.permission.CAMERA”, “android.permission.RECORD_AUDIO”, “android.permission.READ_CONTACTS”, “android.permission.WRITE_EXTERNAL_STORAGE” ], “versionCode”: 2, “mainActivity”: “fuzion24.dynamictestapp.MainActivity” }, “device_info”: { “dns1”: “192.168.68.1”, “dns2”: “”, “serial”: “0a6ffb58”, “wifi_ip”: “192.168.68.42”, “wifi_mac”: “F3:B6:B1:8F:F3:B6”, “android_id”: “2ac198b3f4446d33”, “bluetooth_mac”: “14:DD:A9:45:6B:54”, “build_fingerprint”: “google/razor/flo:6.0.1/MOB30X/3036618:user/release-keys”, “provision_version”: 75, “provision_revision”: “95c5503”, “surrounding_wifi_networks”: [ { “SSID”: “d-a-r-wifi”, “BSSID”: “:35:8b:13:1b:a0” }, { “SSID”: “nshq-guest-wifi”, “BSSID”: “:18:d6:22:30:17” }, { “SSID”: “nshq-wireless”, “BSSID”: “:18:d6:22:30:17” }, { “SSID”: “ngHub_319443NM03AE9”, “BSSID”: “:a1:51:59:4f:e2” }, { “SSID”: “nshq-mac-wireless”, “BSSID”: “:72:40:13:ea:fc” }, { “SSID”: “venom-d-a-r-wifi”, “BSSID”: “:35:8b:13:bc:d4” }, { “SSID”: “optimus_dtr_wifi”, “BSSID”: “:35:8b:13:65:34” }, { “SSID”: “RM637”, “BSSID”: “:a1:51:1a:d6:24” }, { “SSID”: “Red Mango Café”, “BSSID”: “:a1:51:1a:d6:25” } ] }, “analysis_time”: 419.171758890152, “analysis_revision”: “95c5503”, “incomplete_report”: true, “current_analysis_version”: 2, “start_analysis_timestamp”: 1491224082.670546 }, “stealth_spy”: [ { “class”: “android.database.sqlite.SQLiteDatabase”, “method”: “execSQL”, “timestamp”: 1491224101230, “SQLStatement”: “ CREATE TABLE users (_id INTEGER PRIMARY KEY AUTOINCREMENT, name TEXT NOT NULL, grade TEXT NOT NULL);” }, { “class”: “android.database.sqlite.SQLiteDatabase”, “method”: “execSQL”, “timestamp”: 1491224101232, “SQLStatement”: “PRAGMA user_version = 1” }, { “class”: “java.security.SecureRandom”, “method”: “setSeed”, “timestamp”: 1491224101315 }, { “class”: “dalvik.system.DexFile”, “method”: “dalvik.system.DexFile”, “dexFile”: “/system/app/WebViewGoogle/WebViewGoogle.apk”, “timestamp”: 1491224101440 }, { “class”: “dalvik.system.DexFile”, “method”: “dalvik.system.DexFile”, “timestamp”: 1491224101442, “sourcePathName”: “/system/app/WebViewGoogle/WebViewGoogle.apk” }, { “class”: “android.app.Application”, “method”: “getSharedPreferences”, “timestamp”: 1491224101492, “preferencesName”: “WebViewChromiumPrefs” }, { “Key”: “lastVersionCodeUsed”, “class”: “android.app.SharedPreferencesImpl.EditorImpl”, “value”: 246011700, “method”: “putInt”, “timestamp”: 1491224101497 }, { “class”: “android.app.SharedPreferencesImpl.EditorImpl”, “method”: “apply”, “timestamp”: 1491224101501 }, { “class”: “android.app.ContextImpl”, “method”: “registerReceiver”, “timestamp”: 1491224101634, “intentActions”: [ “android.intent.action.TIMEZONE_CHANGED” ], “broadcastReceiverClassName”: “class org.chromium.content.browser.TimeZoneMonitor$1” }, { “class”: “android.app.ContextImpl”, “method”: “registerReceiver”, “timestamp”: 1491224101640, “intentActions”: [ “android.intent.action.PROXY_CHANGE” ], “broadcastReceiverClassName”: “class org.chromium.net.ProxyChangeListener$ProxyReceiver” }, { “class”: “android.app.ContextImpl”, “method”: “registerReceiver”, “timestamp”: 1491224101646, “intentActions”: [ “android.intent.action.HEADSET_PLUG” ], “broadcastReceiverClassName”: “class org.chromium.media.AudioManagerAndroid$1” }, { “class”: “android.webkit.WebView”, “method”: “addJavascriptInterface”, “timestamp”: 1491224101750, “jsInterfaceObject”: “com.dynamic.behaviors.dumb.webview.WebAppInterface”, “jsExposedObjectName”: “Android” }, { “key”: “000102030405060708090A0B0C0D0E0F1011121314151617”, “class”: “javax.crypto.spec.SecretKeySpec”, “method”: “javax.crypto.spec.SecretKeySpec”, “algorithm”: “AES”, “timestamp”: 1491224120568 }, { “class”: “java.security.SecureRandom”, “method”: “setSeed”, “timestamp”: 1491224120594 }, { “mode”: “encrypt”, “class”: “javax.crypto.Cipher”, “method”: “doFinal”, “algorithm”: “AES/ECB/PKCS7Padding”, “timestamp”: 1491224120598 }, { “mode”: “decrypt”, “class”: “javax.crypto.Cipher”, “method”: “doFinal”, “algorithm”: “AES/ECB/PKCS7Padding”, “timestamp”: 1491224120604 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “ps”, “-e” ], “timestamp”: 1491224120608 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “su”, “rm”, “-rf”, “/data/data/com/asdjahsd” ], “timestamp”: 1491224120705 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “echo “, “RT”, “Test”, “2” ], “timestamp”: 1491224120784 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “echo”, “RT”, “stringArray”, “Test”, “3” ], “timestamp”: 1491224120836 }, { “class”: “java.security.SecureRandom”, “method”: “setSeed”, “timestamp”: 1491224120883 }, { “class”: “java.util.zip.ZipInputStream”, “method”: “java.util.zip.ZipInputStream”, “timestamp”: 1491224122979 }, { “class”: “com.android.org.conscrypt.OpenSSLX509Certificate”, “method”: “getSerialNumber”, “timestamp”: 1491224123398 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getDeviceId”, “timestamp”: 1491224123469 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getSubscriberId”, “timestamp”: 1491224123487 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getLine1Number”, “timestamp”: 1491224123492 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getSimSerialNumber”, “timestamp”: 1491224123510 }, { “class”: “android.net.wifi.WifiInfo”, “method”: “getMacAddress”, “timestamp”: 1491224123526 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getDeviceId”, “timestamp”: 1491224123540 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getSubscriberId”, “timestamp”: 1491224123545 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getLine1Number”, “timestamp”: 1491224123550 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getSimSerialNumber”, “timestamp”: 1491224123562 }, { “class”: “android.net.wifi.WifiInfo”, “method”: “getMacAddress”, “timestamp”: 1491224123569 }, { “class”: “android.app.ApplicationPackageManager”, “method”: “getInstalledApplications”, “timestamp”: 1491224128003 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “mount” ], “timestamp”: 1491224128037 }, { “class”: “android.app.Application”, “method”: “getSharedPreferences”, “timestamp”: 1491224128121, “preferencesName”: “TestPrefs” }, { “Key”: “username”, “class”: “android.app.SharedPreferencesImpl.EditorImpl”, “value”: “Anon”, “method”: “putString”, “timestamp”: 1491224128129 }, { “Key”: “password”, “class”: “android.app.SharedPreferencesImpl.EditorImpl”, “value”: “myPassw0rd”, “method”: “putString”, “timestamp”: 1491224128131 }, { “class”: “android.app.SharedPreferencesImpl.EditorImpl”, “method”: “apply”, “timestamp”: 1491224128134 }, { “class”: “java.security.SecureRandom”, “method”: “setSeed”, “timestamp”: 1491224128140 }, { “class”: “java.security.SecureRandom”, “method”: “setSeed”, “timestamp”: 1491224128142 }, { “class”: “java.security.SecureRandom”, “method”: “setSeed”, “timestamp”: 1491224128143 }, { “class”: “android.app.ApplicationPackageManager”, “method”: “getInstalledApplications”, “timestamp”: 1491224128145 }, { “class”: “android.app.ApplicationPackageManager”, “method”: “getInstalledApplications”, “timestamp”: 1491224128170 }, { “class”: “dalvik.system.DexFile”, “method”: “dalvik.system.DexFile”, “dexFile”: “/data/app/fuzion24.dynamictestapp-1/base.apk”, “timestamp”: 1491224128208 }, { “class”: “dalvik.system.DexFile”, “method”: “dalvik.system.DexFile”, “timestamp”: 1491224128209, “sourcePathName”: “/data/app/fuzion24.dynamictestapp-1/base.apk” }, { “class”: “android.hardware.Camera”, “method”: “takePicture”, “timestamp”: 1491224128601 }, { “class”: “java.lang.ProcessBuilder”, “method”: “start”, “commands”: [ “ls”, “-l”, “/sdcard/” ], “timestamp”: 1491224128610 }, { “class”: “android.media.MediaRecorder”, “method”: “start”, “timestamp”: 1491224128678 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “rm”, “/storage/emulated/0/Android/data/fuzion24.dynamictestapp/cache/testfile2” ], “timestamp”: 1491224131901 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “/system/bin/rm”, “/storage/emulated/0/Android/data/fuzion24.dynamictestapp/cache/testfile2” ], “timestamp”: 1491224131942 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “/system/bin/logwrapper”, “/system/bin/id” ], “timestamp”: 1491224131984 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “/system/bin/sh”, “-c”, “/system/bin/rm /storage/emulated/0/Android/data/fuzion24.dynamictestapp/cache/testfile2” ], “timestamp”: 1491224132026 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “/system/bin/rm”, “/data/local/tmp/testfile3” ], “timestamp”: 1491224132146 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “/data/user/0/fuzion24.dynamictestapp/files/stupid.sh” ], “timestamp”: 1491224132202 }, { “class”: “android.telephony.SmsManager”, “method”: “sendTextMessage”, “timestamp”: 1491224132250, “destinationAddress”: “5555555555”, “textMessageContent”: “This was a sent text message” }, { “class”: “android.app.ContextImpl”, “method”: “registerReceiver”, “timestamp”: 1491224132269, “intentActions”: [ “android.net.wifi.SCAN_RESULTS” ], “broadcastReceiverClassName”: “class com.dynamic.behaviors.WifiThings$1” }, { “class”: “com.android.org.conscrypt.OpenSSLX509Certificate”, “method”: “getSerialNumber”, “timestamp”: 1491224132276 }, { “class”: “android.net.wifi.WifiManager”, “method”: “getScanResults”, “timestamp”: 1491224133073 }, { “class”: “java.security.SecureRandom”, “method”: “setSeed”, “timestamp”: 1491224209054 }, { “class”: “dalvik.system.DexFile”, “method”: “dalvik.system.DexFile”, “dexFile”: “/system/app/WebViewGoogle/WebViewGoogle.apk”, “timestamp”: 1491224209165 }, { “class”: “dalvik.system.DexFile”, “method”: “dalvik.system.DexFile”, “timestamp”: 1491224209166, “sourcePathName”: “/system/app/WebViewGoogle/WebViewGoogle.apk” }, { “class”: “android.app.Application”, “method”: “getSharedPreferences”, “timestamp”: 1491224209211, “preferencesName”: “WebViewChromiumPrefs” }, { “class”: “android.app.ContextImpl”, “method”: “registerReceiver”, “timestamp”: 1491224209336, “intentActions”: [ “android.intent.action.TIMEZONE_CHANGED” ], “broadcastReceiverClassName”: “class org.chromium.content.browser.TimeZoneMonitor$1” }, { “class”: “android.app.ContextImpl”, “method”: “registerReceiver”, “timestamp”: 1491224209344, “intentActions”: [ “android.intent.action.HEADSET_PLUG” ], “broadcastReceiverClassName”: “class org.chromium.media.AudioManagerAndroid$1” }, { “class”: “android.app.ContextImpl”, “method”: “registerReceiver”, “timestamp”: 1491224209344, “intentActions”: [ “android.intent.action.PROXY_CHANGE” ], “broadcastReceiverClassName”: “class org.chromium.net.ProxyChangeListener$ProxyReceiver” }, { “class”: “android.webkit.WebView”, “method”: “addJavascriptInterface”, “timestamp”: 1491224209431, “jsInterfaceObject”: “com.dynamic.behaviors.dumb.webview.WebAppInterface”, “jsExposedObjectName”: “Android” }, { “key”: “000102030405060708090A0B0C0D0E0F1011121314151617”, “class”: “javax.crypto.spec.SecretKeySpec”, “method”: “javax.crypto.spec.SecretKeySpec”, “algorithm”: “AES”, “timestamp”: 1491224228177 }, { “class”: “java.security.SecureRandom”, “method”: “setSeed”, “timestamp”: 1491224228183 }, { “mode”: “encrypt”, “class”: “javax.crypto.Cipher”, “method”: “doFinal”, “algorithm”: “AES/ECB/PKCS7Padding”, “timestamp”: 1491224228186 }, { “mode”: “decrypt”, “class”: “javax.crypto.Cipher”, “method”: “doFinal”, “algorithm”: “AES/ECB/PKCS7Padding”, “timestamp”: 1491224228190 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “ps”, “-e” ], “timestamp”: 1491224228196 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “su”, “rm”, “-rf”, “/data/data/com/asdjahsd” ], “timestamp”: 1491224228263 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “echo “, “RT”, “Test”, “2” ], “timestamp”: 1491224228315 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “echo”, “RT”, “stringArray”, “Test”, “3” ], “timestamp”: 1491224228396 }, { “class”: “java.security.SecureRandom”, “method”: “setSeed”, “timestamp”: 1491224228452 }, { “class”: “java.util.zip.ZipInputStream”, “method”: “java.util.zip.ZipInputStream”, “timestamp”: 1491224229888 }, { “class”: “com.android.org.conscrypt.OpenSSLX509Certificate”, “method”: “getSerialNumber”, “timestamp”: 1491224230154 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getDeviceId”, “timestamp”: 1491224230386 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getSubscriberId”, “timestamp”: 1491224230419 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getLine1Number”, “timestamp”: 1491224230425 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getSimSerialNumber”, “timestamp”: 1491224230437 }, { “class”: “android.net.wifi.WifiInfo”, “method”: “getMacAddress”, “timestamp”: 1491224230481 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getDeviceId”, “timestamp”: 1491224230488 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getSubscriberId”, “timestamp”: 1491224230492 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getLine1Number”, “timestamp”: 1491224230496 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getSimSerialNumber”, “timestamp”: 1491224230506 }, { “class”: “android.net.wifi.WifiInfo”, “method”: “getMacAddress”, “timestamp”: 1491224230512 }, { “class”: “android.app.ApplicationPackageManager”, “method”: “getInstalledApplications”, “timestamp”: 1491224230701 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “mount” ], “timestamp”: 1491224230723 }, { “class”: “android.app.Application”, “method”: “getSharedPreferences”, “timestamp”: 1491224230784, “preferencesName”: “TestPrefs” }, { “Key”: “username”, “class”: “android.app.SharedPreferencesImpl.EditorImpl”, “value”: “Anon”, “method”: “putString”, “timestamp”: 1491224230795 }, { “Key”: “password”, “class”: “android.app.SharedPreferencesImpl.EditorImpl”, “value”: “myPassw0rd”, “method”: “putString”, “timestamp”: 1491224230797 }, { “class”: “android.app.SharedPreferencesImpl.EditorImpl”, “method”: “apply”, “timestamp”: 1491224230799 }, { “class”: “java.security.SecureRandom”, “method”: “setSeed”, “timestamp”: 1491224230801 }, { “class”: “java.security.SecureRandom”, “method”: “setSeed”, “timestamp”: 1491224230802 }, { “class”: “java.security.SecureRandom”, “method”: “setSeed”, “timestamp”: 1491224230803 }, { “class”: “android.app.ApplicationPackageManager”, “method”: “getInstalledApplications”, “timestamp”: 1491224230804 }, { “class”: “android.app.ApplicationPackageManager”, “method”: “getInstalledApplications”, “timestamp”: 1491224230828 }, { “class”: “dalvik.system.DexFile”, “method”: “dalvik.system.DexFile”, “dexFile”: “/data/app/fuzion24.dynamictestapp-1/base.apk”, “timestamp”: 1491224230869 }, { “class”: “dalvik.system.DexFile”, “method”: “dalvik.system.DexFile”, “timestamp”: 1491224230870, “sourcePathName”: “/data/app/fuzion24.dynamictestapp-1/base.apk” }, { “class”: “android.hardware.Camera”, “method”: “takePicture”, “timestamp”: 1491224231197 }, { “class”: “java.lang.ProcessBuilder”, “method”: “start”, “commands”: [ “ls”, “-l”, “/sdcard/” ], “timestamp”: 1491224231201 }, { “class”: “android.media.MediaRecorder”, “method”: “start”, “timestamp”: 1491224231254 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “rm”, “/storage/emulated/0/Android/data/fuzion24.dynamictestapp/cache/testfile2” ], “timestamp”: 1491224234426 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “/system/bin/rm”, “/storage/emulated/0/Android/data/fuzion24.dynamictestapp/cache/testfile2” ], “timestamp”: 1491224234495 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “/system/bin/logwrapper”, “/system/bin/id” ], “timestamp”: 1491224234565 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “/system/bin/sh”, “-c”, “/system/bin/rm /storage/emulated/0/Android/data/fuzion24.dynamictestapp/cache/testfile2” ], “timestamp”: 1491224234605 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “/system/bin/rm”, “/data/local/tmp/testfile3” ], “timestamp”: 1491224234656 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “/data/user/0/fuzion24.dynamictestapp/files/stupid.sh” ], “timestamp”: 1491224234705 }, { “class”: “android.telephony.SmsManager”, “method”: “sendTextMessage”, “timestamp”: 1491224234761, “destinationAddress”: “5555555555”, “textMessageContent”: “This was a sent text message” }, { “class”: “android.app.ContextImpl”, “method”: “registerReceiver”, “timestamp”: 1491224234771, “intentActions”: [ “android.net.wifi.SCAN_RESULTS” ], “broadcastReceiverClassName”: “class com.dynamic.behaviors.WifiThings$1” }, { “class”: “com.android.org.conscrypt.OpenSSLX509Certificate”, “method”: “getSerialNumber”, “timestamp”: 1491224234775 }, { “class”: “android.net.wifi.WifiManager”, “method”: “getScanResults”, “timestamp”: 1491224235485 }, { “class”: “android.database.sqlite.SQLiteDatabase”, “method”: “execSQL”, “timestamp”: 1491224322485, “SQLStatement”: “ CREATE TABLE users (_id INTEGER PRIMARY KEY AUTOINCREMENT, name TEXT NOT NULL, grade TEXT NOT NULL);” }, { “class”: “android.database.sqlite.SQLiteDatabase”, “method”: “execSQL”, “timestamp”: 1491224322488, “SQLStatement”: “PRAGMA user_version = 1” }, { “class”: “java.security.SecureRandom”, “method”: “setSeed”, “timestamp”: 1491224322525 }, { “class”: “dalvik.system.DexFile”, “method”: “dalvik.system.DexFile”, “dexFile”: “/system/app/WebViewGoogle/WebViewGoogle.apk”, “timestamp”: 1491224322639 }, { “class”: “dalvik.system.DexFile”, “method”: “dalvik.system.DexFile”, “timestamp”: 1491224322640, “sourcePathName”: “/system/app/WebViewGoogle/WebViewGoogle.apk” }, { “class”: “android.app.Application”, “method”: “getSharedPreferences”, “timestamp”: 1491224322700, “preferencesName”: “WebViewChromiumPrefs” }, { “Key”: “lastVersionCodeUsed”, “class”: “android.app.SharedPreferencesImpl.EditorImpl”, “value”: 246011700, “method”: “putInt”, “timestamp”: 1491224322704 }, { “class”: “android.app.SharedPreferencesImpl.EditorImpl”, “method”: “apply”, “timestamp”: 1491224322706 }, { “class”: “android.app.ContextImpl”, “method”: “registerReceiver”, “timestamp”: 1491224322827, “intentActions”: [ “android.intent.action.TIMEZONE_CHANGED” ], “broadcastReceiverClassName”: “class org.chromium.content.browser.TimeZoneMonitor$1” }, { “class”: “android.app.ContextImpl”, “method”: “registerReceiver”, “timestamp”: 1491224322834, “intentActions”: [ “android.intent.action.PROXY_CHANGE” ], “broadcastReceiverClassName”: “class org.chromium.net.ProxyChangeListener$ProxyReceiver” }, { “class”: “android.app.ContextImpl”, “method”: “registerReceiver”, “timestamp”: 1491224322850, “intentActions”: [ “android.intent.action.HEADSET_PLUG” ], “broadcastReceiverClassName”: “class org.chromium.media.AudioManagerAndroid$1” }, { “class”: “android.webkit.WebView”, “method”: “addJavascriptInterface”, “timestamp”: 1491224322928, “jsInterfaceObject”: “com.dynamic.behaviors.dumb.webview.WebAppInterface”, “jsExposedObjectName”: “Android” }, { “key”: “000102030405060708090A0B0C0D0E0F1011121314151617”, “class”: “javax.crypto.spec.SecretKeySpec”, “method”: “javax.crypto.spec.SecretKeySpec”, “algorithm”: “AES”, “timestamp”: 1491224343024 }, { “class”: “java.security.SecureRandom”, “method”: “setSeed”, “timestamp”: 1491224343032 }, { “mode”: “encrypt”, “class”: “javax.crypto.Cipher”, “method”: “doFinal”, “algorithm”: “AES/ECB/PKCS7Padding”, “timestamp”: 1491224343035 }, { “mode”: “decrypt”, “class”: “javax.crypto.Cipher”, “method”: “doFinal”, “algorithm”: “AES/ECB/PKCS7Padding”, “timestamp”: 1491224343041 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “ps”, “-e” ], “timestamp”: 1491224343045 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “su”, “rm”, “-rf”, “/data/data/com/asdjahsd” ], “timestamp”: 1491224343093 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “echo “, “RT”, “Test”, “2” ], “timestamp”: 1491224343142 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “echo”, “RT”, “stringArray”, “Test”, “3” ], “timestamp”: 1491224343189 }, { “class”: “java.security.SecureRandom”, “method”: “setSeed”, “timestamp”: 1491224343224 }, { “class”: “java.util.zip.ZipInputStream”, “method”: “java.util.zip.ZipInputStream”, “timestamp”: 1491224343840 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getDeviceId”, “timestamp”: 1491224344286 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getSubscriberId”, “timestamp”: 1491224344296 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getLine1Number”, “timestamp”: 1491224344302 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getSimSerialNumber”, “timestamp”: 1491224344316 }, { “class”: “android.net.wifi.WifiInfo”, “method”: “getMacAddress”, “timestamp”: 1491224344330 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getDeviceId”, “timestamp”: 1491224344338 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getSubscriberId”, “timestamp”: 1491224344342 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getLine1Number”, “timestamp”: 1491224344346 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getSimSerialNumber”, “timestamp”: 1491224344356 }, { “class”: “android.net.wifi.WifiInfo”, “method”: “getMacAddress”, “timestamp”: 1491224344361 }, { “class”: “android.app.ApplicationPackageManager”, “method”: “getInstalledApplications”, “timestamp”: 1491224345105 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “mount” ], “timestamp”: 1491224345126 }, { “class”: “android.app.Application”, “method”: “getSharedPreferences”, “timestamp”: 1491224345189, “preferencesName”: “TestPrefs” }, { “Key”: “username”, “class”: “android.app.SharedPreferencesImpl.EditorImpl”, “value”: “Anon”, “method”: “putString”, “timestamp”: 1491224345195 }, { “Key”: “password”, “class”: “android.app.SharedPreferencesImpl.EditorImpl”, “value”: “myPassw0rd”, “method”: “putString”, “timestamp”: 1491224345197 }, { “class”: “android.app.SharedPreferencesImpl.EditorImpl”, “method”: “apply”, “timestamp”: 1491224345198 }, { “class”: “java.security.SecureRandom”, “method”: “setSeed”, “timestamp”: 1491224345218 }, { “class”: “java.security.SecureRandom”, “method”: “setSeed”, “timestamp”: 1491224345219 }, { “class”: “java.security.SecureRandom”, “method”: “setSeed”, “timestamp”: 1491224345221 }, { “class”: “android.app.ApplicationPackageManager”, “method”: “getInstalledApplications”, “timestamp”: 1491224345221 }, { “class”: “android.app.ApplicationPackageManager”, “method”: “getInstalledApplications”, “timestamp”: 1491224345240 }, { “class”: “dalvik.system.DexFile”, “method”: “dalvik.system.DexFile”, “dexFile”: “/data/app/fuzion24.dynamictestapp-1/base.apk”, “timestamp”: 1491224345325 }, { “class”: “dalvik.system.DexFile”, “method”: “dalvik.system.DexFile”, “timestamp”: 1491224345326, “sourcePathName”: “/data/app/fuzion24.dynamictestapp-1/base.apk” }, { “class”: “android.hardware.Camera”, “method”: “takePicture”, “timestamp”: 1491224345691 }, { “class”: “java.lang.ProcessBuilder”, “method”: “start”, “commands”: [ “ls”, “-l”, “/sdcard/” ], “timestamp”: 1491224345710 }, { “class”: “android.media.MediaRecorder”, “method”: “start”, “timestamp”: 1491224345760 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “rm”, “/storage/emulated/0/Android/data/fuzion24.dynamictestapp/cache/testfile2” ], “timestamp”: 1491224348920 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “/system/bin/rm”, “/storage/emulated/0/Android/data/fuzion24.dynamictestapp/cache/testfile2” ], “timestamp”: 1491224348981 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “/system/bin/logwrapper”, “/system/bin/id” ], “timestamp”: 1491224349028 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “/system/bin/sh”, “-c”, “/system/bin/rm /storage/emulated/0/Android/data/fuzion24.dynamictestapp/cache/testfile2” ], “timestamp”: 1491224349081 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “/system/bin/rm”, “/data/local/tmp/testfile3” ], “timestamp”: 1491224349121 }, { “class”: “java.lang.Runtime”, “method”: “exec”, “commands”: [ “/data/user/0/fuzion24.dynamictestapp/files/stupid.sh” ], “timestamp”: 1491224349178 }, { “class”: “android.telephony.SmsManager”, “method”: “sendTextMessage”, “timestamp”: 1491224349231, “destinationAddress”: “5555555555”, “textMessageContent”: “This was a sent text message” }, { “class”: “android.app.ContextImpl”, “method”: “registerReceiver”, “timestamp”: 1491224349242, “intentActions”: [ “android.net.wifi.SCAN_RESULTS” ], “broadcastReceiverClassName”: “class com.dynamic.behaviors.WifiThings$1” }, { “class”: “com.android.org.conscrypt.OpenSSLX509Certificate”, “method”: “getSerialNumber”, “timestamp”: 1491224349249 }, { “class”: “android.net.wifi.WifiManager”, “method”: “getScanResults”, “timestamp”: 1491224350093 } ], “snoop_network”: { “hosts”: [ { “ip”: [ { “geo”: { “isp”: “Amazon Technologies Inc.”, “city”: “Portland”, “domain”: “amazon.com”, “region”: “Oregon”, “status”: “OK”, “latitude”: 0, “longitude”: 0, “country_short”: “US” }, “addr”: “54.68.212.198”, “sa_family”: “AF_INET” } ], “host”: “jsv.pw” } ], “connections”: [ { “addr”: “2001:4860:4860::8888”, “port”: 53, “sa_family”: “AF_INET6” }, { “addr”: “54.68.212.198”, “port”: 80, “sa_family”: “AF_INET” }, { “addr”: “::ffff:23.63.199.130”, “port”: 443, “sa_family”: “AF_INET6” }, { “addr”: “::ffff:54.231.98.72”, “port”: 80, “sa_family”: “AF_INET6” }, { “addr”: “::ffff:54.187.32.157”, “port”: 443, “sa_family”: “AF_INET6” }, { “addr”: “::ffff:104.31.86.204”, “port”: 80, “sa_family”: “AF_INET6” }, { “addr”: “::ffff:52.216.17.176”, “port”: 80, “sa_family”: “AF_INET6” }, { “addr”: “::ffff:54.231.98.96”, “port”: 80, “sa_family”: “AF_INET6” } ] }


### Dynamic Log

* **Behavioral Report** - is the range of actions and events logged during analysis

**Example**:

{ “kind”: “dynamic”, “key”: “behavioral_events”, “title”: “Behavioral Event”, “category”: “artifact”, “regulatory”: {}, “affected”: true, “context”: { “rows”: [ { “class”: “android.telephony.TelephonyManager”, “method”: “getDeviceId”, “timestamp”: 1483454383705 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getSubscriberId”, “timestamp”: 1483454383709 }, { “key”: “A87F162A5C445A8257F1BEBC4C85F521”, “class”: “javax.crypto.spec.SecretKeySpec”, “method”: “javax.crypto.spec.SecretKeySpec”, “algorithm”: “AES”, “timestamp”: 1483454383724 }, { “class”: “java.security.SecureRandom”, “method”: “setSeed”, “timestamp”: 1483454383729 }, { “IV”: “00000000000000000000000000000000”, “mode”: “encrypt”, “class”: “javax.crypto.Cipher”, “method”: “doFinal”, “algorithm”: “AES/CBC/PKCS5Padding”, “timestamp”: 1483454383732 }, { “class”: “android.app.ContextImpl”, “method”: “startService”, “timestamp”: 1483454383736 }, { “class”: “android.app.ContextImpl”, “method”: “startService”, “timestamp”: 1483454383741 }, { “class”: “android.app.ContextImpl”, “method”: “startService”, “timestamp”: 1483454383743 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getDeviceId”, “timestamp”: 1483454383749 }, { “class”: “android.telephony.TelephonyManager”, “method”: “getSubscriberId”, “timestamp”: 1483454383752 }, { “key”: “BD60C132C54DD5ADAEF65A578C9E93BD”, “class”: “javax.crypto.spec.SecretKeySpec”, “method”: “javax.crypto.spec.SecretKeySpec”, “algorithm”: “AES”, “timestamp”: 1483454383761 }, { “IV”: “00000000000000000000000000000000”, “mode”: “encrypt”, “class”: “javax.crypto.Cipher”, “method”: “doFinal”, “algorithm”: “AES/CBC/PKCS5Padding”, “timestamp”: 1483454383762 }, { “class”: “android.app.ContextImpl”, “method”: “startService”, “timestamp”: 1483454383763 }, { “class”: “mobi.yellow.booster.GbApplication”, “method”: “getSharedPreferences”, “timestamp”: 1483454383784, “preferencesName”: “com.google.android.gms.appid” }, { “class”: “android.app.ContextImpl”, “method”: “sendBroadcast”, “timestamp”: 1483454383795 }, { “class”: “mobi.yellow.booster.GbApplication”, “method”: “getSharedPreferences”, “timestamp”: 1483454383822, “preferencesName”: “com.google.android.gms.measurement.prefs” }, { “Key”: “has_been_opened”, “class”: “android.app.SharedPreferencesImpl.EditorImpl”, “value”: true, “method”: “putBoolean”, “timestamp”: 1483454383826 }, { “class”: “android.app.SharedPreferencesImpl.EditorImpl”, “method”: “apply”, “timestamp”: 1483454383827 }, { “Key”: “gmp_app_id”, “class”: “android.app.SharedPreferencesImpl.EditorImpl”, “value”: “1:962938446027:android:9f9f7efd6bae100e”, “method”: “putString”, “timestamp”: 1483454383870 }, { “class”: “android.app.SharedPreferencesImpl.EditorImpl”, “method”: “apply”, “timestamp”: 1483454383871 }, { “class”: “mobi.yellow.booster.GbApplication”, “method”: “getSharedPreferences”, “timestamp”: 1483454383881, “preferencesName”: “BuglySdkInfos” }, { “Key”: “use_service”, “class”: “android.app.SharedPreferencesImpl.EditorImpl”, “value”: true, “method”: “putBoolean”, “timestamp”: 1483454383887 }, { “class”: “android.app.SharedPreferencesImpl.EditorImpl”, “method”: “apply”, “timestamp”: 1483454383889 }, { “class”: “mobi.yellow.booster.GbApplication”, “method”: “getSharedPreferences”, “timestamp”: 1483454383889, “preferencesName”: “crashrecord” }, { “class”: “java.security.SecureRandom”, “method”: “setSeed”, “timestamp”: 1483454383902 }, { “Key”: “previous_os_version”, “class”: “android.app.SharedPreferencesImpl.EditorImpl”, “value”: “6.0.1”, “method”: “putString”, “timestamp”: 1483454383918 }, { “class”: “android.app.SharedPreferencesImpl.EditorImpl”, “method”: “apply”, “timestamp”: 1483454383920 }, { “Key”: “1004_mobi.supo.cleaner”, “class”: “android.app.SharedPreferencesImpl.EditorImpl”, “value”: true, “method”: “putBoolean”, “timestamp”: 1483454383922 }, { “class”: “android.app.SharedPreferencesImpl.EditorImpl”, “method”: “commit”, “timestamp”: 1483454383923 }, { “class”: “android.app.ContextImpl”, “method”: “registerReceiver”, “timestamp”: 1483454383951, “intentActions”: [ “android.net.conn.CONNECTIVITY_CHANGE” ], “broadcastReceiverClassName”: “class com.tencent.bugly.crashreport.crash.BuglyBroadcastRecevier” }, { “class”: “mobi.yellow.booster.GbApplication”, “method”: “getSharedPreferences”, “timestamp”: 1483454383967, “preferencesName”: “booster_sp” }


* **GeoIP** - GeoIP refers to the method of locating a computer terminal’s geographic location by identifying that terminal’s IP address

**Example**:

“ips”: [ “107.21.220.89”, “104.154.127.47”, “178.162.216.177”, “104.113.62.61”, “52.85.112.141” ], “path”: “/data/analysis/117224-10-1unnzil.6st88y3nmi-.0j0nw2k9f.j0nw2k9g.019k9/artifacts/pass2/log.txt”, “uuid”: { “adid”: “DEADBEEF-1234-1234-1234-123456789ABC”, “idfv”: “CAFEBABE-1234-1234-1234-123456789ABC”, “count”: 9 }, “geoip”: [ { “ip”: “107.21.220.89”, “fields”: { “ip”: “107.21.220.89”, “isp”: “Amazon.com Inc.”, “city”: “Ashburn”, “ip_no”: “1796594777”, “domain”: “amazon.com”, “region”: “Virginia”, “status”: “OK”, “latitude”: 0, “elevation”: 0, “longitude”: 0, “country_long”: “United States”, “country_short”: “US” } }, { “ip”: “104.154.127.47”, “fields”: { “ip”: “104.154.127.47”, “isp”: “Google Inc.”, “city”: “Mountain View”, “ip_no”: “1754955567”, “domain”: “google.com”, “region”: “California”, “status”: “OK”, “latitude”: 0, “elevation”: 0, “longitude”: 0, “country_long”: “United States”, “country_short”: “US” } }, { “ip”: “178.162.216.177”, “fields”: { “ip”: “178.162.216.177”, “isp”: “LeaseWeb Deutschland GmbH”, “city”: “Frankfurt am Main”, “ip_no”: “2997016753”, “domain”: “leaseweb.com”, “region”: “Hessen”, “status”: “OK”, “latitude”: 0, “elevation”: 0, “longitude”: 0, “country_long”: “Germany”, “country_short”: “DE” } }, { “ip”: “104.113.62.61”, “fields”: { “ip”: “104.113.62.61”, “isp”: “Akamai Technologies Inc.”, “city”: “Warsaw”, “ip_no”: “1752251965”, “domain”: “akamai.com”, “region”: “Mazowieckie”, “status”: “OK”, “latitude”: 0, “elevation”: 0, “longitude”: 0, “country_long”: “Poland”, “country_short”: “PL” } }, { “ip”: “52.85.112.141”, “fields”: { “ip”: “52.85.112.141”, “isp”: “Amazon Technologies Inc.”, “city”: “Camby”, “ip_no”: “878014605”, “domain”: “amazon.com”, “region”: “Indiana”, “status”: “OK”, “latitude”: 0, “elevation”: 0, “longitude”: 0, “country_long”: “United States”, “country_short”: “US” } } ]


* **SQLite Results** - While performing dynamic analysis, the application was observed to interact with a SQLite database, which could indicate where in the file system the application is storing user or application data. This informational result displays SQLite related activity, including the name of the file (and path where it is stored), SQLite queries that were observed, and the results for those queries.

{ “class”: “android.database.sqlite.SQLiteDatabase”, “method”: “execSQL”, “timestamp”: 1483454383970, “SQLStatement”: “ CREATE TABLE IF NOT EXISTS t_ui ( _id INTEGER PRIMARY KEY , _tm int , _ut int , _tp int , _dt blob , _pc text ) “ }, { “class”: “android.database.sqlite.SQLiteDatabase”, “method”: “execSQL”, “timestamp”: 1483454383973, “SQLStatement”: “ CREATE TABLE IF NOT EXISTS t_lr ( _id INTEGER PRIMARY KEY , _tp int , _tm int , _pc text , _th text , _dt blob ) “ }, { “class”: “android.telephony.TelephonyManager”, “method”: “getDeviceId”, “timestamp”: 1483454383975 }, { “class”: “android.database.sqlite.SQLiteDatabase”, “method”: “execSQL”, “timestamp”: 1483454383976, “SQLStatement”: “ CREATE TABLE IF NOT EXISTS t_pf ( _id integer , _tp text , _tm int , _dt blob,primary key(_id,_tp )) “ }, { “class”: “android.database.sqlite.SQLiteDatabase”, “method”: “execSQL”, “timestamp”: 1483454383980, “SQLStatement”: “ CREATE TABLE IF NOT EXISTS t_cr ( _id INTEGER PRIMARY KEY , _tm int , _s1 text , _up int , _me int , _uc int , _dt blob ) “ }, { “class”: “mobi.yellow.booster.GbApplication”, “method”: “getSharedPreferences”, “timestamp”: 1483454383980, “preferencesName”: “appinstallinfo” }, { “class”: “android.database.sqlite.SQLiteDatabase”, “method”: “execSQL”, “timestamp”: 1483454383982, “SQLStatement”: “ CREATE TABLE IF NOT EXISTS dl_1002 (_id integer primary key autoincrement, _dUrl varchar(100), _sFile varchar(100), _sLen INTEGER, _tLen INTEGER, _MD5 varchar(100), _DLTIME INTEGER)” }, { “Key”: “installchannel”, “class”: “android.app.SharedPreferencesImpl.EditorImpl”, “value”: “gp”, “method”: “putString”, “timestamp”: 1483454383983 }, { “class”: “android.database.sqlite.SQLiteDatabase”, “method”: “execSQL”, “timestamp”: 1483454383985, “SQLStatement”: “CREATE TABLE IF NOT EXISTS ge_1002 (_id integer primary key autoincrement, _time INTEGER, _datas blob)” }


* **Configuration** - data provided about the automation configuration and interaction during analysis

**Example**:

“config”: { “config”: “/data/analysis/117224-10-1unnzil.6st88y3nmi-.0j0nw2k9f.j0nw2k9g.019k9/artifacts/pass2/mergedConfig.json”, “device”: “5d409d972712d3c1ea9cb391293d2e79b5a7defc”, “jailed”: false, “outdir”: “/data/analysis/117224-10-1unnzil.6st88y3nmi-.0j0nw2k9f.j0nw2k9g.019k9/artifacts/pass2”, “probes”: { “asl”: {}, “ssl”: false, “url”: {}, “dump”: { “exe”: false, “mem”: false, “exit”: false, “heap”: false, “files”: false }, “http”: { “block”: [ “https://appload.ingest.crittercism.com/v0/appload", “api.crittercism.com”, “ads.yieldmo.com”, “ads.mopub.com”, “metrics.cnn.com”, “i.cdn.turner.com” ] }, “uuid”: { “adid”: “DEADBEEF-1234-1234-1234-123456789ABC”, “idfv”: “CAFEBABE-1234-1234-1234-123456789ABC” }, “patch”: false, “crypto”: {}, “random”: {}, “uidump”: { “every”: 4000 }, “appinfo”: {}, “devinfo”: true, “network”: { “dns”: true, “create”: true, “connect”: true }, “sqlite3”: true, “timeout”: 240000, “touchid”: true, “keychain”: true, “location”: { “enabled”: true, “locations”: [ 41, 42 ] }, “clipboard”: false, “intercept”: false, “jailbreak”: {}, “automation”: { “fields”: { “imei”: { “value”: “358239051198804”, “is_sensitive”: true, “search_strings”: [ “IMEI”, “DeviceIdentifier” ] }, “name”: { “type”: “automation”, “value”: “Arthur Dent”, “is_sensitive”: true, “search_strings”: [ “/name”, “name”, “fullname”, “full_name”, “full name”, “full-name” ] }, “email”: { “type”: “automation”, “value”: “arthur.dent@nowsecure.com”, “is_sensitive”: true, “search_strings”: [ “display name”, “displayname”, “e mail”, “e-mail”, “e_mail”, “email”, “login”, “screename”, “user id”, “user”, “user-id”, “user-name”, “user_id”, “user_name”, “userid”, “username” ] }, “zipcode”: { “type”: “automation”, “value”: “90210”, “is_sensitive”: true, “search_strings”: [ “zipcode”, “zip”, “zip_code”, “zip-code”, “zip code” ] }, “lastname”: { “type”: “automation”, “value”: “Dent”, “is_sensitive”: true, “search_strings”: [ “Last name”, “last name”, “lastname”, “last_name”, “last-name” ] }, “password”: { “type”: “automation”, “value”: “d0n7p4nic42”, “is_sensitive”: true, “search_strings”: [ “password”, “pswd”, “pass”, “pwd”, “pass_word” ] }, “username”: { “type”: “automation”, “value”: “adent”, “is_sensitive”: true, “search_strings”: [ “username”, “user_name”, “userid”, “login”, “screename”, “displayname”, “display name”, “usr”, “uid”, “nuid”, “uname” ] }, “firstname”: { “type”: “automation”, “value”: “Arthur”, “is_sensitive”: true, “search_strings”: [ “First name”, “first name”, “firstname”, “first_name”, “first-name” ] }, “gpsLatitude”: { “value”: “98.8”, “is_sensitive”: true, “search_strings”: [] }, “phonenumber”: { “type”: “automation”, “value”: “17068675309”, “is_sensitive”: true, “search_strings”: [ “Telephone number”, “number”, “phone Number”, “phone num”, “phone”, “phonenumber”, “tel” ] }, “gpsLongitude”: { “value”: “38.8”, “is_sensitive”: true, “search_strings”: [] }, “localWifiMAC”: { “value”: “11:22:33:44:55:66”, “is_sensitive”: true, “search_strings”: [] }, “surrounding_wifiMAC”: { “value”: “77:77:77:77:77:77”, “is_sensitive”: true, “search_strings”: [] } }, “actions”: { “find”: [ “guest”, “sign in”, “sign_in”, “sign-in”, “login”, “log in”, “start”, “signin”, “continue”, “submit”, “sbmt”, “OK”, “yes”, “agree”, “accept”, “next”, “done”, “already a”, “skip”, “signup”, “register”, “create”, “get started”, “sign_up”, “sign up”, “my account”, “settings”, “options”, “apply”, “Account”, “dimiss” ], “avoid”: [ “facebook”, “G+”, “Google plus”, “Google”, “GOOGLE”, “twitter” ] }, “interval”: 5000 }, “microphone”: { “mute”: true }, “addressbook”: {}, “afnetworking”: {}, “cfurlconnection”: {} }, “report”: { “datasize”: 1024 }, “configs”: [ “/data/analysis/117224-10-1unnzil.6st88y3nmi-.0j0nw2k9f.j0nw2k9g.019k9/artifacts/pass2/mergedConfig.json” ], “dumpConfig”: true, “interaction”: { “record”: false }, “runAllProbes”: false }, “crypto”: { “CC_MD5”: { “count”: 3, “datas”: [ “CAFEBABE-1234-1234-1234-123456789ABC(null)”, “DEADBEEF-1234-1234-1234-123456789ABC”, “DEADBEEF-1234-1234-1234-123456789ABC” ] }, “CC_SHA1”: { “count”: 2, “datas”: [ “46371d60868f39ad9bbca8ec10e874ac228e090646dc3c1dbb402527713f1b33”, “iVBORw0KGgoAAAANSUhEUgAAAHgAAAB4CAMAAAAOusbgAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAACN1BMVEUZFBQZFRQaLx4bUiwbcTgci0IdpEwdtVMdw1geylse1V8e12Ado0waOSMbcDgdnkoeyVsaNyIaQSYcgz8dwVccgj8ZIxobbzcdu1UduVQbbTcZIhkZJhscfj0ezlwezVwcfT0aKBwchUAe0V4e0F0chEAZJxsZGxcbcjkZGhYaRScdulUaQyYZGRYcgT4e1mAZGBUaLR4dr1EdrE8aLB4bUSwey1sbUCwZFhUciEEch0EckUUckEQckkUcj0QbVC0bUywaMyAezFwaMiAdtlMdtFIaRicaRCcbdDkaKRwez10ciUIdqk4clEYcgD4bXzEaSCgaPCMaOyMaMB8aLh4aOSIaPyUbYTIchkAe018eyFodoEscezwbVi4aOCIaKx0aRygbZjQdq08e0l4cm0gbaTUaNiEbYDIexFkaNCEbZzQcm0kdpUwZHhgbWS8cmUgbbDYe1F8aLB0bXTAdrlAduFQaPSQdn0oZJRscgT8dvFYcikIdwFcZFxUaTCobZDMceTscjkQdrVAdwlgdnUkaMR8dpk0ds1IexlkdpU0bXjEcejwaRigaTisdsVEaSikaKh0dv1cbbjcZIBkbVy4bZTQck0UcfD0dp00ZHBcexVkceDsbWC8ZHxgbVS0bdDocdjoaTSobYjIdoUsclUYaQCUZIRkbWzAbUCsdv1YbdTocdzoex1odvVYclkcbaDUcmEgcfz4bazYcjkMZHRgZJBoaPiQdokscjEMbXTEbXDAbUy0AAABq+20gAAAAAWJLR0S8StLi7wAAAAlwSFlzAAALEgAACxIB0t1+/AAAABxpRE9UAAAAAgAAAAAAAAA8AAAAKAAAADwAAAA8AAADF5PNxIYAAALjSURBVGje7JjpW1JBFMYRULgcZHO5aIpakDu3hRQotCwyNU3RbMFcQKlUSiptNSNsNW23aLH9/+xDT48jMJeZe8dvvB/hzPyYM/ec814UipxyyimnnHJipzylSp1foNFyOtBxWo0+X61S5m07tNBgNEG6TEaDeRupliIt4FVcYtmWg5fyVsimsvIdrLEVlTYgUVV1BUtszc5dQCq7YzcrbG2dDWhkq6tnwm2wAq0am+Rjm50C0Etw7pHJ3bsPpGm/Sxb3QAtIVUurDK5aAOkSeKlYtwfkySutk7kPglwdckvh+kC+2iSc2Qss5KXmGoCNDJTcdoERWDhMxT1SBazUcZRmLBwDdvJTjAwHsFQJMfe4wBQsdBJy663AVo2EyT4BrKUm4nZ1MwfbakjAPZkvqvhkbx9/qr2/fyAwODR0OjDcrzqjdrbpy0js2FmS0X8uddX54MiF0Vq83R4bn/CExNMUdtH2aG5yKkLU6N2Ri75LeLIju2+3I+GhTrq5dnl6BpN4W2m2tTwSPdtMP9SiV67aM5Hnsr0fITUcuybNuUSv30gHz2e5MAuaaOlmbaEtnEoeFl9RhITelONPb1WmZPy2eKbR99A78ix5190YCr4nGjy65UeizX1ReX/pQdz40JrgugFiHJewhpbjfVOtkSh2t0eP0d0ipM80QEL5jxmYjj8J42v06TPHc3PGulsMImHlYmBjintYedEwMdlBZDSW5wLpcJduM2JGrP1wsmaBKb6aWvlrSOcVAQ/Kd1i+l1vOrUe+e4UHq1jMwNdv3m6mEK2ScTy4js34rVr5j36HfvweD84X35DTzK73VI/wPL/yweP7OI9/6jg+qVAoFAsthBOqALfRJ+PnL4Vf022weePbul+XccX3HxvxraM9iAf7M5Zp70+laNdJNql/2QluYA2/RYZJbhwg8gHJVW8iG7gYvzz90n5TOIE/XpN4qeGXxtIs3hjdX0QbehFwNxr6FwAA///XaVP/AAAC90lEQVTtmFtPE0EUgM8KiM2SqlALbrFEoNACvVlb1pUXGxCpD8Q0ItYHEEhDJERoUiOxGkxBNF4CKCQQNZLKtuIFRcXbn/OlKHZm9jI7vJh+j51zztfM5ezOAuyGL2QU9HJxeZInQc5Cchp8aJBblmW3gjohDeO9EXJOGAnO/hnblxMcI4F0JD/QuDA0Jk2sRUVMmeh1rDhMFo+i//IOALjPvqoIEaZvODD1bB4pNJjChFrI4i5M+NCtjJ1XIel5VDD50To06glZvJ+nJlzWxu0u5UBDrpDFZbwR3jitf0v1ouNVZLGTN0ZEiu6U2kBHl8jiEt4ok1ITAACsYHbXIFkc5Y1jd44D3MxgRubJYtGksHtOLL+9WlI5a5NFAFiRB/pylx6+7sT0qXCmohFT4J1SwzuIdb7/sDhYS8hw921+PKRpKsaUxNWYDbNpVevPt1s+1aiLt5RKHEbjX2p7OKx/VmszcaV07kBheB2n9bn0ZXNByZtSzq4qjI8hYk6Wv8ovcMm+bJIs9iiLK5GEYH7Etp2d7vhWvurN/36/88H3xZy/YLWXYiTxtrKYa0UOxw+55/HGzCih3uqI8M/iPSW03aTaSlVT9IzU1I1dFTLYmAk1sbWRql91XhvfqfAc289k1c1ZT9kqQ9P58/4TN+pQPxX+y7RdOiQ0AwB3D/eektBwHk/RPyBSvT0XsO9b9VoawXE7zxp7raYWdI65uFRb73PVMPa2ujR23RYvU6+3W/M9xMFU7NF+AXKVM/R2uXVcvc6EmXnDs7oufb9YLbM3qPO6aWYkNuu+6EpMvP26vSB2MPDe5YDCfNq4VwQaRKOz7eCAErORve0VgJ72ELU3lgMj+AOU3sAAGMPnoZlu7zEfGKa7Vbf3aBuwoNmp753E7nQBI5pI38xw73X9TcCQk1JE21cQRwIYYxOSqtrklg32AG79iEXBavFsw94RF2ZwHx5iY0Ic9hrOHywty8ylTcN8gyk9lzlf2u7noEiRIkWK/H/8BkIvxKdKZlyMAAAAAElFTkSuQmCC” ] } } ```