ANDROID STATIC ANALYSIS REPORT SHAREit (5.5.58_ww) File Name: com.lenovo.anyshare.gps_5_5_58.apk Package Name: com.lenovo.anyshare.gps Average CVSS Score: 6.2 App Security Score: 10/100 (CRITICAL RISK) Trackers Detection: 9/303 FILE INFORMATION File Name: com.lenovo.anyshare.gps_5_5_58.apk Size: 35.31MB MD5: dc92f19dd6ee3625be16dceba2d4216d SHA1: 7448c78f163accfc96aa81aea6cb8a437adf8d25 SHA256: df91a98c4f031b1f32105bcaba717030b7c9266bb37f83a94f29daf0d3e6a099 APP INFORMATION App Name: SHAREit Package Name: com.lenovo.anyshare.gps Main Activity: com.lenovo.anyshare.activity.InviteActivityFree Target SDK: 28 Min SDK: 16 Max SDK: Android Version Name: 5.5.58_ww Android Version Code: 4050558 APP COMPONENTS Activities: 229 Services: 58 Receivers: 36 Providers: 14 Exported Activities: 22 Exported Services: 14 Exported Receivers: 20 Exported Providers: 5 CERTIFICATE INFORMATION APK is signed v1 signature: True v2 signature: False v3 signature: False Found 1 unique certificates Subject: C=CN, ST=BJ, L=Beijing View, O=Lenovo, OU=Research, CN=LenovoApp, [email protected] Signature Algorithm: rsassa_pkcs1v15 Valid From: 2012-09-19 07:35:58+00:00 Valid To: 2094-11-08 07:35:58+00:00 Issuer: C=CN, ST=BJ, L=Beijing View, O=Lenovo, OU=Research, CN=LenovoApp, [email protected] Serial Number: 0xd406ab56001ad556 Hash Algorithm: sha1 md5: b4bdcc6c9886781d05fb601649d02801 sha1: 44d5df89bb0ec148bb95a5d87e8342e9d9fba2dd sha256: bd102a94669896078db9c665b21bbd3d76691ff66ae97519a3634c34c3a02542 sha512: 5f0c32b3aae2da71577966bc5669743d3fcd61624f68131e6c5223684212c495b3088c2848c6fc468c6433aed4179130104e5153d18c2b7551bc3cac653ee15a Certificate Status: Bad Description: The app is signed with SHA1withRSA. SHA1 hash algorithm is known to have collision issues. APPLICATION PERMISSIONS PERMISSION STATUS INFO DESCRIPTION Allows an application to view network android.permission.ACCESS_NETWORK_STATE normal view the status of all status networks. Allows an application to view the information android.permission.ACCESS_WIFI_STATE normal view Wi-Fi status about the status of Wi- Fi. Allows an application to view configuration of create Bluetooth the local Bluetooth android.permission.BLUETOOTH dangerous connections phone and to make and accept connections with paired devices. Allows an application to configure the local bluetooth android.permission.BLUETOOTH_ADMIN dangerous Bluetooth phone and to administration discover and pair with remote devices. Allows an application to send sticky broadcasts, which remain after the broadcast ends. send sticky android.permission.BROADCAST_STICKY normal Malicious applications broadcast can make the phone slow or unstable by causing it to use too much memory. Allows an application to change network android.permission.CHANGE_NETWORK_STATE dangerous change the state of connectivity network connectivity. Allows an application to connect to and disconnect from Wi-Fi android.permission.CHANGE_WIFI_STATE dangerous change Wi-Fi status access points and to make changes to configured Wi-Fi networks. Allows an application to disable the key lock and any associated password security. A legitimate example of this is the phone android.permission.DISABLE_KEYGUARD dangerous disable key lock disabling the key lock when receiving an incoming phone call, then re-enabling the key lock when the call is finished. PERMISSION STATUS INFO DESCRIPTION Allows an application to discover known access the list of android.permission.GET_ACCOUNTS normal accounts accounts known by the phone. Allows application to retrieve information about currently and recently running tasks. retrieve running android.permission.GET_TASKS dangerous May allow malicious applications applications to discover private information about other applications. Allows an application to android.permission.INTERNET dangerous full Internet access create network sockets. Allows the application mount and to mount and unmount android.permission.MOUNT_UNMOUNT_FILESYSTEMS dangerous unmount file file systems for systems removable storage. read SD card Allows an application to android.permission.READ_EXTERNAL_STORAGE dangerous contents read from SD Card. Allows an application to show system-alert display system- windows. Malicious android.permission.SYSTEM_ALERT_WINDOW dangerous level alerts applications can take over the entire screen of the phone. Allows the application to access the phone features of the device. An application with this permission can read phone state android.permission.READ_PHONE_STATE dangerous determine the phone and identity number and serial number of this phone, whether a call is active, the number that call is connected to and so on. Allows the application android.permission.VIBRATE normal control vibrator to control the vibrator. read/modify/delete Allows an application to android.permission.WRITE_EXTERNAL_STORAGE dangerous SD card contents write to the SD card. Unknown Unknown permission android.permission.WRITE_MEDIA_STORAGE dangerous permission from from android reference android reference Allows an application to prevent phone android.permission.WAKE_LOCK dangerous prevent the phone from from sleeping going to sleep. PERMISSION STATUS INFO DESCRIPTION Allows an application to modify the system's modify global settings data. Malicious android.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Allows an application to read all of the contact (address) data stored on your phone. android.permission.READ_CONTACTS dangerous read contact data Malicious applications can use this to send your data to other people. Allows an application to modify the contact (address) data stored on your phone. android.permission.WRITE_CONTACTS dangerous write contact data Malicious applications can use this to erase or modify your contact data. Access coarse location sources, such as the mobile network database, to determine an approximate phone coarse (network- android.permission.ACCESS_COARSE_LOCATION dangerous location, where based) location available. Malicious applications can use this to determine approximately where you are. Access fine location sources, such as the Global Positioning System on the phone, where available. android.permission.ACCESS_FINE_LOCATION dangerous fine (GPS) location Malicious applications can use this to determine where you are and may consume additional battery power. Allows application to change your audio modify global audio android.permission.MODIFY_AUDIO_SETTINGS dangerous settings settings, such as volume and routing. Allows application to expand/collapse android.permission.EXPAND_STATUS_BAR normal expand or collapse the status bar status bar. PERMISSION STATUS INFO DESCRIPTION Malicious applications Allows an can use this to try and application to android.permission.REQUEST_INSTALL_PACKAGES dangerous trick users into request installing installing additional packages. malicious packages. Unknown Unknown permission com.android.vending.p2p.APP_INSTALL_API dangerous permission from from android reference android reference Allows application to android.permission.RECORD_AUDIO dangerous record audio access the audio record path. Allows an application to delete Android packages. Malicious android.permission.DELETE_PACKAGES signatureOrSystem delete applications applications can use this to delete important applications. Allows an application to request deleting android.permission.REQUEST_DELETE_PACKAGES normal packages. Apps targeting APIs measure Allows an application to android.permission.GET_PACKAGE_SIZE normal application storage retrieve its code, data space and cache sizes Allows an application to free phone storage by delete all deleting files in android.permission.CLEAR_APP_CACHE dangerous application cache application cache data directory. Access is usually very restricted to system process. Allows an application to kill background kill background android.permission.RESTART_PACKAGES normal processes of other processes applications, even if memory is not low. Allows the application Allows cloud to com.lenovo.anyshare.gps.permission.C2D_MESSAGE signature to receive push device messaging notifications. Allows application to take pictures and videos with the camera. take pictures and android.permission.CAMERA dangerous This allows the videos application to collect images that the camera is seeing at any time. Allows the application android.permission.SET_WALLPAPER normal set wallpaper to set the system wallpaper. PERMISSION STATUS INFO DESCRIPTION Allows an application to com.android.launcher.permission.INSTALL_SHORTCUT normal install a shortcut in Launcher. Don't use this permission in your app. com.android.launcher.permission.UNINSTALL_SHORTCUT normal This permission is no longer supported. Unknown Unknown permission com.android.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.android.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.android.launcher2.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.android.launcher2.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.android.launcher3.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.android.launcher3.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission org.adw.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious org.adw.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.htc.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference PERMISSION STATUS INFO DESCRIPTION Allows an application to modify the system's modify global settings data. Malicious com.htc.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.qihoo360.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.qihoo360.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.lge.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.lge.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission net.qihoo.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious net.qihoo.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission org.adwfreak.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious org.adwfreak.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission org.adw.launcher_donut.permission.READ_SETTINGS dangerous permission from from android reference android reference PERMISSION STATUS INFO DESCRIPTION Allows an application to modify the system's modify global settings data. Malicious org.adw.launcher_donut.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.huawei.launcher3.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.huawei.launcher3.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.fede.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.fede.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.sec.android.app.twlauncher.settings.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.sec.android.app.twlauncher.settings.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.anddoes.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.anddoes.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.tencent.qqlauncher.permission.READ_SETTINGS dangerous permission from from android reference android reference PERMISSION STATUS INFO DESCRIPTION Allows an application to modify the system's modify global settings data. Malicious com.tencent.qqlauncher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.huawei.launcher2.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.huawei.launcher2.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.android.mylauncher.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.android.mylauncher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.ebproductions.android.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.ebproductions.android.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.oppo.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.oppo.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.miui.mihome2.permission.READ_SETTINGS dangerous permission from from android reference android reference PERMISSION STATUS INFO DESCRIPTION Allows an application to modify the system's modify global settings data. Malicious com.miui.mihome2.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.huawei.android.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.huawei.android.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission telecom.mdesk.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious telecom.mdesk.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission dianxin.permission.ACCESS_LAUNCHER_DATA dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.zte.mifavor.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.zte.mifavor.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.tct.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.tct.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Unknown Unknown permission com.sec.android.provider.badge.permission.WRITE dangerous permission from from android reference android reference PERMISSION STATUS INFO DESCRIPTION Unknown Unknown permission com.sec.android.provider.badge.permission.READ dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.samsung.android.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.samsung.android.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.motorola.launcher3.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.motorola.launcher3.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.lge.launcher3.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.lge.launcher3.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.gionee.amisystem.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.gionee.amisystem.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.bbk.launcher2.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.bbk.launcher2.permission.READ_SETTINGS dangerous permission from from android reference android reference PERMISSION STATUS INFO DESCRIPTION Allows an application to modify the system's modify global settings data. Malicious com.asus.launcher3.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.asus.launcher3.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.asus.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.asus.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Unknown Unknown permission com.google.android.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.google.android.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.mx.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.mx.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.nd.android.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.nd.android.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. PERMISSION STATUS INFO DESCRIPTION Allows an application to modify the system's modify global settings data. Malicious com.gau.go.launcherex.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.gau.go.launcherex.permission.READ_SETTINGS dangerous permission from from android reference android reference Unknown Unknown permission com.modaco.android.launchergb.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.modaco.android.launchergb.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.sec.android.app.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.sec.android.app.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.l.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.l.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Allows an application to modify the system's modify global settings data. Malicious com.lollipop.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.lollipop.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference PERMISSION STATUS INFO DESCRIPTION Allows an application to modify the system's modify global settings data. Malicious com.alphalp.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.alphalp.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious app.cobo.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission app.cobo.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Unknown Unknown permission com.android.lewalauncher.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.android.lewalauncher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Allows an application to modify the system's modify global settings data. Malicious com.epic.launcher.tw.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.epic.launcher.tw.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.huaqin.launcherEx.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.huaqin.launcherEx.permission.READ_SETTINGS dangerous permission from from android reference android reference PERMISSION STATUS INFO DESCRIPTION Allows an application to modify the system's modify global settings data. Malicious com.slim.slimlauncher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.slim.slimlauncher.permission.READ_SETTINGS dangerous permission from from android reference android reference Unknown Unknown permission com.lenovo.launcherhdmarket.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.lenovo.launcherhdmarket.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.tul.aviate.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.tul.aviate.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Allows an application to modify the system's modify global settings data. Malicious com.tsf.shell.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.tsf.shell.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.mgyun.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.mgyun.permission.READ_SETTINGS dangerous permission from from android reference android reference PERMISSION STATUS INFO DESCRIPTION Allows an application to modify the system's modify global settings data. Malicious com.zte.mobile.ZteLauncher3D.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.zte.mobile.ZteLauncher3D.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.s.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.s.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Unknown Unknown permission com.lo.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.lo.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Allows an application to modify the system's modify global settings data. Malicious com.zui.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.zui.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.ibingo.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.ibingo.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Unknown Unknown permission com.fineos.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference PERMISSION STATUS INFO DESCRIPTION Allows an application to modify the system's modify global settings data. Malicious com.fineos.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Allows an application to modify the system's modify global settings data. Malicious com.baoruan.launcher2.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.baoruan.launcher2.permission.READ_SETTINGS dangerous permission from from android reference android reference Unknown Unknown permission com.zte.lqsoft.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.zte.lqsoft.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Allows an application to modify the system's modify global settings data. Malicious com.ztemt.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Unknown Unknown permission com.ztemt.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Unknown Unknown permission com.meizu.flyme.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Allows an application to modify the system's modify global settings data. Malicious com.meizu.flyme.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. Allows an application to modify the system's modify global settings data. Malicious com.teslacoilsw.launcher.permission.WRITE_SETTINGS dangerous system settings applications can corrupt your system's configuration. PERMISSION STATUS INFO DESCRIPTION Unknown Unknown permission com.teslacoilsw.launcher.permission.READ_SETTINGS dangerous permission from from android reference android reference Unknown Unknown permission com.htc.launcher.permission.UPDATE_SHORTCUT dangerous permission from from android reference android reference Unknown Unknown permission com.sonyericsson.home.permission.BROADCAST_BADGE dangerous permission from from android reference android reference Unknown Unknown permission com.sonymobile.home.permission.PROVIDER_INSERT_BADGE dangerous permission from from android reference android reference Unknown Unknown permission com.anddoes.launcher.permission.UPDATE_COUNT dangerous permission from from android reference android reference Unknown Unknown permission com.majeur.launcher.permission.UPDATE_BADGE dangerous permission from from android reference android reference Unknown Unknown permission com.huawei.android.launcher.permission.CHANGE_BADGE dangerous permission from from android reference android reference Unknown Unknown permission android.permission.READ_APP_BADGE dangerous permission from from android reference android reference Unknown Unknown permission me.everything.badger.permission.BADGE_COUNT_READ dangerous permission from from android reference android reference Unknown Unknown permission me.everything.badger.permission.BADGE_COUNT_WRITE dangerous permission from from android reference android reference Allows the modification of collected component update component android.permission.PACKAGE_USAGE_STATS signature usage statistics. Not for usage statistics use by common applications. Allows an application to start itself as soon as the system has finished booting. This can make automatically start android.permission.RECEIVE_BOOT_COMPLETED normal it take longer to start at boot the phone and allow the application to slow down the overall phone by always running. PERMISSION STATUS INFO DESCRIPTION Allows an application to use the account authenticator capabilities of the act as an account android.permission.AUTHENTICATE_ACCOUNTS dangerous Account Manager, authenticator including creating accounts as well as obtaining and setting their passwords. Allows an application to modify the sync android.permission.WRITE_SYNC_SETTINGS dangerous write sync settings settings, such as whether sync is enabled for Contacts. Allows a regular android.permission.FOREGROUND_SERVICE normal application to use Service.startForeground Unknown Unknown permission com.lenovo.anyshare.gps.permission.JPUSH_MESSAGE dangerous permission from from android reference android reference Unknown Unknown permission com.lenovo.anyshare.gps.permission.MIPUSH_RECEIVE dangerous permission from from android reference android reference Permission for cloud to com.google.android.c2dm.permission.RECEIVE signature C2DM permissions device messaging. Unknown Unknown permission com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE dangerous permission from from android reference android reference Allows an application to move tasks to the reorder foreground and android.permission.REORDER_TASKS dangerous applications background. Malicious running applications can force themselves to the front without your control. APKID ANALYSIS FILE DETAILS FILE DETAILS FINDINGS DETAILS Build.MANUFACTURER check Build.TAGS check Anti-VM Code network operator name check classes3.dex possible ro.secure check Anti Disassembly Code illegal class name Compiler dx FINDINGS DETAILS unreadable field names Obfuscator unreadable method names Build.FINGERPRINT check Build.MODEL check Build.MANUFACTURER check classes.dex Build.PRODUCT check Build.HARDWARE check Anti-VM Code Build.BOARD check SIM operator check network operator name check subscriber ID check ro.hardware check ro.kernel.qemu check Compiler dx FINDINGS DETAILS Build.FINGERPRINT check Build.MANUFACTURER check Build.BOARD check possible Build.SERIAL check Build.TAGS check Anti-VM Code SIM operator check classes4.dex network operator name check subscriber ID check possible ro.secure check emulator file check Anti Disassembly Code illegal class name Compiler dx FILE DETAILS FINDINGS DETAILS Anti-VM Code possible Build.SERIAL check assets/audience_network.dex Compiler unknown (please file detection issue!) FINDINGS DETAILS Build.FINGERPRINT check Build.MODEL check classes2.dex Anti-VM Code Build.MANUFACTURER check Build.HARDWARE check Build.TAGS check Compiler dx FINDINGS DETAILS classes5.dex Anti-VM Code Build.BOARD check Compiler dx BROWSABLE ACTIVITIES ACTIVITY INTENT Schemes: content://, file://, Hosts: *, Mime Types: audio/*, video/3gpp*, video/x-msvideo, video/x-f4v, video/x-flv, video/quicktime, video/m4v, video/mp4, video/mpeg, video/mp2ts, video/webm, video/x-matroska, */avi, */mkv, application/3gpp*, application/mp4, application/mpeg*, application/vnd.3gp*, application/x-extension-mp4, application/x- matroska, application/x-quicktimeplayer, video/*, application/*, */*, image/*, Path Patterns: .*.3GP, .*.3gp, .*..*.3gp, .*..*..*.3gp, .*..*..*..*.3gp, .*..*..*..*..*.3gp, .*..*..*..*..*..*.3gp, .*..*..*..*..*..*..*.3gp, .*..*..*..*..*..*..*..*.3gp, .*..*..*..*..*..*..*..*..*.3gp, .*..*..*..*..*..*..*..*..*..*.3gp, .*..*..*..*..*..*..*..*..*..*..*.3gp, .*..*..*..*..*..*..*..*..*..*..*..*.3gp, .*..*..*..*..*..*..*..*..*..*..*..*..*.3gp, .*..*..*..*..*..*..*..*..*..*..*..*..*..*.3gp, .*..*..*..*..*..*..*..*..*..*..*..*..*..*..*.3gp, .*.AVI, .*.avi, .*..*.avi, .*..*..*.avi, .*..*..*..*.avi, .*..*..*..*..*.avi, .*..*..*..*..*..*.avi, .*..*..*..*..*..*..*.avi, .*..*..*..*..*..*..*..*.avi, .*..*..*..*..*..*..*..*..*.avi, .*..*..*..*..*..*..*..*..*..*.avi, .*..*..*..*..*..*..*..*..*..*..*.avi, .*..*..*..*..*..*..*..*..*..*..*..*.avi, .*..*..*..*..*..*..*..*..*..*..*..*..*.avi, .*..*..*..*..*..*..*..*..*..*..*..*..*..*.avi, .*..*..*..*..*..*..*..*..*..*..*..*..*..*..*.avi, .*.DIVX, .*.divx, .*..*.divx, .*..*..*.divx, .*..*..*..*.divx, .*..*..*..*..*.divx, .*..*..*..*..*..*.divx, .*..*..*..*..*..*..*.divx, .*..*..*..*..*..*..*..*.divx, .*..*..*..*..*..*..*..*..*.divx, .*..*..*..*..*..*..*..*..*..*.divx, .*..*..*..*..*..*..*..*..*..*..*.divx, .*..*..*..*..*..*..*..*..*..*.divx, .*..*..*..*..*..*..*..*..*..*..*.divx, .*..*..*..*..*..*..*..*..*..*..*..*.divx, .*..*..*..*..*..*..*..*..*..*..*..*..*.divx, ACTIVITY INTENT .*..*..*..*..*..*..*..*..*..*..*..*..*..*.divx, .*..*..*..*..*..*..*..*..*..*..*..*..*..*..*.divx, .*.F4V, .*.f4v, .*..*.f4v, .*..*..*.f4v, .*..*..*..*.f4v, .*..*..*..*..*.f4v, .*..*..*..*..*..*.f4v, .*..*..*..*..*..*..*.f4v, .*..*..*..*..*..*..*..*.f4v, .*..*..*..*..*..*..*..*..*.f4v, .*..*..*..*..*..*..*..*..*..*.f4v, .*..*..*..*..*..*..*..*..*..*..*.f4v, .*..*..*..*..*..*..*..*..*..*..*..*.f4v, .*..*..*..*..*..*..*..*..*..*..*..*..*.f4v, .*..*..*..*..*..*..*..*..*..*..*..*..*..*.f4v, .*..*..*..*..*..*..*..*..*..*..*..*..*..*..*.f4v, .*.FLV, .*.flv, .*..*.flv, .*..*..*.flv, .*..*..*..*.flv, .*..*..*..*..*.flv, .*..*..*..*..*..*.flv, .*..*..*..*..*..*..*.flv, .*..*..*..*..*..*..*..*.flv, .*..*..*..*..*..*..*..*..*.flv, .*..*..*..*..*..*..*..*..*..*.flv, .*..*..*..*..*..*..*..*..*..*..*.flv, .*..*..*..*..*..*..*..*..*..*..*..*.flv, .*..*..*..*..*..*..*..*..*..*..*..*..*.flv, .*..*..*..*..*..*..*..*..*..*..*..*..*..*.flv, .*..*..*..*..*..*..*..*..*..*..*..*..*..*..*.flv, .*.MKV, .*.mkv, .*..*.mkv, .*..*..*.mkv, .*..*..*..*.mkv, .*..*..*..*..*.mkv, .*..*..*..*..*..*.mkv, .*..*..*..*..*..*..*.mkv, .*..*..*..*..*..*..*..*.mkv, .*..*..*..*..*..*..*..*..*.mkv, .*..*..*..*..*..*..*..*..*..*.mkv, .*..*..*..*..*..*..*..*..*..*..*.mkv, .*..*..*..*..*..*..*..*..*..*..*..*.mkv, .*..*..*..*..*..*..*..*..*..*..*..*..*.mkv, .*..*..*..*..*..*..*..*..*..*..*..*..*..*.mkv, .*..*..*..*..*..*..*..*..*..*..*..*..*..*..*.mkv, .*.MOV, .*.mov, .*..*.mov, .*..*..*.mov, .*..*..*..*.mov, .*..*..*..*..*.mov, .*..*..*..*..*..*.mov, .*..*..*..*..*..*..*.mov, .*..*..*..*..*..*..*..*.mov, .*..*..*..*..*..*..*..*..*.mov, .*..*..*..*..*..*..*..*..*..*.mov, .*..*..*..*..*..*..*..*..*..*..*.mov, .*..*..*..*..*..*..*..*..*..*..*..*.mov, .*..*..*..*..*..*..*..*..*..*..*..*..*.mov, .*..*..*..*..*..*..*..*..*..*..*..*..*..*.mov, .*..*..*..*..*..*..*..*..*..*..*..*..*..*..*.mov, .*.MP4, .*.mp4, .*..*.mp4, .*..*..*.mp4, .*..*..*..*.mp4, .*..*..*..*..*.mp4, .*..*..*..*..*..*.mp4, .*..*..*..*..*..*..*.mp4, .*..*..*..*..*..*..*..*.mp4, .*..*..*..*..*..*..*..*..*.mp4, .*..*..*..*..*..*..*..*..*..*.mp4, .*..*..*..*..*..*..*..*..*..*..*.mp4, .*..*..*..*..*..*..*..*..*..*..*..*.mp4, .*..*..*..*..*..*..*..*..*..*..*..*..*.mp4, .*..*..*..*..*..*..*..*..*..*..*..*..*..*.mp4, .*..*..*..*..*..*..*..*..*..*..*..*..*..*..*.mp4, .*.M4V, .*.m4v, .*..*.m4v, .*..*..*.m4v, .*..*..*..*.m4v, .*..*..*..*..*.m4v, .*..*..*..*..*..*.m4v, .*..*..*..*..*..*..*.m4v, .*..*..*..*..*..*..*..*.m4v, .*..*..*..*..*..*..*..*..*.m4v, .*..*..*..*..*..*..*..*..*..*.m4v, .*..*..*..*..*..*..*..*..*..*..*.m4v, .*..*..*..*..*..*..*..*..*..*..*..*.m4v, .*..*..*..*..*..*..*..*..*..*..*..*..*.m4v, .*..*..*..*..*..*..*..*..*..*..*..*..*..*.m4v, .*..*..*..*..*..*..*..*..*..*..*..*..*..*..*.m4v, .*.MPEG, .*.mpeg, .*..*.mpeg, .*..*..*.mpeg, .*..*..*..*.mpeg, .*..*..*..*..*.mpeg, .*..*..*..*..*..*.mpeg, .*..*..*..*..*..*..*.mpeg, .*..*..*..*..*..*..*..*.mpeg, .*..*..*..*..*..*..*..*..*.mpeg, .*..*..*..*..*..*..*..*..*..*.mpeg, com.lenovo.anyshare.ApMainActivity .*..*..*..*..*..*..*..*..*..*..*.mpeg, .*..*..*..*..*..*..*..*..*..*..*..*.mpeg, .*..*..*..*..*..*..*..*..*..*..*..*..*.mpeg, .*..*..*..*..*..*..*..*..*..*..*..*..*..*.mpeg, .*..*..*..*..*..*..*..*..*..*..*..*..*..*..*.mpeg, .*.MPG, .*.mpg, .*..*.mpg, .*..*..*.mpg, .*..*..*..*.mpg, .*..*..*..*..*.mpg, .*..*..*..*..*..*.mpg, .*..*..*..*..*..*..*.mpg, .*..*..*..*..*..*..*..*.mpg, .*..*..*..*..*..*..*..*..*.mpg, .*..*..*..*..*..*..*..*..*..*.mpg, .*..*..*..*..*..*..*..*..*..*..*.mpg, .*..*..*..*..*..*..*..*..*..*..*..*.mpg, .*..*..*..*..*..*..*..*..*..*..*..*..*.mpg, .*..*..*..*..*..*..*..*..*..*..*..*..*..*.mpg, .*..*..*..*..*..*..*..*..*..*..*..*..*..*..*.mpg, .*.TS, .*.ts, .*..*.ts, .*..*..*.ts, .*..*..*..*.ts, .*..*..*..*..*.ts, .*..*..*..*..*..*.ts, .*..*..*..*..*..*..*.ts, .*..*..*..*..*..*..*..*.ts, .*..*..*..*..*..*..*..*..*.ts, .*..*..*..*..*..*..*..*..*..*.ts, .*..*..*..*..*..*..*..*..*..*..*.ts, .*..*..*..*..*..*..*..*..*..*..*..*.ts, .*..*..*..*..*..*..*..*..*..*..*..*..*.ts, .*..*..*..*..*..*..*..*..*..*..*..*..*..*.ts, .*..*..*..*..*..*..*..*..*..*..*..*..*..*..*.ts, .*.vob, .*..*.vob, .*..*..*.vob, .*..*..*..*.vob, .*..*..*..*..*.vob, .*..*..*..*..*..*.vob, .*..*..*..*..*..*..*.vob, .*..*..*..*..*..*..*..*.vob, .*..*..*..*..*..*..*..*..*.vob, .*..*..*..*..*..*..*..*..*..*.vob, .*..*..*..*..*..*..*..*..*..*..*.vob, .*..*..*..*..*..*..*..*..*..*..*..*.vob, .*..*..*..*..*..*..*..*..*..*..*..*..*.vob, .*..*..*..*..*..*..*..*..*..*..*..*..*..*.vob, .*..*..*..*..*..*..*..*..*..*..*..*..*..*..*.vob, .*.VOB, .*..*.VOB, .*..*..*.VOB, .*..*..*..*.VOB, .*..*..*..*..*.VOB, .*..*..*..*..*..*.VOB, .*..*..*..*..*..*..*.VOB, .*..*..*..*..*..*..*..*.VOB, .*..*..*..*..*..*..*..*..*.VOB, .*..*..*..*..*..*..*..*..*..*.VOB, .*..*..*..*..*..*..*..*..*..*..*.VOB, .*..*..*..*..*..*..*..*..*..*..*..*.VOB, .*..*..*..*..*..*..*..*..*..*..*..*..*.VOB, .*..*..*..*..*..*..*..*..*..*..*..*..*..*.VOB, .*..*..*..*..*..*..*..*..*..*..*..*..*..*..*.VOB, .*.WEBM, .*.webm, .*..*.webm, .*..*..*.webm, .*..*..*..*.webm, .*..*..*..*..*.webm, .*..*..*..*..*..*.webm, .*..*..*..*..*..*..*.webm, .*..*..*..*..*..*..*..*.webm, .*..*..*..*..*..*..*..*..*.webm, .*..*..*..*..*..*..*..*..*..*.webm, .*..*..*..*..*..*..*..*..*..*..*.webm, .*..*..*..*..*..*..*..*..*..*..*..*.webm, .*..*..*..*..*..*..*..*..*..*..*..*..*.webm, .*..*..*..*..*..*..*..*..*..*..*..*..*..*.webm, .*..*..*..*..*..*..*..*..*..*..*..*..*..*..*.webm, .*.sv, .*..*.sv, .*..*..*.sv, .*..*..*..*.sv, .*..*..*..*..*.sv, .*..*..*..*..*..*.sv, .*..*..*..*..*..*..*.sv, .*..*..*..*..*..*..*..*.sv, .*..*..*..*..*..*..*..*..*.sv, .*..*..*..*..*..*..*..*..*..*.sv, .*..*..*..*..*..*..*..*..*..*..*.sv, .*..*..*..*..*..*..*..*..*..*..*..*.sv, .*..*..*..*..*..*..*..*..*..*..*..*..*.sv, .*..*..*..*..*..*..*..*..*..*..*..*..*..*.sv, .*..*..*..*..*..*..*..*..*..*..*..*..*..*..*.sv, .*.SV, .*..*.SV, .*..*..*.SV, .*..*..*..*.SV, .*..*..*..*..*.SV, .*..*..*..*..*..*.SV, .*..*..*..*..*..*..*.SV, .*..*.SV, .*..*..*.SV, .*..*..*..*.SV, .*..*..*..*..*.SV, .*..*..*..*..*..*.SV, .*..*..*..*..*..*..*.SV, ACTIVITY .*..*..*..*..*..*..*..*.SV, INTENT .*..*..*..*..*..*..*..*..*.SV, .*..*..*..*..*..*..*..*..*..*.SV, .*..*..*..*..*..*..*..*..*..*..*.SV, .*..*..*..*..*..*..*..*..*..*..*..*.SV, .*..*..*..*..*..*..*..*..*..*..*..*..*.SV, .*..*..*..*..*..*..*..*..*..*..*..*..*..*.SV, .*..*..*..*..*..*..*..*..*..*..*..*..*..*..*.SV, .*.tsv, .*..*.tsv, .*..*..*.tsv, .*..*..*..*.tsv, .*..*..*..*..*.tsv, .*..*..*..*..*..*.tsv, .*..*..*..*..*..*..*.tsv, .*..*..*..*..*..*..*..*.tsv, .*..*..*..*..*..*..*..*..*.tsv, .*..*..*..*..*..*..*..*..*..*.tsv, .*..*..*..*..*..*..*..*..*..*..*.tsv, .*..*..*..*..*..*..*..*..*..*..*..*.tsv, .*..*..*..*..*..*..*..*..*..*..*..*..*.tsv, .*..*..*..*..*..*..*..*..*..*..*..*..*..*.tsv, .*..*..*..*..*..*..*..*..*..*..*..*..*..*..*.tsv, .*.TSV, .*..*.TSV, .*..*..*.TSV, .*..*..*..*.TSV, .*..*..*..*..*.TSV, .*..*..*..*..*..*.TSV, .*..*..*..*..*..*..*.TSV, .*..*..*..*..*..*..*..*.TSV, .*..*..*..*..*..*..*..*..*.TSV, .*..*..*..*..*..*..*..*..*..*.TSV, .*..*..*..*..*..*..*..*..*..*..*.TSV, .*..*..*..*..*..*..*..*..*..*..*..*.TSV, .*..*..*..*..*..*..*..*..*..*..*..*..*.TSV, .*..*..*..*..*..*..*..*..*..*..*..*..*..*.TSV, .*..*..*..*..*..*..*..*..*..*..*..*..*..*..*.TSV, .*.dsv, .*..*.dsv, .*..*..*.dsv, .*..*..*..*.dsv, .*..*..*..*..*.dsv, .*..*..*..*..*..*.dsv, .*..*..*..*..*..*..*.dsv, .*..*..*..*..*..*..*..*.dsv, .*..*..*..*..*..*..*..*..*.dsv, .*..*..*..*..*..*..*..*..*..*.dsv, .*..*..*..*..*..*..*..*..*..*..*.dsv, .*..*..*..*..*..*..*..*..*..*..*..*.dsv, .*..*..*..*..*..*..*..*..*..*..*..*..*.dsv, .*..*..*..*..*..*..*..*..*..*..*..*..*..*.dsv, .*..*..*..*..*..*..*..*..*..*..*..*..*..*..*.dsv, .*.DSV, .*..*.DSV, .*..*..*.DSV, .*..*..*..*.DSV, .*..*..*..*..*.DSV, .*..*..*..*..*..*.DSV, .*..*..*..*..*..*..*.DSV, .*..*..*..*..*..*..*..*.DSV, .*..*..*..*..*..*..*..*..*.DSV, .*..*..*..*..*..*..*..*..*..*.DSV, .*..*..*..*..*..*..*..*..*..*..*.DSV, .*..*..*..*..*..*..*..*..*..*..*..*.DSV, .*..*..*..*..*..*..*..*..*..*..*..*..*.DSV, .*..*..*..*..*..*..*..*..*..*..*..*..*..*.DSV, .*..*..*..*..*..*..*..*..*..*..*..*..*..*..*.DSV, Schemes: shareits://, http://, https://, shareit://, com.lenovo.anyshare.scheme.SchemeFilterActivity Hosts: @string/r9, @string/r_, Schemes: upi://, com.ushareit.pay.payment.ui.request.PaymentRequestActivity Hosts: pay, Schemes: upi://, com.ushareit.pay.upi.ui.activity.UpiP2pTxnActivity Hosts: upip2ptxnactivity, com.ushareit.router.UriProxyActivity Schemes: proxy://, Schemes: ushareit://, com.ushareit.longevity.activity.ShadowActivity Hosts: @string/auv, Schemes: file://, content://, Hosts: *, Mime Types: */*, application/sapk, video/sapk, audio/sapk, chemical/sapk, image/sapk, magnus-internal/sapk, text/sapk, */sapk, Path Patterns: .*.sapk, .*..*.sapk, .*..*..*.sapk, .*..*..*..*.sapk, .*..*..*..*..*.sapk, .*..*..*..*..*..*.sapk, .*..*..*..*..*..*..*.sapk, .*..*..*..*..*..*..*..*.sapk, .*..*..*..*..*..*..*..*..*.sapk, .*..*..*..*..*..*..*..*..*..*.sapk, com.ushareit.ads.download.SapkInstallerActivity .*..*..*..*..*..*..*..*..*..*..*.sapk, .*..*..*..*..*..*..*..*..*..*..*..*.sapk, .*..*..*..*..*..*..*..*..*..*..*..*..*.sapk, .*..*..*..*..*..*..*..*..*..*..*..*..*..*.sapk, .*..*..*..*..*..*..*..*..*..*..*..*..*..*..*.sapk, .*.SAPK, .*..*.SAPK, .*..*..*.SAPK, .*..*..*..*.SAPK, .*..*..*..*..*.SAPK, .*..*..*..*..*..*.SAPK, .*..*..*..*..*..*..*.SAPK, .*..*..*..*..*..*..*..*.SAPK, .*..*..*..*..*..*..*..*..*.SAPK, .*..*..*..*..*..*..*..*..*..*.SAPK, .*..*..*..*..*..*..*..*..*..*..*.SAPK, .*..*..*..*..*..*..*..*..*..*..*..*.SAPK, .*..*..*..*..*..*..*..*..*..*..*..*..*.SAPK, .*..*..*..*..*..*..*..*..*..*..*..*..*..*.SAPK, .*..*..*..*..*..*..*..*..*..*..*..*..*..*..*.SAPK, MANIFEST ANALYSIS ISSUE SEVERITY DESCRIPTION The Network Security Configuration feature lets apps customize their network security settings in App has a Network Security Configuration a safe, declarative configuration file without info [android:networkSecurityConfig] modifying app code. These settings can be configured for specific domains and for a specific app. An Activity-Alias is found to be shared with other Activity-Alias (com.lenovo.anyshare.ApMainActivity) is not Protected. high apps on the device therefore leaving it accessible [android:exported=true] to any other application on the device. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.lenovo.anyshare.main.MainActivity) is not standard. high applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity is found to be shared with other apps on the device therefore leaving it accessible to Activity (com.lenovo.anyshare.main.MainActivity) is not Protected. high any other application on the device. The An intent-filter exists. presence of intent-filter indicates that the Activity is explicitly exported. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.lenovo.anyshare.main.MainGameActivity) is not high applications to read the contents of the calling standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity is found to be shared with other apps Activity (com.lenovo.anyshare.cloud.command.CommandMsgBox) is not on the device therefore leaving it accessible to Protected. high any other application on the device. The An intent-filter exists. presence of intent-filter indicates that the Activity is explicitly exported. A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it Broadcast Receiver (com.lenovo.anyshare.app.DefaultReceiver) is not Protected. high accessible to any other application on the device. An intent-filter exists. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported. A Broadcast Receiver is found to be shared with Broadcast Receiver (com.lenovo.anyshare.setting.toolbar.ToolbarReceiver) is not other apps on the device therefore leaving it Protected. high accessible to any other application on the device. An intent-filter exists. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.lenovo.anyshare.scheme.SchemeFilterActivity) is high applications to read the contents of the calling not standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. ISSUE SEVERITY DESCRIPTION An Activity is found to be shared with other apps on the device therefore leaving it accessible to Activity (com.lenovo.anyshare.scheme.SchemeFilterActivity) is not Protected. high any other application on the device. The An intent-filter exists. presence of intent-filter indicates that the Activity is explicitly exported. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.lenovo.anyshare.download.ui.DownloadActivity) is high applications to read the contents of the calling not standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity is found to be shared with other apps Activity (com.lenovo.anyshare.download.ui.DownloadActivity) is not Protected. high on the device therefore leaving it accessible to [android:exported=true] any other application on the device. Activity (com.lenovo.anyshare.download.ui.DownloadProgressActivity) is not An Activity is found to be shared with other apps Protected. high on the device therefore leaving it accessible to [android:exported=true] any other application on the device. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity high applications to read the contents of the calling (com.lenovo.anyshare.help.feedback.msg.FeedbackChatActivity) is not standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.ushareit.pay.payment.ui.cashier.CashierActivity) is high applications to read the contents of the calling not standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.ushareit.pay.upi.ui.activity.UpiBankChooseActivity) high applications to read the contents of the calling is not standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.ushareit.pay.upi.ui.activity.UpiHomeActivity) is not high applications to read the contents of the calling standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. Activity (com.ushareit.pay.payment.ui.request.PaymentRequestActivity) is not An Activity is found to be shared with other apps Protected. high on the device therefore leaving it accessible to [android:exported=true] any other application on the device. ISSUE SEVERITY DESCRIPTION An Activity is found to be shared with other apps on the device therefore leaving it accessible to Activity (com.ushareit.pay.upi.ui.activity.UpiP2pTxnActivity) is not Protected. high any other application on the device. The An intent-filter exists. presence of intent-filter indicates that the Activity is explicitly exported. If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting TaskAffinity is set for Activity high keeping the affinity as the package name in order (org.npci.upi.security.pinactivitycomponent.GetCredential) to prevent sensitive information inside sent or received Intents from being read by another application. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.ushareit.video.local.VideoLocalLandingActivity) is high applications to read the contents of the calling not standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.ushareit.video.detail.VideoDetailActivity) is not high applications to read the contents of the calling standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.ushareit.minivideo.ui.DetailFeedListActivity) is not high applications to read the contents of the calling standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.ushareit.video.detail.ShortVideoDetailActivity) is not high applications to read the contents of the calling standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.ushareit.video.detail2.ShortVideoDetailActivity2) is high applications to read the contents of the calling not standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. ISSUE SEVERITY DESCRIPTION An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.ushareit.video.live.LiveDetailActivity) is not high applications to read the contents of the calling standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.ushareit.video.feed.SingleVideoFeedActivity) is not high applications to read the contents of the calling standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity high applications to read the contents of the calling (com.ushareit.video.planding.VideoPLandingOfflineActivity) is not standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity high applications to read the contents of the calling (com.ushareit.video.planding.VideoPLandingCloudActivity) is not standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it Launch Mode of Activity becomes root Activity and it is possible for other (com.lenovo.anyshare.videobrowser.VideoBrowserActivity) is not standard. high applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.ushareit.download.DownloadCenterActivity) is not high applications to read the contents of the calling standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.ushareit.download.detail.DownloadDetailActivity) is high applications to read the contents of the calling not standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. ISSUE SEVERITY DESCRIPTION An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.ushareit.video.helper.ShadowPreloadActivity) is not high applications to read the contents of the calling standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity high applications to read the contents of the calling (com.lenovo.anyshare.game.activity.GameVideoDetailActivity) is not standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. Content Provider (com.lenovo.anyshare.game.provider.GameDownInfoProvider) A Content Provider is found to be shared with is not Protected. high other apps on the device therefore leaving it [android:exported=true] accessible to any other application on the device. An Activity is found to be shared with other apps on the device therefore leaving it accessible to Activity (com.ushareit.cleanit.diskclean.DiskCleanActivity) is not Protected. high any other application on the device. The An intent-filter exists. presence of intent-filter indicates that the Activity is explicitly exported. If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting TaskAffinity is set for Activity high keeping the affinity as the package name in order (com.ushareit.cleanit.residual.ui.AppResidualActivity) to prevent sensitive information inside sent or received Intents from being read by another application. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.ushareit.cleanit.residual.ui.AppResidualActivity) is high applications to read the contents of the calling not standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity is found to be shared with other apps on the device therefore leaving it accessible to Activity (com.lenovo.anyshare.entry.cloneit.CloneEntryActivity) is not Protected. high any other application on the device. The An intent-filter exists. presence of intent-filter indicates that the Activity is explicitly exported. A Broadcast Receiver is found to be shared with Broadcast Receiver (com.ushareit.player.music.receiver.RemotePlaybackReceiver) other apps on the device therefore leaving it is not Protected. high accessible to any other application on the device. An intent-filter exists. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported. ISSUE SEVERITY DESCRIPTION If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting TaskAffinity is set for Activity high keeping the affinity as the package name in order (com.lenovo.anyshare.main.music.lockscreen.MusicLockScreenActivity) to prevent sensitive information inside sent or received Intents from being read by another application. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it Launch Mode of Activity becomes root Activity and it is possible for other (com.lenovo.anyshare.main.music.lockscreen.MusicLockScreenActivity) is not high applications to read the contents of the calling standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. A Broadcast Receiver is found to be shared with Broadcast Receiver (com.ushareit.player.music.appwidget.AppWidgetProvider4x1) other apps on the device therefore leaving it is not Protected. high accessible to any other application on the device. An intent-filter exists. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported. A Broadcast Receiver is found to be shared with Broadcast Receiver (com.ushareit.player.music.appwidget.AppWidgetProvider4x2) other apps on the device therefore leaving it is not Protected. high accessible to any other application on the device. An intent-filter exists. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported. A Broadcast Receiver is found to be shared with Broadcast Receiver (com.ushareit.player.music.appwidget.AppWidgetProvider4x4) other apps on the device therefore leaving it is not Protected. high accessible to any other application on the device. An intent-filter exists. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.ushareit.player.video.VideoPlayerActivity) is not high applications to read the contents of the calling standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. A Broadcast Receiver is found to be shared with Broadcast Receiver other apps on the device therefore leaving it (com.lenovo.anyshare.datausage.toolbar.DataToolbarReceiver) is not Protected. high accessible to any other application on the device. An intent-filter exists. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported. An Activity is found to be shared with other apps on the device therefore leaving it accessible to Activity (com.lenovo.anyshare.activity.ExternalShareActivity) is not Protected. high any other application on the device. The An intent-filter exists. presence of intent-filter indicates that the Activity is explicitly exported. ISSUE SEVERITY DESCRIPTION An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.ushareit.bizlocal.transfer.ExternalPCActivity) is not high applications to read the contents of the calling standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible Activity-Alias (com.ushareit.bizlocal.transfer.ExternalPCActivity) is not Protected. high to any other application on the device. The An intent-filter exists. presence of intent-filter indicates that the Activity-Alias is explicitly exported. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.lenovo.anyshare.share.ShareActivity) is not high applications to read the contents of the calling standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity is found to be shared with other apps Activity (com.lenovo.anyshare.share.ShareActivity) is not Protected. high on the device therefore leaving it accessible to [android:exported=true] any other application on the device. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.lenovo.anyshare.share2.DialogShareActivity) is not high applications to read the contents of the calling standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity is found to be shared with other apps on the device therefore leaving it accessible to Activity (com.lenovo.anyshare.share2.DialogShareActivity) is not Protected. high any other application on the device. The An intent-filter exists. presence of intent-filter indicates that the Activity is explicitly exported. An Activity is found to be shared with other apps Activity (com.lenovo.anyshare.content.webshare.WebShareJIOStartActivity) is not on the device therefore leaving it accessible to Protected. high any other application on the device. The An intent-filter exists. presence of intent-filter indicates that the Activity is explicitly exported. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity high applications to read the contents of the calling (com.lenovo.anyshare.content.webshare.WebShareActivity) is not standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. ISSUE SEVERITY DESCRIPTION An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity high applications to read the contents of the calling (com.ushareit.moduleapp.activity.RewardAppRecommendActivity) is not standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.lenovo.anyshare.guide.AccessibilityGuideActivity) is high applications to read the contents of the calling not standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.lenovo.anyshare.setting.guide.FloatGuideActivity) is high applications to read the contents of the calling not standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity high applications to read the contents of the calling (com.lenovo.anyshare.rewardapp.RewardAppRuleActivity) is not standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity high applications to read the contents of the calling (com.lenovo.anyshare.rewardapp.RewardAppDownloadActivity) is not standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity is found to be shared with other apps Activity (com.ushareit.router.UriProxyActivity) is not Protected. high on the device therefore leaving it accessible to [android:exported=true] any other application on the device. A Service is found to be shared with other apps Service (com.ushareit.hybrid.service.HybridService) is not Protected. high on the device therefore leaving it accessible to [android:exported=true] any other application on the device. A Broadcast Receiver is found to be shared with Broadcast Receiver (com.ushareit.traffic.SysNetworkStats$NetworkStatsReceiver) other apps on the device therefore leaving it is not Protected. high accessible to any other application on the device. An intent-filter exists. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported. A Content Provider is found to be shared with Content Provider (com.ushareit.myug.MyUGProvider) is not Protected. high other apps on the device therefore leaving it [android:exported=true] accessible to any other application on the device. ISSUE SEVERITY DESCRIPTION A Broadcast Receiver is found to be shared with Broadcast Receiver (com.ushareit.component.notify.receiver.NotifyReceiver) is not other apps on the device therefore leaving it Protected. high accessible to any other application on the device. An intent-filter exists. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported. A Broadcast Receiver is found to be shared with Broadcast Receiver (com.ushareit.paysdk.language.SPLocaleChangeReceiver) is other apps on the device therefore leaving it not Protected. high accessible to any other application on the device. An intent-filter exists. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported. A Service is found to be shared with other apps on the device therefore leaving it accessible to Service (com.ushareit.ccm.CommandService) is not Protected. high any other application on the device. The An intent-filter exists. presence of intent-filter indicates that the Service is explicitly exported. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.ushareit.longevity.activity.OneTopActivity) is not high applications to read the contents of the calling standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. A Service is found to be shared with other apps Service (com.ushareit.longevity.service.ShadowService) is not Protected. high on the device therefore leaving it accessible to [android:exported=true] any other application on the device. A Broadcast Receiver is found to be shared with Broadcast Receiver (com.ushareit.longevity.receiver.GlobalReceiver) is not other apps on the device therefore leaving it Protected. high accessible to any other application on the device. An intent-filter exists. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported. A Service is found to be shared with other apps on the device therefore leaving it accessible to Service (com.ushareit.longevity.service.SyncAccountService) is not Protected. high any other application on the device. The An intent-filter exists. presence of intent-filter indicates that the Service is explicitly exported. A Service is found to be shared with other apps on the device therefore leaving it accessible to Service (com.ushareit.longevity.service.SyncAuthenticatorService) is not Protected. high any other application on the device. The An intent-filter exists. presence of intent-filter indicates that the Service is explicitly exported. A Service is found to be shared with other apps Service (cn.jpush.android.service.ReceiverService) is not Protected. high on the device therefore leaving it accessible to [android:exported=true] any other application on the device. A Service is found to be shared with other apps Service (com.baidu.android.pushservice.PushService) is not Protected. high on the device therefore leaving it accessible to [android:exported=true] any other application on the device. ISSUE SEVERITY DESCRIPTION A Broadcast Receiver is found to be shared with Broadcast Receiver (com.baidu.android.pushservice.RegistrationReceiver) is not other apps on the device therefore leaving it Protected. high accessible to any other application on the device. An intent-filter exists. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported. Content Provider (com.baidu.android.pushservice.PushInfoProvider) is not A Content Provider is found to be shared with Protected. high other apps on the device therefore leaving it [android:exported=true] accessible to any other application on the device. Content Provider (com.ushareit.longevity.provider.ShadowContentProvider) is not A Content Provider is found to be shared with Protected. high other apps on the device therefore leaving it [android:exported=true] accessible to any other application on the device. Content Provider (com.ushareit.longevity.provider.RemoteContentProvider) is not A Content Provider is found to be shared with Protected. high other apps on the device therefore leaving it [android:exported=true] accessible to any other application on the device. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.ushareit.longevity.activity.ShadowActivity) is not high applications to read the contents of the calling standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity is found to be shared with other apps on the device therefore leaving it accessible to Activity (com.ushareit.longevity.activity.ShadowActivity) is not Protected. high any other application on the device. The An intent-filter exists. presence of intent-filter indicates that the Activity is explicitly exported. A Broadcast Receiver is found to be shared with Broadcast Receiver (com.ushareit.longevity.receiver.ShadowReceiver) is not other apps on the device therefore leaving it Protected. high accessible to any other application on the device. An intent-filter exists. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported. A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it Broadcast Receiver (com.tencent.android.tpush.XGPushReceiver) is not Protected. high accessible to any other application on the device. An intent-filter exists. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported. A Service is found to be shared with other apps Service (com.tencent.android.tpush.rpc.XGRemoteService) is not Protected. high on the device therefore leaving it accessible to [android:exported=true] any other application on the device. A Service is found to be shared with other apps Service (com.tencent.android.tpush.service.XGPushServiceV4) is not Protected. high on the device therefore leaving it accessible to [android:exported=true] any other application on the device. A Service is found to be shared with other apps on the device therefore leaving it accessible to Service (com.ushareit.longevity.night.NightNotifyService) is not Protected. high any other application on the device. The An intent-filter exists. presence of intent-filter indicates that the Service is explicitly exported. ISSUE SEVERITY DESCRIPTION Broadcast Receiver (com.appsflyer.MultipleInstallBroadcastReceiver) is not A Broadcast Receiver is found to be shared with Protected. high other apps on the device therefore leaving it [android:exported=true] accessible to any other application on the device. A Service is found to be shared with other apps Service (com.xiaomi.mipush.sdk.PushMessageHandler) is not Protected. high on the device therefore leaving it accessible to [android:exported=true] any other application on the device. Broadcast Receiver (com.xiaomi.push.service.receivers.NetworkStatusReceiver) is A Broadcast Receiver is found to be shared with not Protected. high other apps on the device therefore leaving it [android:exported=true] accessible to any other application on the device. Broadcast Receiver (com.ushareit.push.mipush.MiPushMessageReceiver) is not A Broadcast Receiver is found to be shared with Protected. high other apps on the device therefore leaving it [android:exported=true] accessible to any other application on the device. A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in Service (com.evernote.android.job.gcm.PlatformGcmService) is Protected by a the analysed application. As a result, the permission, but the protection level of the permission should be checked. protection level of the permission should be high Permission: com.google.android.gms.permission.BIND_NETWORK_TASK_SERVICE checked where it is defined. If it is set to normal [android:exported=true] or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity high applications to read the contents of the calling (com.google.firebase.auth.internal.FederatedSignInActivity) is not standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in Activity (com.google.firebase.auth.internal.FederatedSignInActivity) is Protected the analysed application. As a result, the by a permission, but the protection level of the permission should be checked. protection level of the permission should be Permission: high checked where it is defined. If it is set to normal com.google.firebase.auth.api.gms.permission.LAUNCH_FEDERATED_SIGN_IN or dangerous, a malicious application can [android:exported=true] request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other Launch Mode of Activity (com.ushareit.ads.download.SapkInstallerActivity) is not high applications to read the contents of the calling standard. Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent. ISSUE SEVERITY DESCRIPTION An Activity is found to be shared with other apps Activity (com.ushareit.ads.download.SapkInstallerActivity) is not Protected. high on the device therefore leaving it accessible to [android:exported=true] any other application on the device. A Broadcast Receiver is found to be shared with Broadcast Receiver (com.ushareit.ads.download.receiver.NetWorkChangReceiver) other apps on the device therefore leaving it is not Protected. high accessible to any other application on the device. An intent-filter exists. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported. A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in Service (androidx.work.impl.background.systemjob.SystemJobService) is the analysed application. As a result, the Protected by a permission, but the protection level of the permission should be protection level of the permission should be checked. high checked where it is defined. If it is set to normal Permission: android.permission.BIND_JOB_SERVICE or dangerous, a malicious application can [android:exported=true] request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission. A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is Service (com.google.android.gms.auth.api.signin.RevocationBoundService) is protected by a permission which is not defined in Protected by a permission, but the protection level of the permission should be the analysed application. As a result, the checked. protection level of the permission should be high Permission: checked where it is defined. If it is set to normal com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION or dangerous, a malicious application can [android:exported=true] request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission. A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) is defined in the analysed application. As a result, Protected by a permission, but the protection level of the permission should be the protection level of the permission should be checked. high checked where it is defined. If it is set to normal Permission: com.google.android.c2dm.permission.SEND or dangerous, a malicious application can [android:exported=true] request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission. A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. Broadcast Receiver It is protected by a permission which is not (com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver) defined in the analysed application. As a result, is Protected by a permission, but the protection level of the permission should be the protection level of the permission should be high checked. checked where it is defined. If it is set to normal Permission: android.permission.INSTALL_PACKAGES or dangerous, a malicious application can [android:exported=true] request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission. ISSUE SEVERITY DESCRIPTION An Activity is found to be shared with other apps Activity (androidx.test.core.app.InstrumentationActivityInvoker$BootstrapActivity) on the device therefore leaving it accessible to is not Protected. high any other application on the device. The An intent-filter exists. presence of intent-filter indicates that the Activity is explicitly exported. An Activity is found to be shared with other apps Activity (androidx.test.core.app.InstrumentationActivityInvoker$EmptyActivity) is on the device therefore leaving it accessible to not Protected. high any other application on the device. The An intent-filter exists. presence of intent-filter indicates that the Activity is explicitly exported. An Activity is found to be shared with other apps Activity on the device therefore leaving it accessible to (androidx.test.core.app.InstrumentationActivityInvoker$EmptyFloatingActivity) is high any other application on the device. The not Protected. presence of intent-filter indicates that the Activity An intent-filter exists. is explicitly exported. By setting an intent priority higher than another High Intent Priority (2147483647) medium intent, the app effectively overrides other [android:priority] requests. By setting an intent priority higher than another High Intent Priority (2147483647) medium intent, the app effectively overrides other [android:priority] requests. By setting an intent priority higher than another High Intent Priority (2147483647) medium intent, the app effectively overrides other [android:priority] requests. By setting an intent priority higher than another High Intent Priority (2147483647) medium intent, the app effectively overrides other [android:priority] requests. CODE ANALYSIS ISSUE SEVERITY STANDARDS FILES com/lenovo/anyshare/aux.java com/lenovo/anyshare/bnw.java com/lenovo/anyshare/boa.java com/lenovo/anyshare/boe.java com/lenovo/anyshare/bof.java CVSS V2: 7.4 (high) com/lenovo/anyshare/bog.java CWE: CWE-327 - Use of a Broken or Risky com/tencent/bugly/crashreport/common/info/A MD5 is a weak hash known to high Cryptographic Algorithm ppInfo.java have hash collisions. OWASP Top 10: M5: Insufficient Cryptography com/ushareit/ads/common/utils/j.java OWASP MASVS: MSTG-CRYPTO-4 com/ushareit/siplayer/direct/parser/b.java com/xiaomi/push/ac.java com/xiaomi/push/ad.java com/xiaomi/push/bs.java org/npci/upi/security/pinactivitycomponent/an.j ava com/lenovo/anyshare/aux.java com/lenovo/anyshare/azq.java com/lenovo/anyshare/bm.java ISSUE SEVERITY STANDARDS FILES com/lenovo/anyshare/bpm.java com/lenovo/anyshare/bq.java com/lenovo/anyshare/brd.java com/lenovo/anyshare/brm.java com/lenovo/anyshare/buz.java com/lenovo/anyshare/bvr.java com/lenovo/anyshare/ce.java com/lenovo/anyshare/cit.java com/lenovo/anyshare/ckd.java com/lenovo/anyshare/cku.java com/lenovo/anyshare/cos.java com/lenovo/anyshare/cpc.java com/lenovo/anyshare/cqj.java com/lenovo/anyshare/cql.java com/lenovo/anyshare/crf.java com/lenovo/anyshare/cri.java com/lenovo/anyshare/cuq.java com/lenovo/anyshare/cyc.java com/lenovo/anyshare/dn.java com/lenovo/anyshare/dw.java com/lenovo/anyshare/dx.java com/lenovo/anyshare/dz.java com/lenovo/anyshare/eh.java com/lenovo/anyshare/ej.java com/lenovo/anyshare/eo.java com/lenovo/anyshare/eq.java com/lenovo/anyshare/fa.java com/lenovo/anyshare/fb.java com/lenovo/anyshare/fj.java com/lenovo/anyshare/fn.java com/lenovo/anyshare/fp.java com/lenovo/anyshare/ft.java com/lenovo/anyshare/fu.java com/lenovo/anyshare/fw.java com/lenovo/anyshare/gj.java com/lenovo/anyshare/gk.java com/lenovo/anyshare/gu.java com/lenovo/anyshare/hs.java com/lenovo/anyshare/id.java com/lenovo/anyshare/il.java com/lenovo/anyshare/iu.java com/lenovo/anyshare/ix.java com/lenovo/anyshare/lb.java com/lenovo/anyshare/my.java com/lenovo/anyshare/na.java com/lenovo/anyshare/pd.java com/lenovo/anyshare/sn.java com/lenovo/anyshare/wr.java com/lenovo/anyshare/game/fragment/GameSp aceFragment.java com/lenovo/anyshare/game/utils/al.java com/lenovo/anyshare/game/viewholder/GameP ureVideoCardViewHolder.java com/lenovo/anyshare/game/viewholder/GameS earchVideoCardViewHolder.java com/lenovo/anyshare/game/viewholder/GameT opicVideoViewHolder.java com/lenovo/anyshare/main/home/stagger/Stag gerFeedFragment.java com/lenovo/anyshare/videobrowser/VideoBrow serFragment.java com/lenovo/anyshare/widget/EmotionRatingBar .java com/mgs/yesbank_merchant/i.java com/mgs/yesbank_merchant/p.java com/mopub/common/MoPub.java com/mopub/common/SdkConfiguration.java ISSUE SEVERITY STANDARDS FILES com/mopub/common/logging/MoPubDefaultLo gger.java com/mopub/common/logging/MoPubLog.java com/mopub/common/privacy/MoPubIdentifier. java com/mopub/mobileads/MoPubActivity.java com/mopub/mobileads/MraidActivity.java com/mopub/mobileads/RewardedMraidActivity. java com/mopub/mobileads/dfp/adapters/Downloa dDrawablesAsync.java com/mopub/mobileads/dfp/adapters/MoPubAd apter.java com/mopub/mobileads/dfp/adapters/MoPubNa tiveAppInstallAdMapper.java com/mopub/mobileads/dfp/adapters/MoPubUn ifiedNativeAdMapper.java com/mopub/mraid/MraidController.java com/mopub/network/MultiAdResponse.java com/mopub/volley/CacheDispatcher.java com/mopub/volley/NetworkDispatcher.java com/mopub/volley/Request.java com/mopub/volley/VolleyLog.java com/mopub/volley/toolbox/BasicNetwork.java com/mopub/volley/toolbox/DiskBasedCache.jav a com/mopub/volley/toolbox/HttpHeaderParser.j ava com/mopub/volley/toolbox/ImageRequest.java com/mopub/volley/toolbox/JsonRequest.java com/paytm/pgsdk/a.java com/tencent/bugly/Bugly.java com/tencent/bugly/b.java CVSS V2: 7.5 (high) com/tencent/bugly/crashreport/BuglyLog.java The App logs information. CWE: CWE-532 - Insertion of Sensitive com/tencent/bugly/crashreport/CrashReport.jav Sensitive information should info Information into Log File a never be logged. OWASP MASVS: MSTG-STORAGE-3 com/tencent/bugly/proguard/x.java com/ushareit/ads/c.java com/ushareit/ads/innerapi/b.java com/ushareit/ads/innerapi/c.java com/ushareit/ads/innerapi/d.java com/ushareit/ads/loader/helper/AdMobHelper.j ava com/ushareit/ads/loader/helper/FullScreenAdH elper.java com/ushareit/ads/loader/helper/VungleHelper.j ava com/ushareit/ads/player/vast/utils/a.java com/ushareit/ads/player/vast/utils/c.java com/ushareit/ads/stats/c.java com/ushareit/base/widget/pulltorefresh/demo/ PullToRefreshDemoActivity.java com/ushareit/common/widget/VerticalViewPage r.java com/ushareit/component/ads/gp2putil/Gp2pCh eckUtilActivity.java com/ushareit/download/whatsapp/fragment/W hatsAppSaverFragment.java com/ushareit/entity/a.java com/ushareit/liked/fragment/LikedHistoryFrag ment.java com/ushareit/liked/viewholder/LikeVideoHolder .java com/ushareit/liked/viewholder/LikedContentVie wHolder.java com/ushareit/longevity/leoric/b.java com/ushareit/longevity/provider/ShadowConte ISSUE SEVERITY STANDARDS FILES ntProvider.java com/ushareit/longevity/worker/a.java com/ushareit/moduleapp/widget/CircleProgress .java com/ushareit/nft/discovery/wifi/LOHSService.ja va com/ushareit/nft/discovery/wifi/d.java com/ushareit/nft/discovery/wifi/k.java com/ushareit/pay/widget/loopviewpager/LoopV iewPager.java com/ushareit/photo/subscaleview/Subsampling ScaleImageView.java com/ushareit/photo/subscaleview/decoder/Skia PooledImageRegionDecoder.java com/ushareit/player/localproxy/PreloadEventM anager.java com/ushareit/player/localproxy/ProxyManager.j ava com/ushareit/reward/view/a.java com/ushareit/siplayer/direct/d.java com/ushareit/siplayer/direct/parser/c.java com/ushareit/siplayer/direct/parser/e.java com/ushareit/siplayer/player/exo/custom/d.jav a com/ushareit/siplayer/player/exo/dsv/a.java com/ushareit/siplayer/player/ijk/IjkPlayer.java com/ushareit/siplayer/player/ijk/a.java com/ushareit/siplayer/player/ijk/e.java com/ushareit/siplayer/source/VideoSource.java com/ushareit/siplayer/source/g.java com/ushareit/siplayer/utils/r.java com/ushareit/taskcenter/widget/CoinsWidget.ja va com/ushareit/video/enterance/viewholder/Chan nelEntranceViewHolder.java com/ushareit/widget/flowlayout/TagFlowLayout .java com/ushareit/widget/flowlayout/d.java com/ushareit/widget/materialprogressbar/Mate rialProgressBar.java com/ushareit/widget/materialprogressbar/f.java com/xiaomi/mipush/sdk/q.java com/xiaomi/miui/pushads/sdk/a.java com/xiaomi/miui/pushads/sdk/k.java com/xiaomi/miui/pushads/sdk/l.java com/xiaomi/miui/pushads/sdk/m.java com/xiaomi/push/bp.java com/xiaomi/push/cn.java com/xiaomi/push/co.java com/xiaomi/push/x.java com/xiaomi/push/y.java in/org/npci/commonlibrary/e.java in/org/npci/commonlibrary/k.java in/org/npci/commonlibrary/a/b.java org/npci/upi/security/pinactivitycomponent/Get Credential.java org/npci/upi/security/pinactivitycomponent/a.ja va org/npci/upi/security/pinactivitycomponent/ae.j ava org/npci/upi/security/pinactivitycomponent/ao.j ava org/npci/upi/security/pinactivitycomponent/d.ja va org/npci/upi/security/pinactivitycomponent/i.ja va
Enter the password to open this PDF file:
-
-
-
-
-
-
-
-
-
-
-
-