co.justababy.app Static Analysis.pdf

 APP SCORES Average CVSS 6.6 Security Score 10/100 Trackers Detection 11/385  FILE INFORMATION File Name Just a Baby Find Co parents Egg Sperm Donors_v0.17.5.0_apkfab.com.apk Size 17.57MB MD5 0230d89c13749f802e78af8e1399cc10 SHA1 1c896ccde16d21eb7f1c6629c33abf920b1b455f SHA256 1ab45b91da79bb8dbe30596d364b215a57771ea9b11c001d6def26af ad516f06  APP INFORMATION App Name Just a Baby Package Name co.justababy.app Main Activity co.justababy.app.MainActivity Target SDK 29 Min SDK 22 Max SDK Android Version Name 0.17.5.0 Android Version Code 1750  PLAYSTORE INFORMATION Title Just a Baby - Find Co-parents, Egg & Sperm Donors Score 3.4519231 Installs 50,000+ Price 0 Android Version Support 5.1 and up Category Parenting Play Store URL co.justababy.app Developer Just a Baby Inc., Developer ID Just+a+Baby+Inc. Developer Address 8 The Green, Suite A, Dover, Kent County, Delaware 19901, USA Developer Website https://www.justababy.com Developer Email info@justababy.com Release Date Sep 26, 2016 Privacy Policy Privacy link Description Looking for a sperm donor, egg donor, embryo donor or surrogate? Perhaps someone willing to co-parent? Maybe you can help others start a family? Just a Baby is the fastest growing community connecting you with thousands of people worldwide open to discussing surrogacy, donation and co-parenting. FREE TO FIND MATCHES AND CHAT With Just a Baby, it’s free to find matches and start chatting with potential donors, surrogates or co- parents, bringing you one step closer to achieving your dream of having a baby! JUST ONE SWIPE AWAY FROM STARTING A FAMILY Using Just a Baby is fun and easy too – just swipe right to like someone’s profile or swipe left to pass. If someone likes you back, then it’s a match! Once matched, we connect you together through the built-in messaging app. Simply swipe, match and connect until you find the right egg donor, sperm donor, embryo donor, surrogate or co-parent for you. CONNECT WITH LOCAL OR GLOBAL DONORS, SURROGATES & CO-PARENTS You can even search for “donors near me”, or filter your search results to find surrogates, sperm, egg and embryo donors around the world. GROW YOUR FAMILY YOUR WAY It’s totally your choice about how you use Just a Baby to start or grow your family. Some people want to find a donor to conceive, others want some level of involvement or communication, some want an anonymous arrangement, some want a co-parenting relationship and others just want to chat and think things over. Let Just a Baby help you find what you’re looking for! OR MAYBE YOU CAN HELP OTHERS? There are thousands of couples and singles wanting to start or grow their family. With Just a Baby, you can help others realize their dream of having a baby by letting them know, privately and confidentially, what you have to offer! Simply swipe, match and start a conversation! You never know where that might take you and who you might meet. Just remember, if you’re offering sperm, eggs, an embryo, or are interested in having a discussion about surrogacy or a co-parenting arrangement, simply let it be known on your Just a Baby profile so the right people can find you. UPGRADE FOR MORE! Subscribe to Just a Baby Plus+ and experience a whole new level of premium features, including: * Pro-search filters * ‘Masquerade Mode’ to swipe in full privacy without giving away your personal information; * Unlimited Like List to view the infinite list of users who liked you, plus the profiles you’ve liked; * Ability to send photo messages, pdfs and archive messages; * Ability to give feedback to users; * ‘Maybe Pile’ feature, allowing you to put profiles on a “Maybe” list which you can come back to at a later time. * And 20 Free Just a Baby *Credits* when you upgrade. DOWNLOAD FREE TODAY Start chatting and begin your baby journey FREE today with Just a Baby! ****************************** We're always excited to hear from you! If you have any feedback, questions, or concerns, please email us at info@justababy.com. ****************************** Remember, Just a Baby is for anyone looking to find a surrogate or surrogates to start or grow their family, anyone looking to make a co parenting arrangement, or even those wanting to embark on LGBT gay surrogacy. It’s also for those trying to get pregnant or conceive a baby through alternative means, including singles or couples who are perhaps struggling with fertility (or infertility) but really want to have a baby. And if you are an egg donor, sperm donor, womb donor or embryo donor, then the Just a Baby community is especially for you! Our fast growing community needs your help more than ever. Make a donation to someone in need, or even arrange a co parenting relationship! Just a Baby, kind of like a sperm bank, but better - helping you connect directly with those willing to help you make a baby. 22 ACTIVITIES 7 SERVICES View  View  7 RECEIVERS 8 PROVIDERS  Exported Activities 2  Exported Services 2  Exported Receivers 3  Exported Providers 0  SCAN OPTIONS  DECOMPILED CODE  SIGNER CERTIFICATE View  View  APK is signed v1 signature: True v2 signature: True v3 signature: False Found 1 unique certificates Subject: C=AU, ST=WA, L=Perth, O=Unknown, OU=Just A Baby, CN=Gerard Edwards Signature Algorithm: rsassa_pkcs1v15 Valid From: 2016-09-11 04:53:21+00:00 Valid To: 2044-01-28 04:53:21+00:00 Issuer: C=AU, ST=WA, L=Perth, O=Unknown, OU=Just A Baby, CN=Gerard Edwards Serial Number: 0x69e5d4ac Hash Algorithm: sha256 md5: 102578f04d138cddd49d4439a81dc188 sha1: c60740e3a2ee6f790a5d26e76b476a652b83cfeb sha256: 1127c52a38fa26925d21dc5dd0e3406edcf400c5cb88a1a2feeb206d2bd03733 sha512: 24dd454cc9f4636d7eb1b9b2ad099e7c7acad7415565d1acf955b067bfb14ba3a35c1289e9fccb28f000a056b25d4117c0dbbffb0e 861caa7420eec369edd202 PublicKey Algorithm: rsa Bit Size: 2048 Fingerprint: 1a24c5e2adfa928b52c47f954ee627598b4b66ffdc4f192c32ed58dc44fdfb93 Search: secure Application is signed with a code signing certificate warning Application is signed with v1 signature scheme, making it vulnerable to Janus vulnerability on Android <7.0 STATUS ↑↓ DESCRIPTION ↑↓ Showing 1 to 2 of 2 entries Previous Next  APPLICATION PERMISSIONS Search: android.permission.ACCESS_COARSE_LOCATION dangerous coarse (network- based) location Access coarse location sources, such as the mobile network database, to determine an approximate phone location, where available. Malicious applications can use this to determine approximately where you are. android.permission.ACCESS_FINE_LOCATION dangerous fine (GPS) location Access fine location sources, such as the Global Positioning System on the phone, where available. Malicious applications can use this to determine where you are and may consume additional battery power. android.permission.ACCESS_NETWORK_STATE normal view network status Allows an application to view the status of all networks. android.permission.BLUETOOTH normal create Bluetooth connections Allows applications to connect to paired bluetooth devices. PERMISSION ↑↓ STATUS ↑↓ INFO ↑↓ DESCRIPTION ↑↓ 1 android.permission.GET_ACCOUNTS dangerous list accounts Allows access to the list of accounts in the Accounts Service. android.permission.INTERNET normal full Internet access Allows an application to create network sockets. android.permission.MODIFY_AUDIO_SETTINGS normal change your audio settings Allows application to modify global audio settings, such as volume and routing. android.permission.READ_APP_BADGE unknown Unknown permission Unknown permission from android reference android.permission.READ_EXTERNAL_STORAGE dangerous read external storage contents Allows an application to read from external storage. android.permission.READ_PHONE_STATE dangerous read phone state and identity Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on. PERMISSION ↑↓ STATUS ↑↓ INFO ↑↓ DESCRIPTION ↑↓ Showing 1 to 10 of 33 entries Previous 2 3 4 Next 1  ANDROID API Search: Android Notifications me/leolin/shortcutbadger/impl/XiaomiHomeBadger.java io/intercom/com/bumptech/glide/request/target/NotificationTarget.java Base64 Decode it/nexxa/base64ToGallery/Base64ToGallery.java io/intercom/com/bumptech/glide/load/model/DataUrlLoader.java com/sarriaroman/PhotoViewer/PhotoActivity.java Base64 Encode com/appdynamics/eumagent/runtime/p000private/cr.java com/revenuecat/purchases/UtilsKt.java com/badrit/Base64/Base64Plugin.java API ↑↓ FILES ↑↓ Crypto io/intercom/okio/ByteString.java io/intercom/okio/HashingSink.java io/intercom/okio/Bu�er.java io/intercom/okio/HashingSource.java Execute OS Command cordova/plugins/Diagnostic.java Get Android Advertising ID com/revenuecat/purchases/Purchases.java com/revenuecat/purchases/util/AdvertisingIdClient.java Get Installed Applications io/branch/referral/ShareLinkManager.java io/branch/referral/SystemObserver.java me/leolin/shortcutbadger/ShortcutBadger.java io/branch/referral/validators/DeepLinkRoutingValidator.java Get Network Interface information io/branch/referral/SystemObserver.java Get SIM Operator Name com/appdynamics/eumagent/runtime/p000private/e.java Get SIM Provider Details com/appdynamics/eumagent/runtime/p000private/e.java API ↑↓ FILES ↑↓ Showing 1 to 10 of 29 entries Previous 2 3 Next 1  BROWSABLE ACTIVITIES Search: co.justababy.app.MainActivity Schemes : justababy://, https://, Hosts: khz5.app.link, khz5-alternate.app.link, com.google.android.gms.tagmanager.TagManagerPreviewActivity Schemes : tagmanager.c.co.justababy.app://, ACTIVITY ↑↓ INTENT ↑↓ Showing 1 to 2 of 2 entries Previous Next  NETWORK SECURITY Search: No data available in table NO ↑↓ SCOPE ↑↓ SEVERITY ↑↓ DESCRIPTION ↑↓ Showing 0 to 0 of 0 entries Previous Next 1  MANIFEST ANALYSIS Search: 1 Application Data can be Backed up [android:allowBackup] flag is missing. medium The flag [android:allowBackup] should be set to false. By default it is set to true and allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data o� of the device. 2 Service (org.apache.cordova.firebase.FirebasePluginMessagingService) is not Protected. An intent-filter exists. high A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Service is explicitly exported. NO ↑ ↓ ISSUE ↑ ↓ SEVERITY ↑ ↓ DESCRIPTION ↑ ↓ 3 Activity (com.google.firebase.auth.internal.FederatedSignInActivity) is Protected by a permission, but the protection level of the permission should be checked. Permission: com.google.firebase.auth.api.gms.permission.LAUNCH_FEDERATED_SIGN_IN [android:exported=true] high An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission. NO ↑ ↓ ISSUE ↑ ↓ SEVERITY ↑ ↓ DESCRIPTION ↑ ↓ 4 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) is Protected by a permission, but the protection level of the permission should be checked. Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] high A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission. NO ↑ ↓ ISSUE ↑ ↓ SEVERITY ↑ ↓ DESCRIPTION ↑ ↓ 5 Activity (com.google.android.gms.tagmanager.TagManagerPreviewActivity) is not Protected. [android:exported=true] high An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. 6 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) is Protected by a permission, but the protection level of the permission should be checked. Permission: com.google.android.c2dm.permission.SEND [android:exported=true] high A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the NO ↑ ↓ ISSUE ↑ ↓ SEVERITY ↑ ↓ DESCRIPTION ↑ ↓ permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission. NO ↑ ↓ ISSUE ↑ ↓ SEVERITY ↑ ↓ DESCRIPTION ↑ ↓ 7 Broadcast Receiver (com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver) is Protected by a permission, but the protection level of the permission should be checked. Permission: android.permission.INSTALL_PACKAGES [android:exported=true] high A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission. NO ↑ ↓ ISSUE ↑ ↓ SEVERITY ↑ ↓ DESCRIPTION ↑ ↓ 8 Broadcast Receiver (com.facebook.CampaignTrackingReceiver) is Protected by a permission, but the protection level of the permission should be checked. Permission: android.permission.INSTALL_PACKAGES [android:exported=true] high A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission. NO ↑ ↓ ISSUE ↑ ↓ SEVERITY ↑ ↓ DESCRIPTION ↑ ↓ Showing 1 to 8 of 8 entries Previous Next  CODE ANALYSIS Search: 1 The App logs information. Sensitive information should never be logged. info CVSS V2: 7.5 (high) CWE: CWE-532 Insertion of Sensitive Information into Log File OWASP MASVS: MSTG- STORAGE-3 cordova/plugin/RequestLocationAccuracy.java io/branch/BranchSDK.java kotlin/io/ConsoleKt.java io/intercom/com/bumptech/glide/load/engine/cache/MemorySizeCalcula com/appdynamics/eumagent/runtime/p000private/az.java io/intercom/com/bumptech/glide/load/model/ResourceLoader.java io/intercom/com/bumptech/glide/request/target/ViewTarget.java com/alexdisler/inapppurchases/Security.java cordova/plugins/Diagnostic_Wifi.java io/intercom/com/bumptech/glide/load/model/ByteBu�erFileLoader.java com/alexdisler/inapppurchases/InAppBillingV3.java NO ↑ ↓ ISSUE ↑ ↓ SEVERITY ↑ ↓ STANDARDS ↑ ↓ FILES 1 io/intercom/com/bumptech/glide/load/engine/SourceGenerator.java name/ratson/cordova/admob/banner/BannerListener.java cordova/plugins/Diagnostic_Notifications.java com/appdynamics/eumagent/runtime/p000private/cg.java io/branch/referral/PrefHelper.java com/appdynamics/eumagent/runtime/Instrumentation.java io/intercom/com/bumptech/glide/load/data/mediastore/ThumbnailStrea io/intercom/com/bumptech/glide/load/resource/bitmap/TransformationU uk/co/senab/photoview/PhotoViewAttacher.java io/intercom/com/bumptech/glide/load/data/HttpUrlFetcher.java com/hiddentao/cordova/filepath/FilePath.java io/intercom/com/bumptech/glide/load/engine/executor/GlideExecutor.jav io/branch/referral/validators/IntegrationValidator.java it/nexxa/base64ToGallery/Base64ToGallery.java com/appdynamics/eumagent/runtime/p000private/x.java io/intercom/com/bumptech/glide/load/model/ByteBu�erEncoder.java io/intercom/com/bumptech/glide/load/model/StreamEncoder.java bolts/MeasurementEvent.java io/intercom/com/bumptech/glide/load/engine/bitmap_recycle/LruBitmap io/intercom/com/bumptech/glide/load/resource/gif/ByteBu�erGifDecode com/revenuecat/purchases/Purchases$fetchAndCachePurchaserInfo$2.ja com/appdynamics/eumagent/runtime/p000private/bp.java uk/co/senab/photoview/log/LoggerDefault.java io/intercom/com/bumptech/glide/load/model/FileLoader.java com/appdynamics/eumagent/runtime/p000private/ba.java com/appdynamics/eumagent/runtime/p000private/e.java hu/dpal/phonegap/plugins/UniqueDeviceID.java io/intercom/com/bumptech/glide/load/engine/bitmap_recycle/LruArrayP io/intercom/com/bumptech/glide/load/engine/DecodePath.java NO ↑ ↓ ISSUE ↑ ↓ SEVERITY ↑ ↓ STANDARDS ↑ ↓ FILES