Static Analysis

App Icon

App Score

Average CVSS 0
Security Score 100/100

File Information

Name Zero Browse App.apk

Size 3.43MB

MD5 1fd71f2e79e4fb9576478fd657197b3f

SHA1 4d90e2afd18729247eb76848718233e6d3345671

SHA256 25c1a6e782d844e1c615bb2c5fe2f720509eb6ae33060d26156d5e63e8e76c3a

App Information

Package Name zero.browse.app

Main Activity com.applisto.appcloner.classes.PasswordActivity

Target SDK 27 Min SDK 12 Max SDK

Android Version Name Test 1

Android Version Code 1

Play Store Information

3

ACTIVITIES

View

1

SERVICES

View

1

RECEIVERS

View

1

PROVIDERS

View

Exported
Activities 1

Exported
Services 1

Exported
Receivers 1

Exported
Providers 1

Scan Options

Rescan

Start Dynamic Analysis

View Code

View Java Download Java Code
View Smali Download Smali Code

View AndroidManifest.xml

Signer Certificate


[
[
  Version: V3
  Subject: EMAILADDRESS=android@android.com, CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  
  Validity: [From: Fri Feb 29 01:33:46 UTC 2008,
               To: Tue Jul 17 01:33:46 UTC 2035]
  Issuer: EMAILADDRESS=android@android.com, CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US
  SerialNumber: [    936eacbe 07f201df]

Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 59 00 56 3D 27 2C 46   AE 11 86 05 A4 74 19 AC  HY.V=',F.....t..
0010: 09 CA 8C 11                                        ....
]
[EMAILADDRESS=android@android.com, CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US]
SerialNumber: [    936eacbe 07f201df]
]

[2]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 48 59 00 56 3D 27 2C 46   AE 11 86 05 A4 74 19 AC  HY.V=',F.....t..
0010: 09 CA 8C 11                                        ....
]
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 7A AF 96 8C EB 50 C4 41   05 51 18 D0 DA AB AF 01  z....P.A.Q......
0010: 5B 8A 76 5A 27 A7 15 A2   C2 B4 4F 22 14 15 FF DA  [.vZ'.....O"....
0020: CE 03 09 5A BF A4 2D F7   07 08 72 6C 20 69 E5 C3  ...Z..-...rl i..
0030: 6E DD AE 04 00 BE 29 45   2C 08 4B C2 7E B6 A1 7E  n.....)E,.K.....
0040: AC 9D BE 18 2C 20 4E B1   53 11 F4 55 D8 24 B6 56  ...., N.S..U.$.V
0050: DB E4 DC 22 40 91 2D 75   86 FE 88 95 1D 01 A8 FE  ..."@.-u........
0060: B5 AE 5A 42 60 53 5D F8   34 31 05 24 22 46 8C 36  ..ZB`S].41.$"F.6
0070: E2 2C 2A 5E F9 94 D6 1D   D7 30 6A E4 C9 F6 95 1B  .,*^.....0j.....
0080: A3 C1 2F 1D 19 14 DD C6   1F 1A 62 DA 2D F8 27 F6  ../.......b.-.'.
0090: 03 FE A5 60 3B 2C 54 0D   BD 7C 01 9C 36 BA B2 9A  ...`;,T.....6...
00A0: 42 71 C1 17 DF 52 3C DB   C5 F3 81 7A 49 E0 EF A6  Bq...R<....zI...
00B0: 0C BD 7F 74 17 7E 7A 4F   19 3D 43 F4 22 07 72 66  ...t..zO.=C.".rf
00C0: 6E 4C 4D 83 E1 BD 5A 86   08 7C F3 4F 2D EC 21 E2  nLM...Z....O-.!.
00D0: 45 CA 6C 2B B0 16 E6 83   63 80 50 D2 C4 30 EE A7  E.l+....c.P..0..
00E0: C2 6A 1C 49 D3 76 0A 58   AB 7F 1A 82 CC 93 8B 48  .j.I.v.X.......H
00F0: 31 38 43 24 BD 04 01 FA   12 16 3A 50 57 0E 68 4D  18C$......:PW.hM

]


Certicate Status: Bad
Description:The app is signed with `SHA1withRSA`. SHA1 hash algorithm is known to have collision issues.

Android Permissions

PERMISSION	STATUS	INFO	DESCRIPTION
android.permission.INTERNET	dangerous	full Internet access	Allows an application to create network sockets.
android.permission.WRITE_EXTERNAL_STORAGE	dangerous	read/modify/delete SD card contents	Allows an application to write to the SD card.

Android Library Binary Analysis

ISSUE	SEVERITY	DESCRIPTION	FILES

Android API

API	FILES

Browsable Activities

ACTIVITY	INTENT

Manifest Analysis

ISSUE	SEVERITY	DESCRIPTION
Application Data can be Backed up [android:allowBackup=true]	medium	This flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
Content Provider (com.applisto.appcloner.classes.DefaultProvider) is not Protected. [android:exported=true]	high	A Content Provider is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
Service (com.applisto.appcloner.service.RemoteService) is not Protected. [android:exported=true]	high	A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
Broadcast Receiver (com.applisto.appcloner.classes.DefaultProvider$DefaultReceiver) is not Protected. [android:exported=true]	high	A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
Activity (com.applisto.appcloner.classes.DefaultProvider$MyActivity) is not Protected. [android:exported=true]	high	An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
TaskAffinity is set for Activity (com.applisto.appcloner.classes.PasswordActivity)	high	If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.

Code Analysis

ISSUE	SEVERITY	CVSS	CWE	FILES

File Analysis

ISSUE	FILES

APKiD Analysis

APKiD not enabled.

FILE

Malware Check

URLs

Firebase Databases

Emails

Strings

"app_name" : "Zero Browse App"

Activities

zero.browse.app.MainActivity
com.applisto.appcloner.classes.DefaultProvider$MyActivity
com.applisto.appcloner.classes.PasswordActivity

Services

com.applisto.appcloner.service.RemoteService

Broadcast Receivers

com.applisto.appcloner.classes.DefaultProvider$DefaultReceiver

Content Providers

com.applisto.appcloner.classes.DefaultProvider

Libraries

Files

AndroidManifest.xml
META-INF/ANDROID.RSA
META-INF/ANDROID.SF
META-INF/MANIFEST.MF
__launcher_icon.png
assets/MontserratSans.otf
assets/natives_sec_blob.dat
assets/zero.browse.app/funcs.js
assets/zero.browse.app/home.html
assets/zero.browse.app/logo.png
assets/zero.browse.app/more.html
assets/zero.browse.app/styles.css
assets/zero.browse.app/wivi.html
classes.dex
com/applisto/appcloner/classes/cloneSettings.json
com/applisto/appcloner/classes/strings.properties
lib/arm64-v8a/libappcloner.so
lib/arm64-v8a/libsandhook-native.so
lib/arm64-v8a/libsandhook.so
lib/armeabi-v7a/libappcloner.so
lib/armeabi-v7a/libsandhook-native.so
lib/armeabi-v7a/libsandhook.so
res/__anim_enter.xml
res/__anim_enter_reverse.xml
res/__anim_exit.xml
res/__anim_exit_reverse.xml
res/layout/activity_main.xml
res/mipmap/app_icon.png
resources.arsc