Pets

ANDROID STATIC ANALYSIS REPORT
 Pets Station (1.0.22)
AF3DWBfkGpzLDiMDFxTo4XhicYUCStAldu_bYSMV_CIXaT0cwqgSOifyJLI7qNxFb7rxJqO8whFKgYy6lsPGzCY_--
File Name:
9da1Qdlad3LpGjV7h38S5vaL4sQJcq9W0bRKyvRui-XD0MCvs0TXjE5bUI9v4O0nqgsDOMiA.apk
Package
com.petstationa1
Name:
Average
CVSS 6.2
Score:
App
Security 10/100 (CRITICAL RISK)
Score:
Trackers
Detection: 6/260
 FILE INFORMATION
File Name: AF3DWBfkGpzLDiMDFxTo4XhicYUCStAldu_bYSMV_CIXaT0cwqgSOifyJLI7qNxFb7rxJqO8whFKgYy6lsPGzCY_--
9da1Qdlad3LpGjV7h38S5vaL4sQJcq9W0bRKyvRui-XD0MCvs0TXjE5bUI9v4O0nqgsDOMiA.apk
Size: 34.88MB
MD5: 034e2ef6353516d8c2434508354bcc87
SHA1: 1e9ad0e3eb89461b6a24de12f65d27558c6c822a
SHA256: 7c7f2c930827d42953bf3efaff3d716c811ceaaf8d7d10d870156dd0af37e4a3
 APP INFORMATION
App Name: Pets Station
Package Name: com.petstationa1
Main Activity: com.mybeeps.DashboardActivity
Target SDK: 28
Min SDK: 19
Max SDK:
Android Version Name: 1.0.22
Android Version Code: 22
 APP COMPONENTS
Activities: 76
Services: 8
Receivers: 11
Providers: 4
Exported Activities: 3
Exported Services: 5
Exported Receivers: 8
Exported Providers: 0
 CERTIFICATE INFORMATION
APK is signed
v1 signature: True
v2 signature: True
v3 signature: True
Found 1 unique certificates
Subject: C=US, ST=California, L=Mountain View, O=Google Inc., OU=Android, CN=Android
Signature Algorithm: rsassa_pkcs1v15
Valid From: 2019-04-08 21:33:21+00:00
Valid To: 2049-04-08 21:33:21+00:00
Issuer: C=US, ST=California, L=Mountain View, O=Google Inc., OU=Android, CN=Android
Serial Number: 0xca647174e47b7589ee5cddfa187478178e7a2e7e
Hash Algorithm: sha256
md5: eeff50a838a6d8e436894dd207af7fed
sha1: e45b13ea7031ca657256888d1ba7a0852dee4a24
sha256: 1d69b929a974f899d03c6c80247f5ff080d7dd17254603caa335dc8d9944d0c6
sha512:
389e8f846ac43f169376d3e741c1d8f12650b32aa7d07ec7b33bb822ba0013e6265cf2a8e717ce94661ca7aff0319348a0f407e0865a02711a001c1de587832e
PublicKey Algorithm: rsa

Bit Size: 4096
Fingerprint: 15587a50598aa6f281cf6cb4d73049d2a472eeb6af3c9dc7874e0658755ee779
Certificate Status: Good

Description: Certificate looks good.
 APPLICATION PERMISSIONS
PERMISSION STATUS INFO DESCRIPTION
android.permission.INTERNET dangerous full Internet access Allows an application to create network sockets.
view network
android.permission.ACCESS_NETWORK_STATE normal Allows an application to view the status of all networks.
status
Allows an application to view the information about

android.permission.ACCESS_WIFI_STATE normal view Wi-Fi status
the status of Wi-Fi.
Allows application to take pictures and videos with the

take pictures and
android.permission.CAMERA dangerous camera. This allows the application to collect images
videos
that the camera is seeing at any time.
read SD card
android.permission.READ_EXTERNAL_STORAGE dangerous Allows an application to read from SD Card.
contents
read/modify/delete
android.permission.WRITE_EXTERNAL_STORAGE dangerous Allows an application to write to the SD card.
SD card contents
android.permission.VIBRATE normal control vibrator Allows the application to control the vibrator.
com.google.android.c2dm.permission.RECEIVE signature C2DM permissions Permission for cloud to device messaging.
Unknown
com.android.vending.CHECK_LICENSE dangerous permission from Unknown permission from android reference
android reference
prevent phone Allows an application to prevent the phone from going

android.permission.WAKE_LOCK dangerous
from sleeping to sleep.
Allows cloud to
com.petstationa1.permission.C2D_MESSAGE signature Allows the application to receive push notifications.
device messaging
 SHARED LIBRARY BINARY ANALYSIS
ISSUE SEVERITY DESCRIPTION FILES
Found elf built In order to prevent an attacker from reliably jumping to, for example, a
without particular exploited function in memory, Address space layout
Position randomization (ASLR) randomly arranges the address space positions of
high lib/mips64/libphotoprocessing.so
Independent key data areas of a process, including the base of the executable and
Executable the positions of the stack, heap and libraries. Built with option <strong>-
(PIE) flag pie</strong>.
 APKID ANALYSIS
FILE DETAILS
FINDINGS DETAILS
Build.FINGERPRINT check
Build.MODEL check
Build.MANUFACTURER check
classes.dex Anti-VM Code Build.PRODUCT check
Build.HARDWARE check
possible Build.SERIAL check
possible VM check
Compiler dx
FINDINGS DETAILS
classes2.dex Anti-VM Code Build.MANUFACTURER check
possible Build.SERIAL check
Compiler dx
FILE DETAILS
FINDINGS DETAILS
Build.MODEL check
Build.MANUFACTURER check
Anti-VM Code Build.PRODUCT check
Build.TAGS check
possible ro.secure check
possible VM check
classes3.dex
Anti Debug Code Debug.isDebuggerConnected() check
Compiler dx
 BROWSABLE ACTIVITIES
ACTIVITY INTENT
com.facebook.CustomTabActivity Schemes: @string/fb_login_protocol_scheme://,
Schemes: https://,
com.mybeeps.DashboardActivity
Hosts: millet.hokuapps.com,
com.mybeeps.SignupAppCompActivity Schemes: mybeeps://,
 MANIFEST ANALYSIS
ISSUE SEVERITY DESCRIPTION
The app intends to use cleartext network

traffic, such as cleartext HTTP, FTP stacks,
DownloadManager, and MediaPlayer. The
default value for apps that target API level
27 or lower is "true". Apps that target API
Clear text traffic is Enabled For App level 28 or higher default to "false". The key
high
[android:usesCleartextTraffic=true] reason for avoiding cleartext traffic is the
lack of confidentiality, authenticity, and
protections against tampering; a network
attacker can eavesdrop on transmitted
data and also modify it without being
detected.
An Activity is found to be shared with other

Activity (com.facebook.CustomTabActivity) is not Protected. apps on the device therefore leaving it
high
[android:exported=true] accessible to any other application on the
device.
An Activity should not be having the launch

mode attribute set to
"singleTask/singleInstance" as it becomes
root Activity and it is possible for other
Launch Mode of Activity (com.mybeeps.DashboardActivity) is not standard. high applications to read the contents of the
calling Intent. So it is required to use the
"standard" launch mode attribute when
sensitive information is included in an
Intent.

apps on the device therefore leaving it
Activity (com.mybeeps.ForwardActionActivity) is not Protected. accessible to any other application on the
high
An intent-filter exists. device. The presence of intent-filter
indicates that the Activity is explicitly
exported.

Activity (com.mybeeps.SignupAppCompActivity) is not Protected. accessible to any other application on the
high
indicates that the Activity is explicitly
exported.
An Activity should not be having the launch

mode attribute set to
"singleTask/singleInstance" as it becomes
root Activity and it is possible for other
Launch Mode of Activity (com.mybeeps.twiliovideo.VideoSessionActivity) is not
high applications to read the contents of the
standard.
calling Intent. So it is required to use the
"standard" launch mode attribute when
sensitive information is included in an
Intent.
A Broadcast Receiver is found to be shared

with other apps on the device therefore
Broadcast Receiver (com.mybeeps.broadcastreceiver.NetworkChangeReceiver) is
leaving it accessible to any other
not Protected. high
application on the device. The presence of
An intent-filter exists.
intent-filter indicates that the Broadcast
Receiver is explicitly exported.

Broadcast Receiver (com.mybeeps.broadcastreceiver.ForceAppUpgradeReceiver)
is not Protected. high

Broadcast Receiver (com.mybeeps.broadcastreceiver.UserRoleChangeReceiver) is
not Protected. high

Broadcast Receiver (com.mybeeps.broadcastreceiver.ReloadConfigReceiver) is not
Protected. high

Broadcast Receiver (com.mybeeps.broadcastreceiver.OnUpgradeReceiver) is not
Protected. high
Broadcast Receiver A Broadcast Receiver is found to be shared

(com.mybeeps.locationProvider.LocationUpdatesBroadcastReceiver) is not with other apps on the device therefore
high
Protected. leaving it accessible to any other
[android:exported=true] application on the device.
A Service is found to be shared with other

Service (com.mybeeps.fcm.FCMessagingService) is not Protected. accessible to any other application on the
high
indicates that the Service is explicitly
exported.

Service (com.mybeeps.fcm.FCMInstanceIDService) is not Protected. accessible to any other application on the
high
indicates that the Service is explicitly
exported.

Service (com.google.firebase.messaging.FirebaseMessagingService) is not
Protected. high
accessible to any other application on the
[android:exported=true]
device.

accessible to any other application on the
device. It is protected by a permission
Service (com.google.android.gms.auth.api.signin.RevocationBoundService) is
which is not defined in the analysed
Protected by a permission, but the protection level of the permission should be
application. As a result, the protection level
checked.
high of the permission should be checked where
Permission:
it is defined. If it is set to normal or
com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION
dangerous, a malicious application can
request and obtain the permission and
interact with the component. If it is set to
signature, only applications signed with the
same certificate can obtain the permission.

application on the device. It is protected by
Broadcast Receiver a permission which is not defined in the
(com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver) analysed application. As a result, the
is Protected by a permission, but the protection level of the permission should be protection level of the permission should
high
checked. be checked where it is defined. If it is set to
Permission: android.permission.INSTALL_PACKAGES normal or dangerous, a malicious
[android:exported=true] application can request and obtain the
permission and interact with the
component. If it is set to signature, only
applications signed with the same
certificate can obtain the permission.

application on the device. It is protected by
a permission which is not defined in the
Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) is
analysed application. As a result, the
Protected by a permission, but the protection level of the permission should be
protection level of the permission should
checked. high
be checked where it is defined. If it is set to
Permission: com.google.android.c2dm.permission.SEND
normal or dangerous, a malicious
application can request and obtain the
permission and interact with the
component. If it is set to signature, only
applications signed with the same
certificate can obtain the permission.

Service (com.google.firebase.iid.FirebaseInstanceIdService) is not Protected. apps on the device therefore leaving it
high
[android:exported=true] accessible to any other application on the
device.
 CODE ANALYSIS
ISSUE SEVERITY CVSS CWE OWASP FILES
pl/droidsonroids/gif/MultiCallback.java
org/slf4j/helpers/SubstituteLogger.java
org/slf4j/helpers/BasicMarker.java
org/joda/time/PeriodType.java
org/joda/time/DateTimeComparator.java
org/joda/time/UTCDateTimeZone.java
org/joda/time/DateTimeZone.java
org/joda/time/LocalDate.java
org/joda/time/chrono/BasicChronology.java
org/joda/time/chrono/IslamicChronology.java
org/joda/time/chrono/LimitChronology.java
org/joda/time/chrono/GJCacheKey.java
org/joda/time/chrono/LenientChronology.java
org/joda/time/chrono/ZonedChronology.java
org/joda/time/chrono/ISOChronology.java
org/joda/time/chrono/GJChronology.java
org/joda/time/chrono/StrictChronology.java
org/joda/time/chrono/BuddhistChronology.java
org/joda/time/field/ScaledDurationField.java
org/joda/time/field/AbstractReadableInstantField
Property.java
org/joda/time/field/PreciseDurationField.java
org/joda/time/field/DelegatedDurationField.java
org/joda/time/field/AbstractPartialFieldProperty.j
ava
org/joda/time/field/UnsupportedDurationField.ja
va
org/joda/time/format/DateTimeFormat.java
org/joda/time/tz/CachedDateTimeZone.java
org/joda/time/tz/FixedDateTimeZone.java
org/joda/time/base/AbstractInstant.java
org/joda/time/base/AbstractPartial.java
org/joda/time/base/AbstractInterval.java
org/joda/time/base/AbstractPeriod.java
org/joda/time/base/BaseSingleFieldPeriod.java
org/joda/time/convert/ConverterSet.java
rx/Notification.java
rx/internal/util/OpenHashSet.java
rx/schedulers/Timestamped.java
rx/schedulers/TimeInterval.java
com/itextpdf/awt/geom/Point2D.java
com/itextpdf/awt/geom/AffineTransform.java
com/itextpdf/awt/geom/Dimension.java
com/itextpdf/awt/geom/Rectangle2D.java
com/itextpdf/awt/geom/misc/RenderingHints.jav
a
com/itextpdf/awt/geom/misc/HashCode.java
com/itextpdf/text/pdf/Glyph.java
com/itextpdf/text/pdf/PatternColor.java
com/itextpdf/text/pdf/PdfSpotColor.java
com/itextpdf/text/pdf/SpotColor.java
com/itextpdf/text/pdf/DeviceNColor.java
com/itextpdf/text/pdf/ShadingColor.java
com/itextpdf/text/pdf/PdfSmartCopy.java
com/itextpdf/testutils/CompareTool.java
com/squareup/picasso/RemoteViewsAction.java
com/squareup/otto/EventHandler.java
com/squareup/otto/EventProducer.java
com/xinlan/imageeditlibrary/picchooser/Gallery
Adapter.java
com/amazonaws/metrics/SimpleMetricType.java
com/amazonaws/regions/Region.java
com/amazonaws/auth/SessionCredentialsProvid
erFactory.java
com/amazonaws/auth/policy/Principal.java
com/amazonaws/handlers/RequestHandler2Ada
ptor.java
com/amazonaws/services/kms/model/KeyMetad
ata.java
com/amazonaws/services/kms/model/EncryptRe
sult.java
com/amazonaws/services/kms/model/CreateCus
tomKeyStoreResult.java
com/amazonaws/services/kms/model/GetKeyPol
icyResult.java
com/amazonaws/services/kms/model/CreateKey
Request.java
com/amazonaws/services/kms/model/ReEncrypt
Result.java
com/amazonaws/services/kms/model/TagResou
rceRequest.java
com/amazonaws/services/kms/model/ListRetira
bleGrantsResult.java
com/amazonaws/services/kms/model/Generate
RandomResult.java
com/amazonaws/services/kms/model/CreateGra
ntRequest.java
com/amazonaws/services/kms/model/ListAliases
Request.java
com/amazonaws/services/kms/model/ListGrants
Request.java
DataKeyResult.java
com/amazonaws/services/kms/model/ListKeyPol
iciesResult.java
com/amazonaws/services/kms/model/CustomKe
yStoresListEntry.java
com/amazonaws/services/kms/model/CreateAlia
sRequest.java
DataKeyWithoutPlaintextRequest.java
com/amazonaws/services/kms/model/ListKeysR
esult.java
com/amazonaws/services/kms/model/Tag.java
com/amazonaws/services/kms/model/AliasListE
ntry.java
com/amazonaws/services/kms/model/UntagRes
ourceRequest.java
com/amazonaws/services/kms/model/GrantCon
straints.java
com/amazonaws/services/kms/model/ScheduleK
eyDeletionResult.java
com/amazonaws/services/kms/model/KeyListEnt
ry.java
DataKeyRequest.java
com/amazonaws/services/kms/model/CreateGra
ntResult.java
com/amazonaws/services/kms/model/GetParam
etersForImportResult.java
com/amazonaws/services/kms/model/GetKeyRo
tationStatusRequest.java
com/amazonaws/services/kms/model/EnableKey
RotationRequest.java
com/amazonaws/services/kms/model/DescribeK
eyResult.java
com/amazonaws/services/kms/model/UpdateKe
yDescriptionRequest.java
DataKeyWithoutPlaintextResult.java
com/amazonaws/services/kms/model/GetKeyRo
tationStatusResult.java
com/amazonaws/services/kms/model/GrantListE
ntry.java
RandomRequest.java
com/amazonaws/services/kms/model/ListKeyPol
iciesRequest.java
com/amazonaws/services/kms/model/ListAliases
Result.java
com/amazonaws/services/kms/model/UpdateAli
asRequest.java
com/amazonaws/services/kms/model/EnableKey
Request.java
com/amazonaws/services/kms/model/DescribeK
eyRequest.java
com/amazonaws/services/kms/model/GetKeyPol
icyRequest.java
com/amazonaws/services/kms/model/ReEncrypt
Request.java
com/amazonaws/services/kms/model/DecryptRe
quest.java
com/amazonaws/services/kms/model/DeleteImp
ortedKeyMaterialRequest.java
com/amazonaws/services/kms/model/Disconnec
tCustomKeyStoreRequest.java
com/amazonaws/services/kms/model/PutKeyPol
icyRequest.java
com/amazonaws/services/kms/model/DisableKe
yRotationRequest.java
com/amazonaws/services/kms/model/ListResou
rceTagsResult.java
com/amazonaws/services/kms/model/CreateCus
tomKeyStoreRequest.java
com/amazonaws/services/kms/model/EncryptRe
quest.java
com/amazonaws/services/kms/model/ScheduleK
eyDeletionRequest.java
com/amazonaws/services/kms/model/DisableKe
yRequest.java
com/amazonaws/services/kms/model/ListResou
rceTagsRequest.java
com/amazonaws/services/kms/model/CancelKey
DeletionRequest.java
com/amazonaws/services/kms/model/CancelKey
DeletionResult.java
com/amazonaws/services/kms/model/ListGrants
Result.java
com/amazonaws/services/kms/model/ConnectC
ustomKeyStoreRequest.java
com/amazonaws/services/kms/model/DecryptRe
sult.java
com/amazonaws/services/kms/model/DescribeC
ustomKeyStoresResult.java
com/amazonaws/services/kms/model/RetireGra
ntRequest.java
com/amazonaws/services/kms/model/DeleteCus
tomKeyStoreRequest.java
com/amazonaws/services/kms/model/GetParam
etersForImportRequest.java
com/amazonaws/services/kms/model/ListRetira
bleGrantsRequest.java
com/amazonaws/services/kms/model/CreateKey
Result.java
com/amazonaws/services/kms/model/UpdateCu
stomKeyStoreRequest.java
com/amazonaws/services/kms/model/ListKeysR
equest.java
com/amazonaws/services/kms/model/DeleteAlia
sRequest.java
com/amazonaws/services/kms/model/ImportKe
yMaterialRequest.java
com/amazonaws/services/kms/model/RevokeGr
antRequest.java
com/amazonaws/services/kms/model/DescribeC
ustomKeyStoresRequest.java
com/amazonaws/services/s3/AmazonS3URI.java
com/amazonaws/services/s3/model/AccessContr
olList.java
com/amazonaws/services/s3/model/Tag.java
com/amazonaws/services/s3/model/Grant.java
com/amazonaws/services/s3/model/Owner.java
com/amazonaws/services/s3/model/CanonicalGr
antee.java
com/amazonaws/services/s3/model/EmailAddre
ssGrantee.java
com/amazonaws/services/cognitoidentity/model
/UnprocessedIdentityId.java
/TagResourceRequest.java
/SetIdentityPoolRolesRequest.java
/DeleteIdentitiesResult.java
/ListIdentitiesRequest.java
/ListTagsForResourceResult.java
/LookupDeveloperIdentityRequest.java
/UntagResourceRequest.java
/Credentials.java
/GetCredentialsForIdentityResult.java
/GetOpenIdTokenForDeveloperIdentityResult.jav
a
/DescribeIdentityPoolRequest.java
/ListTagsForResourceRequest.java
/RulesConfigurationType.java
/ListIdentitiesResult.java
/DescribeIdentityResult.java
/ListIdentityPoolsResult.java
/GetCredentialsForIdentityRequest.java
/DeleteIdentityPoolRequest.java
/DescribeIdentityRequest.java
/GetOpenIdTokenResult.java
/UnlinkDeveloperIdentityRequest.java
/UnlinkIdentityRequest.java
/DeleteIdentitiesRequest.java
/CreateIdentityPoolRequest.java
/DescribeIdentityPoolResult.java
/MappingRule.java
/GetIdentityPoolRolesResult.java
/MergeDeveloperIdentitiesRequest.java
/GetOpenIdTokenRequest.java
/IdentityDescription.java
/GetIdentityPoolRolesRequest.java
/RoleMapping.java
/CreateIdentityPoolResult.java
/LookupDeveloperIdentityResult.java
/UpdateIdentityPoolResult.java
/ListIdentityPoolsRequest.java
/CognitoIdentityProvider.java
/GetIdResult.java
/MergeDeveloperIdentitiesResult.java
/UpdateIdentityPoolRequest.java
/IdentityPoolShortDescription.java
/GetOpenIdTokenForDeveloperIdentityRequest.ja
va
/GetIdRequest.java
com/amazonaws/services/securitytoken/model/
GetSessionTokenResult.java
PolicyDescriptorType.java
GetCallerIdentityResult.java
Credentials.java
AssumedRoleUser.java
AssumeRoleRequest.java
AssumeRoleWithWebIdentityRequest.java
GetFederationTokenRequest.java
FederatedUser.java
AssumeRoleWithWebIdentityResult.java
GetFederationTokenResult.java
AssumeRoleResult.java
GetSessionTokenRequest.java
com/amazonaws/services/cognitoidentityprovide
r/model/ChangePasswordRequest.java
r/model/AdminListUserAuthEventsResult.java
r/model/CreateGroupRequest.java
r/model/RespondToAuthChallengeResult.java
r/model/EventFeedbackType.java
r/model/EventRiskType.java
r/model/UpdateDeviceStatusRequest.java
r/model/EventContextDataType.java
r/model/GetGroupRequest.java
r/model/DeleteResourceServerRequest.java
r/model/DeviceConfigurationType.java
r/model/AdminSetUserMFAPreferenceRequest.ja
va
r/model/CreateUserPoolResult.java
r/model/UserPoolPolicyType.java
r/model/DescribeIdentityProviderResult.java
r/model/AdminForgetDeviceRequest.java
r/model/TagResourceRequest.java
r/model/AdminDeleteUserRequest.java
r/model/AdminCreateUserRequest.java
r/model/AdminUpdateUserAttributesRequest.jav
a
r/model/CreateUserPoolClientRequest.java
r/model/ConfirmDeviceResult.java
r/model/DeviceType.java
r/model/AdminCreateUserResult.java
r/model/GetDeviceRequest.java
r/model/DeviceSecretVerifierConfigType.java
r/model/AdminDeleteUserAttributesRequest.java
r/model/SmsConfigurationType.java
r/model/RiskConfigurationType.java
r/model/ConfirmForgotPasswordRequest.java
r/model/VerifySoftwareTokenResult.java
r/model/AdminListUserAuthEventsRequest.java
r/model/DescribeUserPoolClientResult.java
r/model/AdminUpdateDeviceStatusRequest.java
r/model/UserImportJobType.java
r/model/AdminGetDeviceRequest.java
r/model/UpdateUserPoolRequest.java
r/model/UpdateResourceServerRequest.java
r/model/CreateUserPoolDomainRequest.java
r/model/UpdateIdentityProviderRequest.java
This App uses Java Hash Code. com/amazonaws/services/cognitoidentityprovide
It's a weak hash function and 2.3 CWE- r/model/AdminResetUserPasswordRequest.java
warning com/amazonaws/services/cognitoidentityprovide
should never be used in Secure low 327
Crypto Implementation. r/model/LambdaConfigType.java
r/model/UserPoolAddOnsType.java
r/model/ListIdentityProvidersResult.java
r/model/ListUserPoolClientsResult.java
r/model/ProviderDescription.java
r/model/ProviderUserIdentifierType.java
r/model/ListUserPoolsRequest.java
r/model/RiskExceptionConfigurationType.java
r/model/EmailConfigurationType.java
r/model/SoftwareTokenMfaConfigType.java
r/model/ListTagsForResourceResult.java
r/model/StopUserImportJobResult.java
r/model/GetIdentityProviderByIdentifierResult.ja
va
r/model/AdminUserGlobalSignOutRequest.java
r/model/ContextDataType.java
r/model/UpdateGroupRequest.java
r/model/HttpHeader.java
r/model/DeleteUserPoolDomainRequest.java
r/model/NotifyConfigurationType.java
r/model/AdminRemoveUserFromGroupRequest.j
ava
r/model/UntagResourceRequest.java
r/model/AdminRespondToAuthChallengeRequest
.java
r/model/UpdateAuthEventFeedbackRequest.java
r/model/GetUserPoolMfaConfigRequest.java
r/model/AdminGetUserRequest.java
r/model/GetUserResult.java
r/model/UpdateUserPoolClientRequest.java
r/model/ListTagsForResourceRequest.java
r/model/SetRiskConfigurationRequest.java
r/model/AdminCreateUserConfigType.java
r/model/SmsMfaConfigType.java
r/model/StartUserImportJobResult.java
r/model/VerificationMessageTemplateType.java
r/model/UpdateUserPoolClientResult.java
r/model/ForgotPasswordResult.java
r/model/AdminInitiateAuthResult.java
r/model/DeleteUserRequest.java
r/model/UserPoolClientDescription.java
r/model/VerifySoftwareTokenRequest.java
r/model/DeleteUserPoolRequest.java
r/model/ListResourceServersRequest.java
r/model/ListUserImportJobsRequest.java
r/model/ListResourceServersResult.java
r/model/StopUserImportJobRequest.java
r/model/DescribeUserPoolResult.java
r/model/MFAOptionType.java
r/model/ListUsersRequest.java
r/model/UpdateUserAttributesResult.java
r/model/DeleteUserPoolClientRequest.java
r/model/AdminGetUserResult.java
r/model/DescribeRiskConfigurationResult.java
r/model/ListUserImportJobsResult.java
r/model/RespondToAuthChallengeRequest.java
r/model/AdminListDevicesRequest.java
r/model/GetCSVHeaderRequest.java
r/model/UICustomizationType.java
r/model/ListIdentityProvidersRequest.java
r/model/CreateIdentityProviderResult.java
r/model/CreateUserPoolRequest.java
r/model/CreateResourceServerRequest.java
r/model/SignUpRequest.java
r/model/CreateUserPoolClientResult.java
r/model/AdminInitiateAuthRequest.java
r/model/GetIdentityProviderByIdentifierRequest.j
ava
r/model/DomainDescriptionType.java
r/model/GetUserRequest.java
r/model/CreateIdentityProviderRequest.java
r/model/SetUICustomizationResult.java
r/model/UpdateUserPoolDomainRequest.java
r/model/CreateUserImportJobResult.java
r/model/AttributeType.java
r/model/DescribeUserPoolClientRequest.java
r/model/AdminSetUserPasswordRequest.java
r/model/UpdateUserPoolDomainResult.java
r/model/AdminListGroupsForUserResult.java
r/model/DescribeUserImportJobRequest.java
r/model/DeleteUserAttributesRequest.java
r/model/UpdateIdentityProviderResult.java
r/model/UpdateGroupResult.java
r/model/InitiateAuthResult.java
r/model/DescribeUserPoolRequest.java
r/model/AuthEventType.java
r/model/GetUICustomizationRequest.java
r/model/AccountTakeoverActionType.java
r/model/ListUserPoolClientsRequest.java
r/model/AdminConfirmSignUpRequest.java
r/model/AccountTakeoverRiskConfigurationType.
java
r/model/GetDeviceResult.java
r/model/UserPoolDescriptionType.java
r/model/ResendConfirmationCodeResult.java
r/model/NotifyEmailType.java
r/model/GetUICustomizationResult.java
r/model/CompromisedCredentialsRiskConfigurati
onType.java
r/model/AdminListDevicesResult.java
r/model/DescribeIdentityProviderRequest.java
r/model/StringAttributeConstraintsType.java
r/model/AssociateSoftwareTokenResult.java
r/model/NewDeviceMetadataType.java
r/model/DescribeResourceServerResult.java
r/model/ListGroupsResult.java
r/model/SetRiskConfigurationResult.java
r/model/CreateUserPoolDomainResult.java
r/model/SetUserPoolMfaConfigResult.java
r/model/AuthenticationResultType.java
r/model/ListDevicesRequest.java
r/model/CompromisedCredentialsActionsType.ja
va
r/model/ForgotPasswordRequest.java
r/model/AdminDisableUserRequest.java
r/model/ListGroupsRequest.java
r/model/GetCSVHeaderResult.java
r/model/ResourceServerScopeType.java
r/model/AdminEnableUserRequest.java
r/model/AccountTakeoverActionsType.java
r/model/SetUserMFAPreferenceRequest.java
r/model/DescribeUserPoolDomainRequest.java
r/model/IdentityProviderType.java
r/model/GetUserPoolMfaConfigResult.java
r/model/AssociateSoftwareTokenRequest.java
r/model/AnalyticsConfigurationType.java
r/model/SoftwareTokenMfaSettingsType.java
r/model/ResourceServerType.java
r/model/PasswordPolicyType.java
r/model/ListUsersInGroupResult.java
r/model/GetUserAttributeVerificationCodeReques
t.java
r/model/GlobalSignOutRequest.java
r/model/AdminUpdateAuthEventFeedbackReque
st.java
r/model/AdminListGroupsForUserRequest.java
r/model/DescribeUserImportJobResult.java
r/model/InitiateAuthRequest.java
r/model/UpdateUserAttributesRequest.java
r/model/GroupType.java
r/model/AdminGetDeviceResult.java
r/model/SchemaAttributeType.java
r/model/ForgetDeviceRequest.java
r/model/UserPoolType.java
r/model/DescribeRiskConfigurationRequest.java
r/model/SetUserSettingsRequest.java
r/model/CodeDeliveryDetailsType.java
r/model/CreateResourceServerResult.java
r/model/DeleteGroupRequest.java
r/model/CustomDomainConfigType.java
r/model/ListDevicesResult.java
r/model/GetSigningCertificateResult.java
r/model/ListUsersResult.java
r/model/GetGroupResult.java
r/model/CreateUserImportJobRequest.java
r/model/SMSMfaSettingsType.java
r/model/ConfirmSignUpRequest.java
r/model/GetSigningCertificateRequest.java
r/model/ChallengeResponseType.java
r/model/AdminAddUserToGroupRequest.java
r/model/NumberAttributeConstraintsType.java
r/model/SetUserPoolMfaConfigRequest.java
r/model/ResendConfirmationCodeRequest.java
r/model/ConfirmDeviceRequest.java
r/model/UserContextDataType.java
r/model/DescribeResourceServerRequest.java
r/model/ListUsersInGroupRequest.java
r/model/AdminLinkProviderForUserRequest.java
r/model/AddCustomAttributesRequest.java
r/model/SetUICustomizationRequest.java
r/model/DeleteIdentityProviderRequest.java
r/model/MessageTemplateType.java
r/model/UserPoolClientType.java
r/model/AnalyticsMetadataType.java
r/model/UpdateResourceServerResult.java
r/model/DescribeUserPoolDomainResult.java
r/model/AdminRespondToAuthChallengeResult.ja
va
r/model/VerifyUserAttributeRequest.java
r/model/CreateGroupResult.java
r/model/AdminSetUserSettingsRequest.java
r/model/UserType.java
r/model/GetUserAttributeVerificationCodeResult.j
ava
r/model/StartUserImportJobRequest.java
r/model/AdminDisableProviderForUserRequest.j
ava
r/model/SignUpResult.java
r/model/ListUserPoolsResult.java
com/mybeeps/emoji/model/Emojicon.java
com/mybeeps/utils/Utility.java
com/mybeeps/model/Group.java
com/mybeeps/googlesignin/GoogleSignIn.java
com/amulyakhare/textdrawable/util/ColorGener
ator.java
com/nostra13/universalimageloader/core/image
aware/NonViewAware.java
com/nostra13/universalimageloader/core/image
aware/ViewAware.java
com/nostra13/universalimageloader/cache/disc/
naming/HashCodeFileNameGenerator.java
com/koushikdutta/async/http/BasicNameValueP
air.java
com/koushikdutta/async/http/ProtocolVersion.ja
va
com/koushikdutta/async/http/cache/Objects.java
com/koushikdutta/async/http/spdy/Header.java
com/bumptech/glide/util/MultiClassKey.java
com/bumptech/glide/signature/MediaStoreSigna
ture.java
com/bumptech/glide/signature/StringSignature.j
ava
com/bumptech/glide/load/model/GlideUrl.java
com/bumptech/glide/load/model/ModelCache.ja
va
com/bumptech/glide/load/model/LazyHeaders.ja
va
com/bumptech/glide/load/resource/gif/GifFrame
Loader.java
com/bumptech/glide/load/engine/EngineKey.jav
a
com/bumptech/glide/load/engine/OriginalKey.ja
va
com/bumptech/glide/load/engine/prefill/PreFillT
ype.java
com/bumptech/glide/load/engine/bitmap_recycl
e/AttributeStrategy.java
e/SizeConfigStrategy.java
com/stripe/android/PaymentSessionConfig.java
com/stripe/android/PaymentSessionData.java
com/stripe/android/StripeApiHandler.java
com/stripe/android/CardUtils.java
com/stripe/android/PaymentSessionUtils.java
com/stripe/android/model/Source.java
com/stripe/android/model/StripeJsonModel.java
com/fasterxml/jackson/core/Version.java
com/fasterxml/jackson/core/JsonLocation.java
com/fasterxml/jackson/core/sym/BytesToNameC
anonicalizer.java
com/fasterxml/jackson/core/io/SerializedString.j
org/slf4j/helpers/Util.java
ava
org/joda/time/tz/ZoneInfoCompiler.java
org/joda/time/tz/DateTimeZoneBuilder.java
bolts/MeasurementEvent.java
a/b/a/c.java
a/b/c/a.java
com/itextpdf/xmp/XMPMetaFactory.java
com/itextpdf/text/pdf/BarcodePDF417.java
com/itextpdf/text/pdf/Type1Font.java
com/itextpdf/text/pdf/PdfLister.java
com/itextpdf/text/pdf/codec/Base64.java
com/itextpdf/text/pdf/parser/PdfContentReaderT
ool.java
com/itextpdf/text/pdf/parser/LocationTextExtract
ionStrategy.java
com/itextpdf/text/log/SysoCounter.java
com/itextpdf/text/log/DefaultCounter.java
com/itextpdf/text/log/SysoLogger.java
com/squareup/picasso/StatsSnapshot.java
com/squareup/picasso/Utils.java
com/xinlan/imageeditlibrary/picchooser/Logger.j
ava
com/xinlan/imageeditlibrary/editimage/view/ima
gezoom/ImageViewTouchBase.java
com/scottyab/rootbeer/RootBeer.java
com/scottyab/rootbeer/RootBeerNative.java
com/scottyab/rootbeer/util/QLog.java
com/amazonaws/cognito/clientcontext/datacolle
ction/ApplicationDataCollector.java
com/amazonaws/cognito/clientcontext/util/Signa
tureGenerator.java
com/amazonaws/cognito/clientcontext/data/Use
rContextDataProvider.java
com/amazonaws/auth/CognitoCachingCredential
sProvider.java
com/amazonaws/mobile/auth/core/IdentityMan
ager.java
com/amazonaws/mobile/auth/core/DefaultSignI
nResultHandler.java
com/amazonaws/mobile/auth/core/signin/SignIn
Manager.java
com/amazonaws/mobile/client/AWSMobileClient
.java
com/amazonaws/mobile/client/internal/Internal
Callback.java
com/amazonaws/mobile/client/internal/oauth2/
OAuth2Client.java
com/amazonaws/logging/LogFactory.java
com/amazonaws/logging/AndroidLog.java
com/mybeeps/AppTrackerActivity.java
com/mybeeps/PlayerViewActivity.java
com/mybeeps/MapActivity.java
com/mybeeps/MapsAppCompactActivity.java
com/mybeeps/DashboardActivity.java
com/mybeeps/SettingCompatActivity.java
com/mybeeps/WebAppActivity.java
com/mybeeps/MainActivity.java
com/mybeeps/BaseCompatActivity.java
com/mybeeps/DownloadS3FileUtility.java
com/mybeeps/SignupAppCompActivity.java
com/mybeeps/ConfigTabActivity.java
com/mybeeps/database/MybeepsContentProvid
er.java
com/mybeeps/IPayPayment/IPayPayment.java
com/mybeeps/restrequest/ServiceParser.java
com/mybeeps/dao/IntegrationCommandDAO.jav
a
com/mybeeps/dao/IntegrationDAO.java
com/mybeeps/scantext/ScanTextUtility.java
com/mybeeps/utils/UriUtility.java
com/mybeeps/utils/KinsisLog.java
com/mybeeps/utils/KeyboardUtils.java
com/mybeeps/annotate/AnnotateActivity.java
com/mybeeps/annotate/MultiTouchController.ja
va
com/mybeeps/adapter/CursorRecyclerAdapter.ja
va
com/mybeeps/adapter/PlacesAutocompleteAdap
terPredictions.java
com/mybeeps/adapter/SearchAutoCompleteAda
pter.java
com/mybeeps/adapter/RecentChatCursorAdapter
RecyclerView.java
com/mybeeps/adapter/GooglePlacesAutocomple
teAdapter.java
com/mybeeps/youtube/YoutubeUtility.java
com/mybeeps/backgroundtask/AsyncImageLoad
erUrl.java
com/mybeeps/backgroundtask/AsyncImagePrese
nter.java
com/mybeeps/backgroundtask/RoofingUploader
AsyncTask.java
com/mybeeps/backgroundtask/DownloadTask.ja
va
com/mybeeps/backgroundtask/LoadEarlierMess
ageAsyncTask.java
com/mybeeps/backgroundtask/ProfileUploaderA
syncTask.java
com/mybeeps/backgroundtask/AsyncImageLoad
er.java
com/mybeeps/socketio/SocketIOFactory.java
com/mybeeps/fingerprintauth/FingerprintAuthen
ticationDialogFragment.java
com/mybeeps/locationProvider/LocationUpdates
BroadcastReceiver.java
com/mybeeps/trcking/TrackingActivity.java
com/mybeeps/trcking/receiver/MyReceiver.java
com/mybeeps/fragment/WebAppFragment.java
com/mybeeps/fragment/NewMapFragment.java
com/mybeeps/model/Message.java
com/mybeeps/model/Group.java
com/mybeeps/model/RecentChatMessage.java
com/mybeeps/model/User.java
com/mybeeps/fcm/FCMessagingService.java
com/mybeeps/synchronizer/PostCommentClient
Event.java
com/mybeeps/synchronizer/ContactSynchronize
r.java
com/mybeeps/synchronizer/AddGroupMemberC
lientEvent.java
com/mybeeps/synchronizer/RegisterAppTokenEv
ent.java
com/mybeeps/synchronizer/KinsisPutLogClientE
vent.java
com/mybeeps/synchronizer/SendNewMessageCl
ientEvent.java
com/mybeeps/synchronizer/GetAppMessageQue
ryModeClientEvent.java
com/mybeeps/synchronizer/ChangePasswordCli
entEvent.java
com/mybeeps/synchronizer/SaveClickAnalysisCli
entEvent.java
com/mybeeps/synchronizer/GetGroupActivityMe
ssages.java
com/mybeeps/synchronizer/ResetGroupUnreadC
ountRESTClient.java
com/mybeeps/synchronizer/LogoutClientEvent.ja
va
com/mybeeps/synchronizer/UpdateUnreadCoun
tV2ClientEvent.java
com/mybeeps/synchronizer/ResignFromGroupCl
ientEvent.java
com/mybeeps/synchronizer/RESTClientRequest.j
ava
com/mybeeps/synchronizer/CreateNewGroupV3
ClientEvent.java
com/mybeeps/synchronizer/GetAllTagsClientEve
nt.java
com/mybeeps/synchronizer/SyncUserIntegration
CommandsEvent.java
com/mybeeps/synchronizer/GetUserLastSeenV2
Task.java
com/mybeeps/synchronizer/UserIntegrationClien
tEvent.java
com/mybeeps/synchronizer/GetChatMessagesV5
.java
com/mybeeps/synchronizer/MessageStatusUpda
teRestClientEvent.java
com/mybeeps/synchronizer/UpdateNotificationS
ettingsClientEvent.java
com/mybeeps/synchronizer/GetMessageAppUrlF
orMBAppsV2.java
com/mybeeps/synchronizer/ResendInvitationClie
The App logs information.
7.5 CWE- ntEvent.java
Sensitive information should info
high 532 com/mybeeps/synchronizer/SyncMobileV5RESTC
never be logged.
lient.java
com/mybeeps/synchronizer/GroupProfileUpdate
ClientEvent.java
com/mybeeps/synchronizer/ResetDefaultPasswo
rdClientEvent.java
com/mybeeps/synchronizer/GetUserMyBeepsInt
egrationsV2Rest.java
com/mybeeps/synchronizer/MessageStatusUpda
teClientEvent.java
com/mybeeps/synchronizer/CreateNewGroupCli
entEvent.java
com/mybeeps/synchronizer/AuthorizationTypeCl
ientEvent.java
com/mybeeps/synchronizer/MapAsyncTask.java
com/mybeeps/synchronizer/LoginClientEvent.jav
a
com/mybeeps/synchronizer/GetGroupDetailsClie
ntEvent.java
com/mybeeps/synchronizer/OrgSyncClientEvent.
java
com/mybeeps/synchronizer/SocketClientEventRe
quest.java
com/mybeeps/synchronizer/RefreshTokenV2Tas
k.java
com/mybeeps/synchronizer/onborading/GetOnb
oardingStatusRequest.java
com/mybeeps/synchronizer/onborading/Onboar
dManager.java
com/mybeeps/service/GetFileMobileDetailsClient
Event.java
com/mybeeps/service/SocketManager.java
com/mybeeps/service/ChatManager.java
com/mybeeps/googlesignin/GoogleSignIn.java
com/mybeeps/broadcastreceiver/NetworkChang
eReceiver.java
com/mybeeps/broadcastreceiver/NotificationRec
eiver.java
com/mybeeps/speechrecognizer/DroidSpeech.ja
va
com/mybeeps/widgets/TokenCompleteView.java
com/rtugeek/android/colorseekbar/Logger.java
com/github/javiersantos/piracychecker/PiracyCh
ecker$start$1$doNotAllow$1$1.java
com/github/javiersantos/licensing/LibraryChecke
r.java
com/github/javiersantos/licensing/LibraryValidat
or.java
com/github/javiersantos/licensing/ServerManage
dPolicy.java
com/github/javiersantos/licensing/APKExpansion
Policy.java
com/github/javiersantos/licensing/PreferenceObf
uscator.java
com/github/javiersantos/licensing/util/URIQuery
Decoder.java
com/sandrios/sandriosCamera/internal/ui/view/
CameraControlPanel.java
com/sandrios/sandriosCamera/internal/ui/previe
w/PreviewActivity.java
com/sandrios/sandriosCamera/internal/utils/Ca
meraHelper.java
com/sandrios/sandriosCamera/internal/utils/Ima
geSaver.java
com/sandrios/sandriosCamera/internal/controlle
r/impl/Camera1Controller.java
r/impl/Camera2ControllerAPI24.java
r/impl/Camera2Controller.java
com/sandrios/sandriosCamera/internal/manager
/impl/Camera1Manager.java
/impl/BaseCameraManager.java
/impl/Camera2Manager.java
com/koushikdutta/async/AsyncServer.java
com/koushikdutta/async/ByteBufferList.java
com/koushikdutta/async/PushParser.java
com/koushikdutta/async/AsyncNetworkSocket.ja
va
com/koushikdutta/async/http/AsyncHttpRequest.
java
com/koushikdutta/async/http/server/AsyncHttpS
erverRequestImpl.java
com/koushikdutta/ion/IonRequestBuilder.java
com/koushikdutta/ion/IonLog.java
com/koushikdutta/ion/Ion.java
com/koushikdutta/ion/bitmap/Exif.java
com/koushikdutta/ion/bitmap/IonBitmapCache.j
ava
com/koushikdutta/ion/conscrypt/ConscryptMidd
leware.java
com/koushikdutta/ion/cookie/CookieMiddleware
.java
com/koushikdutta/ion/gif/GifDecoder.java
com/theartofdev/edmodo/cropper/BitmapUtils.j
ava
com/theartofdev/edmodo/cropper/CropImageAc
tivity.java
com/theartofdev/edmodo/cropper/CropOverlay
View.java
com/bumptech/glide/Glide.java
com/bumptech/glide/util/ContentLengthInputStr
eam.java
com/bumptech/glide/util/ByteArrayPool.java
com/bumptech/glide/gifdecoder/GifDecoder.java
com/bumptech/glide/gifdecoder/GifHeaderParse
r.java
com/bumptech/glide/gifencoder/AnimatedGifEnc
oder.java
com/bumptech/glide/manager/RequestManager
Retriever.java
com/bumptech/glide/load/model/ImageVideoMo
delLoader.java
com/bumptech/glide/load/model/StreamEncode
r.java
com/bumptech/glide/load/model/ResourceLoad
er.java
com/bumptech/glide/load/resource/bitmap/Recy
clableBufferedInputStream.java
com/bumptech/glide/load/resource/bitmap/Ima
geVideoBitmapDecoder.java
com/bumptech/glide/load/resource/bitmap/Bitm
apEncoder.java
com/bumptech/glide/load/resource/bitmap/Dow
nsampler.java
com/bumptech/glide/load/resource/bitmap/Tran
sformationUtils.java
com/bumptech/glide/load/resource/bitmap/Ima
geHeaderParser.java
com/bumptech/glide/load/resource/gif/GifResou
rceDecoder.java
com/bumptech/glide/load/resource/gif/GifResou
rceEncoder.java
com/bumptech/glide/load/data/MediaStoreThu
mbFetcher.java
com/bumptech/glide/load/data/AssetPathFetcher
.java
com/bumptech/glide/load/data/HttpUrlFetcher.ja
va
com/bumptech/glide/load/data/LocalUriFetcher.j
ava
com/bumptech/glide/load/engine/EngineRunnab
le.java
com/bumptech/glide/load/engine/CacheLoader.j
ava
com/bumptech/glide/load/engine/Engine.java
com/bumptech/glide/load/engine/DecodeJob.jav
a
com/bumptech/glide/load/engine/cache/DiskLru
CacheWrapper.java
com/bumptech/glide/load/engine/cache/Memor
ySizeCalculator.java
com/bumptech/glide/load/engine/prefill/Bitmap
PreFillRunner.java
com/bumptech/glide/load/engine/executor/FifoP
riorityThreadPoolExecutor.java
e/LruBitmapPool.java
com/bumptech/glide/request/GenericRequest.jav
a
com/bumptech/glide/request/target/ViewTarget.j
ava
com/ipay/IPayIHSelectionActivity.java
com/ipay/IPayIHAcitivityR.java
com/ipay/IPayIHActivity.java
bolts/MeasurementEvent.java
rx/internal/schedulers/NewThreadWorker.java
com/itextpdf/text/Version.java
com/itextpdf/text/pdf/PdfWriter.java
com/amazonaws/cognito/clientcontext/datacolle
ction/DeviceDataCollector.java
com/amazonaws/cognito/clientcontext/data/Use
rContextDataProvider.java
com/amazonaws/auth/CognitoCachingCredential
sProvider.java
com/amazonaws/auth/policy/conditions/Conditi
onFactory.java
com/amazonaws/auth/policy/conditions/S3Cond
itionFactory.java
com/amazonaws/internal/keyvaluestore/KeyPro
vider18.java
com/amazonaws/internal/keyvaluestore/KeyPro
vider10.java
com/amazonaws/mobile/auth/core/IdentityMan
ager.java
com/amazonaws/mobile/client/AWSMobileClient
.java
com/amazonaws/mobile/client/internal/oauth2/
OAuth2Client.java
com/amazonaws/mobileconnectors/s3/transferu
tility/TransferObserver.java
com/amazonaws/mobileconnectors/s3/transferu
tility/TransferTable.java
com/amazonaws/mobileconnectors/cognitoident
Files may contain hardcoded
7.4 CWE- M9: Reverse ityprovider/util/CognitoServiceConstants.java
sensitive informations like high
high 312 Engineering com/amazonaws/mobileconnectors/cognitoident
usernames, passwords, keys etc.
ityprovider/util/CognitoPinpointSharedContext.ja
va
com/amazonaws/mobileconnectors/cognitoident
ityprovider/util/CognitoDeviceHelper.java
com/amazonaws/services/s3/Headers.java
com/amazonaws/services/s3/model/S3ObjectSu
mmary.java
com/mybeeps/MapActivity.java
com/mybeeps/UserCommunicationActivity.java
com/mybeeps/WebSignupAcitvity.java
com/mybeeps/database/MybeepsDatabaseHelpe
r.java
com/mybeeps/database/Tables.java
com/mybeeps/constant/AppConstant.java
com/mybeeps/constant/DefaultLoginDetails.java
com/mybeeps/fragment/ShowListFragment.java
com/mybeeps/fragment/NewMapFragment.java
com/mybeeps/widgets/swipablelayout/ViewBind
erHelper.java
com/ipay/constants/ParameterConstants.java
com/stripe/android/EphemeralKey.java
com/stripe/android/LoggingUtils.java
com/stripe/android/PaymentSession.java
com/stripe/android/model/SourceParams.java
com/stripe/android/model/Source.java
bolts/WebViewAppLinkResolver.java
Insecure WebView
com/mybeeps/barcodereader/BarcodeCaptureAc
Implementation. Execution of 8.8 CWE- M1: Improper
warning tivity.java
user controlled code in WebView high 749 Platform Usage
com/mybeeps/fragment/CallHistoryFragment.jav
is a critical Security Hole.
a
com/mybeeps/fragment/WebAppFragment.java
Insecure Implementation of SSL.

Trusting all the certificates or a/b/a/c.java
accepting self signed certificates 7.4 CWE- M3: Insecure com/mybeeps/backgroundtask/MediaFileUpload
high
is a critical Security Hole. This high 295 Communication erAsyncTask.java
application is vulnerable to MITM com/ipay/IPayIHSelectionActivity.java
attacks
com/itextpdf/text/pdf/PdfEncryption.java
com/itextpdf/text/pdf/PdfReader.java
SHA-1 is a weak hash known to 5.9 CWE- M5: Insufficient
high com/koushikdutta/async/http/WebSocketImpl.ja
have hash collisions. medium 327 Cryptography
va
com/stripe/android/StripeTextUtils.java
com/itextpdf/text/pdf/PdfPublicKeySecurityHand
ler.java
com/itextpdf/text/pdf/security/SecurityIDs.java
com/itextpdf/text/pdf/security/OCSPVerifier.java
com/itextpdf/text/pdf/security/CertificateInfo.jav
a
com/itextpdf/text/pdf/security/EncryptionAlgorit
hms.java
com/itextpdf/text/pdf/security/PdfPKCS7.java
com/itextpdf/text/pdf/security/CertificateVerificat
4.3 CWE-
IP Address disclosure warning ion.java
medium 200
com/itextpdf/text/pdf/security/BouncyCastleDige
st.java
com/itextpdf/text/pdf/security/DigestAlgorithms.
java
com/itextpdf/text/pdf/security/SecurityConstants
.java
com/koushikdutta/async/AsyncSSLSocketWrappe
r.java
com/koushikdutta/async/dns/Dns.java
com/itextpdf/text/pdf/PdfStamper.java
com/mybeeps/utils/MailUtility.java
App creates temp file. Sensitive
5.5 CWE- M2: Insecure com/theartofdev/edmodo/cropper/BitmapUtils.j
information should never be high
medium 276 Data Storage ava
written into a temp file.
com/theartofdev/edmodo/cropper/CropImageAc
tivity.java
com/xinlan/imageeditlibrary/picchooser/Logger.j
ava
com/xinlan/imageeditlibrary/editimage/utils/Bit
mapUtils.java
com/mybeeps/utils/UriUtility.java
com/mybeeps/utils/LogUtility.java
com/mybeeps/utils/MybeepsHelper.java
App can read/write to External
5.5 CWE- M2: Insecure com/mybeeps/fragment/WebAppFragment.java
Storage. Any App can read data high
medium 276 Data Storage com/mybeeps/imagecrop/ImageCropperActivity.j
written to External Storage.
ava
com/mybeeps/imagecrop/CropImage.java
com/github/javiersantos/piracychecker/utils/Libr
aryUtilsKt.java
com/sandrios/sandriosCamera/internal/utils/Ca
meraHelper.java
com/nostra13/universalimageloader/utils/Storag
eUtils.java
This App may have root 0

secure com/scottyab/rootbeer/RootBeer.java
detection capabilities. info
This App may request root 0 CWE-

high com/scottyab/rootbeer/Const.java
(Super User) privileges. info 250
com/amazonaws/retry/PredefinedRetryPolicies.j
ava
com/mybeeps/IPayPayment/IPayPayment.java
com/mybeeps/speechrecognizer/AnimatorBarR
The App uses an insecure 7.5 CWE- M5: Insufficient
high ms.java
Random Number Generator. high 330 Cryptography
com/amulyakhare/textdrawable/util/ColorGener
ator.java
com/github/javiersantos/piracychecker/utils/Salt
Utils.java
com/koushikdutta/async/util/FileCache.java
com/koushikdutta/async/dns/Dns.java
App uses SQLite Database and com/amazonaws/mobileconnectors/s3/transferu

execute raw SQL query. tility/TransferTable.java
Untrusted user input in raw SQL com/mybeeps/database/MybeepsDatabaseHelpe
5.9 CWE- M7: Client Code
queries can cause SQL Injection. high r.java
medium 89 Quality
Also sensitive information should com/mybeeps/database/MybeepsContentProvid
be encrypted and written to the er.java
database. com/mybeeps/model/AuthenticatedUser.java
Remote WebView debugging is 5.4 CWE- M1: Improper

high com/mybeeps/WebActivity.java
enabled. medium 919 Platform Usage
This App copies data to com/mybeeps/fragment/ChatMessageFragment.j

clipboard. Sensitive data should 0 ava
info
not be copied to clipboard as info com/mybeeps/fragment/MessageDialogFragmen
other applications can access it. t.java
MD5 is a weak hash known to 7.4 CWE- M5: Insufficient com/nostra13/universalimageloader/cache/disc/

high
have hash collisions. high 327 Cryptography naming/Md5FileNameGenerator.java
 DOMAIN MALWARE CHECK
DOMAIN STATUS GEOLOCATION
ns.adobe.com good No Geolocation information available.
IP: 128.30.52.100
Country: United States of America
Region: Massachusetts
www.w3.org good City: Cambridge
Latitude: 42.365078
Longitude: -71.104523
View: Google Map
IP: 172.217.13.131
Region: California
maps.gstatic.com good City: Mountain View
Latitude: 37.405991
View: Google Map
IP: 83.166.144.67
Country: Switzerland
Region: Geneve
www.slf4j.org good City: Carouge
Latitude: 46.180962
Longitude: 6.13921
View: Google Map
IP: 95.216.24.32
Country: Finland
Region: Uusimaa
apache.org good City: Helsinki
Latitude: 60.169521
Longitude: 24.93545
View: Google Map
IP: 54.173.46.200
Region: Virginia
apps.hokuapps.com good City: Ashburn
Latitude: 39.04372
View: Google Map
IP: 195.102.186.19
Country: United Kingdom of Great Britain and Northern Ireland
Region: England
www.color.org good City: Manchester
Latitude: 53.480949
Longitude: -2.23743
View: Google Map
IP: 216.33.126.92
Region: Virginia
www.npes.org good City: Vienna
Latitude: 38.926575
View: Google Map
login.s good No Geolocation information available.
IP: 31.13.80.36
Country: Canada
Region: Ontario
m.facebook.com good City: Toronto
Latitude: 43.700111
View: Google Map
IP: 172.217.13.202
Region: California
maps.googleapis.com good City: Mountain View
Latitude: 37.405991
View: Google Map
vm-mpayment.cloudapp.net good No Geolocation information available.
IP: 54.186.23.98
Region: Oregon
stripe.com good City: Portland
Latitude: 45.523449
View: Google Map
IP: 194.232.153.3
Country: Austria
Region: Wien
iptc.org good City: Vienna
Latitude: 48.208488
Longitude: 16.37208
View: Google Map
IP: 107.181.102.220
Region: West Virginia
www.aiim.org good City: Parkersburg
Latitude: 39.266739
View: Google Map
IP: 52.22.225.25
Region: Virginia
petsstationorg.hokuapps.com good City: Ashburn
Latitude: 39.04372
View: Google Map
IP: 54.211.253.178
Region: Virginia
www.hokuapps.com good City: Ashburn
Latitude: 39.04372
View: Google Map
acs.amazonaws.com good No Geolocation information available.
IP: 10.0.2.2
Country: -
Region: -
10.0.2.2 good City: -
Latitude: 0.0
Longitude: 0.0
View: Google Map
IP: 172.217.13.110
Region: California
play.google.com good City: Mountain View
Latitude: 37.405991
View: Google Map
IP: 111.67.33.90
Country: Malaysia
Region: Selangor
www.mobile88.com good City: Petaling Jaya
Latitude: 3.10726
Longitude: 101.606712
View: Google Map
IP: 140.82.114.3
Region: California
github.com good City: San Francisco
Latitude: 37.7757
View: Google Map
embraceasiatest.beepup.com good No Geolocation information available.
IP: 54.186.23.98
Region: Oregon
q.stripe.com good City: Portland
Latitude: 45.523449
View: Google Map
schemas.android.com good No Geolocation information available.
IP: 54.211.253.178
Region: Virginia
hokuapps.com good City: Ashburn
Latitude: 39.04372
View: Google Map
IP: 3.213.124.164
Region: Virginia
devfiles.hokuapps.com good City: Ashburn
Latitude: 39.04372
View: Google Map
IP: 34.202.153.183
Region: Virginia
api.stripe.com good City: Ashburn
Latitude: 39.04372
View: Google Map
IP: 118.82.81.189
Country: Japan
Region: Tokyo
cipa.jp good City: Tokyo
Latitude: 35.689507
View: Google Map
IP: 52.219.116.200
Region: California
s3-us-west-1.amazonaws.com good City: San Francisco
Latitude: 37.774929
View: Google Map
IP: 130.246.140.235
Country: United Kingdom of Great Britain and Northern Ireland
Region: England
www.ngs.ac.uk good City: Appleton
Latitude: 51.709511
Longitude: -1.36136
View: Google Map
IP: 188.64.79.58
Country: Belgium
Region: Vlaams-Brabant
mynomadesk.com good City: Machelen
Latitude: 50.91061
Longitude: 4.44174
View: Google Map
IP: 195.201.96.189
Country: Germany
Region: Bayern
www.simplifiedcoding.net good City: Gunzenhausen
Latitude: 48.32333
Longitude: 11.60122
View: Google Map
vohracert.com good No Geolocation information available.
IP: 195.238.226.27
Country: France
Region: Provence-Alpes-Cote-d'Azur
uri.etsi.org good City: Sophia Antipolis
Latitude: 43.622223
Longitude: 7.05
View: Google Map
IP: 172.217.13.142
Region: California
drive.google.com good City: Mountain View
Latitude: 37.405991
View: Google Map
IP: 104.239.240.11
Region: Texas
xml.org good City: Windcrest
Latitude: 29.499678
View: Google Map
s.mybeeps.com good No Geolocation information available.
IP: 35.165.223.82
Region: Oregon
m.stripe.com good City: Portland
Latitude: 45.523449
View: Google Map
IP: 207.241.224.2
Region: California
purl.org good City: San Francisco
Latitude: 37.781734
View: Google Map
IP: 54.83.4.77
Region: Virginia
ns.useplus.org good City: Ashburn
Latitude: 39.04372
View: Google Map
javax.xml.xmlconstants good No Geolocation information available.
IP: 136.147.101.199
Region: California
ap2.salesforce.com good City: San Francisco
Latitude: 37.788464
View: Google Map
s.s good No Geolocation information available.
IP: 52.203.92.86
Region: Virginia
files.hokuapps.com good City: Ashburn
Latitude: 39.04372
View: Google Map
IP: 139.59.11.216
Country: India
Region: Karnataka
api.androidhive.info good City: Bangalore
Latitude: 12.97623
View: Google Map
IP: 13.107.42.13
Region: Iowa
onedrive.live.com good City: Des Moines
Latitude: 41.60054
View: Google Map
IP: 52.216.205.229
Region: Virginia
s3.amazonaws.com good City: Ashburn
Latitude: 39.04372
View: Google Map
IP: 104.244.42.65
Region: California
twitter.com good City: San Francisco
Latitude: 37.773968
View: Google Map
IP: 162.125.11.1
Region: California
www.dropbox.com good City: San Francisco
Latitude: 37.7757
View: Google Map
IP: 54.88.22.72
Region: Virginia
socket.hokuapps.com good City: Ashburn
Latitude: 39.04372
View: Google Map
IP: 172.217.13.142
Region: California
maps.google.co.in good City: Mountain View
Latitude: 37.405991
View: Google Map
IP: 172.217.13.206
Region: California
maps.google.com good City: Mountain View
Latitude: 37.405991
View: Google Map
IP: 31.13.80.8
Country: Canada
Region: Ontario
graph.facebook.com good City: Toronto
Latitude: 43.700111
View: Google Map
IP: 104.110.159.148
Region: Massachusetts
www.amazon.com good City: Cambridge
Latitude: 42.363598
View: Google Map
IP: 184.168.221.81
Region: Arizona
s3bucket.com good City: Scottsdale
Latitude: 33.601974
View: Google Map
IP: 35.170.169.182
Region: Virginia
wv-keyos.licensekeyserver.com good City: Ashburn
Latitude: 39.04372
View: Google Map
IP: 35.201.97.85
Region: California
pets-station-fb5c4.firebaseio.com good City: Mountain View
Latitude: 37.405991
View: Google Map
IP: 184.73.201.169
Region: Virginia
api.ipify.org good City: Ashburn
Latitude: 39.04372
View: Google Map
IP: 151.101.136.193
Region: California
i.imgur.com good City: San Francisco
Latitude: 37.7757
View: Google Map
yourteamname.mybeeps.com good No Geolocation information available.
prompttechsecurity.beepup.com good No Geolocation information available.
IP: 3.227.79.169
Region: Virginia
integration.hokuapps.com good City: Ashburn
Latitude: 39.04372
View: Google Map
www.xfa.org good No Geolocation information available.
 URLS
URL FILE
http://schemas.android.com/apk/res/android pl/droidsonroids/gif/GifTextView.java
http://schemas.android.com/apk/res/android pl/droidsonroids/gif/GifViewUtils.java
http://schemas.android.com/apk/res/android pl/droidsonroids/gif/GifTextureView.java
http://www.slf4j.org/codes.html#no_static_mdc_binder
org/slf4j/MDC.java
http://www.slf4j.org/codes.html#null_MDCA
http://www.slf4j.org/codes.html
http://www.slf4j.org/codes.html#loggerNameMismatch
http://www.slf4j.org/codes.html#multiple_bindings
http://www.slf4j.org/codes.html#StaticLoggerBinder
http://www.slf4j.org/codes.html#null_LF org/slf4j/LoggerFactory.java
http://www.slf4j.org/codes.html#replay
http://www.slf4j.org/codes.html#substituteLogger
http://www.slf4j.org/codes.html#unsuccessfulInit
http://www.slf4j.org/codes.html#version_mismatch
javascript:boltsWebViewAppLinkResolverResult.setValue((function() bolts/WebViewAppLinkResolver.java
URL FILE
file:///android_asset/richeditor.html
javascript:zss_editor.setTextAlign(
javascript:zss_editor.setVerticalAlign(
javascript:zss_editor.setHTML('
javascript:zss_editor.setBaseTextColor('
javascript:zss_editor.setBaseFontSize('
javascript:zss_editor.setPadding('
javascript:zss_editor.setBackgroundImage('url(data:image/png;base64,
javascript:zss_editor.setBackgroundImage('url(
javascript:zss_editor.setWidth('
javascript:zss_editor.setHeight('
javascript:zss_editor.setPlaceholder('
javascript:zss_editor.undo();
javascript:zss_editor.redo();
javascript:zss_editor.setBold();
javascript:zss_editor.setItalic();
javascript:zss_editor.setSubscript();
javascript:zss_editor.setSuperscript();
javascript:zss_editor.setStrikeThrough();
javascript:zss_editor.setUnderline();
javascript:zss_editor.prepareInsert(); jp/wasabeef/richeditor/IOSRichEditor.java
javascript:zss_editor.setTextColor('
javascript:zss_editor.setTextBackgroundColor('
javascript:zss_editor.setFontSize('
javascript:zss_editor.removeFormat();
javascript:zss_editor.setHeading('
javascript:zss_editor.setIndent();
javascript:zss_editor.setOutdent();
javascript:zss_editor.setJustifyLeft();
javascript:zss_editor.setJustifyCenter();
javascript:zss_editor.setJustifyRight();
javascript:zss_editor.setBlockquote();
javascript:zss_editor.setBullets();
javascript:zss_editor.showDialog();
javascript:zss_editor.setTitleforLink();
javascript:zss_editor.setNumbers();
javascript:zss_editor.insertImage('
javascript:zss_editor.insertLink('
javascript:zss_editor.setTodo('
javascript:zss_editor.focusEditor();
javascript:zss_editor.blurFocus();
URL FILE
file:///android_asset/editor.html
javascript:RE.setTextAlign(
javascript:RE.setVerticalAlign(
javascript:RE.setHtml('
javascript:RE.setBaseTextColor('
javascript:RE.setBaseFontSize('
javascript:RE.setPadding('
javascript:RE.setBackgroundImage('url(data:image/png;base64,
javascript:RE.setBackgroundImage('url(
javascript:RE.setWidth('
javascript:RE.setHeight('
javascript:RE.setPlaceholder('
javascript:RE.undo();
javascript:RE.redo();
javascript:RE.setBold(
javascript:RE.setItalic('
javascript:RE.setSubscript();
javascript:RE.setSuperscript();
javascript:RE.setStrikeThrough('
javascript:RE.setUnderline('
javascript:RE.prepareInsert(); jp/wasabeef/richeditor/RichEditor.java
javascript:RE.setTextColor('
javascript:RE.setTextBackgroundColor('
javascript:RE.setFontSize('
javascript:RE.removeFormat();
javascript:RE.setHeading('
javascript:RE.setIndent();
javascript:RE.setOutdent();
javascript:RE.setJustifyLeft();
javascript:RE.setJustifyCenter();
javascript:RE.setJustifyRight();
javascript:RE.setBlockquote();
javascript:RE.setBullets();
javascript:RE.showDialog();
javascript:RE.setTitleforLink();
javascript:RE.setNumbers();
javascript:RE.insertImage('
javascript:RE.insertLink('
javascript:RE.setTodo('
javascript:RE.focus();
javascript:RE.blurFocus();
URL FILE
http://ns.adobe.com/StockPhoto/1.0/
http://ns.adobe.com/asf/1.0/
http://ns.adobe.com/bwf/bext/1.0/
http://ns.adobe.com/camera-raw-settings/1.0/
http://ns.adobe.com/creatorAtom/1.0/
http://purl.org/dc/elements/1.1/
http://purl.org/dc/1.1/
http://ns.adobe.com/DICOM/
http://ns.adobe.com/xmp/1.0/DynamicMedia/
http://ns.adobe.com/exif/1.0/
http://cipa.jp/exif/1.0/
http://ns.adobe.com/exif/1.0/aux/
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
http://iptc.org/std/Iptc4xmpExt/2008-02-29/
http://ns.adobe.com/iX/1.0/
http://ns.adobe.com/jp2k/1.0/
http://ns.adobe.com/jpeg/1.0/
http://ns.adobe.com/pdf/1.3/
http://www.aiim.org/pdfa/ns/extension/
http://www.aiim.org/pdfa/ns/field#
http://www.aiim.org/pdfa/ns/id/
http://www.aiim.org/pdfa/ns/property#
http://www.aiim.org/pdfa/ns/schema#
http://www.aiim.org/pdfa/ns/type#
http://www.aiim.org/pdfua/ns/id/
http://ns.adobe.com/pdfx/1.3/
http://www.npes.org/pdfx/ns/id/
http://ns.adobe.com/photoshop/1.0/
http://ns.useplus.org/ldf/xmp/1.0/ com/itextpdf/xmp/XMPConst.java
http://ns.adobe.com/png/1.0/
http://ns.adobe.com/album/1.0/
http://www.w3.org/1999/02/22-rdf-syntax-ns#
http://ns.adobe.com/riff/info/
http://ns.adobe.com/xmp/1.0/Script/
http://ns.adobe.com/swf/1.0/
http://ns.adobe.com/tiff/1.0/
http://ns.adobe.com/xmp/transient/1.0/
http://ns.adobe.com/TransformXMP/
http://ns.adobe.com/xmp/wav/1.0/
http://www.w3.org/XML/1998/namespace
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/bj/
http://ns.adobe.com/xap/1.0/mm/
http://ns.adobe.com/xmp/note/
http://ns.adobe.com/xap/1.0/rights/
http://ns.adobe.com/xap/1.0/sType/Dimensions#
http://ns.adobe.com/xap/1.0/sType/Font#
http://ns.adobe.com/xap/1.0/g/
http://ns.adobe.com/xmp/Identifier/qual/1.0/
http://ns.adobe.com/xap/1.0/g/img/
http://ns.adobe.com/xap/1.0/sType/ManifestItem#
http://ns.adobe.com/xap/1.0/t/pg/
http://ns.adobe.com/xap/1.0/sType/ResourceEvent#
http://ns.adobe.com/xap/1.0/sType/ResourceRef#
http://ns.adobe.com/xap/1.0/sType/Job#
http://ns.adobe.com/xap/1.0/sType/Version#
http://ns.adobe.com/xap/1.0/t/
URL FILE
com/itextpdf/xmp/impl/Utils.java
com/itextpdf/xmp/impl/XMPSchemaRegistryImpl.java
com/itextpdf/xmp/impl/XMPSerializerRDF.java
http://purl.org/dc/elements/1.1/ com/itextpdf/xmp/impl/ParseRDF.java
http://javax.xml.XMLConstants/feature/secure-processing
http://xml.org/sax/features/external-general-entities com/itextpdf/xmp/impl/XMPMetaParser.java
http://apache.org/xml/features/disallow-doctype-decl
com/itextpdf/xmp/impl/XMPNormalizer.java
http://www.xfa.org/schema/xfa-data/1.0/ com/itextpdf/text/pdf/XfaForm.java
http://www.color.org com/itextpdf/text/pdf/PdfWriter.java
http://www.w3.org/2000/09/xmldsig#rsa-sha1
http://www.w3.org/2000/09/xmldsig#dsa-sha1
http://www.w3.org/TR/2001/REC-xml-c14n-20010315 com/itextpdf/text/pdf/security/MakeXmlSignature.java
http://www.w3.org/2000/09/xmldsig#enveloped-signature
http://www.w3.org/2002/06/xmldsig-filter2
http://www.w3.org/2000/09/xmldsig#sha1
http://uri.etsi.org/01903#SignedProperties
http://uri.etsi.org/01903/v1.3.2# com/itextpdf/text/pdf/security/SecurityConstants.java
http://www.w3.org/2000/09/xmldsig#
http://www.w3.org/2000/xmlns/
http://ns.adobe.com/xap/1.0/ com/itextpdf/text/xml/xmp/XmpBasicSchema.java
http://purl.org/dc/elements/1.1/ com/itextpdf/text/xml/xmp/DublinCoreSchema.java
http://ns.adobe.com/pdf/1.3/ com/itextpdf/text/xml/xmp/PdfSchema.java
http://ns.adobe.com/xap/1.0/mm/ com/itextpdf/text/xml/xmp/XmpMMSchema.java
http://ns.adobe.com/pdf/1.3/ com/itextpdf/text/xml/xmp/PdfProperties.java
com/itextpdf/text/xml/xmp/XmpWriter.java
http://purl.org/dc/elements/1.1/ com/itextpdf/text/xml/xmp/DublinCoreProperties.java
URL FILE
com/itextpdf/text/xml/xmp/XmpBasicProperties.java
file:///android_asset/ com/squareup/picasso/AssetRequestHandler.java
www.amazon.com com/amazonaws/auth/policy/Principal.java
www.amazon.com com/amazonaws/mobile/client/IdentityProvider.java
https://s3-us-west-1.amazonaws.com com/amazonaws/services/s3/AmazonS3Client.java
http://s3.amazonaws.com/doc/2006-03-01/ com/amazonaws/services/s3/internal/Constants.java
http://www.ngs.ac.uk/tools/jcepolicyfiles com/amazonaws/services/s3/internal/crypto/EncryptionUtils.java
http://acs.amazonaws.com/groups/global/AllUsers
http://acs.amazonaws.com/groups/global/AuthenticatedUsers com/amazonaws/services/s3/model/GroupGrantee.java
http://acs.amazonaws.com/groups/s3/LogDelivery
http://www.w3.org/2001/XMLSchema-instance com/amazonaws/services/s3/model/transform/AclXmlFactory.java
http://wv-keyos.licensekeyserver.com/ com/mybeeps/PlayerViewActivity.java
https://api.androidhive.info/images/glide/medium/deadpool.jpg
https://www.simplifiedcoding.net/wp-content/uploads/2015/10/advertise.
png
https://i.imgur.com/tGbaZCY.jpg
https://maps.googleapis.com/maps/api/directions/ com/mybeeps/MapActivity.java
https://maps.googleapis.com/maps/api/place/nearbysearch/json?location
=
https://maps.gstatic.com/mapfiles/place_api/icons/generic_business-71.p
ng
= com/mybeeps/MapsAppCompactActivity.java
https://maps.googleapis.com/maps/api/directions/
javascript:setFocus()
https://vohracert.com/home
https://vohracert.com/gwcc/new-user
https://play.google.com/store/apps/details?id=com.petstationa1
https://maps.googleapis.com/maps/api/distancematrix/
https://m.facebook.com/
https://ap2.salesforce.com/
https://graph.facebook.com/
https://petsstationorg.hokuapps.com/_search?size=100&pretty=true com/mybeeps/RecentMentionsCompatActivity.java
javascript:(function(){$('.signup_bg').hide()})(); com/mybeeps/WebSignupAcitvity.java
URL FILE
https://devfiles.hokuapps.com
https://apps.hokuapps.com
https://petsstationorg.hokuapps.com
com/mybeeps/BuildConfig.java
https://files.hokuapps.com
https://integration.hokuapps.com
https://socket.hokuapps.com
http://s3bucket.com/image com/mybeeps/restrequest/SignUp/UpdateProfileRequest.java
http://maps.google.co.in/maps?q=
file:///data
https://maps.googleapis.com/maps/api/directions/ com/mybeeps/utils/Utility.java
http://maps.google.com/maps?f=d&saddr=
http://maps.google.com/maps?f=d&daddr=
https://maps.googleapis.com/maps/api/place
com/mybeeps/adapter/GooglePlacesAutocompleteAdapter.java
https://maps.googleapis.com/maps/api/place/autocomplete/json
com/mybeeps/trcking/TrackingActivity.java
https://maps.googleapis.com/maps/api/distancematrix/
https://drive.google.com/file/d
https://onedrive.live.com/redir?resid=
https://www.dropbox.com/home/
https://mynomadesk.com
https://petsstationorg.hokuapps.com
https://embraceasiatest.beepup.com/EmbraceAsia/find_nearby_location
com/mybeeps/constant/AppConstant.java
https://prompttechsecurity.beepup.com/PromptTechSecurity/get_location
https://prompttechsecurity.beepup.com/PromptTechSecurity/save_locatio
n
https://maps.googleapis.com/maps/api/place/details/json?placeid=
https://maps.googleapis.com/maps/api/place/nearbysearch/json?
https://yourteamname.mybeeps.com
com/mybeeps/fragment/CreateTeamFragment.java
https://%s.mybeeps.com
javascript:setOfflineData(%s,%s)
javascript:setFocus() com/mybeeps/fragment/WebAppFragment.java
https://ap2.salesforce.com/
https://api.androidhive.info/images/glide/medium/deadpool.jpg
https://www.simplifiedcoding.net/wp-content/uploads/2015/10/advertise.
png
https://i.imgur.com/tGbaZCY.jpg com/mybeeps/fragment/NewMapFragment.java
=
https://login.%s/configuration/%s/%s/%s
com/mybeeps/model/dto/Integration.java
https://%s.%s/nonauthconfig/%s/%s/%s
https://petsstationorg.hokuapps.com/ com/mybeeps/synchronizer/SyncOSClientEvent.java
https://api.ipify.org/ com/mybeeps/synchronizer/GetPublicIpFromNetworkServer.java
URL FILE
file:///android_asset/webapp com/mybeeps/synchronizer/GetAppFileDetailsClientEvent.java
com/mybeeps/synchronizer/GetAuthTokenSecretKeyV2ClientEvent.j
https://apps.hokuapps.com/
ava
https://apps.hokuapps.com/api/ com/mybeeps/service/GetFileMobileDetailsClientEvent.java
https://petsstationorg.hokuapps.com com/mybeeps/service/AppConfigManager.java
file:///android_asset/ com/koushikdutta/ion/loader/AssetLoader.java
file:///android_asset/ com/bumptech/glide/load/model/AssetUriParser.java
https://vm-mpayment.cloudapp.net:8243/PaymentGateway/RHX
http://10.0.2.2:8080/logserver/log
https://www.mobile88.com/ePayment/enquiry.asp com/ipay/IPayIHAcitivityR.java
https://api.stripe.com
https://q.stripe.com
https://m.stripe.com/4 com/stripe/android/StripeApiHandler.java
https://twitter.com/stripestatus,
https://stripe.com/api
https://stripe.com/docs/stripe.js.
com/stripe/android/Stripe.java
https://stripe.com/docs/stripe.js
https://hokuapps.com/
https://pets-station-fb5c4.firebaseio.com
https://www.hokuapps.com/
https://github.com/javiersantos
https://github.com/javiersantos/PiracyChecker Android String Resource
https://www.hokuapps.com/privacy-policy/
https://www.hokuapps.com/terms-of-service/
https://www.hokuapps.com/and
https://www.hokuApps.com/
 FIREBASE DATABASES
FIREBASE URL DETAILS
info
https://pets-station-fb5c4.firebaseio.com
App talks to a Firebase Database.
 EMAILS
EMAIL FILE
support@beepup.com com/mybeeps/utils/TopExceptionHandler.java
campus@hokuapps.com com/mybeeps/constant/DefaultLoginDetails.java
support@stripe.com com/stripe/android/StripeApiHandler.java
 TRACKERS
TRACKER URL
Facebook Analytics https://reports.exodus-privacy.eu.org/trackers/66
Facebook Login https://reports.exodus-privacy.eu.org/trackers/67
Facebook Places https://reports.exodus-privacy.eu.org/trackers/69
Facebook Share https://reports.exodus-privacy.eu.org/trackers/70
Google CrashLytics https://reports.exodus-privacy.eu.org/trackers/27
Google Firebase Analytics https://reports.exodus-privacy.eu.org/trackers/49
 PLAYSTORE INFORMATION
Title: Pets' Station
Score: 3.0 Installs: 500+ Price: 0 Android Version Support: 4.4 and up Category: Shopping Play Store URL: com.petstationa1
Developer Details: PETS' STATION HOLDING PTE LTD, PETS'+STATION+HOLDING+PTE+LTD, None, https://www.petsstation.com.sg/,
kengteck.wong@petsstation.com.sg,
Release Date: None Privacy Policy: Privacy link
Description:
Pets' Station Holding Pte Ltd has been serving the Pet Industry since 1969 and at Pets' Station, we understand that your pet is a part of the family
because we are pet parents too. With this mobile application, we look to provide mobile solution for your day to day pet needs. Application features
include Product list at finger tips, easy order processing, attractive loyalty and referral program, quick and easy support and lots of promotions. This
application also help you in finding your next pet.
App Security Score Calculation

Every app is given an ideal score of 100 to begin with.
For every findings with severity high we reduce 15 from the score.
For every findings with severity warning we reduce 10 from the score.
For every findings with severity good we add 5 to the score.
If the calculated score is greater than 100, then the app security score is considered as 100.
And if the calculated score is less than 0, then the app security score is considered as 10.
Risk Calculation
APP SECURITY SCORE RISK
0 - 15 CRITICAL
16 - 40 HIGH
41 - 70 MEDIUM
71 - 100 LOW
Report Generated by - MobSF v3.0.4 Beta

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security
assessment framework capable of performing static and dynamic analysis.
© 2020 Mobile Security Framework - MobSF | Ajin Abraham | OpenSecurity.

Pets

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Pets

Uploaded by

Copyright:

Available Formats

ANDROID STATIC ANALYSIS REPORT

 Pets Station (1.0.22)

PublicKey Algorithm: rsa

Certificate Status: Good

PERMISSION STATUS INFO DESCRIPTION

Allows an application to view the information about

Allows application to take pictures and videos with the

com.google.android.c2dm.permission.RECEIVE signature C2DM permissions Permission for cloud to device messaging.

prevent phone Allows an application to prevent the phone from going

ISSUE SEVERITY DESCRIPTION FILES

Anti Debug Code Debug.isDebuggerConnected() check

com.facebook.CustomTabActivity Schemes: @string/fb_login_protocol_scheme://,

com.mybeeps.SignupAppCompActivity Schemes: mybeeps://,

ISSUE SEVERITY DESCRIPTION

The app intends to use cleartext network

An Activity is found to be shared with other

An Activity should not be having the launch

An Activity is found to be shared with other

An Activity is found to be shared with other

An Activity should not be having the launch

A Broadcast Receiver is found to be shared

A Broadcast Receiver is found to be shared

A Broadcast Receiver is found to be shared

A Broadcast Receiver is found to be shared

A Broadcast Receiver is found to be shared

Broadcast Receiver A Broadcast Receiver is found to be shared

A Service is found to be shared with other

A Service is found to be shared with other

A Service is found to be shared with other

A Service is found to be shared with other

A Broadcast Receiver is found to be shared

A Broadcast Receiver is found to be shared

A Service is found to be shared with other

Insecure Implementation of SSL.

This App may have root 0

This App may request root 0 CWE-

App uses SQLite Database and com/amazonaws/mobileconnectors/s3/transferu

Remote WebView debugging is 5.4 CWE- M1: Improper

This App copies data to com/mybeeps/fragment/ChatMessageFragment.j

MD5 is a weak hash known to 7.4 CWE- M5: Insufficient com/nostra13/universalimageloader/cache/disc/

 DOMAIN MALWARE CHECK

DOMAIN STATUS GEOLOCATION

ns.adobe.com good No Geolocation information available.

login.s good No Geolocation information available.

vm-mpayment.cloudapp.net good No Geolocation information available.

acs.amazonaws.com good No Geolocation information available.

embraceasiatest.beepup.com good No Geolocation information available.

schemas.android.com good No Geolocation information available.

vohracert.com good No Geolocation information available.

s.mybeeps.com good No Geolocation information available.

javax.xml.xmlconstants good No Geolocation information available.

s.s good No Geolocation information available.

yourteamname.mybeeps.com good No Geolocation information available.

prompttechsecurity.beepup.com good No Geolocation information available.

www.xfa.org good No Geolocation information available.

FIREBASE URL DETAILS

Facebook Analytics https://reports.exodus-privacy.eu.org/trackers/66

Facebook Login https://reports.exodus-privacy.eu.org/trackers/67

Facebook Places https://reports.exodus-privacy.eu.org/trackers/69

Facebook Share https://reports.exodus-privacy.eu.org/trackers/70

Google CrashLytics https://reports.exodus-privacy.eu.org/trackers/27

Google Firebase Analytics https://reports.exodus-privacy.eu.org/trackers/49

Release Date: None Privacy Policy: Privacy link