Document 2
Document 2
xapk
Grade:
C
Trackers Detection: 2/432
FINDINGS SEVERITY
3 10 1 0 1
FILE INFORMATION
File Name: EMTEK Hub_1.0.52_Apkpure.xapk
Size: 7.4MB
MD5: 6036a1c443f413aa553f97006b6fbbaf
SHA1: de8f7f44dc829d68c558924f70fa7a23d082f166
SHA256: a195f6587fcf87c43ed8f43edcff2d4c59a635c29d4a78b42a62d8ea09832c0c
APP INFORMATION
App Name: EMTEK Hub
Package Name: id.co.scm.attendance
Main Activity: id.co.scm.attendance.MainActivity
Target SDK: 33
Min SDK: 23
Max SDK:
Android Version Name: 1.0.52
Android Version Code: 52
APP COMPONENTS
Activities: 4
Services: 8
Receivers: 5
Providers: 3
Exported Activities: 0
Exported Services: 2
Exported Receivers: 3
Exported Providers: 0
CERTIFICATE INFORMATION
Binary is signed
v1 signature: True
v2 signature: True
v3 signature: True
v4 signature: False
X.509 Subject: C=US, ST=California, L=Mountain View, O=Google Inc., OU=Android, CN=Android
Signature Algorithm: rsassa_pkcs1v15
Valid From: 2020-07-06 05:48:32+00:00
Valid To: 2050-07-06 05:48:32+00:00
Issuer: C=US, ST=California, L=Mountain View, O=Google Inc., OU=Android, CN=Android
Serial Number: 0x50fa8f2afa62d87b54a960c661e81054e0d040bb
Hash Algorithm: sha256
md5: 692d87fd758047d35cee16c27d6b8da4
sha1: 593be945620c5d5131a16abf02e0cc9d639b3a8e
sha256: 460fdfa54383136b9d1156d15b4bbe19465d1d4cd1f7ceb350d51016198a068e
sha512: 8f149ba66c0270b1afc7f0fd3756291cf3f524361b4e5394312ddbdfb8d2e2736ba73712658b1297c40f0a937278b5c452b86e00e3d9af4f2063c12525d10a0e
PublicKey Algorithm: rsa
Bit Size: 4096
Fingerprint: 8aad2c531f38a0a553324545ec7a1ebb28d11db0c24464699fee253a3706369c
Found 1 unique certificates
APPLICATION PERMISSIONS
read/modify/delete
Allows an application to write to external
android.permission.WRITE_EXTERNAL_STORAGE dangerous external storage
storage.
contents
FILE DETAILS
FINDINGS DETAILS
Build.FINGERPRINT check
Build.MODEL check
Build.MANUFACTURER check
classes.dex Build.PRODUCT check
Anti-VM Code
Build.HARDWARE check
Build.BOARD check
Build.TAGS check
possible VM check
FINDINGS DETAILS
FINDINGS DETAILS
Build.MODEL check
Build.PRODUCT check
Anti-VM Code
Build.HARDWARE check
classes3.dex network operator name check
FINDINGS DETAILS
Build.MODEL check
classes4.dex
Build.PRODUCT check
Anti-VM Code possible Build.SERIAL check
subscriber ID check
ro.kernel.qemu check
NETWORK SECURITY
NO SCOPE SEVERITY DESCRIPTION
CERTIFICATE ANALYSIS
HIGH: 0 | WARNING: 1 | INFO: 1
Application Application is signed with v1 signature scheme, making it vulnerable to Janus vulnerability on Android 5.0-8.0, if signed
vulnerable to Janus warning only with v1 signature scheme. Applications running on Android 5.0-7.0 signed with v1, and v2/v3 scheme is also
Vulnerability vulnerable.
MANIFEST ANALYSIS
HIGH: 3 | WARNING: 3 | INFO: 0 | SUPPRESSED: 0
Broadcast Receiver
A Broadcast Receiver is found to be shared with other
(com.dexterous.flutterlocalnotifications.ScheduledNotificationReceiver) is not
4 high apps on the device therefore leaving it accessible to
Protected.
any other application on the device.
[android:exported=true]
Broadcast Receiver
A Broadcast Receiver is found to be shared with other
(com.dexterous.flutterlocalnotifications.ScheduledNotificationBootReceiver) is
5 high apps on the device therefore leaving it accessible to
not Protected.
any other application on the device.
[android:exported=true]
com/it_nomads/fluttersecurestorage/cip
hers/RSACipher18Implementation.java
com/tekartik/sqflite/Database.java
com/tekartik/sqflite/dev/Debug.java
fae44c8b5/p14349af9.java
io/flutter/Log.java
io/flutter/embedding/engine/loader/Res
ourceExtractor.java
io/flutter/plugins/webviewflutter/Display
ListenerProxy.java
io/flutter/view/AccessibilityViewEmbedd
er.java
mx_com/mixpanel/android/mpmetrics/
ConfigurationChecker.java
mx_com/mixpanel/android/mpmetrics/I
nAppNotification.java
mx_com/mixpanel/android/mpmetrics/
CWE: CWE-532: Insertion of Sensitive Information
The App logs information. Sensitive MPConfig.java
1 info into Log File
information should never be logged. mx_com/mixpanel/android/mpmetrics/
OWASP MASVS: MSTG-STORAGE-3
MPDbAdapter.java
mx_com/mixpanel/android/mpmetrics/
ResourceReader.java
mx_com/mixpanel/android/mpmetrics/S
ystemInformation.java
mx_com/mixpanel/android/mpmetrics/T
weaks.java
mx_com/mixpanel/android/util/ActivityI
mageUtils.java
mx_com/mixpanel/android/viewcrawler/
Caller.java
mx_com/mixpanel/android/viewcrawler/
FlipGesture.java
mx_com/mixpanel/android/viewcrawler/
Pathfinder.java
mx_com/mixpanel/android/viewcrawler/
ViewVisitor.java
NO ISSUE SEVERITY STANDARDS FILES
App creates temp file. Sensitive CWE: CWE-276: Incorrect Default Permissions
io/flutter/plugins/imagepicker/FileUtils.j
5 information should never be written warning OWASP Top 10: M2: Insecure Data Storage
ava
into a temp file. OWASP MASVS: MSTG-STORAGE-2
IP: 130.211.34.183
Country: United States of America
Region: Missouri
decide.mixpanel.com ok City: Kansas City
Latitude: 39.099731
Longitude: -94.578568
View: Google Map
IP: 130.211.34.183
Country: United States of America
Region: Missouri
api.mixpanel.com ok City: Kansas City
Latitude: 39.099731
Longitude: -94.578568
View: Google Map
TRACKERS
HARDCODED SECRETS
POSSIBLE SECRETS
"google_api_key" : "AIzaSyBxRDBA5g5QSYhDoB1lTbp0czIu1lMmrkY"
"google_crash_reporting_api_key" : "AIzaSyBxRDBA5g5QSYhDoB1lTbp0czIu1lMmrkY"
PLAYSTORE INFORMATION
Title: EMTEK Hub
Score: 0 Installs: 1,000+ Price: 0 Android Version Support: Category: Productivity Play Store URL: id.co.scm.attendance
Description:
You can log in anywhere & anytime to manage your working information attendance, medical, allowance, and other transactions related to you and your staff
employment.