Scribd
Upload
34 views14 pages

.PDF DD

The static analysis report for the GPS Setter app (version 1.2.8) indicates a low risk with an app security score of 64/100. It identifies four medium severity findings and two informational findings, with warnings regarding permissions that could be abused by malicious applications. The app is signed with a valid certificate but can be installed on older Android versions with known vulnerabilities.

Uploaded by

ameliathomasxe
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
34 views14 pages

.PDF DD

The static analysis report for the GPS Setter app (version 1.2.8) indicates a low risk with an app security score of 64/100. It identifies four medium severity findings and two informational findings, with warnings regarding permissions that could be abused by malicious applications. The app is signed with a valid certificate but can be installed on older Android versions with known vulnerabilities.

Uploaded by

ameliathomasxe
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

ANDROID STATIC ANALYSIS REPORT

 GPS Setter (1.2.8)


File Name: GPS-setter.apk

Package Name: com.android1500.gpssetter

Scan Date: June 11, 2025, 10:31 a.m.

App Security Score: 64/100 (LOW RISK)

Grade:
A
 FINDINGS SEVERITY

 HIGH  MEDIUM  INFO  SECURE  HOTSPOT

0 4 2 1 1

 FILE INFORMATION
File Name: GPS-setter.apk
Size: 6.02MB
MD5: b0adc4bf8abe47f36dae95427c3a63ff
SHA1: cad738d7607bdfd2a55f348cca0540cca822d518
SHA256: 9696b9011f5135ed1591140e57566e4f4ca1e4344a1d9918d2b2210a7726b879

 APP INFORMATION
App Name: GPS Setter
Package Name: com.android1500.gpssetter
Main Activity: com.android1500.gpssetter.ui.MainActivity
Target SDK: 33
Min SDK: 27
Max SDK:
Android Version Name: 1.2.8
Android Version Code: 128
 APP COMPONENTS
Activities: 2
Services: 1
Receivers: 0
Providers: 2
Exported Activities: 0
Exported Services: 0
Exported Receivers: 0
Exported Providers: 0

 CERTIFICATE INFORMATION
Binary is signed
v1 signature: False
v2 signature: True
v3 signature: False
v4 signature: False
X.509 Subject: CN=Android1500
Signature Algorithm: rsassa_pkcs1v15
Valid From: 2022-08-12 17:55:20+00:00
Valid To: 2047-08-06 17:55:20+00:00
Issuer: CN=Android1500
Serial Number: 0x14d219b9
Hash Algorithm: sha256
md5: be34efa3d0beb81dcf53580f8a35ba50
sha1: b681e33720d77b35a02c52a53d2a576ecfbb18f6
sha256: b689e5492bef4928606f78a803b1ac9e5dd86278aa4389fa3135d664c71ee7b7
sha512: 2197398d434939d254f3c59e8204e9e51dc93f1a65a59ba101ba89930cde09833e461c67fcea60d264bb16e43f5f7947258d96bf4db83179296c286d6027f903
PublicKey Algorithm: rsa
Bit Size: 2048
Fingerprint: 1e60c05258a7ea2c142a873cd33f0a98f0e6d3c5d1138495aa3fbfca7fc23de9
Found 1 unique certificates
 APPLICATION PERMISSIONS

PERMISSION STATUS INFO DESCRIPTION

Access coarse location sources, such as the mobile


coarse
network database, to determine an approximate
(network-
android.permission.ACCESS_COARSE_LOCATION dangerous phone location, where available. Malicious
based)
applications can use this to determine
location
approximately where you are.

Access fine location sources, such as the Global


Positioning System on the phone, where available.
fine (GPS)
android.permission.ACCESS_FINE_LOCATION dangerous Malicious applications can use this to determine
location
where you are and may consume additional
battery power.

view
Allows an application to view the status of all
android.permission.ACCESS_NETWORK_STATE normal network
networks.
status

full
android.permission.INTERNET normal Internet Allows an application to create network sockets.
access

read
external Allows an application to read from external
android.permission.READ_EXTERNAL_STORAGE dangerous
storage storage.
contents

Allows an
application
Malicious applications can use this to try and trick
android.permission.REQUEST_INSTALL_PACKAGES dangerous to request
users into installing additional malicious packages.
installing
packages.
PERMISSION STATUS INFO DESCRIPTION

Unknown
com.android1500.gpssetter.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION unknown Unknown permission from android reference
permission

 APKID ANALYSIS

FILE DETAILS

FINDINGS DETAILS

Build.FINGERPRINT check
classes.dex Anti-VM Code Build.MANUFACTURER check
Build.BRAND check

Compiler r8 without marker (suspicious)

FINDINGS DETAILS
classes2.dex

Compiler r8 without marker (suspicious)

 NETWORK SECURITY
NO SCOPE SEVERITY DESCRIPTION

 CERTIFICATE ANALYSIS
HIGH: 0 | WARNING: 0 | INFO: 1

TITLE SEVERITY DESCRIPTION

Signed Application info Application is signed with a code signing certificate

 MANIFEST ANALYSIS
HIGH: 0 | WARNING: 2 | INFO: 0 | SUPPRESSED: 0

NO ISSUE SEVERITY DESCRIPTION

App can be installed on a


This application can be installed on an older version of android that has multiple vulnerabilities.
1 vulnerable Android version warning
Support an Android version => 10, API 29 to receive reasonable security updates.
Android 8.1, minSdk=27]

Application Data can be Backed


This flag allows anyone to backup your application data via adb. It allows users who have enabled USB
2 up warning
debugging to copy application data off of the device.
[android:allowBackup=true]

 CODE ANALYSIS
HIGH: 0 | WARNING: 1 | INFO: 2 | SECURE: 0 | SUPPRESSED: 0
NO ISSUE SEVERITY STANDARDS FILES

by/kirich1409/viewbindingdelegate/LifecycleView
BindingProperty.java
CWE: CWE-532: Insertion of Sensitive org/lsposed/hiddenapibypass/HiddenApiBypass.j
The App logs information. Sensitive
1 info Information into Log File ava
information should never be logged.
OWASP MASVS: MSTG-STORAGE-3 rikka/material/app/DayNightDelegate.java
rikka/material/internal/TwilightManager.java
timber/log/Timber.java

CWE: CWE-276: Incorrect Default


App can read/write to External
Permissions rikka/core/content/FileProvider.java
2 Storage. Any App can read data warning
OWASP Top 10: M2: Insecure Data Storage rikka/core/util/ContextUtils.java
written to External Storage.
OWASP MASVS: MSTG-STORAGE-2

This App copies data to clipboard.


Sensitive data should not be copied
3 info rikka/core/util/ClipboardUtils.java
to clipboard as other applications can OWASP MASVS: MSTG-STORAGE-10
access it.

 NIAP ANALYSIS v1.3

NO IDENTIFIER REQUIREMENT FEATURE DESCRIPTION

 BEHAVIOUR ANALYSIS

RULE ID BEHAVIOUR LABEL FILES


RULE ID BEHAVIOUR LABEL FILES

okio/Okio.java
00013 Read file and put it into a stream file
rikka/core/os/FileUtils.java

00147 Get the time of current location collection location rikka/material/internal/TwilightManager.java

00075 Get location of the device collection location rikka/material/internal/TwilightManager.java

00115 Get last known location of the device collection location rikka/material/internal/TwilightManager.java

 ABUSED PERMISSIONS

TYPE MATCHES PERMISSIONS

android.permission.ACCESS_COARSE_LOCATION, android.permission.ACCESS_FINE_LOCATION,
Malware
6/25 android.permission.ACCESS_NETWORK_STATE, android.permission.INTERNET, android.permission.READ_EXTERNAL_STORAGE,
Permissions
android.permission.REQUEST_INSTALL_PACKAGES

Other
Common 0/44
Permissions

Malware Permissions:
Top permissions that are widely abused by known malware.
Other Common Permissions:
Permissions that are commonly abused by known malware.

 OFAC SANCTIONED COUNTRIES


This app may communicate with the following OFAC sanctioned list of countries.

DOMAIN COUNTRY/REGION

 DOMAIN MALWARE CHECK

DOMAIN STATUS GEOLOCATION

IP: 140.82.121.6
Country: United States of America
Region: California
api.github.com ok City: San Francisco
Latitude: 37.775700
Longitude: -122.395203
View: Google Map

IP: 140.82.121.3
Country: United States of America
Region: California
github.com ok City: San Francisco
Latitude: 37.775700
Longitude: -122.395203
View: Google Map

 HARDCODED SECRETS

POSSIBLE SECRETS

258EAFA5-E914-47DA-95CA-C5AB0DC85B11
POSSIBLE SECRETS

583cba23971d0c9f5db7bc40a0f28bd8

74b6372e4abd6cef328a57fc544cb981

 SCAN LOGS

Timestamp Event Error

2025-06-11 10:32:42 Generating Hashes OK

2025-06-11 10:32:42 Extracting APK OK

2025-06-11 10:32:42 Unzipping OK

2025-06-11 10:32:42 Parsing APK with androguard OK

2025-06-11 10:32:43 Extracting APK features using aapt/aapt2 OK

2025-06-11 10:32:43 Getting Hardcoded Certificates/Keystores OK


2025-06-11 10:32:46 Parsing AndroidManifest.xml OK

2025-06-11 10:32:47 Extracting Manifest Data OK

2025-06-11 10:32:47 Manifest Analysis Started OK

2025-06-11 10:32:47 Performing Static Analysis on: GPS Setter (com.android1500.gpssetter) OK

2025-06-11 10:32:47 Fetching Details from Play Store: com.android1500.gpssetter OK

2025-06-11 10:32:47 Checking for Malware Permissions OK

2025-06-11 10:32:47 Fetching icon path OK

2025-06-11 10:32:47 Library Binary Analysis Started OK

2025-06-11 10:32:48 Reading Code Signing Certificate OK

2025-06-11 10:32:48 Running APKiD 2.1.5 OK

2025-06-11 10:32:51 Detecting Trackers OK


OK
2025-06-11 10:32:54 Decompiling APK to Java with JADX

2025-06-11 10:33:29 Converting DEX to Smali OK

2025-06-11 10:33:29 Code Analysis Started on - java_source OK

2025-06-11 10:33:31 Android SBOM Analysis Completed OK

2025-06-11 10:33:34 Android SAST Completed OK

2025-06-11 10:33:34 Android API Analysis Started OK

2025-06-11 10:33:37 Android API Analysis Completed OK

2025-06-11 10:33:38 Android Permission Mapping Started OK

2025-06-11 10:33:40 Android Permission Mapping Completed OK

2025-06-11 10:33:40 Android Behaviour Analysis Started OK


2025-06-11 10:34:12 Android Behaviour Analysis Completed OK

2025-06-11 10:34:12 Extracting Emails and URLs from Source Code OK

2025-06-11 10:34:13 Email and URL Extraction Completed OK

2025-06-11 10:34:13 Extracting String data from APK OK

2025-06-11 10:34:13 Extracting String data from Code OK

2025-06-11 10:34:13 Extracting String values and entropies from Code OK

2025-06-11 10:34:18 Performing Malware check on extracted domains OK

2025-06-11 10:34:18 Saving to Database OK

Report Generated by - MobSF v4.3.3


Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment
framework capable of performing static and dynamic analysis.

© 2025 Mobile Security Framework - MobSF | Ajin Abraham | OpenSecurity.

You might also like