Hi there, just to let you know we have made a first analysis of your app using a CT toolkit. Here comes the result next. I got a very long list what seemed like ip addresses but not quite in the ip_disclosure part of things so I REDACTED that part here just in case you can look at it prior to publication by anyone. Also, I see some problems with insecure random number generation and SQL queries here.
app:
activities_launch_mode:
com.google.android.gms.common.api.GoogleApiActivity: standard
es.gob.radarcovid.features.covidreport.confirmation.ConfirmationActivity: standard
es.gob.radarcovid.features.covidreport.form.view.CovidReportActivity: standard
es.gob.radarcovid.features.exposure.view.ExposureActivity: standard
es.gob.radarcovid.features.information.view.InformationActivity: standard
es.gob.radarcovid.features.main.view.MainActivity: standard
es.gob.radarcovid.features.onboarding.view.OnboardingActivity: standard
es.gob.radarcovid.features.splash.view.SplashActivity: standard
allow_backup: false
app_name: Radar COVID
debuggable: false
min_sdk: '23'
package_name: es.gob.radarcovid
permissions:
dangerous:
- BLUETOOTH
- INTERNET
- WAKE_LOCK
normal:
- ACCESS_NETWORK_STATE
- RECEIVE_BOOT_COMPLETED
- FOREGROUND_SERVICE
- REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
others: []
signature: []
signatureOrSystem: []
target_sdk: '29'
use_cleartext_traffic: false
version_code: '9'
version_name: 1.2.0
code_analysis:
insecure_certificate_validation: []
insecure_random_generator:
- Les/gob/radarcovid/datamanager/usecase/ReportFakeInfectionUseCase$getFakeVerifyToken$1;.subscribe
insecure_webview_implementation: []
ip_disclosure:
- REDACTED
remote_webview_debugging: []
risky_cryptographic_algorithms:
improper_encrypt_functions: []
insecure_hash_functions: []
sql_hardcoded_secrets: []
sql_raw_queries:
- Landroidx/work/impl/WorkDatabase_Impl$1;.createAllTables
- Landroidx/room/RoomDatabase;.query
- Landroidx/sqlite/db/framework/FrameworkSQLiteDatabase;.query
- Landroidx/work/impl/WorkDatabaseMigrations$WorkMigration9To10;.migrate
trackers: []
pii_taint_result:
leaked_keys: []
root_analysis:
debug_detections: []
root_detections: []
root_usage: []
virus_total:
md5: 356452cc9382bc1e4fdc77d4a218310c
permalink: https://www.virustotal.com/gui/file/2b613627897da4cd3be77ddeb19d70e3e3bf5d7ad2d3145aa3bc7cf0ed6114d2/detection/f-2b613627897da4cd3be77ddeb19d70e3e3bf5d7ad2d3145aa3bc7cf0ed6114d2-1612384003
resource: 2b613627897da4cd3be77ddeb19d70e3e3bf5d7ad2d3145aa3bc7cf0ed6114d2
response_code: 1
scan_id: 2b613627897da4cd3be77ddeb19d70e3e3bf5d7ad2d3145aa3bc7cf0ed6114d2-1612384003
sha1: 17eeba1e08f0cb8baa535ee4b5efbc103469d218
sha256: 2b613627897da4cd3be77ddeb19d70e3e3bf5d7ad2d3145aa3bc7cf0ed6114d2
verbose_msg: Scan request successfully queued, come back later for the report
Hi there, just to let you know we have made a first analysis of your app using a CT toolkit. Here comes the result next. I got a very long list what seemed like ip addresses but not quite in the ip_disclosure part of things so I REDACTED that part here just in case you can look at it prior to publication by anyone. Also, I see some problems with insecure random number generation and SQL queries here.