ANDROID STATIC ANALYSIS REPORT

 SafeNote (1.0)
File Name: SafeNote.apk

Package Name: com.els.safenote

Scan Date: April 10, 2025, 6 p.m.

App Security Score: 29/100 (CRITICAL RISK)

Grade:
F
 FINDINGS SEVERITY

 HIGH  MEDIUM  INFO  SECURE  HOTSPOT

6 4 0 1 0

 FILE INFORMATION
File Name: SafeNote.apk
Size: 1.43MB
MD5: 3ea6097be40583e9f11a940afbe02fcc
SHA1: 950c546d2555f36579d0731d519735bc10fe220c
SHA256: a1728c0740bb6e0d3fe8241c6418201a9e9927a90c9245de6bc73ac75a3a6fcd

 APP INFORMATION
App Name: SafeNote
Package Name: com.els.safenote
Main Activity: com.els.safenote.Login
Target SDK: 24
Min SDK: 16
Max SDK:
Android Version Name: 1.0
Android Version Code: 1
 APP COMPONENTS
Activities: 4
Services: 0
Receivers: 0
Providers: 1
Exported Activities: 0
Exported Services: 0
Exported Receivers: 0
Exported Providers: 1

 CERTIFICATE INFORMATION
Binary is signed
v1 signature: True
v2 signature: True
v3 signature: False
v4 signature: False
X.509 Subject: CN=Android Debug, O=Android, C=US
Signature Algorithm: rsassa_pkcs1v15
Valid From: 2016-07-21 14:10:47+00:00
Valid To: 2046-07-14 14:10:47+00:00
Issuer: CN=Android Debug, O=Android, C=US
Serial Number: 0x1
Hash Algorithm: sha1
md5: fec799d4493392ebd1b1fd0067c9315b
sha1: 335b51e54f55024e79f7460a83dbf47df7d8c928
sha256: 5ac51a4d016bfdc134271df199c6a9a862af4aa2760086c0f1d8850d2e298c82
sha512: ce5d70ea21144d16feab7bed52e9419288c6b33b9f400bb50fcc6b891204a51b8a1b1beb660ee7b74223e6d6cb1dafacf2682811e8f85010b2a12a2e18b5f8c5
PublicKey Algorithm: rsa
Bit Size: 1024
Fingerprint: 99e844884ac9897c000f3efd13888c360007f49cb6cf6e52b0a7620fbaa577fb
Found 1 unique certificates
 APKID ANALYSIS

FILE DETAILS

FINDINGS DETAILS

classes.dex Compiler dx (possible dexmerge)

Manipulator Found dexmerge

 NETWORK SECURITY

NO SCOPE SEVERITY DESCRIPTION

 CERTIFICATE ANALYSIS
HIGH: 2 | WARNING: 1 | INFO: 1

TITLE SEVERITY DESCRIPTION

Signed Application info Application is signed with a code signing certificate

Application is signed with v1 signature scheme, making it vulnerable to Janus vulnerability on Android 5.0-8.0, if signed
Application vulnerable
warning only with v1 signature scheme. Applications running on Android 5.0-7.0 signed with v1, and v2/v3 scheme is also
to Janus Vulnerability
vulnerable.
 TITLE SEVERITY DESCRIPTION

Application signed with

high Application signed with a debug certificate. Production application must not be shipped with a debug certificate.
debug certificate

Certificate algorithm
vulnerable to hash high Application is signed with SHA1withRSA. SHA1 hash algorithm is known to have collision issues.
collision

 MANIFEST ANALYSIS
HIGH: 2 | WARNING: 2 | INFO: 0 | SUPPRESSED: 0

NO ISSUE SEVERITY DESCRIPTION

This application can be installed on an older version of android that has

App can be installed on a vulnerable upatched Android
multiple unfixed vulnerabilities. These devices won't receive reasonable
1 version high
security updates from Google. Support an Android version => 10, API 29 to
Android 4.1-4.1.2, [minSdk=16]
receive reasonable security updates.

Debugging was enabled on the app which makes it easier for reverse
Debug Enabled For App
2 high engineers to hook a debugger to it. This allows dumping a stack trace and
[android:debuggable=true]
accessing debugging helper classes.

Application Data can be Backed up This flag allows anyone to backup your application data via adb. It allows users
3 warning
[android:allowBackup=true] who have enabled USB debugging to copy application data off of the device.

Content Provider
(com.els.safenote.contentprovider.notecontentprovider) A Content Provider is found to be shared with other apps on the device
4 warning
is not Protected. therefore leaving it accessible to any other application on the device.
[android:exported=true]
 CODE ANALYSIS
HIGH: 2 | WARNING: 1 | INFO: 0 | SECURE: 0 | SUPPRESSED: 0

NO ISSUE SEVERITY STANDARDS FILES

Calling Cipher.getInstance("AES") will

CWE: CWE-327: Use of a Broken or Risky Cryptographic
return AES ECB mode by default. ECB
Algorithm
1 mode is known to be weak as it high com/els/safenote/Utilities.java
OWASP Top 10: M5: Insufficient Cryptography
results in the same ciphertext for
OWASP MASVS: MSTG-CRYPTO-2
identical blocks of plaintext.

CWE: CWE-327: Use of a Broken or Risky Cryptographic

MD5 is a weak hash known to have Algorithm
2 warning com/els/safenote/Utilities.java
hash collisions. OWASP Top 10: M5: Insufficient Cryptography
OWASP MASVS: MSTG-CRYPTO-4

Debug configuration enabled. CWE: CWE-919: Weaknesses in Mobile Applications

com/els/safenote/BuildConfig.ja
3 Production builds must not be high OWASP Top 10: M1: Improper Platform Usage
va
debuggable. OWASP MASVS: MSTG-RESILIENCE-2

 NIAP ANALYSIS v1.3

NO IDENTIFIER REQUIREMENT FEATURE DESCRIPTION

 BEHAVIOUR ANALYSIS
 RULE ID BEHAVIOUR LABEL FILES

Implicit intent(view a web page, make

00063 control com/els/safenote/NoteList.java
a phone call, etc.)

Implicit intent(view a web page, make

00051 control com/els/safenote/NoteList.java
a phone call, etc.) via setData

 ABUSED PERMISSIONS

TYPE MATCHES PERMISSIONS

Malware Permissions 0/25

Other Common Permissions 0/44

Malware Permissions:
Top permissions that are widely abused by known malware.
Other Common Permissions:
Permissions that are commonly abused by known malware.

 HARDCODED SECRETS

POSSIBLE SECRETS

8323f649e9b04dd5b428d246db5430f2
 SCAN LOGS

Timestamp Event Error

2025-04-10 18:39:21 Generating Hashes OK

2025-04-10 18:39:21 Extracting APK OK

2025-04-10 18:39:21 Unzipping OK

2025-04-10 18:39:21 Parsing APK with androguard OK

2025-04-10 18:39:21 Extracting APK features using aapt/aapt2 OK

2025-04-10 18:39:21 Getting Hardcoded Certificates/Keystores OK

2025-04-10 18:39:24 Parsing AndroidManifest.xml OK

2025-04-10 18:39:24 Extracting Manifest Data OK

2025-04-10 18:39:24 Manifest Analysis Started OK

2025-04-10 18:39:24 Performing Static Analysis on: SafeNote (com.els.safenote) OK

2025-04-10 18:39:24 Fetching Details from Play Store: com.els.safenote OK

2025-04-10 18:39:24 Checking for Malware Permissions OK

2025-04-10 18:39:24 Fetching icon path OK

2025-04-10 18:39:24 Library Binary Analysis Started OK

2025-04-10 18:39:24 Reading Code Signing Certificate OK

2025-04-10 18:39:25 Running APKiD 2.1.5 OK

2025-04-10 18:39:26 Updating Trackers Database.... OK

2025-04-10 18:39:26 Detecting Trackers OK

2025-04-10 18:39:27 Decompiling APK to Java with JADX OK

2025-04-10 18:39:37 Converting DEX to Smali OK

2025-04-10 18:39:37 Code Analysis Started on - java_source OK

2025-04-10 18:39:37 Android SBOM Analysis Completed OK

2025-04-10 18:40:08 Android SAST Completed OK

2025-04-10 18:40:08 Android API Analysis Started OK

2025-04-10 18:40:10 Android API Analysis Completed OK

2025-04-10 18:40:10 Android Behaviour Analysis Started OK

2025-04-10 18:40:12 Android Behaviour Analysis Completed OK

2025-04-10 18:40:12 Extracting Emails and URLs from Source Code OK

2025-04-10 18:40:12 Email and URL Extraction Completed OK

2025-04-10 18:40:12 Extracting String data from APK OK

2025-04-10 18:40:12 Extracting String data from Code OK

 2025-04-10 18:40:12 Extracting String values and entropies from Code OK

2025-04-10 18:40:12 Performing Malware check on extracted domains OK

2025-04-10 18:40:12 Saving to Database OK

Report Generated by - MobSF v4.3.2

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment
framework capable of performing static and dynamic analysis.

© 2025 Mobile Security Framework - MobSF | Ajin Abraham | OpenSecurity.