MobSF Static Analysis Report

ANDROID STATIC ANALYSIS REPORT
 ColorNote (4.4.6)
File Name: colornote-notepad-4-4-6.apk
Package Name: com.socialnmobile.dictapps.notepad.color.note
Scan Date: Oct. 6, 2023, 5:35 p.m.
App Security Score: 30/100 (HIGH RISK)
Grade:
C
Trackers Detection: 2/428
 FINDINGS SEVERITY
 HIGH  MEDIUM  INFO  SECURE  HOTSPOT
20 21 2 2 2
 FILE INFORMATION
File Name: colornote-notepad-4-4-6.apk
Size: 3.98MB
MD5: f34b68f1980e9296c9a60bed2425af7a
SHA1: 8f386511aa4d7e3fabf0e1b16f8457ec1493d483
SHA256: 5046f430afa77feaf6cc6d09cc9889dc20606e83fa87018f9d037de866c4968d
 APP INFORMATION
App Name: ColorNote
Package Name: com.socialnmobile.dictapps.notepad.color.note
Main Activity: com.socialnmobile.colornote.activity.Main
Target SDK: 31
Min SDK: 15
Max SDK:
Android Version Name: 4.4.6
Android Version Code: 14600
 APP COMPONENTS
Activities: 24
Services: 14
Receivers: 20
Providers: 5
Exported Activities: 8
Exported Services: 5
Exported Receivers: 8
Exported Providers: 1
 CERTIFICATE INFORMATION
Binary is signed
v1 signature: True
v2 signature: True
v3 signature: False
v4 signature: False
X.509 Subject: C=Unknown, ST=Unknown, L=Unknown, O=socialnmobile, OU=android, CN=socialnmobile
Signature Algorithm: rsassa_pkcs1v15
Valid From: 2009-02-13 09:51:33+00:00
Valid To: 2063-11-17 09:51:33+00:00
Issuer: C=Unknown, ST=Unknown, L=Unknown, O=socialnmobile, OU=android, CN=socialnmobile
Serial Number: 0x499542a5
Hash Algorithm: sha1
md5: 8190fa0dfb1457782dbbe689beef98b7
sha1: f4d8a67bf40879df79cbf1dc8b2999df74ebbf76
sha256: 4e92275e4f7853f3df65171071f0b6841b063520ee93d9bb2db647baec695b98
sha512: 0ea3cd42a12a4b37bb685e2c381e4c15a58ae7ffb64445aed15df2872349f4e1b61f28bcfc7a5b403af48b4688e0d146e5d1cabd5b717ab1b6b47333defa49a2
PublicKey Algorithm: rsa
Bit Size: 1024
Fingerprint: b3e73ed9bda041e5fb23d5ad03a0522de5684d88d280fc7ce53973921df6d739
Found 1 unique certificates
 APPLICATION PERMISSIONS
PERMISSION STATUS INFO DESCRIPTION
read/modify/delete
Allows an application to write to external
android.permission.WRITE_EXTERNAL_STORAGE dangerous external storage
storage.
contents
Allows an application to start itself as soon

as the system has finished booting. This
automatically start
android.permission.RECEIVE_BOOT_COMPLETED normal can make it take longer to start the phone
at boot
and allow the application to slow down the
overall phone by always running.
Allows the application to control the

android.permission.VIBRATE normal control vibrator
vibrator.
prevent phone Allows an application to prevent the phone

android.permission.WAKE_LOCK normal
from sleeping from going to sleep.
Allows an application to create network

android.permission.INTERNET normal full Internet access
sockets.
view network Allows an application to view the status of

android.permission.ACCESS_NETWORK_STATE normal
status all networks.
Allows a regular application to use

android.permission.FOREGROUND_SERVICE normal
Service.startForeground.
com.google.android.c2dm.permission.RECEIVE signature C2DM permissions Permission for cloud to device messaging.
Unknown Unknown permission from android

com.google.android.gms.permission.AD_ID unknown
permission reference
PERMISSION STATUS INFO DESCRIPTION
Unknown Unknown permission from android

com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE unknown
permission reference
Allows an app to use exact alarm

android.permission.SCHEDULE_EXACT_ALARM normal scheduling APIs to perform timing sensitive
background work.
 APKID ANALYSIS
FILE DETAILS
FINDINGS DETAILS
Build.FINGERPRINT check
classes.dex Build.MODEL check
Anti-VM Code
Build.MANUFACTURER check
Build.PRODUCT check
Compiler r8 without marker (suspicious)
 BROWSABLE ACTIVITIES
ACTIVITY INTENT
com.socialnmobile.colornote.oauth.RedirectOauthReceiverActivity Schemes: com.googleusercontent.apps.908669027715://,
Schemes: colornote://,
com.socialnmobile.colornote.activity.AppAction
Hosts: appaction,
Schemes: fbconnect://,
com.facebook.CustomTabActivity
Hosts: cct.com.socialnmobile.dictapps.notepad.color.note,
 NETWORK SECURITY
HIGH: 0 | WARNING: 1 | INFO: 0 | SECURE: 1
NO SCOPE SEVERITY DESCRIPTION
1 * secure Base config is configured to disallow clear text traffic to all domains.
2 * warning Base config is configured to trust system certificates.
 CERTIFICATE ANALYSIS
HIGH: 1 | WARNING: 1 | INFO: 1
TITLE SEVERITY DESCRIPTION
Signed Application info Application is signed with a code signing certificate

TITLE SEVERITY DESCRIPTION
Application is signed with v1 signature scheme, making it vulnerable to Janus vulnerability on Android 5.0-8.0, if signed
Application vulnerable
warning only with v1 signature scheme. Applications running on Android 5.0-7.0 signed with v1, and v2/v3 scheme is also
to Janus Vulnerability
vulnerable.
Certificate algorithm
vulnerable to hash high Application is signed with SHA1withRSA. SHA1 hash algorithm is known to have collision issues.
collision
 MANIFEST ANALYSIS
HIGH: 18 | WARNING: 10 | INFO: 0 | SUPPRESSED: 0
NO ISSUE SEVERITY DESCRIPTION
This application can be installed on an older version of android that

App can be installed on a vulnerable Android version
1 warning has multiple unfixed vulnerabilities. Support an Android version > 8,
[minSdk=15]
API 26 to receive reasonable security updates.
The Network Security Configuration feature lets apps customize

App has a Network Security Configuration their network security settings in a safe, declarative configuration
2 info
[android:networkSecurityConfig=@xml/network_security_config] file without modifying app code. These settings can be configured
for specific domains and for a specific app.
This flag allows anyone to backup your application data via adb. It
Application Data can be Backed up
3 warning allows users who have enabled USB debugging to copy application
[android:allowBackup=true]
data off of the device.
Content Provider (com.socialnmobile.colornote.data.NoteProvider) A Content Provider is found to be shared with other apps on the
4 is not Protected. high device therefore leaving it accessible to any other application on the
[android:exported=true] device.
Broadcast Receiver
A Broadcast Receiver is found to be shared with other apps on the
(com.socialnmobile.colornote.receiver.TimeChangedReceiver) is
5 high device therefore leaving it accessible to any other application on the
not Protected.
device.
[android:exported=true]
Broadcast Receiver
(com.socialnmobile.colornote.receiver.PowerConnectedReceiver) is
not Protected.
device.
Broadcast Receiver
(com.socialnmobile.colornote.receiver.BuildWidgetReceiver) is not
Protected.
device.
Broadcast Receiver
(com.socialnmobile.colornote.receiver.NoteWidget) is not
Protected.
device.
Broadcast Receiver
(com.socialnmobile.colornote.receiver.NoteWidget2x2) is not
Protected.
device.
Broadcast Receiver
(com.socialnmobile.colornote.receiver.TodayWidget2x2) is not
Protected.
device.
A Service is found to be shared with other apps on the device

therefore leaving it accessible to any other application on the
Service (com.socialnmobile.colornote.service.BootJobIntentService) device. It is protected by a permission which is not defined in the
is Protected by a permission, but the protection level of the analysed application. As a result, the protection level of the
11 permission should be checked. warning permission should be checked where it is defined. If it is set to
Permission: android.permission.BIND_JOB_SERVICE normal or dangerous, a malicious application can request and
[android:exported=true] obtain the permission and interact with the component. If it is set
to signature, only applications signed with the same certificate can
obtain the permission.

Service
device. It is protected by a permission which is not defined in the
(com.socialnmobile.colornote.service.RenewJobIntentService) is
analysed application. As a result, the protection level of the
Protected by a permission, but the protection level of the
12 warning permission should be checked where it is defined. If it is set to
permission should be checked.
normal or dangerous, a malicious application can request and
Permission: android.permission.BIND_JOB_SERVICE
obtain the permission and interact with the component. If it is set
Service (com.socialnmobile.colornote.oauth.KeepAliveService) is A Service is found to be shared with other apps on the device
13 not Protected. high therefore leaving it accessible to any other application on the
Activity (com.socialnmobile.colornote.activity.Search) is not An Activity is found to be shared with other apps on the device
14 Protected. high therefore leaving it accessible to any other application on the
Activity-Alias (com.socialnmobile.colornote.activity.NoteList) is not An Activity-Alias is found to be shared with other apps on the
15 Protected. high device therefore leaving it accessible to any other application on the
Activity (com.socialnmobile.colornote.activity.ActionReceiver) is not An Activity is found to be shared with other apps on the device
If taskAffinity is set, then other application could read the Intents

sent to Activities belonging to another task. Always use the default
TaskAffinity is set for activity
17 warning setting keeping the affinity as the package name in order to prevent
(com.socialnmobile.colornote.activity.NoteEditor)
sensitive information inside sent or received Intents from being
read by another application.
Activity (com.socialnmobile.colornote.activity.NoteEditor) is not An Activity is found to be shared with other apps on the device

(com.socialnmobile.colornote.activity.Today)
An Activity should not be having the launch mode attribute set to

"singleTask/singleInstance" as it becomes root Activity and it is
Launch Mode of activity
20 high possible for other applications to read the contents of the calling
(com.socialnmobile.colornote.activity.Today) is not standard.
Intent. So it is required to use the "standard" launch mode attribute
when sensitive information is included in an Intent.

(com.socialnmobile.colornote.activity.NoteWidgetConfigure)
Activity
An Activity is found to be shared with other apps on the device
(com.socialnmobile.colornote.activity.NoteWidgetConfigure) is not
22 high therefore leaving it accessible to any other application on the
Protected.
device.
Activity
(com.socialnmobile.colornote.oauth.RedirectOauthReceiverActivity)
is not Protected.
device.
Activity (com.socialnmobile.colornote.activity.AppAction) is not An Activity is found to be shared with other apps on the device

Service
(androidx.work.impl.background.systemjob.SystemJobService) is
Protected by a permission, but the protection level of the
permission should be checked.
Permission: android.permission.BIND_JOB_SERVICE

device therefore leaving it accessible to any other application on the
Broadcast Receiver
(androidx.work.impl.diagnostics.DiagnosticsReceiver) is Protected
by a permission, but the protection level of the permission should
be checked.
Permission: android.permission.DUMP

Activity (com.facebook.CustomTabActivity) is not Protected.
device.

device therefore leaving it accessible to any other application on the
Broadcast Receiver
(com.google.firebase.iid.FirebaseInstanceIdReceiver) is Protected
by a permission, but the protection level of the permission should
be checked.
Permission: com.google.android.c2dm.permission.SEND
Service (com.google.firebase.iid.FirebaseInstanceIdService) is not A Service is found to be shared with other apps on the device
 CODE ANALYSIS
HIGH: 1 | WARNING: 7 | INFO: 2 | SECURE: 1 | SUPPRESSED: 0
NO ISSUE SEVERITY STANDARDS FILES
CWE: CWE-327: Use of a Broken or Risky Cryptographic

MD5 is a weak hash known to have Algorithm sm/k2/d.java
1 warning
hash collisions. OWASP Top 10: M5: Insufficient Cryptography sm/s2/l.java
OWASP MASVS: MSTG-CRYPTO-4
com/socialnmobile/colornote/Col
orNote.java
sm/b5/d.java
sm/b7/a.java
sm/c5/b.java
sm/d1/d.java
sm/d3/c.java
sm/d4/b.java
sm/e0/e.java
sm/e1/a.java
sm/e4/f3.java
sm/e4/f4.java
sm/e4/j3.java
sm/e4/m3.java
sm/e4/v3.java
sm/e4/x3.java
sm/e5/g.java
sm/g1/a.java
sm/g1/b.java
sm/g4/k.java
sm/h0/c.java
sm/h0/d.java
sm/i0/b.java
sm/i0/d.java
sm/i0/e.java
sm/i0/f.java
sm/i0/i.java
sm/i2/a.java
sm/i3/c.java
sm/i4/a.java
sm/i8/a.java
sm/j/a.java
sm/j2/c1.java
sm/j2/g.java
sm/j2/j0.java
sm/j2/o0.java
sm/j2/s0.java
sm/j3/d0.java
sm/j3/e0.java
sm/j3/y.java
sm/k2/c.java
sm/k2/f.java
sm/k2/g0.java
sm/k2/m.java
sm/l4/h.java
sm/l5/c.java
CWE: CWE-532: Insertion of Sensitive Information into Log
The App logs information. Sensitive sm/m0/b.java
2 info File
information should never be logged. sm/n/g.java
OWASP MASVS: MSTG-STORAGE-3
sm/n1/c.java
sm/n2/l.java
sm/n3/a.java
sm/o/c.java
sm/o2/e.java
sm/o2/f.java
sm/p/j.java
sm/p/k.java
sm/p/l.java
sm/p0/a.java
sm/p0/b.java
sm/q0/b.java
sm/q1/a.java
sm/q2/a.java
sm/q5/i.java
sm/r1/i0.java
sm/r1/y.java
sm/r3/e.java
sm/r3/j.java
sm/r3/k.java
sm/r5/a.java
sm/r5/k.java
sm/s2/f.java
sm/s2/i.java
sm/s2/l.java
sm/t3/d.java
sm/t3/z.java
sm/t5/d.java
sm/t5/f.java
sm/t5/k.java
sm/t5/l.java
sm/t5/o.java
sm/u0/c.java
sm/u1/j.java
sm/u3/a.java
sm/u3/c.java
sm/u3/e.java
sm/u3/e0.java
sm/u3/f.java
sm/u3/k0.java
sm/v2/a.java
sm/w3/a.java
sm/x3/l.java
sm/y4/a.java
sm/z2/d0.java
sm/z2/k0.java
sm/z2/l0.java
sm/z2/u.java
CWE: CWE-327: Use of a Broken or Risky Cryptographic sm/i3/a.java
sm/z7/k.java
SHA-1 is a weak hash known to have Algorithm sm/n7/l2.java
3 warning
hash collisions. OWASP Top 10: M5: Insufficient Cryptography sm/n7/m1.java
OWASP MASVS: MSTG-CRYPTO-4 sm/t5/o.java
com/socialnmobile/colornote/rec
eiver/AutoSyncReceiver.java
sm/a9/a.java
CWE: CWE-330: Use of Insufficiently Random Values
The App uses an insecure Random sm/a9/b.java
4 warning OWASP Top 10: M5: Insufficient Cryptography
Number Generator. sm/e4/v3.java
OWASP MASVS: MSTG-CRYPTO-6
sm/j2/s.java
sm/l6/x.java
sm/z2/k0.java
com/socialnmobile/colornote/dat
a/d.java
sm/l6/z.java
App can read/write to External CWE: CWE-276: Incorrect Default Permissions
sm/n3/i4.java
5 Storage. Any App can read data warning OWASP Top 10: M2: Insecure Data Storage
sm/o6/a.java
written to External Storage. OWASP MASVS: MSTG-STORAGE-2
sm/t6/h.java
sm/z2/k0.java
sm/z7/j.java
App uses SQLite Database and com/socialnmobile/colornote/dat

execute raw SQL query. Untrusted a/NoteProvider.java
CWE: CWE-89: Improper Neutralization of Special Elements
user input in raw SQL queries can com/socialnmobile/colornote/dat
6 warning used in an SQL Command ('SQL Injection')
cause SQL Injection. Also sensitive a/k.java
OWASP Top 10: M7: Client Code Quality
information should be encrypted and sm/o1/a.java
written to the database. sm/u6/j.java
App creates temp file. Sensitive CWE: CWE-276: Incorrect Default Permissions
7 information should never be written warning OWASP Top 10: M2: Insecure Data Storage sm/g1/b.java
into a temp file. OWASP MASVS: MSTG-STORAGE-2
sm/j2/b.java
sm/j2/c1.java
sm/j2/j.java
App can write to App Directory.
CWE: CWE-276: Incorrect Default Permissions sm/j2/q0.java
8 Sensitive Information should be info
OWASP MASVS: MSTG-STORAGE-14 sm/j2/t0.java
encrypted.
sm/j3/d0.java
sm/q2/j.java
sm/w2/b.java
Files may contain hardcoded CWE: CWE-312: Cleartext Storage of Sensitive Information
sm/m2/g.java
9 sensitive information like usernames, warning OWASP Top 10: M9: Reverse Engineering
sm/n7/d2.java
passwords, keys etc. OWASP MASVS: MSTG-STORAGE-14
This App uses SSL certificate pinning

10 to detect or prevent MITM attacks in secure sm/n3/l1.java
OWASP MASVS: MSTG-NETWORK-4
secure communication channel.
The App uses the encryption mode CWE: CWE-649: Reliance on Obfuscation or Encryption of
CBC with PKCS5/PKCS7 padding. This Security-Relevant Inputs without Integrity Checking
11 high sm/n7/o2.java
configuration is vulnerable to OWASP Top 10: M5: Insufficient Cryptography
padding oracle attacks. OWASP MASVS: MSTG-CRYPTO-3
 NIAP ANALYSIS v1.3
NO IDENTIFIER REQUIREMENT FEATURE DESCRIPTION
 OFAC SANCTIONED COUNTRIES

This app may communicate with the following OFAC sanctioned list of countries.
DOMAIN COUNTRY/REGION
 DOMAIN MALWARE CHECK
DOMAIN STATUS GEOLOCATION
IP: 157.240.226.1
Country: Netherlands
Region: Noord-Holland
graph.facebook.com ok City: Amsterdam
Latitude: 52.374031
Longitude: 4.889690
View: Google Map
IP: 142.250.219.212
Country: United States of America
Region: California
api-dot-colornote-server.appspot.com ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map
IP: 142.251.132.52
Region: California
event-collector-etc.appspot.com ok City: Mountain View
Latitude: 37.405991
View: Google Map
IP: 3.162.249.136
Region: Washington
www.amazon.com ok City: Seattle
Latitude: 47.627499
View: Google Map
IP: 93.184.216.34
Region: Virginia
www.example.com ok City: Ashburn
Latitude: 39.043720
View: Google Map
graph.s ok No Geolocation information available.

IP: 157.240.12.35
Country: Brazil
Region: Sao Paulo
facebook.com ok City: Sao Paulo
Latitude: -23.547501
View: Google Map
IP: 142.250.219.238
Region: California
developers.google.com ok City: Mountain View
Latitude: 37.405991
View: Google Map
schemas.android.com ok No Geolocation information available.
IP: 130.211.189.49
Region: Iowa
www.colornote.com ok City: Council Bluffs
Latitude: 41.261940
View: Google Map
IP: 34.120.160.131
Region: Missouri
colornote-server.firebaseio.com ok City: Kansas City
Latitude: 39.099731
View: Google Map
IP: 200.152.162.143
Country: Brazil
Region: Sao Paulo
data.flurry.com ok City: Sao Paulo
View: Google Map
IP: 104.197.70.19
Region: Iowa
api.colornote.com ok City: Council Bluffs
Latitude: 41.261940
View: Google Map
IP: 142.251.128.148
Region: California
api-dot-colornote-dev-py27.appspot.com ok City: Mountain View
Latitude: 37.405991
View: Google Map
IP: 157.240.222.16
Country: Brazil
Region: Sao Paulo
developers.facebook.com ok City: Sao Paulo
View: Google Map
IP: 142.250.219.238
Region: California
plus.google.com ok City: Mountain View
Latitude: 37.405991
View: Google Map
IP: 142.250.79.206
Region: California
play.google.com ok City: Mountain View
Latitude: 37.405991
View: Google Map
graph-video.s ok No Geolocation information available.
IP: 142.250.219.164
Region: California
www.google.com ok City: Mountain View
Latitude: 37.405991
View: Google Map
IP: 172.217.162.116
Region: California
event-collector-colornote.appspot.com ok City: Mountain View
Latitude: 37.405991
View: Google Map
IP: 142.251.128.74
Region: California
firebaseremoteconfig.googleapis.com ok City: Mountain View
Latitude: 37.405991
View: Google Map
IP: 157.240.226.35
Country: Netherlands
Region: Noord-Holland
www.facebook.com ok City: Amsterdam
Latitude: 52.374031
Longitude: 4.889690
View: Google Map
.facebook.com ok No Geolocation information available.
IP: 172.217.162.109
Region: California
accounts.google.com ok City: Mountain View
Latitude: 37.405991
View: Google Map
IP: 142.250.219.206
Region: California
schema.org ok City: Mountain View
Latitude: 37.405991
View: Google Map
 FIREBASE DATABASES
FIREBASE URL DETAILS
info
https://colornote-server.firebaseio.com
App talks to a Firebase Database.
 EMAILS
EMAIL FILE
u0013android@android.com0
sm/r3/p.java
u0013android@android.com
 TRACKERS
TRACKER CATEGORIES URL
Facebook Login Identification https://reports.exodus-privacy.eu.org/trackers/67
Flurry Advertisement, Analytics https://reports.exodus-privacy.eu.org/trackers/25
 HARDCODED SECRETS
POSSIBLE SECRETS
"facebook_client_token" : "550b8029088421a81472f9340e57f52d"
"firebase_database_url" : "https://colornote-server.firebaseio.com"
"google_api_key" : "AIzaSyDnUAli16gcM1BshfFIotiKlkhs1B8R7tM"
"google_crash_reporting_api_key" : "AIzaSyDnUAli16gcM1BshfFIotiKlkhs1B8R7tM"
"password" : "Password"
"username" : "Username"
"about_password" : ""
"com_facebook_device_auth_instructions" : "<b>facebook.com/device</b>"
"enter_password" : ""
"master_password" : ""
"password" : ""
"reenter_master_password" : ""
"remove_password" : ""
"username" : "ID"
"master_password" : "Master-Passwort"
POSSIBLE SECRETS
"password" : "Passwort"
"username" : "Nutzername"
"password" : ""
"username" : ""
"username" : "Utilisateur"
"password" : "Şifre"
"password" : "Contraseña"
"password" : "Senha"
"master_password" : "Мастер-пароль"
"password" : "Пароль"
"password" : "‫"סיסמא‬
"about_password" : ""
"com_facebook_device_auth_instructions" : "<b>facebook.com/device</b>"
"enter_password" : ""
"master_password" : ""
POSSIBLE SECRETS
"reenter_master_password" : ""
"remove_password" : ""
"username" : ""
"password" : "Password"
"about_password" : ""
"enter_password" : ""
"master_password" : ""
"reenter_master_password" : ""
"remove_password" : ""
"username" : ""
c103703e120ae8cc73c9248622f3cd1e
8a3c4b262d721acd49a4bf97d5213199c86fa2b9
2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3
POSSIBLE SECRETS
cc2751449a350f668590264ed76692694a80308a
df6b721c8b4d3b6eb44c861d4415007e5a35fc95
SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4=
9b8f518b086098de3d77736f9458a3d2f6f95a37
cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM=
Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw=
c56fb7d591ba6704df047fd98f535372fea00211
WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=
UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4=
JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg=
uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc=
a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc
49f946663a8deb7054212b8adda248c6
 PLAYSTORE INFORMATION
Title: ColorNote Notepad Notes
Score: 4.861069 Installs: 100,000,000+ Price: 0 Android Version Support: Category: Productivity Play Store URL: com.socialnmobile.dictapps.notepad.color.note
Developer Details: Notes, Notes, 142, Gasan digital 1-ro, Geumcheon-gu, Seoul, Korea, http://www.colornote.com, notesupport@socialnmobile.com,
Release Date: None Privacy Policy: Privacy link
Description:
ColorNote® is a simple and awesome notepad app. It gives you a quick and simple notepad editing experience when you write notes, memos, e-mails, messages,
shopping lists and to-do lists. Taking notes with ColorNote® Notepad is easier than any other notepad or memo pad app. * Notice * - If you cannot find the widget, then
please read the FAQ below. - When you're finished using the notepad, an automatic save command preserves your individual note. * Product Description * ColorNote®
features two basic note taking formats, a lined-paper styled text option, and a checklist option. Add as many as you want to your master list, which appears on the app's
home screen each time the program opens. This list may be viewed in traditional ascending order, in grid format, or by note color. - Taking a Note - Serving as a simple
word processing program, the text option allows for as many characters as you're willing to type. Once saved, you can edit, share, set a reminder, or check off or delete
the note through your device's menu button. When checking off a text note, the app places a slash through the list's title, and this will be displayed on the main menu. -
Making To-do List or Shopping List - In the checklist mode, you can add as many items as you'd like and arrange their order with drag buttons activated in the edit mode.
After the list is finished and saved, you may check or uncheck each line on your list with a quick tap, which will toggle a line slash. If all items have been checked, then the
list's title is slashed as well. * Features * - Organize notes by color (color notebook) - Sticky note memo widget (Put your notes on your home screen) - Checklist notes for
To do list & Shopping list. (Quick and simple list maker) - Checklist notes to get things done (GTD) - Organize your schedule by note in calendar - Write a diary and journal
in calendar - Password Lock note : Protect your notes with passcode - Secured backup notes to SD storage - Supports online back up and sync. You can sync notes
between phone and tablet. - Reminder notes on status bar - List/Grid View - Search notes - Notepad supports ColorDict Add-on - Powerful task reminder : Time Alarm, All
day, Repetition.(lunar calendar) - Quick memo / notes - Wiki note link : [[Title]] - Share notes via SMS, e-mail or Twitter * Online backup and sync cloud service * - Notes
will be encrypted before uploading notes by using the AES standard, which is the same encryption standard used by banks to secure customer data. - It does not send
any of your notes to the server without you signing in. - Sign-in with Google or Facebook. * Permissions * - Internet Access: For online backup & sync notes - Storage : For
backup notes to the storage of the device - Prevent phone from sleeping, control vibrator, automatically start at boot: For reminder notes * FAQ * Q: How do you put a
sticky note widget on the home screen? A: Go to the home screen and hold down your finger on an empty space and choose widget, Color Note will then be desplayed so
you can stick on the page. Q: Why don't the widget, the alarm and notes remider functions work? A: If the app is installed on the SD card, your widget, reminder, etc. will
not work properly because Android doesn't support these features when installed on an SD card! If you have already moved the app to an SD card, but want those
features, then you have to move the app back on the device and reboot your phone. Settings - Applications - Manage Applications - Color Note - Move to Device Q: Where
are backed up notes data on the SD card? A: '/data/colornote' or '/Android/data/com.socialnmobile.dictapps.notepad.color.note/files' on SD card Q: I forgot my master
password. How can I change it? A: Menu → Settings → Master Password → Menu Button → Clear Password. You will lose your current locked notes when you clear the
password! Q: How can I create todo list note? A: New - Select checklist note - Put items - Save. Tap an item to strikethrough.
Report Generated by - MobSF v3.7.8 Beta

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment
framework capable of performing static and dynamic analysis.
© 2023 Mobile Security Framework - MobSF | Ajin Abraham | OpenSecurity.

MobSF Static Analysis Report

Uploaded by

Copyright:

Available Formats

You might also like

MobSF Static Analysis Report

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MobSF Static Analysis Report

Uploaded by

Copyright:

Available Formats

ANDROID STATIC ANALYSIS REPORT

Package Name: com.socialnmobile.dictapps.notepad.color.note

Scan Date: Oct. 6, 2023, 5:35 p.m.

App Security Score: 30/100 (HIGH RISK)

 HIGH  MEDIUM  INFO  SECURE  HOTSPOT

PERMISSION STATUS INFO DESCRIPTION

Allows an application to start itself as soon

Allows the application to control the

prevent phone Allows an application to prevent the phone

Allows an application to create network

view network Allows an application to view the status of

Allows a regular application to use

com.google.android.c2dm.permission.RECEIVE signature C2DM permissions Permission for cloud to device messaging.

Unknown Unknown permission from android

Unknown Unknown permission from android

Allows an app to use exact alarm

Compiler r8 without marker (suspicious)

com.socialnmobile.colornote.oauth.RedirectOauthReceiverActivity Schemes: com.googleusercontent.apps.908669027715://,

NO SCOPE SEVERITY DESCRIPTION

2 * warning Base config is configured to trust system certificates.

TITLE SEVERITY DESCRIPTION

Signed Application info Application is signed with a code signing certificate

NO ISSUE SEVERITY DESCRIPTION

This application can be installed on an older version of android that

The Network Security Configuration feature lets apps customize

A Service is found to be shared with other apps on the device

A Service is found to be shared with other apps on the device

If taskAffinity is set, then other application could read the Intents

If taskAffinity is set, then other application could read the Intents

An Activity should not be having the launch mode attribute set to

If taskAffinity is set, then other application could read the Intents

A Service is found to be shared with other apps on the device

A Broadcast Receiver is found to be shared with other apps on the

An Activity is found to be shared with other apps on the device

A Broadcast Receiver is found to be shared with other apps on the

NO ISSUE SEVERITY STANDARDS FILES

CWE: CWE-327: Use of a Broken or Risky Cryptographic

App uses SQLite Database and com/socialnmobile/colornote/dat

This App uses SSL certificate pinning

NO IDENTIFIER REQUIREMENT FEATURE DESCRIPTION

 OFAC SANCTIONED COUNTRIES

 DOMAIN MALWARE CHECK

DOMAIN STATUS GEOLOCATION

graph.s ok No Geolocation information available.

schemas.android.com ok No Geolocation information available.

graph-video.s ok No Geolocation information available.

.facebook.com ok No Geolocation information available.

FIREBASE URL DETAILS

TRACKER CATEGORIES URL

Facebook Login Identification https://reports.exodus-privacy.eu.org/trackers/67

Flurry Advertisement, Analytics https://reports.exodus-privacy.eu.org/trackers/25

Release Date: None Privacy Policy: Privacy link

Report Generated by - MobSF v3.7.8 Beta

© 2023 Mobile Security Framework - MobSF | Ajin Abraham | OpenSecurity.

You might also like