<Thread> CM Browser is a very popular application (50M - 100M downloads) published by @CheetahMobile.pic.twitter.com/hkwC4spdQt
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
When you click the product tab in http://ijinshan.com it redirect to the product list of @CheetahMobile, http://cn.cmcm.com/products.html . In the list you can see the "Jinshan battery doctor" app. ijinshan seems 2 differents legal company but same people 
@CheetahMobile Browser is listening to PACKAGE_ADDED, PACKAGE_REMOVED, PACKAGE_CHANGED and PACKAGE_REPLACED intents
pic.twitter.com/PS3KGOH0m5
They also listen to http://android.hardware.action.NEW _PICTURE...pic.twitter.com/zU25x2zVok
I'll pause my investigation for today. Here the summary for now: * They lie in the description * VT detected it as a Rog.RedtubeSex * This Adblock browser load their own ad * They used multiple SDKs * They listen to the apps movement (install,...)
In http://Favorites.java there is a list a porn websites which is added to a HashMap in the constructor
pic.twitter.com/drkgNnqoxc
Even if you delete your browser history, you can find the last visit url in clear in a shared preferences filepic.twitter.com/n58ZwRPa30
If you visit #YouTube, #Pornhub, #xvideos or #xnxx, CM browser will inject their cmbFloatVideo js script in the webpagepic.twitter.com/3J4N3wg6N3
BIG PRIVACY ISSUE: CM Browser is storing your browser history in clear in browser.db EVEN IN INCOGNITO MODE
pic.twitter.com/lWukVAoFxv
The AppExistTrackingReceiver is listening to a multiple intent: USER_PRESENT, CONNECTIVITY_CHANGE,... On the onReceive method it will start the KBrowserService if the device is connected to the network and the last upload is older than 6 hourspic.twitter.com/FAFDA1UPZK
On the OnCreate method of KBrowserService, it register a BroadcastReceiver which listen to SCREEN_ON and SCREEN_OFF intents...I saw that in a lot of malware...pic.twitter.com/mgv2fEsVbn
When SCREEN_OFF is received the AppLockBroadCastReceiver check if the phone is locked and will update their content provider with is_screen_off to truepic.twitter.com/6g41zlsEYw
I'm done with this app. There is more to find for sure. Feel free to check the decompiled source http://github.com/fs0c131y/CMBrowser … and share your findings!
To sumarize: Stay away of this app! It clearly an invasive application which listen for too much things on the user device. They do the opposite of the app description and don't protect your data
I'm ready for my next challenge. If you an app name in mind, feel free to send here or by DMs and I will look into it
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.