Description said "Ad Blocker: Block annoying pop-ups and ads, enjoy clear and clean browsing" but in the service list you can find nativesdk.ad.common.service.AdPreloadServicepic.twitter.com/CcwgtIBWbD
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
In http://Favorites.java there is a list a porn websites which is added to a HashMap in the constructor
pic.twitter.com/drkgNnqoxc
Even if you delete your browser history, you can find the last visit url in clear in a shared preferences filepic.twitter.com/n58ZwRPa30
If you visit #YouTube, #Pornhub, #xvideos or #xnxx, CM browser will inject their cmbFloatVideo js script in the webpagepic.twitter.com/3J4N3wg6N3
BIG PRIVACY ISSUE: CM Browser is storing your browser history in clear in browser.db EVEN IN INCOGNITO MODE
pic.twitter.com/lWukVAoFxv
The AppExistTrackingReceiver is listening to a multiple intent: USER_PRESENT, CONNECTIVITY_CHANGE,... On the onReceive method it will start the KBrowserService if the device is connected to the network and the last upload is older than 6 hourspic.twitter.com/FAFDA1UPZK
On the OnCreate method of KBrowserService, it register a BroadcastReceiver which listen to SCREEN_ON and SCREEN_OFF intents...I saw that in a lot of malware...pic.twitter.com/mgv2fEsVbn
When SCREEN_OFF is received the AppLockBroadCastReceiver check if the phone is locked and will update their content provider with is_screen_off to truepic.twitter.com/6g41zlsEYw
I'm done with this app. There is more to find for sure. Feel free to check the decompiled source http://github.com/fs0c131y/CMBrowser … and share your findings!
To sumarize: Stay away of this app! It clearly an invasive application which listen for too much things on the user device. They do the opposite of the app description and don't protect your data
I'm ready for my next challenge. If you an app name in mind, feel free to send here or by DMs and I will look into it
two things: don't base your analysis on VT detection. 2. ad thing is interesting to investigate. what's the deal with packages added "?
Where did you see I based my analysis on VT? VT score is a good indication in the triage analysis phase.
Regarding the package added listening, a "secure" browser is not suppose to listen to the app you add/remove. In this case there is multiple listener use by multiple SDKs
Finally, I did not finish the analysis, I will do it today and publish the code at the end.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.