First thing you saw when you open the AndroidManifest, the app is asking 3 permissions which are granted only for system app. Why a web browser need to mount/unmount my file system?pic.twitter.com/DDKMmIUkp8
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Where did you see I based my analysis on VT? VT score is a good indication in the triage analysis phase.
Regarding the package added listening, a "secure" browser is not suppose to listen to the app you add/remove. In this case there is multiple listener use by multiple SDKs
Finally, I did not finish the analysis, I will do it today and publish the code at the end.
well VT have FP and FN.. sometimes some static rule will match a URL in the sample and it will score the whole sample as malicious.... anyway
Yes you're right and it's probably the case here. But I still consider as a good practice to submit the sample to VT (or others) during the triage phase.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.