| _id | sha256 | analysis_log | apk_filename | apk_size_bytes | bazaar_url | last_updated | phases_complete | report_url | uploaded_at | status_data | report_data | finding_counts | risk_label | risk_score | total_findings | vapt_findings | html_report_id | bazaar_ui_url |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
6a2ea0a0ae36b72c92a1091f
|
76c308fac6a655a3534771777780e004feb1d91be03285776…
|
[12:37:52] DEBUG COMPOSE: docker compose -f local.yml ps --format json (cwd=/home/apogean/projects/vapt/android_vapt/bazaar),[12:37:52] INFO Bazaar Django container already running.,[12:37:52] ✔ done in 0.08s,[12:37:52] === PHASE 1 — AUTH CHECK ===,[12:37:52] DEBUG hello() → {'status_code': 200, 'message': 'Hello!'},[12:37:52] INFO API token accepted (/api/hello → 200).,[12:37:52] ✔ done in 0.02s,[12:37:52] === PHASE 2 — EXISTENCE CHECK ===,[12:37:52] existence check response: {"status_code": 200, "ret_code": 0, "requested_hash": "76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6", "message": "A sample with the same sha256 already exists", "report_url": "/report/76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6"},[12:37:52] INFO Existence check: {'status_code': 200, 'ret_code': 0, 'requested_hash': '76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6', 'message': 'A sample with the same sha256 already exists', 'report_url': '/report/76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6'},[12:37:52] INFO Exists & complete → skipping re-upload.,[12:37:52] ✔ done in 0.07s,[12:37:52] === PHASE 5 — FETCH REPORT ===,[12:37:52] INFO Report fetched and stored in MongoDB.,[12:37:53] ✔ done in 0.07s,[12:37:53] === PHASE 6 — VAPT ANALYSIS ENGINE ===,[12:37:53] [HIGH ] [APKID-006] Anti-Analysis | APKiD: Anti Vm detected,[12:37:53] [HIGH ] [APKID-007] Anti-Analysis | APKiD: Anti Debug detected,[12:37:53] [HIGH ] [QUARK-009] Behavioral (Quark) | Quark [60%]: Read sensitive data(SMS, CALLLOG, etc),[12:37:53] [HIGH ] [QUARK-014] Behavioral (Quark) | Quark [60%]: Load additional DEX files dynamically,[12:37:53] [HIGH ] [QUARK-015] Behavioral (Quark) | Quark [60%]: Load external class,[12:37:53] [HIGH ] [QUARK-019] Behavioral (Quark) | Quark [100%]: Load class from given class name,[12:37:53] [HIGH ] [CERT-001] Certificate | Self-signed / self-issued certificate,[12:37:53] [HIGH ] [CFG-026] Code Behavior (Andro-CFG) | Andro-CFG: Dynamic external code loading,[12:37:53] [HIGH ] [CFG-031] Code Behavior (Andro-CFG) | Andro-CFG: Accessibility service instantiated,[12:37:53] [HIGH ] [CFG-032] Code Behavior (Andro-CFG) | Andro-CFG: Accessibility event listener active,[12:37:53] [MEDIUM ] [QUARK-011] Behavioral (Quark) | Quark [100%]: Connect to a URL and set request method,[12:37:53] [MEDIUM ] [QUARK-013] Behavioral (Quark) | Quark [60%]: Get location and put it into JSON,[12:37:53] [MEDIUM ] [QUARK-018] Behavioral (Quark) | Quark [60%]: Write HTTP input stream into a file,[12:37:53] [MEDIUM ] [QUARK-022] Behavioral (Quark) | Quark [100%]: Get declared method from given method name,[12:37:53] [MEDIUM ] [QUARK-023] Behavioral (Quark) | Quark [100%]: Method reflection,[12:37:53] [MEDIUM ] [QUARK-024] Behavioral (Quark) | Quark [100%]: Monitor the broadcast action events (BOOT_COMPLETED),[12:37:53] [MEDIUM ] [CFG-025] Code Behavior (Andro-CFG) | Andro-CFG: JS-capable WebView loaded,[12:37:53] [MEDIUM ] [CFG-027] Code Behavior (Andro-CFG) | Andro-CFG: Device location data accessed,[12:37:53] [MEDIUM ] [CFG-029] Code Behavior (Andro-CFG) | Andro-CFG: OS / system calls issued,[12:37:53] [MEDIUM ] [CFG-030] Code Behavior (Andro-CFG) | Andro-CFG: Data transmitted via HTTP/S,[12:37:53] [MEDIUM ] [OBF-034] Obfuscation | Significant code obfuscation detected (91% of classes),[12:37:53] [LOW ] [QUARK-012] Behavioral (Quark) | Quark [60%]: Get absolute path of file and put it to JSON object,[12:37:53] [LOW ] [QUARK-020] Behavioral (Quark) | Quark [60%]: Retrieve data from broadcast,[12:37:53] [LOW ] [QUARK-021] Behavioral (Quark) | Quark [80%]: Get resource file from res/raw directory,[12:37:53] [INFO ] [APKID-008] Anti-Analysis | APKiD: Compiler detected,[12:37:53] [INFO ] [QUARK-010] Behavioral (Quark) | Quark [100%]: Read data and put it into a buffer stream,[12:37:53] [INFO ] [QUARK-016] Behavioral (Quark) | Quark [100%]: Send notification,[12:37:53] [INFO ] [QUARK-017] Behavioral (Quark) | Quark [100%]: Implicit intent(view a web page, make a phone call, etc.) via setData,[12:37:53] [INFO ] [CFG-028] Code Behavior (Andro-CFG) | Andro-CFG: Audio playback capability,[12:37:53] [INFO ] [PERM-003] Permission | Declared permission: Fingerprint authentication,[12:37:53] [INFO ] [PERM-004] Permission | Declared permission: Biometric authentication,[12:37:53] [INFO ] [PERM-005] Permission | Declared permission: Internet access,[12:37:53] [INFO ] [SIGN-002] Signing Scheme | APK not protected by Google Play Signing (not frosted),[12:37:53] [INFO ] [TRK-033] Tracker Detection | No known tracking SDKs detected,[12:37:53] ✔ done in 0.03s 37 findings | score=116 (CRITICAL RISK),[12:37:53] === PHASE 7 — HTML REPORT (→ MongoDB GridFS) ===,[12:37:53] INFO HTML report stored in GridFS (id=6a2ea0a1334b7c5a8f99fcfd, 31,741 bytes).,[12:37:53] ✔ done in 0.07s,[12:37:53] === PHASE 8 — SUMMARY ===,[12:37:53] INFO MongoDB document (sha256=76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6):
risk_score : 116 — CRITICAL RISK
total_findings: 37
finding_counts: {'CRITICAL': 0, 'HIGH': 10, 'MEDIUM': 11, 'LOW': 3, 'INFO': 13}
html_report_id: 6a2ea0a1334b7c5a8f99fcfd
phases_complete: ['phase0_preflight', 'phase1_auth', 'phase2_existence', 'phase5_fetch_report', 'phase6_vapt_analysis', 'phase7_html_report', 'phase8_summary'],[12:37:53] ✔ done in 0.00s
|
dvba.apk
|
3784858
|
http://localhost:8011
|
Sun Jun 14 2026 12:37:53 GMT+0000 (Coordinated Universal Time)
|
phase0_preflight,phase1_auth,phase2_existence,phase5_fetch_report,phase6_vapt_analysis,phase7_html_report,phase8_summary
|
http://localhost:8011/report/76c308fac6a655a35347…
|
Sun Jun 14 2026 12:37:52 GMT+0000 (Coordinated Universal Time)
|
{
"apkid_analysis": 2,
"ssdeep_analysis": 2,
"extract_classes": 2,
"quark_analysis": 2,
"analysis_date": "2026-06-13T16:02:49.038689+00:00",
"mobsf_analysis": -1,
"vt_analysis": -1,
"malware_bazaar_analysis": -1
}
|
*** LARGE PROPERTY ***
~259 KB Preview:{"status_code":200,"handl Click to fetch this property |
{
"CRITICAL": 0,
"HIGH": 10,
"MEDIUM": 11,
"LOW": 3,
"INFO": 13
}
|
CRITICAL RISK
|
116
|
37
|
[
{
"fid": "APKID-006",
"severity": "HIGH",
"category": "Anti-Analysis",
"title": "APKiD: Anti Vm detected",
"detail": "APKiD detected anti vm techniques: Build.FINGERPRINT check, Build.MODEL check, Build.MANUFACTURER check, Build.PRODUCT check, Build.HARDWARE check, Build.TAGS check. Commonly used to evade dynamic analysis environments.",
"evidence": "category=anti_vm, matches=[Build.FINGERPRINT check, Build.MODEL check, Build.MANUFACTURER check, Build.PRODUCT check, Build.HARDWARE check, Build.TAGS check]",
"owasp": "M8",
"cwe": "CWE-703",
"remediation": "Verify these are not present in production code. Anti-analysis techniques indicate hostile RE countermeasures."
},
{
"fid": "APKID-007",
"severity": "HIGH",
"category": "Anti-Analysis",
"title": "APKiD: Anti Debug detected",
"detail": "APKiD detected anti debug techniques: Debug.isDebuggerConnected() check. Commonly used to evade dynamic analysis environments.",
"evidence": "category=anti_debug, matches=[Debug.isDebuggerConnected() check]",
"owasp": "M8",
"cwe": "CWE-703",
"remediation": "Verify these are not present in production code. Anti-analysis techniques indicate hostile RE countermeasures."
},
{
"fid": "QUARK-009",
"severity": "HIGH",
"category": "Behavioral (Quark)",
"title": "Quark [60%]: Read sensitive data(SMS, CALLLOG, etc)",
"detail": "Quark-Engine identified behavioral crime at 60% confidence: 'Read sensitive data(SMS, CALLLOG, etc)'. Category: SMS data access / manipulation.",
"evidence": "rule=00126.json, confidence=60%, permissions=[]",
"owasp": "M1",
"cwe": "CWE-359",
"remediation": ""
},
{
"fid": "QUARK-014",
"severity": "HIGH",
"category": "Behavioral (Quark)",
"title": "Quark [60%]: Load additional DEX files dynamically",
"detail": "Quark-Engine identified behavioral crime at 60% confidence: 'Load additional DEX files dynamically'. Category: Dynamic class / code loading.",
"evidence": "rule=00021.json, confidence=60%, permissions=[]",
"owasp": "M8",
"cwe": "CWE-470",
"remediation": ""
},
{
"fid": "QUARK-015",
"severity": "HIGH",
"category": "Behavioral (Quark)",
"title": "Quark [60%]: Load external class",
"detail": "Quark-Engine identified behavioral crime at 60% confidence: 'Load external class'. Category: External class loading.",
"evidence": "rule=00032.json, confidence=60%, permissions=[]",
"owasp": "M8",
"cwe": "CWE-470",
"remediation": ""
},
{
"fid": "QUARK-019",
"severity": "HIGH",
"category": "Behavioral (Quark)",
"title": "Quark [100%]: Load class from given class name",
"detail": "Quark-Engine identified behavioral crime at 100% confidence: 'Load class from given class name'. Category: Dynamic class loading.",
"evidence": "rule=00141.json, confidence=100%, permissions=[]",
"owasp": "M8",
"cwe": "CWE-470",
"remediation": ""
},
{
"fid": "CERT-001",
"severity": "HIGH",
"category": "Certificate",
"title": "Self-signed / self-issued certificate",
"detail": "The APK is signed with a self-signed certificate. Any device or MDM solution that validates signing identity cannot trust this certificate chain.",
"evidence": "issuer='Common Name: damncorp, Organizational Unit: dvba, Organization: dvba' subject='Common Name: damncorp, Organizational Unit: dvba, Organization: dvba' self_signed=maybe self_issued=True",
"owasp": "M9",
"cwe": "CWE-295",
"remediation": "For production releases, obtain a certificate from a recognized CA or use Android Play App Signing."
},
{
"fid": "CFG-026",
"severity": "HIGH",
"category": "Code Behavior (Andro-CFG)",
"title": "Andro-CFG: Dynamic external code loading",
"detail": "The application probably dynamically loads code (4 code sites found). Tags: load_external_code",
"evidence": "rule=loadExternalCode, findings=4, callers=[com/google/android/gms/dynamite/DynamiteModule, c/c/b/h/c0/a/j0]",
"owasp": "M8",
"cwe": "CWE-470",
"remediation": ""
},
{
"fid": "CFG-031",
"severity": "HIGH",
"category": "Code Behavior (Andro-CFG)",
"title": "Andro-CFG: Accessibility service instantiated",
"detail": "The application probably creates an accessibility service (10 code sites found). Tags: create_accessibility_service, accessibility",
"evidence": "rule=createAccessibilityService, findings=10, callers=[b/k/b/a, com/google/android/material/chip/Chip, b/b/p/a1, androidx/recyclerview/widget/RecyclerView, b/k/b/a$c]",
"owasp": "M1",
"cwe": "CWE-749",
"remediation": ""
},
{
"fid": "CFG-032",
"severity": "HIGH",
"category": "Code Behavior (Andro-CFG)",
"title": "Andro-CFG: Accessibility event listener active",
"detail": "The application probably listens accessibility events (41 code sites found). Tags: listen_accessibility_events, accessibility",
"evidence": "rule=listenAccessibilityEvents, findings=41, callers=[b/k/b/a, androidx/recyclerview/widget/LinearLayoutManager, androidx/core/widget/NestedScrollView$a, androidx/recyclerview/widget/RecyclerView, b/b/p/f]",
"owasp": "M1",
"cwe": "CWE-749",
"remediation": ""
},
{
"fid": "QUARK-011",
"severity": "MEDIUM",
"category": "Behavioral (Quark)",
"title": "Quark [100%]: Connect to a URL and set request method",
"detail": "Quark-Engine identified behavioral crime at 100% confidence: 'Connect to a URL and set request method'. Category: URL / network communication.",
"evidence": "rule=00096.json, confidence=100%, permissions=[]",
"owasp": "M3",
"cwe": "CWE-319",
"remediation": ""
},
{
"fid": "QUARK-013",
"severity": "MEDIUM",
"category": "Behavioral (Quark)",
"title": "Quark [60%]: Get location and put it into JSON",
"detail": "Quark-Engine identified behavioral crime at 60% confidence: 'Get location and put it into JSON'. Category: Location data access.",
"evidence": "rule=00113.json, confidence=60%, permissions=[]",
"owasp": "M1",
"cwe": "CWE-359",
"remediation": ""
},
{
"fid": "QUARK-018",
"severity": "MEDIUM",
"category": "Behavioral (Quark)",
"title": "Quark [60%]: Write HTTP input stream into a file",
"detail": "Quark-Engine identified behavioral crime at 60% confidence: 'Write HTTP input stream into a file'. Category: HTTP communication.",
"evidence": "rule=00072.json, confidence=60%, permissions=[]",
"owasp": "M3",
"cwe": "CWE-319",
"remediation": ""
},
{
"fid": "QUARK-022",
"severity": "MEDIUM",
"category": "Behavioral (Quark)",
"title": "Quark [100%]: Get declared method from given method name",
"detail": "Quark-Engine identified behavioral crime at 100% confidence: 'Get declared method from given method name'. Category: Method discovery via reflection.",
"evidence": "rule=00081.json, confidence=100%, permissions=[]",
"owasp": "M7",
"cwe": "CWE-470",
"remediation": ""
},
{
"fid": "QUARK-023",
"severity": "MEDIUM",
"category": "Behavioral (Quark)",
"title": "Quark [100%]: Method reflection",
"detail": "Quark-Engine identified behavioral crime at 100% confidence: 'Method reflection'. Category: Java reflection usage.",
"evidence": "rule=00026.json, confidence=100%, permissions=[]",
"owasp": "M7",
"cwe": "CWE-470",
"remediation": ""
},
{
"fid": "QUARK-024",
"severity": "MEDIUM",
"category": "Behavioral (Quark)",
"title": "Quark [100%]: Monitor the broadcast action events (BOOT_COMPLETED)",
"detail": "Quark-Engine identified behavioral crime at 100% confidence: 'Monitor the broadcast action events (BOOT_COMPLETED)'. Category: Boot-time persistence.",
"evidence": "rule=00025.json, confidence=100%, permissions=[]",
"owasp": "M1",
"cwe": "CWE-749",
"remediation": ""
},
{
"fid": "CFG-025",
"severity": "MEDIUM",
"category": "Code Behavior (Andro-CFG)",
"title": "Andro-CFG: JS-capable WebView loaded",
"detail": "The application probably loads JS-capable web views (2 code sites found). Tags: load_webview, browser",
"evidence": "rule=loadWebview, findings=2, callers=[com/app/damnvulnerablebank/CurrencyRates]",
"owasp": "M1",
"cwe": "CWE-749",
"remediation": ""
},
{
"fid": "CFG-027",
"severity": "MEDIUM",
"category": "Code Behavior (Andro-CFG)",
"title": "Andro-CFG: Device location data accessed",
"detail": "The application probably gets the location based on GPS and/or Wi-Fi (3 code sites found). Tags: read_location, location, pii",
"evidence": "rule=readLocation, findings=3, callers=[b/b/k/t, b/b/k/k$h]",
"owasp": "M1",
"cwe": "CWE-359",
"remediation": ""
},
{
"fid": "CFG-029",
"severity": "MEDIUM",
"category": "Code Behavior (Andro-CFG)",
"title": "Andro-CFG: OS / system calls issued",
"detail": "The application probably makes OS calls (3 code sites found). Tags: do_os_calls, system",
"evidence": "rule=doOsCalls, findings=3, callers=[b/i/f/e]",
"owasp": "M1",
"cwe": "CWE-749",
"remediation": ""
},
{
"fid": "CFG-030",
"severity": "MEDIUM",
"category": "Code Behavior (Andro-CFG)",
"title": "Andro-CFG: Data transmitted via HTTP/S",
"detail": "The application probably sends data over HTTP/S (3 code sites found). Tags: send_data_http, network, send_data",
"evidence": "rule=sendDataHttp, findings=3, callers=[c/a/b/w/f]",
"owasp": "M3",
"cwe": "CWE-319",
"remediation": ""
},
{
"fid": "OBF-034",
"severity": "MEDIUM",
"category": "Obfuscation",
"title": "Significant code obfuscation detected (91% of classes)",
"detail": "1517 of 1673 class names appear obfuscated. Heavy obfuscation may hide malicious logic. Verify with decompilation.",
"evidence": "total_classes=1673, obfuscated=1517, ratio=0.91",
"owasp": "M9",
"cwe": "CWE-656",
"remediation": ""
},
{
"fid": "QUARK-012",
"severity": "LOW",
"category": "Behavioral (Quark)",
"title": "Quark [60%]: Get absolute path of file and put it to JSON object",
"detail": "Quark-Engine identified behavioral crime at 60% confidence: 'Get absolute path of file and put it to JSON object'. Category: Filesystem path disclosure.",
"evidence": "rule=00005.json, confidence=60%, permissions=[]",
"owasp": "M2",
"cwe": "CWE-22",
"remediation": ""
},
{
"fid": "QUARK-020",
"severity": "LOW",
"category": "Behavioral (Quark)",
"title": "Quark [60%]: Retrieve data from broadcast",
"detail": "Quark-Engine identified behavioral crime at 60% confidence: 'Retrieve data from broadcast'. Category: Broadcast event handling.",
"evidence": "rule=00091.json, confidence=60%, permissions=[]",
"owasp": "M1",
"cwe": "CWE-749",
"remediation": ""
},
{
"fid": "QUARK-021",
"severity": "LOW",
"category": "Behavioral (Quark)",
"title": "Quark [80%]: Get resource file from res/raw directory",
"detail": "Quark-Engine identified behavioral crime at 80% confidence: 'Get resource file from res/raw directory'. Category: Raw resource file access.",
"evidence": "rule=00036.json, confidence=80%, permissions=[]",
"owasp": "M2",
"cwe": "CWE-538",
"remediation": ""
},
{
"fid": "CFG-035",
"severity": "INFO",
"category": "Analyzer Gap",
"title": "Analyzer disabled: MobSF (Code / Network / NIAP Analysis)",
"detail": "'MobSF (Code / Network / NIAP Analysis)' (mobsf_analysis) returned -1 (not configured or disabled). This module was not run.",
"evidence": "mobsf_analysis=-1",
"owasp": "N/A",
"cwe": "N/A",
"remediation": "Configure the MobSF (Code / Network / NIAP Analysis) integration in your Bazaar/Pithus instance."
},
{
"fid": "CFG-036",
"severity": "INFO",
"category": "Analyzer Gap",
"title": "Analyzer disabled: VirusTotal",
"detail": "'VirusTotal' (vt_analysis) returned -1 (not configured or disabled). This module was not run.",
"evidence": "vt_analysis=-1",
"owasp": "N/A",
"cwe": "N/A",
"remediation": "Configure the VirusTotal integration in your Bazaar/Pithus instance."
},
{
"fid": "CFG-037",
"severity": "INFO",
"category": "Analyzer Gap",
"title": "Analyzer disabled: Malware Bazaar",
"detail": "'Malware Bazaar' (malware_bazaar_analysis) returned -1 (not configured or disabled). This module was not run.",
"evidence": "malware_bazaar_analysis=-1",
"owasp": "N/A",
"cwe": "N/A",
"remediation": "Configure the Malware Bazaar integration in your Bazaar/Pithus instance."
},
{
"fid": "APKID-008",
"severity": "INFO",
"category": "Anti-Analysis",
"title": "APKiD: Compiler detected",
"detail": "APKiD detected compiler techniques: r8. ",
"evidence": "category=compiler, matches=[r8]",
"owasp": "N/A",
"cwe": "N/A",
"remediation": ""
},
{
"fid": "QUARK-010",
"severity": "INFO",
"category": "Behavioral (Quark)",
"title": "Quark [100%]: Read data and put it into a buffer stream",
"detail": "Quark-Engine identified behavioral crime at 100% confidence: 'Read data and put it into a buffer stream'. Category: Buffer I/O operation.",
"evidence": "rule=00012.json, confidence=100%, permissions=[]",
"owasp": "M3",
"cwe": "CWE-119",
"remediation": ""
},
{
"fid": "QUARK-016",
"severity": "INFO",
"category": "Behavioral (Quark)",
"title": "Quark [100%]: Send notification",
"detail": "Quark-Engine identified behavioral crime at 100% confidence: 'Send notification'. Category: Notification dispatch.",
"evidence": "rule=00037.json, confidence=100%, permissions=[]",
"owasp": "N/A",
"cwe": "N/A",
"remediation": ""
},
{
"fid": "QUARK-017",
"severity": "INFO",
"category": "Behavioral (Quark)",
"title": "Quark [100%]: Implicit intent(view a web page, make a phone call, etc.) via setData",
"detail": "Quark-Engine identified behavioral crime at 100% confidence: 'Implicit intent(view a web page, make a phone call, etc.) via setData'. Category: Implicit intent dispatch.",
"evidence": "rule=00051.json, confidence=100%, permissions=[]",
"owasp": "M1",
"cwe": "CWE-749",
"remediation": ""
},
{
"fid": "CFG-028",
"severity": "INFO",
"category": "Code Behavior (Andro-CFG)",
"title": "Andro-CFG: Audio playback capability",
"detail": "The application probably plays sound (1 code site found). Tags: play_sound, audio",
"evidence": "rule=playSound, findings=1, callers=[b/b/k/k]",
"owasp": "N/A",
"cwe": "N/A",
"remediation": ""
},
{
"fid": "PERM-003",
"severity": "INFO",
"category": "Permission",
"title": "Declared permission: Fingerprint authentication",
"detail": "The app requests 'android.permission.USE_FINGERPRINT'. Fingerprint authentication.",
"evidence": "android.permission.USE_FINGERPRINT",
"owasp": "M4",
"cwe": "CWE-287",
"remediation": ""
},
{
"fid": "PERM-004",
"severity": "INFO",
"category": "Permission",
"title": "Declared permission: Biometric authentication",
"detail": "The app requests 'android.permission.USE_BIOMETRIC'. Biometric authentication.",
"evidence": "android.permission.USE_BIOMETRIC",
"owasp": "M4",
"cwe": "CWE-287",
"remediation": ""
},
{
"fid": "PERM-005",
"severity": "INFO",
"category": "Permission",
"title": "Declared permission: Internet access",
"detail": "The app requests 'android.permission.INTERNET'. Internet access.",
"evidence": "android.permission.INTERNET",
"owasp": "M3",
"cwe": "CWE-749",
"remediation": ""
},
{
"fid": "SIGN-002",
"severity": "INFO",
"category": "Signing Scheme",
"title": "APK not protected by Google Play Signing (not frosted)",
"detail": "The APK lacks Google Play's frosting layer. Direct APK distribution increases supply-chain risk.",
"evidence": "is_frosted=False",
"owasp": "M9",
"cwe": "N/A",
"remediation": ""
},
{
"fid": "TRK-033",
"severity": "INFO",
"category": "Tracker Detection",
"title": "No known tracking SDKs detected",
"detail": "Bazaar/Exodus tracker database found no known fingerprints.",
"evidence": "trackers=[]",
"owasp": "M1",
"cwe": "N/A",
"remediation": ""
}
]
|
6a2ea0a1334b7c5a8f99fcfd
|
http://localhost:8011/report/76c308fac6a655a35347…
|
| Documents | 1 |
| Total doc size | 195.36 KB |
| Average doc size | 195.36 KB |
| Pre-allocated size | 72 KB |
| Indexes | 2 |
| Total index size | 40 KB |
| Padding factor | |
| Extents |