Can't you just run the app in an Android emulator and shark it? Sent from my iPhone
> On Apr 30, 2017, at 06:02, [email protected] wrote: > > I have a further update on the issue. After uninstalling the 360 security > android app, I found after repeated checks of Network Info on my phone via > the Ping & DNS app that even then the HTTP connection to IP address > 123.125.114.8 still frequently showed up. So, I monitored the network > connections on my phone via the Network Connections app > (https://play.google.com/store/apps/details?id=com.antispycell.connmonitor) > and found that this time the HTTP connection to IP address 123.125.114.8 was > being established by the ES File Explorer app > (https://play.google.com/store/apps/details?id=com.estrongs.android.pop > (https://play.google.com/store/apps/details?id=com.estrongs.android.pop)). > So, it is possible that the insecure HTTP connection to the above IP address > that I observed when both the 360 security and ES File Explorer app were > installed on my phone was in fact because of the ES File Explorer app or the > other possibility is that both the apps have the same problem. I haven't had > a c ha > nce to re-install the 360 security app without the ES File Explorer to check > that and I don't intend to re-install the 360 security app on my phone, since > it anyways used to raise the temperature on my phone suspiciously. So, I will > report this as an issue for the ES File Explorer app in a separate email. > > Thanks. > Hi, > > I found the following review posted about the 360 security android app: > > https://play.google.com/store/apps/details?id=com.qihoo.security&reviewId=Z3A6QU9xcFRPSG1HSTRaSVdNelVWY3FhZk5zcFlFMnZKeXRKRHhhQUE4VU9pLWV4UFBxeHJ3Xy1ZZWU2bEpOLTg0eGxzczFCV0lkaWxxTHRzZTQ4RWxzU2c > > (https://play.google.com/store/apps/details?id=com.qihoo.security&reviewId=Z3A6QU9xcFRPSG1HSTRaSVdNelVWY3FhZk5zcFlFMnZKeXRKRHhhQUE4VU9pLWV4UFBxeHJ3Xy1ZZWU2bEpOLTg0eGxzczFCV0lkaWxxTHRzZTQ4RWxzU2c) > "Snoops data to China Unicom via insecure HTTP link! Found while checking > Network info on my device with this app installed that it had established an > insecure HTTP connection to an IP address(123.125.114.8) on Chinese state > owned China Unicom network (China Unicom owns a stake in app developer via > Qihoo 360). Also, when installed, found my phone temperature rising > frequently indicating covert data transfer from my phone. I've now > uninstalled this Chinese spying app & advice the same to anyone using the > app. Resp to comment: updated above info with IP addr. > 360 Mobile Security Limited April 26, 2017 Hi, sorry for the inconvenience. > It will be helpful for us to solve the problem, if you can give us more > information and details . Attaching some screenshots would be helpful. Please > contact us by email: [email protected] (mailto:[email protected]). Many > thanks." > > I observed the same behavior when I had this app installed on my smartphone. > I checked the Network Info on my phone when this app was installed, using the > Ping & DNS > app(https://play.google.com/store/apps/details?id=com.ulfdittmer.android.ping > (https://play.google.com/store/apps/details?id=com.ulfdittmer.android.ping)) > and found the insecure HTTP connection to the above IP address. After I > uninstalled the app, the HTTP connection to the above IP address was gone, as > well. On checking the WHOIS info(https://www.whois.com/whois/123.125.114.8 > (https://www.whois.com/whois/123.125.114.8)) for this IP address it can be > seen that it is indeed on the Chinese state-owned China Unicom network. I had > App usage tracking permission on Android enabled for this app, to facilitate > phone temperature reduction, when I observed the above. > > Can other security researchers please check and comment on this security hole? > > Thanks. > > _______________________________________________ > Sent through the Full Disclosure mailing list > https://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
