BBC News 54/100 83/100 bbc.mobile.news.ww bae42647bc64af3839943d6e53a3a8b4 Scan Engine Version: 4.2.6 MED HIGH Scan Date: 02-28-2018 Privacy Risk Security Risk
This Technical Summary contains a mid-level summary and score information for an app’s identified risk conditions. This digest is intended for a technical audience and provides a listing of items we identified. Findings are separated into analysis areas, followed by categories and additional support details when available. Each finding is represented by a Red, Orange, Yellow or Green colored square.
Red indicates a high level of risk and used to indicate when a test has failed. Orange indicates a moderate level of risk Yellow indicates a low risk or informational finding Green indicates that no risk conditions were identified and used to indicate when a test has passed.
Index Privacy Summary
Security Summary
Analysis
Data Leakage
Libraries
OWASP Summary
Communications
Privacy Summary 54/100
The privacy summary focuses on the application’s access to privacy data, including (but not limited to): user data, contacts access, unique device MED identifiers, adware, SMS, and insecure storage of data and communications.
Content Providers are implicitly insecure. They allow other applications on the device to request and share data. If sensitive information is accidentally leaked in one of these content providers all an attacker needs to do is call the content provider and the sensitive data will be exposed to the attacker by the application.This is cause for concern as any 3rd party application containing malicious code does not require any granted permissions in order to obtain sensitive information from these applications. Full details here.
This app requests the device latitude and longitude. Full details here.
Returns the current enabled/disabled status of the given provider. Full details here. This application uses getLastKnownLocation() to retrieve the last known GPS coordinates. This is used to retrieve the last known location of the device in the event that the location services are not available. Full details here.
This application is requesting the device serial number information from the system build properties. Full details here.
The application retrieves the IMEI/MEID, which is a unique identifier for the device. This opens up the potential for abuse by tracking a user across multiple applications. Further examination should be taken to identify if the IMEI is being sent off device. Full details here.
This application is requesting the device build fingerprint from the system build properties. Full details here.
The app retrieves ClipBoard data contents. Full details here.
This application potentially gains access to the device ID. Full details here.
Security Summary 83/100
The security summary focuses on risks contained in the application. These risks include (but are not limited to): risky functionality and code use, application HIGH capabilities, critical vulnerabilities and threats.
This application is using the WebKit to download a file from the Internet. Full details here.
The app sets the activity content to an explicit view. Full details here.
Additional Android applications have been found bundled with this Android application. This is not an acceptable or standard developer practice and is often used with malicious intent with repackaged applications. Full details here.
The application uses PendingIntent’s. These are dangerous because they can allow other apps to execute with the same level of permissions as this app, potentially resulting in permission elevation for the other app. Full details here.
The app may potentially use WebSocket (https://tools.ietf.org/html/rfc6455) based communications with remote servers. Full details here.
The app enables WebView to execute JavaScript code Full details here. The app uses a method to blindly load all apps and jar files located in a directory. Potential exists for abuse by malicious parties. Full details here.
This application has the ability to load an alternate classes.dex file. Alternate classes.dex files could contain malicious functionality, payloads and at the least open up additional security and privacy risks. This functionality can be seen applications when attempting to evade analysis. If the application requires root access additional precautions should be taken. Full details here.
The app can manipulate its user agent string. Full details here.
This application uses sockets to open up a communications channel. Full details here.
This app is requesting permissions during runtime. Full details here.
This application exposes objects to the WebView's Javascript. This could allow code injection or indirect access to internal objects/methods. CVE-2013-4710, CVE-2012-6636. This vulnerability is mitigated in Android 17 or greater. Full details here.
This app has configured WebView to allow Javascript to open windows without user prompt. Full details here.
Determine whether the calling process of an IPC or you have been granted a particular permission. This is the same as checkCallingPermission(String), except it grants your own permissions if you are not currently processing an IPC. Use with care! Full details here.
The application was found to contain obfuscated method names. This can be used by legitimate developers to protect intellectual property and used by others to conceal potentially malicious code. Full details here.
Code exists to start a service, which could in turn start a separate application on the device if it is not already running. Full details here.
This application uses synthetic method to access private class entries which are normally not accessible. This is a suspicious and unusual coding practice that should be reviewed. Full details here.
This app is invoking the Java reflection method. Full details here.
The app contains exported components not protected by permission. Full details here. The app is not doing active checks for validating SSL certificates. It may allow self- signed, expired or mismatch CN certificates for SSL connections. Full details here.
The app is writing information in the system Log. Full details here.
Analysis
Activity
The app sets the activity content to an explicit view.
Details: uk.co.bbc.smpan.ui.fullscreen.FullScreenPlayoutActivity com.urbanairship.actions.LandingPageActivity com.urbanairship.messagecenter.ThemedActivity com.urbanairship.ChannelCaptureActivity net.hockeyapp.android.ExpiryInfoActivity net.hockeyapp.android.LoginActivity net.hockeyapp.android.FeedbackActivity com.google.android.gms.ads.AdActivity android.support.wearable.activity.ConfirmationActivity android.support.v7.app.AlertController bbc.mobile.news.v3.fragments.managetopics.EditMyNewsActivity bbc.mobile.news.v3.app.ToolbarActivity
26 total classes, shown 10
This app is requesting permissions during runtime.
Details: android.support.v4.app.FragmentActivity
This application requests a list of all running applications to include applications that are frozen in state by the system. This is an informational finding.
Details: com.google.android.gms.internal.zzagy
This app can retrieve the list of running apps.
Details: com.google.android.gms.gcm.zza com.google.android.gms.internal.zzgz com.google.android.gms.internal.zzrr com.google.android.gms.internal.zzagy Address Book
This application access the user's contacts.
Details: com.squareup.picasso.ContactsPhotoRequestHandler
Computes a content URI given a lookup URI.
Details: com.squareup.picasso.ContactsPhotoRequestHandler
Opens an InputStream for the contact's photo and returns the photo as a byte stream.
Details: com.squareup.picasso.ContactsPhotoRequestHandler$ContactPhotoStreamIcs com.squareup.picasso.ContactsPhotoRequestHandler
Binary Protections Testing
This application exposes source level metadata symbols and fails the testing outlined by OWASP Mobile Top 10.
This application fails the Source Code Reverse Engineering Exposure test as outlined by OWASP Mobile Top 10.
Bluetooth
This application checks the current ready state of Bluetooth functionality. This is an informational finding.
Details: com.urbanairship.analytics.data.EventApiClient
Broadcast Action
The app registers a BroadcastReceiver.
Details: uk.co.bbc.smpan.android.DefaultBroadcastReceiverRegistrar com.squareup.picasso.Dispatcher$NetworkBroadcastReceiver com.urbanairship.push.adm.AdmPushProvider com.google.android.gms.iid.zze com.google.android.gms.common.GoogleApiAvailability com.google.android.gms.common.util.zzk com.google.android.gms.internal.zzge com.google.android.gms.internal.zzacb com.google.android.gms.internal.zzfi com.google.android.gms.internal.zzagy com.google.android.exoplayer2.audio.AudioCapabilitiesReceiver com.google.android.exoplayer2.audio.AudioCapabilities
17 total classes, shown 10
Calendar
This application queries the Calendar on the device.
Details: uk.co.bbc.echo.live.Schedule com.urbanairship.preference.QuietTimePickerPreference com.urbanairship.push.QuietTimeInterval com.google.android.gms.internal.zzdg com.google.ads.mediation.MediationAdRequest com.urbanairship.push.PushManager com.urbanairship.analytics.Event android.support.v7.app.TwilightManager bbc.mobile.news.v3.util.BaseNewsDateUtils bbc.mobile.news.v3.modules.item.CopyrightFooterModule bbc.mobile.news.v3.common.util.Utils
Code Analysis
The application uses PendingIntent’s. These are dangerous because they can allow other apps to execute with the same level of permissions as this app, potentially resulting in permission elevation for the other app.
Details: uk.co.bbc.smpan.audio.notification.androidNotificationSystem.AndroidNotificationFactory uk.co.bbc.smpan.audio.notification.androidNotificationSystem.Android16NotificationDrawer uk.co.bbc.smpan.audio.notification.androidNotificationSystem.Android21NotificationDrawer com.urbanairship.CoreReceiver com.urbanairship.job.AlarmScheduler com.urbanairship.push.notifications.NotificationActionButton com.urbanairship.push.IncomingPushRunnable com.urbanairship.location.FusedLocationAdapter com.urbanairship.location.UALocationProvider net.hockeyapp.android.tasks.ParseFeedbackTask com.google.android.gms.gcm.GcmNetworkManager com.google.android.gms.gcm.GoogleCloudMessaging
38 total classes, shown 10
This application uses synthetic method to access private class entries which are normally not accessible. This is a suspicious and unusual coding practice that should be reviewed. The app contains exported components not protected by permission.
Details: bbc.mobile.news.v3.media.RemoteControlReceiver bbc.mobile.news.v3.appwidget.HeadlineViewWidgetProvider bbc.mobile.news.v3.appwidget.GridViewWidgetProvider bbc.mobile.news.v3.provider.Provider bbc.mobile.news.v3.provider.AuthenticatorService bbc.mobile.news.v3.provider.SyncService bbc.mobile.news.wear.services.WearListenerService bbc.mobile.news.v3.app.TopLevelActivity bbc.mobile.news.v3.ui.deeplinking.DeepLinkingActivity bbc.mobile.news.v3.ui.search.SearchActivity bbc.mobile.news.v3.ui.preference.SettingsActivity
The application was found to contain obfuscated method names. This can be used by legitimate developers to protect intellectual property and used by others to conceal potentially malicious code.
Code exists to start a service, which could in turn start a separate application on the device if it is not already running.
Details: uk.co.bbc.smpan.audio.notification.androidNotificationSystem.AndroidNotificationFramework com.urbanairship.actions.ActionService com.google.android.gms.gcm.GcmReceiver com.google.android.gms.gcm.GoogleCloudMessaging com.google.android.gms.iid.zze com.google.android.gms.common.stats.zze com.urbanairship.job.JobDispatcher android.support.v4.media.session.MediaButtonReceiver android.support.v4.content.WakefulBroadcastReceiver bbc.mobile.news.v3.media.RemoteControlReceiver bbc.mobile.news.medianotification.AlbumArtNotificationFramework
This app is invoking the Java reflection method.
Details: com.squareup.okhttp.internal.OptionalMethod com.squareup.okhttp.internal.Util com.squareup.okhttp.internal.Platform com.squareup.okhttp.internal.http.RouteException com.google.protobuf.zzc com.google.protobuf.zzf com.google.protobuf.zze rx.internal.schedulers.NewThreadWorker rx.internal.util.PlatformDependent rx.internal.util.unsafe.UnsafeAccess rx.internal.util.unsafe.SpscUnboundedArrayQueue de.spring.mobile.SpringStreams 194 total classes, shown 10
Retrieve a PendingIntent that will perform a broadcast, like calling Context.sendBroadcast().
Details: uk.co.bbc.smpan.audio.notification.androidNotificationSystem.AndroidNotificationFactory com.urbanairship.push.notifications.NotificationActionButton com.urbanairship.push.IncomingPushRunnable com.google.android.gms.gcm.GcmNetworkManager com.google.android.gms.gcm.GoogleCloudMessaging com.google.android.gms.iid.zze android.support.v4.media.session.MediaSessionCompat bbc.mobile.news.v3.media.MediaRemoteControlClient bbc.mobile.news.v3.appwidget.GridViewWidgetProvider bbc.mobile.news.medianotification.AlbumArtNotificationFactory
This application instantiates a new instance of ZipFile. This will allow the application to create and extract archive file types.
Details: android.support.multidex.MultiDexExtractor android.support.multidex.MultiDex
The application has most likely been packed with ProGuard Packer.
The app has been found to be MultiDex
Content
The app stores key mapped value strings to the SharedPreferences storage.
Details: uk.co.bbc.echo.device.DefaultDeviceDataProvider uk.co.bbc.echo.delegate.comscore.UserPromiseHelper net.hockeyapp.android.utils.VersionCache net.hockeyapp.android.utils.PrefsUtil net.hockeyapp.android.tasks.LoginTask net.hockeyapp.android.CrashManager com.google.android.gms.auth.api.signin.internal.zzy com.google.android.gms.iid.zzh com.google.android.gms.internal.zztl com.google.android.gms.internal.zzahj com.google.android.gms.internal.zzago com.google.android.gms.internal.zzafu
21 total classes, shown 10
Context Determine whether the calling process of an IPC or you have been granted a particular permission. This is the same as checkCallingPermission(String), except it grants your own permissions if you are not currently processing an IPC. Use with care!
Details: com.squareup.picasso.Utils net.hockeyapp.android.UpdateActivity com.google.android.gms.gcm.GcmReceiver com.google.android.gms.internal.zzlz com.google.android.gms.internal.zzbah com.google.android.gms.internal.zzbgy com.google.ads.interactivemedia.v3.impl.g
The application receives a reference to a system service 'getSystemService'
Details: uk.co.bbc.smpan.accessibility.AndroidAccessibility uk.co.bbc.smpan.SMPBuilder uk.co.bbc.smpan.ui.transportcontrols.AudioManagerVolumeControl uk.co.bbc.echo.device.DefaultDeviceDataProvider com.squareup.picasso.Utils com.urbanairship.actions.ClipboardAction com.urbanairship.messagecenter.MessageViewAdapter com.urbanairship.job.AndroidJobScheduler com.urbanairship.job.AlarmScheduler com.urbanairship.push.notifications.NotificationFactory com.urbanairship.push.notifications.StyleNotificationExtender com.urbanairship.location.StandardLocationAdapter
102 total classes, shown 10
Connect to an application service, creating it if needed.
Details: com.google.android.gms.wearable.WearableListenerService com.google.android.gms.common.stats.zza com.google.android.gms.common.internal.zzah com.google.android.gms.internal.zznl com.google.android.gms.ads.identifier.AdvertisingIdClient com.comscore.android.id.IdHelperAndroid android.support.v4.app.NotificationManagerCompat android.support.v4.media.MediaBrowserCompat android.support.customtabs.CustomTabsClient bbc.mobile.news.v3.media.MediaController
Cryptography
This application is requesting an instance of the SHA1 algorithm..
Details: com.google.android.gms.iid.InstanceID This application has functionality for cryptographic applications implementing algorithms for encryption, decryption, or key agreement. This is an informational finding.
Details: okio.HashingSource com.google.android.gms.internal.zzcw com.google.a.a.k com.comscore.utils.Utils android.support.v4.hardware.fingerprint.FingerprintManagerCompatApi23$CryptoObject android.support.v4.hardware.fingerprint.FingerprintManagerCompat$CryptoObject android.support.v4.hardware.fingerprint.FingerprintManagerCompat$Api23FingerprintManagerCom patImpl android.support.v4.hardware.fingerprint.FingerprintManagerCompatApi23 okio.HashingSink
This class provides access to implementations of cryptographic ciphers for encryption and decryption. This is an informational finding.
Details: com.google.android.gms.internal.zzcw com.google.a.a.k com.comscore.utils.Utils
This application uses SecretKeySpec to convert a secret key from the specified byte array according to the specified algorithm and constructs a SecretKeySpec object based on the secret key. This is an informational finding.
Details: com.google.android.gms.internal.zzcw com.google.a.a.k
Database
This application issues SQL database commands. This is an informational finding.
This application uses random read-write access to the result set returned by database queries.
External Storage
The app checks the primary external storage directory and/or state.
Details: net.hockeyapp.android.Constants net.hockeyapp.android.tasks.DownloadFileTask com.google.android.gms.internal.zzmr com.google.android.gms.internal.zzma android.support.v4.content.FileProvider File System
The app uses the primary external storage directories.
Details: android.support.v4.content.ContextCompat
Unsafe delete operation, the deleted file could be recovered by an attacker especially on a rooted device.
Details: com.squareup.okhttp.internal.io.FileSystem$1 com.urbanairship.util.BitmapUtils net.hockeyapp.android.tasks.SendFeedbackTask okhttp3.internal.io.FileSystem$1 com.google.android.gms.common.data.BitmapTeleporter com.google.android.gms.internal.zzdb com.google.android.gms.internal.zzag com.google.android.gms.internal.zzsh com.google.android.exoplayer2.upstream.cache.CacheDataSink com.google.android.exoplayer2.upstream.cache.SimpleCache com.google.android.exoplayer.upstream.cache.CacheDataSink com.google.android.exoplayer.upstream.cache.SimpleCache
19 total classes, shown 10
This facilitates secure sharing of files by creating a content:// Uri for a file instead of a file:/// Uri.
Details: android.support.v4.content.FileProvider
Intents
A RemoteInput object specifies input to be collected from a user to be passed along with an intent inside a PendingIntent that is sent. Care should be taken to see that privacy information is not leaked.
Details: android.support.v4.app.RemoteInputCompatApi20 android.support.v4.app.NotificationCompatApi24 android.support.v4.app.NotificationCompatApi21 android.support.v4.app.NotificationCompatApi20
The apps is creating an Intent from URI.
This app will set the name of a class inside of the application package that will be used as the component for this Intent. This is an unusual coding practice.
Details: uk.co.bbc.smpan.ui.playoutwindow.AndroidPlayoutWindow com.urbanairship.actions.ShareAction com.urbanairship.push.GcmPushReceiver com.google.android.gms.gcm.GcmReceiver com.google.android.gms.iid.zze com.google.android.gms.iid.InstanceIDListenerService com.google.android.gms.internal.zzrr com.google.android.gms.internal.zzagy com.google.android.gms.ads.internal.overlay.zza com.google.android.gms.ads.internal.overlay.zzu android.support.design.widget.TextInputLayout android.support.design.widget.TabLayout
28 total classes, shown 10
The app sets a bundle of additional info data.
Details: uk.co.bbc.smpan.audio.notification.androidNotificationSystem.AndroidNotificationFactory uk.co.bbc.smpan.audio.notification.androidNotificationSystem.AndroidNotificationFramework uk.co.bbc.smpan.SMPBuilder$4 uk.co.bbc.smpan.ui.fullscreen.EmbeddedToFullScreenActivityWithModeAction uk.co.bbc.smpan.fallback.AndroidBBCMediaPlayerLauncher com.urbanairship.CoreReceiver com.urbanairship.actions.ShareAction com.urbanairship.actions.LandingPageAction com.urbanairship.actions.ActionService com.urbanairship.util.HelperActivity com.urbanairship.job.AirshipService com.urbanairship.push.PushProviderBridge
72 total classes, shown 10
The app gets a bundle of additional info data.
Details: uk.co.bbc.smpan.audio.notification.androidNotificationSystem.AndroidBroadcast uk.co.bbc.smpan.audio.notification.androidNotificationSystem.AudioNotificationService uk.co.bbc.smpan.telephony.IncomingCallReceiver com.squareup.picasso.Dispatcher$NetworkBroadcastReceiver com.urbanairship.CoreReceiver com.urbanairship.actions.LandingPageActivity com.urbanairship.util.HelperActivity com.urbanairship.AirshipReceiver com.urbanairship.push.GcmPushReceiver com.urbanairship.push.adm.AdmPushProvider$RegistrationReceiver com.urbanairship.analytics.InstallReceiver com.urbanairship.ChannelCaptureActivity
41 total classes, shown 10
Set an explicit application package name that limits the components this Intent will resolve to. If left to the default value of null, all components in all applications will considered. If non-null, the Intent can only match the components in the given application package.
Details: uk.co.bbc.smpan.audio.notification.androidNotificationSystem.AndroidNotificationFactory uk.co.bbc.smpan.ui.playoutwindow.AndroidPlayoutWindow com.urbanairship.CoreReceiver com.urbanairship.actions.ShareAction com.urbanairship.actions.LandingPageAction com.urbanairship.actions.OverlayRichPushMessageAction com.urbanairship.util.HelperActivity com.urbanairship.messagecenter.MessageCenterFragment com.urbanairship.push.GcmPushReceiver com.urbanairship.push.PushManagerJobHandler com.urbanairship.push.IncomingPushRunnable com.google.android.gms.gcm.zzc
40 total classes, shown 10
Location
This app requests the device latitude and longitude.
Returns the current enabled/disabled status of the given provider.
Details: android.support.v7.app.TwilightManager
This application uses getLastKnownLocation() to retrieve the last known GPS coordinates. This is used to retrieve the last known location of the device in the event that the location services are not available.
Details: android.support.v7.app.TwilightManager
This application requests location updates from the Location Manager.
Details: com.urbanairship.location.StandardLocationAdapter$SingleLocationRequest com.urbanairship.location.StandardLocationAdapter
This app is making a call to the location services to receive the location of the device.
Details: com.urbanairship.location.StandardLocationAdapter android.support.v7.app.TwilightManager
Logging
The app is writing information in the system Log. Details: uk.co.bbc.smpan.monitoring.sumologic.BackgroundExecutorNetworkClient$1 uk.co.bbc.smpan.logging.AndroidLogger uk.co.bbc.smpan.audio.notification.androidNotificationSystem.AudioNotificationService uk.co.bbc.smpan.ui.placeholder.ASyncTaskArtworkFetcher$LoaderTask uk.co.bbc.smpan.ui.playoutwindow.VideoSurface uk.co.bbc.smpan.fallback.AndroidMediaPlayerDetectionHelper uk.co.bbc.mediaselector.logging.AndroidLogger uk.co.bbc.echo.util.EchoDebug uk.co.bbc.echo.device.DefaultDeviceDataProvider com.squareup.picasso.Utils com.urbanairship.Autopilot de.spring.mobile.SpringStreams
373 total classes, shown 10
Network
Potential application update and auto installation routines discovered.
Details: net.hockeyapp.android.tasks.DownloadFileTask
The app may potentially use WebSocket (https://tools.ietf.org/html/rfc6455) based communications with remote servers.
Details: okhttp3.internal.ws.RealWebSocket
The app can manipulate its user agent string.
Creates a new unconnected socket.
Details: com.squareup.okhttp.internal.http.SocketConnector okhttp3.internal.connection.RealConnection
This application can launch a new web page using the browser application. This is an informational finding.
Details: de.spring.mobile.SpringStreams
Network Security
The app is not doing active checks for validating SSL certificates. It may allow self-signed, expired or mismatch CN certificates for SSL connections. The app is not implementing certificate pinning on any domain it communicates with.
URL's were found embedded in the app that do not use a secure protocol. Internal applications should always use HTTPS connections when possible. Ensure sensitive data is not being sent over this in-secure channel.
Details: http://pubads.g.doubleclick.net/gampad/ads?ad_rule=1&sz=512x288&iu= http://walter-resolver-cdn.api.bbci.co.uk/resolve?uri=
The app uses SSL/TLS secure transport libraries.
Details: de.spring.mobile.SpringStreams com.comscore.utils.Connectivity
This app opens a HTTPS URL Connection
Details: uk.co.bbc.echo.live.AsyncHttpClient com.squareup.okhttp.internal.huc.DelegatingHttpsURLConnection okhttp3.internal.huc.DelegatingHttpsURLConnection
This app used the Java Security interface for parsing and managing certificates, certificate revocation lists (CRLs), and certification paths.
Details: com.squareup.okhttp.Cache com.squareup.okhttp.Handshake com.squareup.okhttp.CertificatePinner com.squareup.okhttp.internal.tls.OkHostnameVerifier com.squareup.okhttp.internal.huc.DelegatingHttpsURLConnection com.squareup.okhttp.internal.ConnectionSpecSelector com.squareup.okhttp.internal.huc.HttpsURLConnectionImpl com.squareup.okhttp.internal.http.SocketConnector com.squareup.okhttp.internal.http.HttpEngine okhttp3.internal.connection.RealConnection okhttp3.internal.connection.ConnectionSpecSelector okhttp3.internal.platform.AndroidPlatform
22 total classes, shown 10
Package Manager
This application can retrieve information about any application package that is installed on the device. This is an informational finding.
Details: de.spring.mobile.SpringStreams net.hockeyapp.android.UpdateFragment net.hockeyapp.android.Constants net.hockeyapp.android.UpdateActivity org.codechimp.apprater.ApplicationRatingInfo com.google.android.gms.gcm.GoogleCloudMessaging com.google.android.gms.iid.InstanceID com.google.android.gms.iid.zze com.google.android.gms.common.util.zzw com.google.android.gms.common.zzo com.google.android.gms.internal.zzdb com.google.android.gms.internal.zzazm
30 total classes, shown 10
Security
Extensible cryptographic service provider infrastructure (SPI) for using and defining services such as Certificates, Keys, KeyStores,MessageDigests, and Signatures.
Details: uk.co.bbc.echo.device.DefaultDeviceDataProvider com.squareup.okhttp.Handshake com.squareup.okhttp.Cache$Entry com.squareup.okhttp.OkHttpClient com.squareup.okhttp.CertificatePinner com.squareup.okhttp.internal.tls.OkHostnameVerifier com.squareup.okhttp.internal.Util com.squareup.okhttp.internal.huc.DelegatingHttpsURLConnection com.squareup.okhttp.internal.huc.HttpURLConnectionImpl com.squareup.okhttp.internal.ConnectionSpecSelector com.squareup.okhttp.internal.huc.HttpsURLConnectionImpl com.squareup.okhttp.internal.http.SocketConnector
67 total classes, shown 10
This app can access the interface to an RSA Private Key,
Details: com.google.android.gms.iid.zze
This app uses a simplified version of the java.security.cert package.
Details: com.squareup.okhttp.Handshake com.squareup.okhttp.internal.tls.DistinguishedNameParser com.squareup.okhttp.internal.tls.OkHostnameVerifier okhttp3.internal.tls.TrustRootIndex$BasicTrustRootIndex okhttp3.internal.tls.DistinguishedNameParser okhttp3.internal.tls.OkHostnameVerifier okhttp3.Handshake This application uses Base64 encoding and decoding. Base64 is typically used in email/web communications but can be applied to any data set. This is an informational finding.
Details: com.urbanairship.widget.UAWebView com.urbanairship.push.GcmPushReceiver com.urbanairship.http.Request com.google.android.gms.gcm.GcmReceiver com.google.android.gms.wearable.DataMapItem com.google.android.gms.iid.InstanceID com.google.android.gms.iid.zzh com.google.android.gms.common.util.zzc com.google.android.gms.internal.zztl com.google.android.gms.internal.zztr com.google.android.gms.internal.zzbs com.google.android.gms.internal.zzhi
21 total classes, shown 10
This app uses a cryptographically strong random number generator (RNG).
Details: com.squareup.okhttp.OkHttpClient com.google.android.gms.wearable.PutDataRequest com.google.android.gms.internal.zzdb com.google.android.gms.internal.zzbv com.google.android.gms.internal.zzcw com.google.a.a.d com.google.a.a.e com.google.a.a.k okhttp3.OkHttpClient
This app can utilize the fingerprint reader on the device.
Details: android.support.v4.hardware.fingerprint.FingerprintManagerCompatApi23
This app is implementing the SafetyNet API.The SafetyNet Attestation API helps assess the security and compatibility of the Android environments in which the app runs. This API can be used to analyze devices that have installed the app.
Details: com.google.android.gms.internal.zzcsm
Storage
The app stores data in the internal storage of the device.
System The app uses a method to blindly load all apps and jar files located in a directory. Potential exists for abuse by malicious parties.
Details: com.google.android.gms.dynamite.zzg
This application has the ability to load an alternate classes.dex file. Alternate classes.dex files could contain malicious functionality, payloads and at the least open up additional security and privacy risks. This functionality can be seen applications when attempting to evade analysis. If the application requires root access additional precautions should be taken.
Details: com.google.android.gms.internal.zzdb com.google.android.gms.internal.zzea com.google.a.a.e
This application is requesting the device serial number information from the system build properties.
Details: com.comscore.utils.id.IdChecker com.comscore.utils.API9 com.comscore.android.id.API9
The application retrieves the IMEI/MEID, which is a unique identifier for the device. This opens up the potential for abuse by tracking a user across multiple applications. Further examination should be taken to identify if the IMEI is being sent off device.
Details: de.spring.mobile.SpringStreams
This application is requesting the device build fingerprint from the system build properties.
Details: com.google.android.gms.internal.zzacb
This application is requesting the device model information from the system build properties.
Details: uk.co.bbc.httpclient.useragent.UserAgent com.urbanairship.widget.UAWebViewClient com.urbanairship.http.Request net.hockeyapp.android.Constants com.google.android.gms.internal.zzagy com.google.android.exoplayer2.util.Util com.google.android.exoplayer.util.AmazonQuirks com.google.android.exoplayer.util.Util com.urbanairship.analytics.data.EventApiClient bbc.mobile.news.v3.fragments.toplevel.TopLevelPagerFragment bbc.mobile.news.v3.common.net.OkHttpClientFactory
This application is requesting the device type from the system build properties.
Details: com.google.android.gms.internal.zzacb com.google.android.gms.internal.zzagy com.google.android.gms.internal.zzaix com.google.android.exoplayer2.util.Util com.google.android.exoplayer.util.Util com.comscore.applications.ApplicationMeasurement
This application accesses the properties of the device and OS. This is an informational finding.
Details: rx.plugins.RxJavaPlugins
This app is querying for the device version release information.
Details: uk.co.bbc.smpan.SMPBuilder uk.co.bbc.httpclient.useragent.UserAgent com.urbanairship.http.Request com.urbanairship.analytics.AppForegroundEvent de.spring.mobile.VideoViewAdapter de.spring.mobile.SpringStreams net.hockeyapp.android.Constants net.hockeyapp.android.tasks.CheckUpdateTask com.google.android.gms.internal.zzmq com.google.android.gms.internal.zzzh com.google.android.gms.internal.zzagy com.google.android.gms.internal.zzaix
18 total classes, shown 10
This application is requesting the device product information from the system build properties.
Details: uk.co.bbc.echo.delegate.rdot.RDotRequest net.hockeyapp.android.Constants com.comscore.utils.Connectivity
This application is requesting the device brand information from the system build properties.
Details: net.hockeyapp.android.Constants
This application is requesting the device build tag information from the system build properties. Details: com.comscore.utils.RootDetector
This application is requesting the device manufacture information from the system build properties.
Details: uk.co.bbc.echo.delegate.rdot.RDotRequest net.hockeyapp.android.Constants com.google.android.gms.internal.zzagy com.google.android.exoplayer2.util.Util com.google.android.exoplayer.util.AmazonQuirks com.google.android.exoplayer.util.Util com.urbanairship.UAirship bbc.mobile.news.v3.fragments.toplevel.TopLevelPagerFragment
This application is requesting the device model information from the system build properties.
Details: uk.co.bbc.httpclient.useragent.UserAgent com.urbanairship.widget.UAWebViewClient com.urbanairship.http.Request net.hockeyapp.android.Constants com.google.android.gms.internal.zzagy com.google.android.exoplayer2.util.Util com.google.android.exoplayer.util.AmazonQuirks com.google.android.exoplayer.util.Util com.urbanairship.analytics.data.EventApiClient bbc.mobile.news.v3.fragments.toplevel.TopLevelPagerFragment bbc.mobile.news.v3.common.net.OkHttpClientFactory
This application does contain rooted device detection functionality.
Details: com.comscore.utils.RootDetector
Returns the value of a particular system property.This is an informational finding.
Details: com.squareup.okhttp.ConnectionPool com.squareup.okhttp.internal.huc.HttpURLConnectionImpl rx.internal.util.RxRingBuffer rx.internal.util.ScalarSynchronousObservable rx.internal.util.IndexedRingBuffer rx.internal.util.unsafe.UnsafeAccess net.hockeyapp.android.CrashManager okhttp3.internal.huc.OkHttpURLConnection com.comscore.utils.OfflineMeasurementsCache com.comscore.applications.ApplicationMeasurement android.support.multidex.MultiDex kotlin.text.SystemProperties 13 total classes, shown 10
As a standard practice with many applications, this application loads external libraries at runtime. It will load the native library specified by the libname argument.
Details: com.google.android.exoplayer2.util.LibraryLoader
Telephony
This application potentially gains access to the device ID.
Details: bbc.mobile.news.v3.media.MediaService
Vulnerability
Content Providers are implicitly insecure. They allow other applications on the device to request and share data. If sensitive information is accidentally leaked in one of these content providers all an attacker needs to do is call the content provider and the sensitive data will be exposed to the attacker by the application.This is cause for concern as any 3rd party application containing malicious code does not require any granted permissions in order to obtain sensitive information from these applications.
WebKit
The app enables WebView to execute JavaScript code
Details: com.urbanairship.widget.UAWebView com.google.android.gms.internal.zzakn com.google.android.gms.ads.internal.zzbm com.google.ads.interactivemedia.v3.impl.y bbc.mobile.news.v3.ui.visualjournalism.VisualJournalismFragment bbc.mobile.news.v3.ui.web.WebViewActivity
This application exposes objects to the WebView's Javascript. This could allow code injection or indirect access to internal objects/methods. CVE-2013-4710, CVE-2012-6636. This vulnerability is mitigated in Android 17 or greater.
This app has configured WebView to allow Javascript to open windows without user prompt.
Details: com.google.android.gms.internal.zzakn WebView
This application is using the WebKit to download a file from the Internet.
Details: com.google.android.gms.internal.zzakn
This app has enabled the ability for WebKit to access the file system.
Data Leakage
The app retrieves ClipBoard data contents.
Details: com.urbanairship.ChannelCapture android.support.v4.app.RemoteInputCompatJellybean
This application will construct a URL stream to send information off the device.
The application stores inline API keys/values
Libraries
ProGuard
The ProGuard tool shrinks, optimizes, and obfuscates your code by removing unused code and renaming classes, fields, and methods with semantically obscure names. The result is a smaller sized .apk file that is more difficult to reverse engineer. Because ProGuard makes your application harder to reverse engineer, it is important that you use it when your application utilizes features that are sensitive to security like when you are Licensing Your Applications.
HockeyApp
Use our simple yet powerful desktop apps to manage your apps, upload builds, and analyze crash reports. Or use our mobile clients to install builds directly on your devices.
Daggar
A fast dependency injector for Android and Java
JavaX
JavaX is a Java implementation that allows components and resources to be injected into the application as Provider Kotlin
This app references the Kotlin framework. Kotlin is a statically typed programming language for modern multi-platform applications
Google Wear API
This application has access to wearable devices through the Android Wear Message API
OKHttp
HTTP is the way modern applications network. It’s how we exchange data & media. Doing HTTP efficiently makes your stuff load faster and saves bandwidth.
Picasso
A powerful image downloading and caching library for Android
Google Gson
Gson is a Java library that can be used to convert Java Objects into their JSON representation. It can also be used to convert a JSON string to an equivalent Java object. Gson can work with arbitrary Java objects including pre-existing objects that you do not have source-code of.
Google Play Market
Give your apps more features to attract users on a wider range of devices. With Google Play services, your app can take advantage of the latest, Google-powered features such as Maps, Google+, and more, with automatic platform updates distributed as an APK through the Google Play store. This makes it faster for your users to receive updates and easier for you to integrate the newest that Google has to offer.
Double Click
Double Click
Google Ads
The Google Mobile Ads SDK is the latest generation in Google mobile advertising featuring refined ad formats and streamlined APIs for access to mobile ad networks and advertising solutions. The SDK enables mobile app developers to maximize their monetization on Android, iOS, and Windows Phone 8. The Google Mobile Ads SDK is available to AdMob, DoubleClick for Publishers (DFP), and Ad Exchange customers.
Comscore 3.1608.19
comScore is a leading internet technology company that measures what people do as they navigate the digital world - and turns that information into insights and actions for our clients to maximize the value of their digital investments. SquareUp
Easy-to-use tools for every corner of your business. From mobile point-of-sale tools and appointment scheduling to fast deposits and online invoicing, Square has everything you need to take care of every little thing.
Urban Airship 8.8.0
We’ve built the smartest, most aware, precise, easy-to-use, scalable, secure and powerful push messaging platform on the planet. Our Push messaging platform leverages all that is unique about mobile as a channel, and that lights the spark to create meaningful and valuable mobile experiences. We help put your app in front of your users at the right time, and in the right place to drive usage and brand engagement.
Facebook SDK
Facebook SDK for Android helps you build engaging social apps and get more installs. Includes Bolts, Audience Network, and Facebook packages. Requires Android API 9.
Okio
https://github.com/square/okio
Google Protocol Buffers
Protocol Buffers - Google's data interchange format. https://developers.google.com/protocol-buffers/
Android Wearable SDK
This application invokes the Android Wearable SDK
OWASP Summary 3/10
The OWASP summary contains the results of the testing that was performed on the application against the OWASP Top 10 Mobile categories. Sections that FAIL passed the testing are in green while sections that failed a test are highlighted in red.
M1: Improper Platform Usage
No problems found
M2: Insecure Data Storage
This application will construct a URL stream to send information off the device. Content Providers are implicitly insecure. They allow other applications on the device to request and share data. If sensitive information is accidentally leaked in one of these content providers all an attacker needs to do is call the content provider and the sensitive data will be exposed to the attacker by the application.This is cause for concern as any 3rd party application containing malicious code does not require any granted permissions in order to obtain sensitive information from these applications.
M3: Insecure Communications
URL's were found embedded in the app that do not use a secure protocol. Internal applications should always use HTTPS connections when possible. Ensure sensitive data is not being sent over this in-secure channel. Details: http://pubads.g.doubleclick.net/gampad/ads?ad_rule=1&sz=512x288&iu= http://walter-resolver-cdn.api.bbci.co.uk/resolve?uri=
The app is not implementing certificate pinning on any domain it communicates with.
M4: Insecure Authentication
No problems found
M5: Insufficient Cryptography
No problems found
M6: Insecure Authorization
No problems found
M7: Client Code Quality
No problems found
M8: Code Tampering
No problems found M9: Reverse Engineering
This application exposes source level metadata symbols and fails the testing outlined by OWASP Mobile Top 10. This application fails the Source Code Reverse Engineering Exposure test as outlined by OWASP Mobile Top 10. This application does contain rooted device detection functionality. Details: com.comscore.utils.RootDetector
M10: Extraneous Functionality
No problems found
Communications
www.googleapis.com IP Address: 172.217.14.170 Country: United States Last checked: 11-15-2017
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/fitness.activity.read https://www.googleapis.com/auth/fitness.nutrition.read https://www.googleapis.com/auth/fitness.nutrition.write https://www.googleapis.com/auth/fitness.location.read https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/fitness.activity.write https://www.googleapis.com/auth/fitness.body.write https://www.googleapis.com/auth/drive.appdata https://www.googleapis.com/auth/games https://www.googleapis.com/auth/appstate https://www.googleapis.com/auth/fitness.body.read https://www.googleapis.com/auth/fitness.location.write https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/datastoremobile
googleads.g.doubleclick.net IP Address: 172.217.9.130 Country: United States Last checked: 05-17-2017
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.html https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_interstitial.js https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_banner.js https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/native_ads.html https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/native_video_ads.html https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_expanded_banner.js www.surveymonkey.co.uk IP Address: 151.101.49.58 Country: United States Last checked: 12-02-2016
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://www.surveymonkey.co.uk/r/CNPXJ9P www.bbc.co.uk IP Address: 212.58.244.68 Country: United Kingdom Last checked: 09-02-2016
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://www.bbc.co.uk/news http://www.bbc.co.uk/asset http://www.bbc.co.uk/worldserviceradio/on-air http://www.bbc.co.uk/search/categories/section http://www.bbc.co.uk/article/b5c53243-bbfd-e059-e040-850a02846523 http://www.bbc.co.uk/search/schemas/image_url http://www.bbc.co.uk/search/schemas/media_type schema.org IP Address: 216.58.194.78 Country: United States Last checked: 07-12-2016
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://schema.org/datePublished http://schema.org/url http://schema.org/headline purl.org IP Address: 207.241.224.2 Country: United States Last checked: 07-12-2016
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://purl.org/dc/elements/1.1/identifier pubads.g.doubleclick.net IP Address: 74.125.227.249 Country: United States Last checked: 01-14-2017
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://pubads.g.doubleclick.net/gampad/ads?ad_rule=1&sz=512x288&iu= ichef.bbci.co.uk IP Address: 184.30.18.180 Country: United States Last checked: 05-13-2016
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://ichef.bbci.co.uk/moira/img/android/v3/%s%s bbc.co.uk IP Address: 212.58.244.23 Country: United Kingdom Last checked: 11-05-2016
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://bbc.co.uk/ http://bbc.co.uk http://bbc.co.uk/terms www.apache.org IP Address: 88.198.26.2 Country: Germany Last checked: 02-11-2017
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://www.apache.org/licenses/LICENSE-2.0Roboto pki.google.com IP Address: 172.217.6.174 Country: United States
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://pki.google.com/GIAG2.crl http://pki.google.com/GIAG2.crt sourceforge.net IP Address: 216.34.181.60 Country: United States Last checked: 12-28-2016
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://sourceforge.net/tracker/?group_id=11118&atid=211118 http://sourceforge.net/mail/?group_id=11118 http://sourceforge.net/tracker/?group_id=11118&atid=111118 http://sourceforge.net/tracker/?atid=361118&group_id=11118&func=browse s1.symcb.com IP Address: 23.64.165.163 Country: United States Last checked: 07-12-2016
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://s1.symcb.com/pca3-g5.crl walter-producer-cdn.api.bbci.co.uk IP Address: 104.118.224.29 Country: United States Last checked: 02-05-2017
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://walter-producer-cdn.api.bbci.co.uk/static/GNL/android/4.7.1/adunit.json http://walter-producer-cdn.api.bbci.co.uk http://walter-producer-cdn.api.bbci.co.uk/static/GNL/android/4.7.1/handrail_list.json http://walter-producer-cdn.api.bbci.co.uk/static/GNL/android/4.7.1/followtopics.json http://walter-producer-cdn.api.bbci.co.uk/static/GNL/android/4.7.1/layout-phone.json http://walter-producer-cdn.api.bbci.co.uk/flagpoles/ads http://walter-producer-cdn.api.bbci.co.uk/content/cps/news/video_and_audio/top_stories http://walter-producer-cdn.api.bbci.co.uk/static/ http://walter-producer-cdn.api.bbci.co.uk/content http://walter-producer-cdn.api.bbci.co.uk/static/GNL/android/4.7.1/policy.json http://walter-producer-cdn.api.bbci.co.uk/content/cps/news/front_page sb.scorecardresearch.com IP Address: 104.81.92.141 Country: Netherlands Last checked: 02-12-2018
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://sb.scorecardresearch.com https://sb.scorecardresearch.com/p2? sb. Last checked: 03-15-2017
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://sb. plus.google.com IP Address: 216.58.194.110 Country: United States Last checked: 05-13-2017
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://plus.google.com/ www.google.com IP Address: 172.217.6.132 Country: United States Last checked: 01-29-2018
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://www.google.com/dfp/sendDebugData https://www.google.com/dfp/linkDevice http://www.google.com https://www.google.com/dfp/inAppPreview https://www.google.com/dfp/debugSignals schemas.microsoft.com IP Address: 65.54.226.187 Country: United States Last checked: 02-10-2017
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://schemas.microsoft.com/DRM/2007/03/protocols/AcquireLicense combine.urbanairship.com IP Address: 23.204.100.67 Country: United States Last checked: 07-13-2016
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://combine.urbanairship.com/ udm.scorecardresearch.com IP Address: 205.217.167.17 Country: United States Last checked: 02-10-2017
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://udm.scorecardresearch.com/offline http://udm.scorecardresearch.com/offline http://udm.scorecardresearch.com www.test.bbc.com IP Address: 212.58.247.12 Country: United Kingdom Last checked: 07-23-2016
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://www.test.bbc.com/session/tokens https://www.test.bbc.com/session bbc.com IP Address: 212.58.246.104 Country: United Kingdom Last checked: 06-16-2016
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://bbc.com/privacy github.com IP Address: 192.30.253.112 Country: United States Last checked: 02-10-2017
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://github.com/ReactiveX/RxKotlin.git crl.comodoca.com IP Address: 104.16.92.188 Country: United States Last checked: 07-12-2016
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl http://crl.comodoca.com/COMODORSACertificationAuthority.crl http://crl.comodoca.com/COMODORSAOrganizationValidationSecureServerCA.crl crt.comodoca.com IP Address: 178.255.83.2 Country: United Kingdom Last checked: 07-12-2016
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://crt.comodoca.com/COMODORSAAddTrustCA.crt http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt http://crt.comodoca.com/COMODORSAOrganizationValidationSecureServerCA.crt d.symcb.com IP Address: 69.58.181.180 Country: United States Last checked: 07-13-2016
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://d.symcb.com/cps0% https://d.symcb.com/rpa0+ ss.symcb.com IP Address: 23.4.37.163 Country: United States Last checked: 02-07-2016
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://ss.symcb.com/ss.crl http://ss.symcb.com/ss.crt mtalk.google.com IP Address: 74.125.198.188 Country: United States Last checked: 02-11-2017
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://mtalk.google.com support.google.com IP Address: 216.58.194.46 Country: United States
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://support.google.com/dfp_premium/answer/7160685 https://support.google.com/dfp_premium/answer/7160685#push pagead2.googlesyndication.com IP Address: 172.217.9.130 Country: United States Last checked: 05-17-2017
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://pagead2.googlesyndication.com/pagead/gen_204?id=gmob-apps https://pagead2.googlesyndication.com/pagead/gen_204 imasdk.googleapis.com IP Address: 216.58.218.106 Country: United States
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://imasdk.googleapis.com/native/sdkloader/native_sdk_v3.html device-api.urbanairship.com IP Address: 172.230.102.87 Country: United States Last checked: 07-15-2016
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://device-api.urbanairship.com/ http://device-api.urbanairship.com dl.urbanairship.com IP Address: 172.232.246.55 Country: United States
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://dl.urbanairship.com/aaa/ go.urbanairship.com IP Address: 23.209.113.222 Country: Netherlands Last checked: 08-09-2016
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://go.urbanairship.com/ schemas.amazon.com
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://schemas.amazon.com/apk/res/android ns.adobe.com Last checked: 02-01-2018
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/sType/ResourceRef# http://ns.adobe.com/xap/1.0/mm/ clients1.google.com IP Address: 172.217.12.78 Country: United States
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://clients1.google.com/ocsp0 android.clients.google.com IP Address: 172.217.9.14 Country: United States
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://android.clients.google.com/checkin www.symauth.com IP Address: 69.58.181.89 Country: United States Last checked: 07-11-2016
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://www.symauth.com/cps0 http://www.symauth.com/rpa0 r.bbci.co.uk IP Address: 212.58.244.17 Country: United Kingdom
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://r.bbci.co.uk endpoint1.collection.eu.sumologic.com IP Address: 54.228.249.114 Country: Ireland Last checked: 08-10-2016
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://endpoint1.collection.eu.sumologic.com/receiver/v1/http/ZaVnC4dhaV3f1zhS5xhQcAjcICG2O_Vtd8mu-3 9iqkdF1iAhhFWHpSA5bUBK_SrbgvG8GdcqjH_DGs-NplOisVzYbr-qoEfcff0MhUJH4RV79DiuIFEF0w== open.live.bbc.co.uk IP Address: 212.58.244.81 Country: United Kingdom Last checked: 08-16-2016
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://open.live.bbc.co.uk/mediaselector/5/select http://open.live.bbc.co.uk/mediaselector/5/select/version/2.0/mediaset/%2s/vpid/%1s/transferformat/%3s/for mat/json www.w3.org IP Address: 128.30.52.100 Country: United States Last checked: 05-17-2017
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://www.w3.org/ns/ttml http://www.w3.org/1999/02/22-rdf-syntax-ns# http://www.w3.org/ns/ttml#parameter access.api.bbc.com IP Address: 52.51.152.71 Country: Ireland Last checked: 10-01-2016
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://access.api.bbc.com/v1/user/signOut walter-resolver-cdn.api.bbci.co.uk IP Address: 172.230.215.181 Country: United States Last checked: 07-15-2016
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://walter-resolver-cdn.api.bbci.co.uk/resolve?uri= search-query.api.bbci.co.uk
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://search-query.api.bbci.co.uk/search-query/search?apikey= csi.gstatic.com IP Address: 172.217.17.99 Country: United States Last checked: 02-10-2017
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://csi.gstatic.com/csi www.example.com IP Address: 93.184.216.34 Country: United States Last checked: 12-23-2017
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://www.example.com wallet-api.urbanairship.com IP Address: 23.67.230.156 Country: United States Last checked: 07-02-2016
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://wallet-api.urbanairship.com b.scorecardresearch.com IP Address: 204.2.193.152 Country: United States Last checked: 02-10-2017
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
http://b.scorecardresearch.com/p2? www.bbc.com IP Address: 151.101.48.81 Country: United States Last checked: 08-16-2016
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://www.bbc.com/session https://www.bbc.com/session/tokens access.test.api.bbc.com IP Address: 54.77.187.229 Country: Ireland Last checked: 12-14-2017
Reputation: Pass SSL Testing: Fail Unable to get local issuer certificate Registrant: Pass Vulnerability: Pass
https://access.test.api.bbc.com/v1/user/signOut secure.comodo.com IP Address: 91.199.212.151 Country: United Kingdom Last checked: 07-13-2016
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://secure.comodo.com/CPS0 av-media-sslgate.live.bbc.co.uk IP Address: 212.58.244.156 Country: United Kingdom Last checked: 06-13-2017
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://av-media-sslgate.live.bbc.co.uk/saml/mediaselector/5/select
sdk.hockeyapp.net IP Address: 107.20.159.85 Country: United States Last checked: 02-10-2017
Reputation: Pass SSL Testing: Pass Registrant: Pass Vulnerability: Pass
https://sdk.hockeyapp.net/
Powered by TCPDF (www.tcpdf.org)