# Arrows

状态：active
Platform：android
Package：com.ecffri.arrows
Version：0.18.1
Opportunity：2026-06-10-arrows-puzzle-escape

## 摘要

- 包类型：xapk，inner APK 数：2
- 引擎 / 框架：unity, unity_il2cpp
- SDK 线索：admob, firebase
- Endpoint candidates：35
- 结论口径：本报告只基于静态 ZIP / Manifest / 字符串证据；不代表真实运行路径已验证。

## 直接证据

- [high] Manifest package id is com.ecffri.arrows（source: `AndroidManifest.xml`，status: `verified`）
- [high] Manifest declares 24 permissions（source: `AndroidManifest.xml`，status: `verified`）
- [high] Engine/framework markers: unity, unity_il2cpp（source: `APK file inventory`，status: `verified`）
- [high] Static strings include 35 endpoint candidates（source: `Text/string scan`，status: `verified`）
- [high] Package contains 25 native libraries（source: `APK file inventory`，status: `verified`）

## 推断

- [medium] SDK markers suggest: admob, firebase（source: `Manifest, filenames, and text strings`，status: `inferred`）

## 权限和组件

### 权限

- `BIND_GET_INSTALL_REFERRER_SERVICE`
- `android.permission.ACCESS_ADSERVICES_AD_ID`
- `android.permission.ACCESS_ADSERVICES_ATTRIBUTION`
- `android.permission.ACCESS_ADSERVICES_CUSTOM_AUDIENCE`
- `android.permission.ACCESS_ADSERVICES_TOPICS`
- `android.permission.ACCESS_COARSE_LOCATION`
- `android.permission.ACCESS_NETWORK_STATE`
- `android.permission.ACCESS_WIFI_STATE`
- `android.permission.BLUETOOTH`
- `android.permission.BLUETOOTH_ADMIN`
- `android.permission.CHANGE_WIFI_STATE`
- `android.permission.FOREGROUND_SERVICE`
- `android.permission.INTERNET`
- `android.permission.POST_NOTIFICATIONS`
- `android.permission.USE_BIOMETRIC`
- `android.permission.USE_FINGERPRINT`
- `android.permission.VIBRATE`
- `android.permission.WAKE_LOCK`
- `com.android.vending.BILLING`
- `com.android.vending.CHECK_LICENSE`
- `com.ecffri.arrows.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION`
- `com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE`
- `com.google.android.gms.permission.AD_ID`
- `com.google.android.providers.gsf.permission.READ_GSERVICES`

### 组件

- Activities：androidx.credentials.playservices.controllers.identityauth.HiddenActivity, androidx.credentials.playservices.controllers.identitycredentials.IdentityCredentialApiHiddenActivity, com.android.billingclient.api.ProxyBillingActivity, com.android.billingclient.api.ProxyBillingActivityV2, com.applovin.adview.AppLovinFullscreenActivity, com.applovin.adview.AppLovinFullscreenImmersiveActivity, com.applovin.creative.MaxCreativeDebuggerActivity, com.applovin.creative.MaxCreativeDebuggerDisplayedAdActivity, com.applovin.mediation.MaxDebuggerActivity, com.applovin.mediation.MaxDebuggerAdUnitDetailActivity, com.applovin.mediation.MaxDebuggerAdUnitWaterfallsListActivity, com.applovin.mediation.MaxDebuggerAdUnitsListActivity, com.applovin.mediation.MaxDebuggerCmpNetworksListActivity, com.applovin.mediation.MaxDebuggerDetailActivity, com.applovin.mediation.MaxDebuggerMultiAdActivity, com.applovin.mediation.MaxDebuggerTcfConsentStatusesListActivity, com.applovin.mediation.MaxDebuggerTcfInfoListActivity, com.applovin.mediation.MaxDebuggerTcfStringActivity, com.applovin.mediation.MaxDebuggerTestLiveNetworkActivity, com.applovin.mediation.MaxDebuggerTestModeNetworkActivity, com.applovin.mediation.MaxDebuggerUnifiedFlowActivity, com.applovin.mediation.MaxDebuggerWaterfallSegmentsActivity, com.applovin.sdk.AppLovinWebViewActivity, com.bytedance.sdk.openadsdk.activity.TTAdActivity, com.bytedance.sdk.openadsdk.activity.TTAppOpenAdActivity, com.bytedance.sdk.openadsdk.activity.TTAppOpenAdTransActivity, com.bytedance.sdk.openadsdk.activity.TTCeilingLandingPageActivity, com.bytedance.sdk.openadsdk.activity.TTDelegateActivity, com.bytedance.sdk.openadsdk.activity.TTFullScreenExpressVideoActivity, com.bytedance.sdk.openadsdk.activity.TTFullScreenVideoActivity, com.bytedance.sdk.openadsdk.activity.TTInterstitialActivity, com.bytedance.sdk.openadsdk.activity.TTInterstitialExpressActivity, com.bytedance.sdk.openadsdk.activity.TTLandingPageActivity, com.bytedance.sdk.openadsdk.activity.TTPlayableLandingPageActivity, com.bytedance.sdk.openadsdk.activity.TTRewardExpressVideoActivity, com.bytedance.sdk.openadsdk.activity.TTRewardVideoActivity, com.bytedance.sdk.openadsdk.activity.TTVideoLandingPageLink2Activity, com.bytedance.sdk.openadsdk.activity.TTWebsiteActivity, com.facebook.CustomTabActivity, com.facebook.CustomTabMainActivity, com.facebook.FacebookActivity, com.facebook.ads.AudienceNetworkActivity, com.facebook.unity.FBUnityAppLinkActivity, com.facebook.unity.FBUnityCreateGameGroupActivity, com.facebook.unity.FBUnityDeepLinkingActivity, com.facebook.unity.FBUnityDialogsActivity, com.facebook.unity.FBUnityGameRequestActivity, com.facebook.unity.FBUnityGamingServicesFriendFinderActivity, com.facebook.unity.FBUnityJoinGameGroupActivity, com.facebook.unity.FBUnityLoginActivity, com.farimarwat.grizzly.ReportActivity, com.fyber.inneractive.sdk.activities.FyberReportAdActivity, com.fyber.inneractive.sdk.activities.InneractiveFullscreenAdActivity, com.fyber.inneractive.sdk.activities.InneractiveInternalBrowserActivity, com.fyber.inneractive.sdk.activities.InneractiveRichMediaVideoPlayerActivityCore, com.fyber.inneractive.sdk.activities.InternalStoreWebpageActivity, com.google.android.gms.ads.AdActivity, com.google.android.gms.ads.NotificationHandlerActivity, com.google.android.gms.ads.OutOfContextTestingActivity, com.google.android.gms.auth.api.signin.internal.SignInHubActivity, com.google.android.gms.common.api.GoogleApiActivity, com.google.android.gms.games.internal.v2.appshortcuts.PlayGamesAppShortcutsActivity, com.google.android.gms.games.internal.v2.resolution.GamesResolutionActivity, com.google.android.play.core.common.PlayCoreDialogWrapperActivity, com.google.firebase.auth.internal.GenericIdpActivity, com.google.firebase.auth.internal.RecaptchaActivity, com.google.games.bridge.NativeBridgeActivity, com.inmobi.ads.rendering.InMobiAdActivity, com.ironsource.mediationsdk.testSuite.TestSuiteActivity, com.ironsource.sdk.controller.ControllerActivity, com.ironsource.sdk.controller.InterstitialActivity, com.ironsource.sdk.controller.OpenUrlActivity, com.mbridge.msdk.activity.MBCommonActivity, com.mbridge.msdk.config.activity.MBRewardVideoActivity, com.mbridge.msdk.out.LoadingActivity, com.mbridge.msdk.reward.player.MBRewardVideoActivity, com.moloco.sdk.xenoss.sdkdevkit.android.adrenderer.internal.mraid.MraidActivity, com.moloco.sdk.xenoss.sdkdevkit.android.adrenderer.internal.staticrenderer.StaticAdActivity, com.moloco.sdk.xenoss.sdkdevkit.android.adrenderer.internal.templates.renderer.fullscreen.FullscreenWebviewActivity, com.moloco.sdk.xenoss.sdkdevkit.android.adrenderer.internal.vast.VastActivity, com.unity3d.ads.adplayer.FullScreenWebViewDisplay, com.unity3d.ironsourceads.internal.services.InlineStoreActivity, com.unity3d.player.UnityPlayerActivity, com.unity3d.services.ads.adunit.AdUnitActivity, com.unity3d.services.ads.adunit.AdUnitSoftwareActivity, com.unity3d.services.ads.adunit.AdUnitTransparentActivity, com.unity3d.services.ads.adunit.AdUnitTransparentSoftwareActivity, com.vungle.ads.internal.ui.VungleActivity, io.bidmachine.iab.mraid.MraidActivity, io.bidmachine.iab.vast.activity.VastActivity, io.bidmachine.nativead.view.VideoPlayerActivity, io.bidmachine.rendering.ad.fullscreen.FullScreenActivity, io.bidmachine.rendering.ad.view.ExpandActivity
- Services：androidx.credentials.playservices.CredentialProviderMetadataHolder, androidx.room.MultiInstanceInvalidationService, androidx.work.impl.background.systemalarm.SystemAlarmService, androidx.work.impl.background.systemjob.SystemJobService, androidx.work.impl.foreground.SystemForegroundService, com.applovin.impl.adview.activity.FullscreenAdService, com.bytedance.sdk.openadsdk.multipro.aidl.BinderPoolService, com.google.android.datatransport.runtime.backends.TransportBackendDiscovery, com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService, com.google.android.gms.ads.AdService, com.google.android.gms.auth.api.signin.RevocationBoundService, com.google.android.gms.measurement.AppMeasurementJobService, com.google.android.gms.measurement.AppMeasurementService, com.google.android.gms.nearby.exposurenotification.WakeUpService, com.google.firebase.components.ComponentDiscoveryService
- Receivers：androidx.profileinstaller.ProfileInstallReceiver, androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy, androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver, androidx.work.impl.background.systemalarm.RescheduleReceiver, androidx.work.impl.diagnostics.DiagnosticsReceiver, androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver, com.facebook.AuthenticationTokenManager$CurrentAuthenticationTokenChangedBroadcastReceiver, com.facebook.CurrentAccessTokenExpirationBroadcastReceiver, com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver, com.google.android.gms.measurement.AppMeasurementReceiver, com.mbridge.msdk.foundation.same.broadcast.NetWorkChangeReceiver, com.singular.sdk.SingularInstallReceiver, com.unity.androidnotifications.UnityNotificationManager
- Providers：androidx.startup.InitializationProvider, com.applovin.sdk.AppLovinInitProvider, com.facebook.FacebookContentProvider, com.facebook.ads.AudienceNetworkContentProvider, com.facebook.internal.FacebookInitProvider, com.google.android.gms.ads.MobileAdsInitProvider, com.google.android.gms.games.provider.PlayGamesInitProvider, com.google.firebase.provider.FirebaseInitProvider, com.ironsource.lifecycle.IronsourceLifecycleProvider, com.ironsource.lifecycle.LevelPlayActivityLifecycleProvider, com.mbridge.msdk.config.component.status.MBComponentLifecycleProvider, com.squareup.picasso.PicassoProvider, com.vungle.ads.VungleProvider, io.bidmachine.BidMachineInitProvider

## SDK / Endpoint

### SDK

- `admob`
- `firebase`

### Endpoint candidates

- https://github.com/zloirock/core-js/blob/v3.31.1/LICENSE
- https://github.com/zloirock/core-js
- http://a
- http://a/c%20d?a=1&c=3
- https://a@b
- http://тест
- http://a#б
- http://x
- https://cdn.prod.website-files.com/6799fdf147956ac3a5fda2e2/6799fdf147956ac3a5fda2ec_Roboto-Medium.ttf
- https://cdn.prod.website-files.com/6799fdf147956ac3a5fda2e2/6799fdf147956ac3a5fda2f3_Roboto-Black.ttf
- https://cdn.prod.website-files.com/6799fdf147956ac3a5fda2e2/6799fdf147956ac3a5fda2f0_Roboto-Bold.ttf
- https://cdn.prod.website-files.com/6799fdf147956ac3a5fda2e2/6799fdf147956ac3a5fda2ed_Roboto-Regular.ttf
- https://ae.iads.unity3d.com/logs
- https://postlog.supersonic.com/logs
- http://qa.analytics.qa
- https://secure.ironbeast.io
- http://supersonic.ironbeast.io
- http://qa-analytics.unity3d.com?%24%7Bt%7D%60%29.catch%28%28%28%29=
- https://ironsource.mobi/privacy-policy/privacypolicy.html
- http://iron-debug-controller.com?log=
- https://akm.ssacdn.com/users/cdn/jsonFile.json
- https://akm.ssacdn.com/users/cdn/videoFile.mp4
- https://akm.ssacdn.com/users/cdn/imgFile.png
- https://cncn.ssacdn.com/users/cdn/jsonFile.json
- https://cncn.ssacdn.com/users/cdn/videoFile.mp4
- https://cncn.ssacdn.com/users/cdn/imgFile.png
- https://itcn.ssacdn.com/users/cdn/jsonFile.json
- https://itcn.ssacdn.com/users/cdn/videoFile.mp4
- https://itcn.ssacdn.com/users/cdn/imgFile.png
- https://pm-gateway.supersonicads.com/test
- https://init.supersonicads.com/admin/healthCheck
- http://www.jacoco.org/jacoco
- http://www.apache.org/licenses/LICENSE-2.0
- http://tizen.org/system/model_name
- http://tizen.org/feature/platform.version

## Warnings

- apktool manifest decode skipped 1 split APK(s)
- binary AndroidManifest.xml decoded with apktool

## 下一步

- 真机/模拟器验证 onboarding、paywall、首个可感知价值和崩溃路径。
- 把 endpoint candidates 与 HAR / MITM / Frida 动态证据对齐，避免只凭静态字符串下结论。
- 多版本对比权限、SDK、endpoint、native libs 和资源路径变化。
- 订阅/广告 SDK 线索存在，后续需拆 paywall、free trial、退款和广告频率。