# Avatarro

状态：active
Platform：android
Package：kallossoft.avatar
Version：3.0.9
Opportunity：2026-06-10-avatarro-ai-avatar-maker

## 摘要

- 包类型：xapk，inner APK 数：20
- 引擎 / 框架：flutter
- SDK 线索：admob, appsflyer, firebase, onesignal
- Endpoint candidates：10
- 结论口径：本报告只基于静态 ZIP / Manifest / 字符串证据；不代表真实运行路径已验证。

## 直接证据

- [high] Manifest package id is kallossoft.avatar（source: `AndroidManifest.xml`，status: `verified`）
- [high] Manifest declares 39 permissions（source: `AndroidManifest.xml`，status: `verified`）
- [high] Engine/framework markers: flutter（source: `APK file inventory`，status: `verified`）
- [high] Static strings include 10 endpoint candidates（source: `Text/string scan`，status: `verified`）
- [high] Package contains 17 native libraries（source: `APK file inventory`，status: `verified`）

## 推断

- [medium] SDK markers suggest: admob, appsflyer, firebase, onesignal（source: `Manifest, filenames, and text strings`，status: `inferred`）

## 权限和组件

### 权限

- `android.permission.ACCESS_ADSERVICES_AD_ID`
- `android.permission.ACCESS_ADSERVICES_ATTRIBUTION`
- `android.permission.ACCESS_ADSERVICES_TOPICS`
- `android.permission.ACCESS_NETWORK_STATE`
- `android.permission.ACCESS_WIFI_STATE`
- `android.permission.CAMERA`
- `android.permission.FOREGROUND_SERVICE`
- `android.permission.INTERNET`
- `android.permission.POST_NOTIFICATIONS`
- `android.permission.READ_APP_BADGE`
- `android.permission.READ_EXTERNAL_STORAGE`
- `android.permission.RECEIVE_BOOT_COMPLETED`
- `android.permission.RECORD_AUDIO`
- `android.permission.VIBRATE`
- `android.permission.WAKE_LOCK`
- `android.permission.WRITE_EXTERNAL_STORAGE`
- `com.anddoes.launcher.permission.UPDATE_COUNT`
- `com.android.vending.BILLING`
- `com.applovin.array.apphub.permission.BIND_APPHUB_SERVICE`
- `com.google.android.c2dm.permission.RECEIVE`
- `com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE`
- `com.google.android.gms.permission.AD_ID`
- `com.google.android.providers.gsf.permission.READ_GSERVICES`
- `com.htc.launcher.permission.READ_SETTINGS`
- `com.htc.launcher.permission.UPDATE_SHORTCUT`
- `com.huawei.android.launcher.permission.CHANGE_BADGE`
- `com.huawei.android.launcher.permission.READ_SETTINGS`
- `com.huawei.android.launcher.permission.WRITE_SETTINGS`
- `com.majeur.launcher.permission.UPDATE_BADGE`
- `com.oppo.launcher.permission.READ_SETTINGS`
- `com.oppo.launcher.permission.WRITE_SETTINGS`
- `com.sec.android.provider.badge.permission.READ`
- `com.sec.android.provider.badge.permission.WRITE`
- `com.sonyericsson.home.permission.BROADCAST_BADGE`
- `com.sonymobile.home.permission.PROVIDER_INSERT_BADGE`
- `kallossoft.avatar.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION`
- `kallossoft.avatar.permission.C2D_MESSAGE`
- `me.everything.badger.permission.BADGE_COUNT_READ`
- `me.everything.badger.permission.BADGE_COUNT_WRITE`

### 组件

- Activities：androidx.credentials.playservices.HiddenActivity, com.adapty.internal.crossplatform.ui.AdaptyUiActivity, com.adapty.internal.crossplatform.ui.AdaptyUiOnboardingActivity, com.android.billingclient.api.ProxyBillingActivity, com.android.billingclient.api.ProxyBillingActivityV2, com.applovin.adview.AppLovinFullscreenActivity, com.applovin.creative.MaxCreativeDebuggerActivity, com.applovin.creative.MaxCreativeDebuggerDisplayedAdActivity, com.applovin.mediation.MaxDebuggerActivity, com.applovin.mediation.MaxDebuggerAdUnitDetailActivity, com.applovin.mediation.MaxDebuggerAdUnitWaterfallsListActivity, com.applovin.mediation.MaxDebuggerAdUnitsListActivity, com.applovin.mediation.MaxDebuggerCmpNetworksListActivity, com.applovin.mediation.MaxDebuggerDetailActivity, com.applovin.mediation.MaxDebuggerMultiAdActivity, com.applovin.mediation.MaxDebuggerTcfConsentStatusesListActivity, com.applovin.mediation.MaxDebuggerTcfInfoListActivity, com.applovin.mediation.MaxDebuggerTcfStringActivity, com.applovin.mediation.MaxDebuggerTestLiveNetworkActivity, com.applovin.mediation.MaxDebuggerTestModeNetworkActivity, com.applovin.mediation.MaxDebuggerUnifiedFlowActivity, com.applovin.mediation.MaxDebuggerWaterfallSegmentsActivity, com.applovin.sdk.AppLovinWebViewActivity, com.bytedance.sdk.openadsdk.activity.TTAdActivity, com.bytedance.sdk.openadsdk.activity.TTAppOpenAdActivity, com.bytedance.sdk.openadsdk.activity.TTCeilingLandingPageActivity, com.bytedance.sdk.openadsdk.activity.TTDelegateActivity, com.bytedance.sdk.openadsdk.activity.TTFullScreenExpressVideoActivity, com.bytedance.sdk.openadsdk.activity.TTFullScreenVideoActivity, com.bytedance.sdk.openadsdk.activity.TTInterstitialActivity, com.bytedance.sdk.openadsdk.activity.TTInterstitialExpressActivity, com.bytedance.sdk.openadsdk.activity.TTLandingPageActivity, com.bytedance.sdk.openadsdk.activity.TTPlayableLandingPageActivity, com.bytedance.sdk.openadsdk.activity.TTRewardExpressVideoActivity, com.bytedance.sdk.openadsdk.activity.TTRewardVideoActivity, com.bytedance.sdk.openadsdk.activity.TTVideoLandingPageLink2Activity, com.bytedance.sdk.openadsdk.activity.TTWebsiteActivity, com.chartboost.sdk.internal.clickthrough.EmbeddedBrowserActivity, com.chartboost.sdk.view.CBImpressionActivity, com.chartboost.sdk.view.FullscreenAdActivity, com.cleveradssolutions.adapters.exchange.rendering.views.browser.AdBrowserActivity, com.cleveradssolutions.internal.integration.IntegrationPageActivity, com.facebook.ads.AudienceNetworkActivity, com.fyber.inneractive.sdk.activities.FyberReportAdActivity, com.fyber.inneractive.sdk.activities.InneractiveFullscreenAdActivity, com.fyber.inneractive.sdk.activities.InneractiveInternalBrowserActivity, com.fyber.inneractive.sdk.activities.InneractiveRichMediaVideoPlayerActivityCore, com.fyber.inneractive.sdk.activities.InternalStoreWebpageActivity, com.google.android.gms.ads.AdActivity, com.google.android.gms.ads.NotificationHandlerActivity, com.google.android.gms.ads.OutOfContextTestingActivity, com.google.android.gms.auth.api.signin.internal.SignInHubActivity, com.google.android.gms.common.api.GoogleApiActivity, com.google.android.play.core.common.PlayCoreDialogWrapperActivity, com.google.firebase.auth.internal.GenericIdpActivity, com.google.firebase.auth.internal.RecaptchaActivity, com.inmobi.ads.rendering.InMobiAdActivity, com.ironsource.mediationsdk.testSuite.TestSuiteActivity, com.ironsource.sdk.controller.ControllerActivity, com.ironsource.sdk.controller.InterstitialActivity, com.ironsource.sdk.controller.OpenUrlActivity, com.mbridge.msdk.activity.MBCommonActivity, com.mbridge.msdk.out.LoadingActivity, com.mbridge.msdk.reward.player.MBRewardVideoActivity, com.onesignal.NotificationOpenedActivityHMS, com.onesignal.core.activities.PermissionsActivity, com.onesignal.notifications.activities.NotificationOpenedActivity, com.onesignal.notifications.activities.NotificationOpenedActivityAndroid22AndOlder, com.unity3d.ads.adplayer.FullScreenWebViewDisplay, com.unity3d.services.ads.adunit.AdUnitActivity, com.unity3d.services.ads.adunit.AdUnitSoftwareActivity, com.unity3d.services.ads.adunit.AdUnitTransparentActivity, com.unity3d.services.ads.adunit.AdUnitTransparentSoftwareActivity, com.vungle.ads.internal.ui.VungleActivity, com.yandex.mobile.ads.common.AdActivity, com.yandex.mobile.ads.features.debugpanel.ui.IntegrationInspectorActivity, io.flutter.plugins.urllauncher.WebViewActivity, kallossoft.avatar.MainActivity, sg.bigo.ads.ad.splash.AdSplashActivity, sg.bigo.ads.ad.splash.LandscapeAdSplashActivity, sg.bigo.ads.api.AdActivity, sg.bigo.ads.api.CompanionAdActivity, sg.bigo.ads.api.LandingStyleableActivity, sg.bigo.ads.api.LandscapeAdActivity, sg.bigo.ads.api.LandscapeCompanionAdActivity, sg.bigo.ads.api.PopupAdActivity, sg.bigo.ads.controller.form.AdFormActivity, sg.bigo.ads.core.mraid.MraidVideoActivity
- Services：androidx.camera.core.impl.MetadataHolderService, androidx.credentials.playservices.CredentialProviderMetadataHolder, androidx.room.MultiInstanceInvalidationService, androidx.work.impl.background.systemalarm.SystemAlarmService, androidx.work.impl.background.systemjob.SystemJobService, androidx.work.impl.foreground.SystemForegroundService, com.applovin.impl.adview.activity.FullscreenAdService, com.bytedance.sdk.openadsdk.multipro.aidl.BinderPoolService, com.chartboost.sdk.internal.video.repository.exoplayer.VideoRepositoryDownloadService, com.dexterous.flutterlocalnotifications.FlutterLocalNotificationsPlugin$ScheduledNotificationPublisher, com.google.android.datatransport.runtime.backends.TransportBackendDiscovery, com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService, com.google.android.gms.ads.AdService, com.google.android.gms.auth.api.signin.RevocationBoundService, com.google.android.gms.measurement.AppMeasurementJobService, com.google.android.gms.measurement.AppMeasurementService, com.google.android.gms.metadata.ModuleDependencies, com.google.firebase.components.ComponentDiscoveryService, com.google.firebase.messaging.FirebaseMessagingService, com.google.mlkit.common.internal.MlKitComponentDiscoveryService, com.onesignal.core.services.SyncJobService, com.onesignal.notifications.services.HmsMessageServiceOneSignal, io.appmetrica.analytics.internal.AppMetricaService
- Receivers：androidx.profileinstaller.ProfileInstallReceiver, androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy, androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver, androidx.work.impl.background.systemalarm.RescheduleReceiver, androidx.work.impl.diagnostics.DiagnosticsReceiver, androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver, com.dexterous.flutterlocalnotifications.ActionBroadcastReceiver, com.dexterous.flutterlocalnotifications.ScheduledNotificationBootReceiver, com.dexterous.flutterlocalnotifications.ScheduledNotificationReceiver, com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver, com.google.android.gms.measurement.AppMeasurementReceiver, com.google.firebase.iid.FirebaseInstanceIdReceiver, com.mbridge.msdk.foundation.same.broadcast.NetWorkChangeReceiver, com.onesignal.notifications.receivers.BootUpReceiver, com.onesignal.notifications.receivers.FCMBroadcastReceiver, com.onesignal.notifications.receivers.NotificationDismissReceiver, com.onesignal.notifications.receivers.UpgradeReceiver, dev.fluttercommunity.plus.share.SharePlusPendingIntent
- Providers：androidx.core.content.FileProvider, androidx.startup.InitializationProvider, com.applovin.sdk.AppLovinInitProvider, com.cleveradssolutions.internal.services.CASInitProvider, com.facebook.ads.AudienceNetworkContentProvider, com.google.firebase.provider.FirebaseInitProvider, com.google.mlkit.common.internal.MlKitInitProvider, com.ironsource.lifecycle.IronsourceLifecycleProvider, com.ironsource.lifecycle.LevelPlayActivityLifecycleProvider, com.sidlatau.flutteremailsender.FlutterEmailSenderFileProvider, com.squareup.picasso.PicassoProvider, com.vungle.ads.VungleProvider, com.yandex.mobile.ads.core.initializer.MobileAdsInitializeProvider, com.yandex.mobile.ads.features.debugpanel.data.local.DebugPanelFileProvider, dev.fluttercommunity.plus.share.ShareFileProvider, io.appmetrica.analytics.internal.PreloadInfoContentProvider, io.flutter.plugins.imagepicker.ImagePickerFileProvider, sg.bigo.ads.controller.provider.BigoAdsProvider

## SDK / Endpoint

### SDK

- `admob`
- `appsflyer`
- `firebase`
- `onesignal`

### Endpoint candidates

- http://www.apache.org/licenses/
- https://www.jsdelivr.com/using-sri-with-dynamic-files
- https://github.com/apvarun/toastify-js
- https://github.com/richtr/NoSleep.js/issues/15
- https://developer.mozilla.org/en-US/docs/Web/API/WakeLockSentinel/released
- https://github.com/danikula/AndroidVideoCache/issues/134
- http:// http://%s:%d/%s http://127.0.0.1/ http://play.google.com https:// Fhttps://ad-host-backup-america.oss-us-west-1.aliyuncs.com/uni/v2/au.pj Hhttps://ad-host-backup-asia.oss-ap-southeast-1.aliyuncs.com/uni/v2/au.pj Hhttps://ad-host-backup-europe.oss-eu-central-1.aliyuncs.com/uni/v2/au.pj Phttps://drive.google.com/uc?export=download&id=1ms4F7Cn_aInE9oFMMaZEiwMIuMKt1DZc%00ohttps%3A%2F%2Fgdl.news-cdn.site%2Fas%2Fbigo-ad-creatives%2F7h5%2FM09%2FFD%2F6B%2FqvsbAF5g1KaIOSQ7AACyEETvrcoABLLjgDvdTQAALIo1432.js%00%13https%3A%2F%2Finvalid.url%00%15https%3A%2F%2Fmraid.bigo.sg%00%17https%3A%2F%2Fplay.google.com%00%02hu%00%05hw_id%00
- http://www.apache.org/licenses/LICENSE-2.0
- http://tizen.org/system/model_name
- http://tizen.org/feature/platform.version

## Warnings

- apktool manifest decode skipped 19 split APK(s)
- binary AndroidManifest.xml decoded with apktool

## 下一步

- 真机/模拟器验证 onboarding、paywall、首个可感知价值和崩溃路径。
- 把 endpoint candidates 与 HAR / MITM / Frida 动态证据对齐，避免只凭静态字符串下结论。
- 多版本对比权限、SDK、endpoint、native libs 和资源路径变化。
- 订阅/广告 SDK 线索存在，后续需拆 paywall、free trial、退款和广告频率。