# Cal AI – Calorie Tracker

状态：active
Platform：android
Package：com.viraldevelopment.calai
Version：26.22.0
Opportunity：2026-06-10-cal-ai-food-calorie-tracker

## 摘要

- 包类型：xapk，inner APK 数：20
- 引擎 / 框架：native
- SDK 线索：appsflyer, firebase, revenuecat
- Endpoint candidates：80
- 结论口径：本报告只基于静态 ZIP / Manifest / 字符串证据；不代表真实运行路径已验证。

## 直接证据

- [high] Manifest package id is com.viraldevelopment.calai（source: `AndroidManifest.xml`，status: `verified`）
- [high] Manifest declares 30 permissions（source: `AndroidManifest.xml`，status: `verified`）
- [high] Engine/framework markers: native（source: `APK file inventory`，status: `verified`）
- [high] Static strings include 80 endpoint candidates（source: `Text/string scan`，status: `verified`）
- [high] Package contains 11 native libraries（source: `APK file inventory`，status: `verified`）

## 推断

- [medium] SDK markers suggest: appsflyer, firebase, revenuecat（source: `Manifest, filenames, and text strings`，status: `inferred`）

## 权限和组件

### 权限

- `android.permission.ACCESS_ADSERVICES_AD_ID`
- `android.permission.ACCESS_ADSERVICES_ATTRIBUTION`
- `android.permission.ACCESS_NETWORK_STATE`
- `android.permission.BLUETOOTH`
- `android.permission.CAMERA`
- `android.permission.FOREGROUND_SERVICE`
- `android.permission.FOREGROUND_SERVICE_DATA_SYNC`
- `android.permission.INTERNET`
- `android.permission.POST_NOTIFICATIONS`
- `android.permission.READ_EXTERNAL_STORAGE`
- `android.permission.RECEIVE_BOOT_COMPLETED`
- `android.permission.RECORD_AUDIO`
- `android.permission.SCHEDULE_EXACT_ALARM`
- `android.permission.USE_BIOMETRIC`
- `android.permission.USE_FINGERPRINT`
- `android.permission.VIBRATE`
- `android.permission.WAKE_LOCK`
- `android.permission.WRITE_EXTERNAL_STORAGE`
- `android.permission.health.READ_EXERCISE`
- `android.permission.health.READ_STEPS`
- `android.permission.health.READ_TOTAL_CALORIES_BURNED`
- `com.android.vending.BILLING`
- `com.android.vending.CHECK_LICENSE`
- `com.google.android.c2dm.permission.RECEIVE`
- `com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE`
- `com.google.android.gms.permission.AD_ID`
- `com.google.android.providers.gsf.permission.READ_GSERVICES`
- `com.huawei.appmarket.service.commondata.permission.GET_COMMON_DATA`
- `com.samsung.android.mapsagent.permission.READ_APP_INFO`
- `com.viraldevelopment.calai.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION`

### 组件

- Activities：androidx.credentials.playservices.HiddenActivity, androidx.credentials.playservices.IdentityCredentialApiHiddenActivity, androidx.glance.appwidget.action.ActionTrampolineActivity, androidx.glance.appwidget.action.InvisibleActionTrampolineActivity, com.android.billingclient.api.ProxyBillingActivity, com.android.billingclient.api.ProxyBillingActivityV2, com.calai.MainActivity, com.calai.ViewPermissionUsageActivity, com.google.android.gms.auth.api.signin.internal.SignInHubActivity, com.google.android.gms.common.api.GoogleApiActivity, com.google.android.play.core.common.PlayCoreDialogWrapperActivity, com.google.firebase.auth.internal.GenericIdpActivity, com.google.firebase.auth.internal.RecaptchaActivity, com.karumi.dexter.DexterActivity, com.pairip.licensecheck.LicenseActivity, com.superwall.sdk.debug.DebugViewActivity, com.superwall.sdk.debug.SWConsoleActivity, com.superwall.sdk.debug.localizations.SWLocalizationActivity, com.superwall.sdk.paywall.view.SuperwallPaywallActivity, io.customer.messagingpush.activity.NotificationClickReceiverActivity, io.didomi.sdk.notice.ctv.TVNoticeDialogActivity, io.didomi.sdk.preferences.ctv.TVPreferencesDialogActivity
- Services：androidx.appcompat.app.AppLocalesMetadataHolderService, androidx.camera.core.impl.MetadataHolderService, androidx.core.widget.RemoteViewsCompatService, androidx.credentials.playservices.CredentialProviderMetadataHolder, androidx.glance.appwidget.GlanceRemoteViewsService, androidx.health.platform.client.impl.sdkservice.HealthDataSdkService, androidx.room.MultiInstanceInvalidationService, androidx.work.impl.background.systemalarm.SystemAlarmService, androidx.work.impl.background.systemjob.SystemJobService, androidx.work.impl.foreground.SystemForegroundService, com.calai.feature_food_database.data.service.FoodAnalysisService, com.calai.services.CalAIMessagingService, com.google.android.datatransport.runtime.backends.TransportBackendDiscovery, com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService, com.google.android.gms.auth.api.signin.RevocationBoundService, com.google.android.gms.measurement.AppMeasurementJobService, com.google.android.gms.measurement.AppMeasurementService, com.google.firebase.components.ComponentDiscoveryService, com.google.firebase.messaging.FirebaseMessagingService, com.google.firebase.sessions.SessionLifecycleService, com.google.mlkit.common.internal.MlKitComponentDiscoveryService, io.customer.messagingpush.CustomerIOFirebaseMessagingService
- Receivers：androidx.glance.appwidget.MyPackageReplacedReceiver, androidx.glance.appwidget.UnmanagedSessionReceiver, androidx.glance.appwidget.action.ActionCallbackBroadcastReceiver, androidx.profileinstaller.ProfileInstallReceiver, androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy, androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver, androidx.work.impl.background.systemalarm.RescheduleReceiver, androidx.work.impl.diagnostics.DiagnosticsReceiver, androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver, com.calai.feature_widget.presentation.widget.receiver.CalorieWidgetReceiver, com.calai.feature_widget.presentation.widget.receiver.DetailedCalorieWidgetReceiver, com.calai.feature_widget.presentation.widget.receiver.StreakWidgetReceiver, com.calai.feature_widget.presentation.widget.receiver.WidgetUpdateReceiver, com.calai.notify.MealReminderReceiver, com.calai.notify.ReminderReceiver, com.calai.services.BootReceiver, com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver, com.google.android.gms.measurement.AppMeasurementReceiver, com.google.firebase.iid.FirebaseInstanceIdReceiver, io.customer.messagingpush.CustomerIOCloudMessagingReceiver
- Providers：androidx.core.content.FileProvider, androidx.startup.InitializationProvider, com.google.firebase.provider.FirebaseInitProvider, com.google.mlkit.common.internal.MlKitInitProvider

## SDK / Endpoint

### SDK

- `appsflyer`
- `firebase`
- `revenuecat`

### Endpoint candidates

- http://www.apache.org/licenses/
- https://vdx.tv/privacy/
- https://www.exponential.com/wp-content/uploads/2018/04/Balancing-Assessment-for-Legitimate-Interest-Publishers-v2.pdf
- https://sdk.privacy-center.org/tcf/v3/disclosures/1.json
- https://www.captifytechnologies.com/privacy-notice/
- https://sdk.privacy-center.org/tcf/v3/disclosures/2.json
- https://www.roq.ad/privacy-policy-roqad/
- https://sdk.privacy-center.org/tcf/v3/disclosures/4.json
- https://help.adspirit.de/privacy.php?lang=1
- https://help.adspirit.de/privacy.php
- https://sdk.privacy-center.org/tcf/v3/disclosures/6.json
- https://www.emerse.com/privacy-policy/
- https://sdk.privacy-center.org/tcf/v3/disclosures/8.json
- https://www.admaxim.com/admaxim-privacy-policy/
- https://sdk.privacy-center.org/tcf/v3/disclosures/9.json
- https://www.indexexchange.com/privacy
- https://www.indexexchange.com/privacy/exchange-platform-privacy-policy/#section-3
- https://sdk.privacy-center.org/tcf/v3/disclosures/10.json
- https://www.quantcast.com/privacy
- https://sdk.privacy-center.org/tcf/v3/disclosures/11.json
- https://www.beeswax.com/privacy/
- https://sdk.privacy-center.org/tcf/v3/disclosures/12.json
- https://www.sovrn.com/privacy-policy/
- https://sdk.privacy-center.org/tcf/v3/disclosures/13.json
- https://adkernel.com/privacy-policy/
- https://sdk.privacy-center.org/tcf/v3/disclosures/14.json
- https://www.adikteev.com/privacy
- https://www.adikteev.com/privacy-policy-app-users
- https://sdk.privacy-center.org/tcf/v3/disclosures/15.json
- https://www.rtbhouse.com/privacy-center
- https://www.rtbhouse.com/legitimate_interest_assessments_tcf
- https://www.rtbhouse.com/privacy-center/politique-de-confidentialite-des-services
- https://sdk.privacy-center.org/tcf/v3/disclosures/16.json
- https://nrich.io/privacy-notice
- https://nrich.io/gdpr-legitimate-interest-assessment-sheet
- https://sdk.privacy-center.org/tcf/v3/disclosures/20.json
- https://www.thetradedesk.com/us/privacy
- https://sdk.privacy-center.org/tcf/v3/disclosures/21.json
- https://admetrics.io/en/privacy_policy/
- https://sdk.privacy-center.org/tcf/v3/disclosures/22.json

## Warnings

- apktool manifest decode skipped 19 split APK(s)
- binary AndroidManifest.xml decoded with apktool

## 下一步

- 真机/模拟器验证 onboarding、paywall、首个可感知价值和崩溃路径。
- 把 endpoint candidates 与 HAR / MITM / Frida 动态证据对齐，避免只凭静态字符串下结论。
- 多版本对比权限、SDK、endpoint、native libs 和资源路径变化。
- 订阅/广告 SDK 线索存在，后续需拆 paywall、free trial、退款和广告频率。