# Caresleep 状态:active Platform:android Package:com.pedrosstudio.caresleep Version:4.0.3 Opportunity:2026-06-10-calm-sounds-for-sleep-relax ## 摘要 - 包类型:xapk,inner APK 数:20 - 引擎 / 框架:native - SDK 线索:firebase - Endpoint candidates:30 - 结论口径:本报告只基于静态 ZIP / Manifest / 字符串证据;不代表真实运行路径已验证。 ## 直接证据 - [high] Manifest package id is com.pedrosstudio.caresleep(source: `AndroidManifest.xml`,status: `verified`) - [high] Manifest declares 9 permissions(source: `AndroidManifest.xml`,status: `verified`) - [high] Engine/framework markers: native(source: `APK file inventory`,status: `verified`) - [high] Static strings include 30 endpoint candidates(source: `Text/string scan`,status: `verified`) - [high] Package contains 11 native libraries(source: `APK file inventory`,status: `verified`) ## 推断 - [medium] SDK markers suggest: firebase(source: `Manifest, filenames, and text strings`,status: `inferred`) ## 权限和组件 ### 权限 - `android.permission.ACCESS_NETWORK_STATE` - `android.permission.FOREGROUND_SERVICE` - `android.permission.FOREGROUND_SERVICE_MEDIA_PLAYBACK` - `android.permission.INTERNET` - `android.permission.MEDIA_CONTENT_CONTROL` - `android.permission.POST_NOTIFICATIONS` - `android.permission.WAKE_LOCK` - `com.android.vending.BILLING` - `com.pedrosstudio.caresleep.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION` ### 组件 - Activities:com.android.billingclient.api.ProxyBillingActivity, com.android.billingclient.api.ProxyBillingActivityV2, com.google.android.gms.common.api.GoogleApiActivity, com.google.android.play.core.common.PlayCoreDialogWrapperActivity, crc64041c62dbb2983451.MainActivity, crc6468b6408a11370c2f.WebAuthenticatorIntermediateActivity, crc64ba438d8f48cf7e75.IntermediateActivity - Services:com.google.android.datatransport.runtime.backends.TransportBackendDiscovery, com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService, communityToolkit.maui.media.services, crc64396a3fe5f8138e3f.KeepAliveService, crc6443a168dade9fb7d5.AudioPlaybackService - Receivers:androidx.profileinstaller.ProfileInstallReceiver, com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver, crc640a8d9a12ddbf2cf2.BatteryBroadcastReceiver, crc640a8d9a12ddbf2cf2.EnergySaverBroadcastReceiver, crc6443a168dade9fb7d5.PlaybackActionReceiver, crc64e53d2f592022988e.ConnectivityBroadcastReceiver - Providers:androidx.startup.InitializationProvider, microsoft.maui.essentials.fileProvider, mono.MonoRuntimeProvider ## SDK / Endpoint ### SDK - `firebase` ### Endpoint candidates - http://www.apache.org/licenses/ - http://maven.apache.org/POM/4.0.0 - http://maven.apache.org/maven-v4_0_0.xsd - http://findbugs.sourceforge.net/ - http://www.apache.org/licenses/LICENSE-2.0.txt - https://code.google.com/p/jsr-305/ - https://oss.sonatype.org/ - http://www.apache.org/licenses/LICENSE-2.0 - https://www.apache.org/licenses/LICENSE-2.0.txt - https://github.com/google/gson/pull/2320#issuecomment-1455233938 - https://bnd.bndtools.org/chapters/920-faq.html#remove-unwanted-imports- - https://github.com/moditect/moditect#adding-module-descriptors-to-existing-jar-files - https://github.com/eclipse-m2e/m2e-core/issues/393 - http://maven.apache.org/xsd/maven-4.0.0.xsd - https://issues.apache.org/jira/browse/MCOMPILER-174 - https://errorprone.info/docs/installation#maven - https://github.com/google/guava/ - https://github.com/google/guava - https://issues.apache.org/jira/browse/MJAVADOC-584 - https://stackoverflow.com/a/47891403/28465 - https://issues.apache.org/jira/browse/MJAVADOC-507 - https://javadoc.io/doc/com.google.j2objc/j2objc-annotations/latest/ - https://docs.oracle.com/en/java/javase/21/docs/api/ - https://errorprone.info/api/latest/ - https://jspecify.dev/docs/api/ - https://github.com/google/j2objc/ - http://github.com/google/j2objc - https://www.google.com - https://oss.sonatype.org/content/repositories/snapshots/ - https://oss.sonatype.org/service/local/staging/deploy/maven2/ ## Warnings - apktool manifest decode skipped 19 split APK(s) - binary AndroidManifest.xml decoded with apktool ## 下一步 - 真机/模拟器验证 onboarding、paywall、首个可感知价值和崩溃路径。 - 把 endpoint candidates 与 HAR / MITM / Frida 动态证据对齐,避免只凭静态字符串下结论。 - 多版本对比权限、SDK、endpoint、native libs 和资源路径变化。