# Cleaner & Antivirus 状态:active Platform:android Package:antivirus.virus.cleaner.clean.vpn.booster Version:3.5.2 Opportunity:2026-06-10-cleaner-antivirus-vpn-cleaner ## 摘要 - 包类型:xapk,inner APK 数:3 - 引擎 / 框架:native - SDK 线索:admob, firebase - Endpoint candidates:80 - 结论口径:本报告只基于静态 ZIP / Manifest / 字符串证据;不代表真实运行路径已验证。 ## 直接证据 - [high] Manifest package id is antivirus.virus.cleaner.clean.vpn.booster(source: `AndroidManifest.xml`,status: `verified`) - [high] Manifest declares 42 permissions(source: `AndroidManifest.xml`,status: `verified`) - [high] Engine/framework markers: native(source: `APK file inventory`,status: `verified`) - [high] Static strings include 80 endpoint candidates(source: `Text/string scan`,status: `verified`) - [high] Package contains 5 native libraries(source: `APK file inventory`,status: `verified`) ## 推断 - [medium] SDK markers suggest: admob, firebase(source: `Manifest, filenames, and text strings`,status: `inferred`) ## 权限和组件 ### 权限 - `android.permission.ACCESS_ADSERVICES_AD_ID` - `android.permission.ACCESS_ADSERVICES_ATTRIBUTION` - `android.permission.ACCESS_ADSERVICES_TOPICS` - `android.permission.ACCESS_NETWORK_STATE` - `android.permission.ACCESS_NOTIFICATION_POLICY` - `android.permission.ACCESS_WIFI_STATE` - `android.permission.ACTION_MANAGE_OVERLAY_PERMISSION` - `android.permission.BLUETOOTH` - `android.permission.BLUETOOTH_ADMIN` - `android.permission.CHANGE_NETWORK_STATE` - `android.permission.CHANGE_WIFI_STATE` - `android.permission.FOREGROUND_SERVICE` - `android.permission.FOREGROUND_SERVICE_DATA_SYNC` - `android.permission.FOREGROUND_SERVICE_SPECIAL_USE` - `android.permission.GET_PACKAGE_SIZE` - `android.permission.INTERNET` - `android.permission.KILL_BACKGROUND_PROCESSES` - `android.permission.MANAGE_EXTERNAL_STORAGE` - `android.permission.PACKAGE_USAGE_STATS` - `android.permission.POST_NOTIFICATIONS` - `android.permission.QUERY_ALL_PACKAGES` - `android.permission.READ_EXTERNAL_STORAGE` - `android.permission.READ_SYNC_SETTINGS` - `android.permission.RECEIVE_BOOT_COMPLETED` - `android.permission.REQUEST_DELETE_PACKAGES` - `android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS` - `android.permission.REQUEST_INSTALL_PACKAGES` - `android.permission.SYSTEM_ALERT_WINDOW` - `android.permission.USE_BIOMETRIC` - `android.permission.USE_FINGERPRINT` - `android.permission.VIBRATE` - `android.permission.WAKE_LOCK` - `android.permission.WRITE_EXTERNAL_STORAGE` - `android.permission.WRITE_SETTINGS` - `android.permission.WRITE_SYNC_SETTINGS` - `antivirus.virus.cleaner.clean.vpn.booster.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION` - `com.android.vending.BILLING` - `com.android.vending.CHECK_LICENSE` - `com.google.android.c2dm.permission.RECEIVE` - `com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE` ### 组件 - Activities:code.ui.discount_premium.DiscountPremiumActivity, code.ui.fake_custom_notification.FakeCustomNotificationActivity, code.ui.main.MainActivity, code.ui.main_more._common.image_viewer.ImageViewerActivity, code.ui.main_more.settings.manage_app_data.ManageAppDataActivity, code.ui.main_protection.lock.LockActivity, code.ui.main_protection.lock.TransparentFingerprintActivity, code.ui.main_protection.lock.create_or_change.CreateOrChangeKeyActivity, code.ui.main_protection.lock.restore_password.RestorePasswordActivity, code.ui.splash.SplashActivity, com.android.billingclient.api.ProxyBillingActivity, com.android.billingclient.api.ProxyBillingActivityV2, com.google.android.gms.ads.AdActivity, com.google.android.gms.ads.NotificationHandlerActivity, com.google.android.gms.ads.OutOfContextTestingActivity, com.google.android.gms.common.api.GoogleApiActivity, com.pairip.licensecheck.LicenseActivity, com.stolitomson.permissions_manager.activities.PipHintAccessibilityActivity, com.stolitomson.permissions_manager.activities.PipHintAccessibilityRestartActivity, com.yandex.mobile.ads.common.AdActivity, com.yandex.mobile.ads.features.debugpanel.ui.IntegrationInspectorActivity - Services:androidx.appcompat.app.AppLocalesMetadataHolderService, androidx.room.MultiInstanceInvalidationService, androidx.work.impl.background.systemalarm.SystemAlarmService, androidx.work.impl.background.systemjob.SystemJobService, androidx.work.impl.foreground.SystemForegroundService, code.jobs.services.CustomVpnService, code.jobs.services.LockAppUsageStatsService, code.jobs.services.ManualStopAppService, code.jobs.services.MyFirebaseMessagingService, code.jobs.services.UpdateConfigBackgroundService, code.jobs.services.WebServerService, com.google.android.datatransport.runtime.backends.TransportBackendDiscovery, com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService, com.google.android.gms.ads.AdService, com.google.android.gms.measurement.AppMeasurementJobService, com.google.android.gms.measurement.AppMeasurementService, com.google.firebase.components.ComponentDiscoveryService, com.google.firebase.messaging.FirebaseMessagingService, com.google.firebase.sessions.SessionLifecycleService, com.stolitomson.clear_cache_accessibility_service.ClearCacheAccessibilityService, com.stolitomson.permissions_manager.services.CheckPermissionsService, com.stolitomson.permissions_manager.services.OverlayViewService, com.tim.singBox.service.VPNService, com.trustlook.sdk.job.TlJobService, io.appmetrica.analytics.internal.AppMetricaService - Receivers:androidx.profileinstaller.ProfileInstallReceiver, androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy, androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver, androidx.work.impl.background.systemalarm.RescheduleReceiver, androidx.work.impl.diagnostics.DiagnosticsReceiver, androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver, code.jobs.receivers.BatteryChangeReceiver, code.jobs.receivers.BatteryScheduleModeReceiver, code.jobs.receivers.InstallAndUninstallAppsBroadcastReceiver, code.jobs.receivers.ManualStopAppBroadcastReceiver, code.jobs.receivers.NotificationDismissReceiver, code.jobs.receivers.NotificationShowLogicReceiver, code.jobs.receivers.PowerConnectStateChangeReceiver, code.jobs.receivers.PushNotificationReceiver, code.jobs.receivers.ShowFindingVirusAppReceiver, code.jobs.receivers.ShowResultThreatScanRealTimeProtectionReceiver, code.jobs.receivers.WakeUpReceiver, com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver, com.google.android.gms.measurement.AppMeasurementReceiver, com.google.firebase.iid.FirebaseInstanceIdReceiver - Providers:androidx.core.content.FileProvider, androidx.startup.InitializationProvider, code.data.providers.ForegroundStateContentProvider, com.google.android.gms.ads.MobileAdsInitProvider, com.google.firebase.provider.FirebaseInitProvider, com.pairip.licensecheck.LicenseContentProvider, com.yandex.mobile.ads.core.initializer.MobileAdsInitializeProvider, com.yandex.mobile.ads.features.debugpanel.data.local.DebugPanelFileProvider, io.appmetrica.analytics.internal.PreloadInfoContentProvider ## SDK / Endpoint ### SDK - `admob` - `firebase` ### Endpoint candidates - http://www.apache.org/licenses/ - https://github.com/ReactiveX/RxJava.git - https://github.com/joni2back/angular-filemanager - https://github.com/joni2back/angular-filemanager/blob/master/LICENSE - http://angularjs.org - http://errors.angularjs.org/1.6.9/ - http://angular-translate.github.io/docs/#/guide/19_security - https://docs.angularjs.org/api/ngSanitize - https://github.com/angular/angular.js/commit/8863b9d04c722b278fa93c5d66ad1e578ad6eb1f - http://getbootstrap.com - https://registry.npmjs.org/acorn/-/acorn-5.2.1.tgz - https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-3.0.1.tgz - https://registry.npmjs.org/acorn/-/acorn-3.3.0.tgz - https://registry.npmjs.org/ajv/-/ajv-4.11.8.tgz - https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-1.5.1.tgz - https://registry.npmjs.org/angular/-/angular-1.6.7.tgz - https://registry.npmjs.org/angular-translate/-/angular-translate-2.15.2.tgz - https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-1.4.0.tgz - https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz - https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz - https://registry.npmjs.org/archy/-/archy-1.0.0.tgz - https://registry.npmjs.org/argparse/-/argparse-1.0.9.tgz - https://registry.npmjs.org/arr-diff/-/arr-diff-2.0.0.tgz - https://registry.npmjs.org/arr-flatten/-/arr-flatten-1.1.0.tgz - https://registry.npmjs.org/array-differ/-/array-differ-1.0.0.tgz - https://registry.npmjs.org/array-each/-/array-each-1.0.1.tgz - https://registry.npmjs.org/array-find-index/-/array-find-index-1.0.2.tgz - https://registry.npmjs.org/array-slice/-/array-slice-1.1.0.tgz - https://registry.npmjs.org/array-union/-/array-union-1.0.2.tgz - https://registry.npmjs.org/array-uniq/-/array-uniq-1.0.3.tgz - https://registry.npmjs.org/array-unique/-/array-unique-0.2.1.tgz - https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz - https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz - https://registry.npmjs.org/beeper/-/beeper-1.1.1.tgz - https://registry.npmjs.org/bootstrap/-/bootstrap-3.3.7.tgz - https://registry.npmjs.org/bootswatch/-/bootswatch-3.3.7.tgz - https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.8.tgz - https://registry.npmjs.org/braces/-/braces-1.8.5.tgz - https://registry.npmjs.org/bufferstreams/-/bufferstreams-1.1.2.tgz - https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz ## Warnings - apktool manifest decode skipped 2 split APK(s) - binary AndroidManifest.xml decoded with apktool ## 下一步 - 真机/模拟器验证 onboarding、paywall、首个可感知价值和崩溃路径。 - 把 endpoint candidates 与 HAR / MITM / Frida 动态证据对齐,避免只凭静态字符串下结论。 - 多版本对比权限、SDK、endpoint、native libs 和资源路径变化。 - 订阅/广告 SDK 线索存在,后续需拆 paywall、free trial、退款和广告频率。