# Man VPN 状态:active Platform:android Package:de.forman.vpn Version:1 Opportunity:2026-06-10-man-vpn-secure-vpn-proxy ## 摘要 - 包类型:xapk,inner APK 数:20 - 引擎 / 框架:native - SDK 线索:admob, firebase - Endpoint candidates:12 - 结论口径:本报告只基于静态 ZIP / Manifest / 字符串证据;不代表真实运行路径已验证。 ## 直接证据 - [high] Manifest package id is de.forman.vpn(source: `AndroidManifest.xml`,status: `verified`) - [high] Manifest declares 16 permissions(source: `AndroidManifest.xml`,status: `verified`) - [high] Engine/framework markers: native(source: `APK file inventory`,status: `verified`) - [high] Static strings include 12 endpoint candidates(source: `Text/string scan`,status: `verified`) - [high] Package contains 14 native libraries(source: `APK file inventory`,status: `verified`) ## 推断 - [medium] SDK markers suggest: admob, firebase(source: `Manifest, filenames, and text strings`,status: `inferred`) ## 权限和组件 ### 权限 - `android.permission.ACCESS_ADSERVICES_AD_ID` - `android.permission.ACCESS_ADSERVICES_ATTRIBUTION` - `android.permission.ACCESS_ADSERVICES_TOPICS` - `android.permission.ACCESS_NETWORK_STATE` - `android.permission.ACCESS_WIFI_STATE` - `android.permission.CHANGE_NETWORK_STATE` - `android.permission.FOREGROUND_SERVICE` - `android.permission.FOREGROUND_SERVICE_SPECIAL_USE` - `android.permission.INTERNET` - `android.permission.POST_NOTIFICATIONS` - `android.permission.VIBRATE` - `android.permission.WAKE_LOCK` - `com.android.vending.CHECK_LICENSE` - `com.google.android.c2dm.permission.RECEIVE` - `com.google.android.gms.permission.AD_ID` - `de.forman.vpn.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION` ### 组件 - Activities:com.chartboost.sdk.internal.clickthrough.EmbeddedBrowserActivity, com.chartboost.sdk.view.CBImpressionActivity, com.fyber.inneractive.sdk.activities.FyberReportAdActivity, com.fyber.inneractive.sdk.activities.InneractiveFullscreenAdActivity, com.fyber.inneractive.sdk.activities.InneractiveInternalBrowserActivity, com.fyber.inneractive.sdk.activities.InneractiveRichMediaVideoPlayerActivityCore, com.fyber.inneractive.sdk.activities.InternalStoreWebpageActivity, com.google.android.gms.ads.AdActivity, com.google.android.gms.ads.NotificationHandlerActivity, com.google.android.gms.ads.OutOfContextTestingActivity, com.google.android.gms.auth.api.signin.internal.SignInHubActivity, com.google.android.gms.common.api.GoogleApiActivity, com.google.android.play.core.common.PlayCoreDialogWrapperActivity, com.inmobi.ads.rendering.InMobiAdActivity, com.mbridge.msdk.activity.MBCommonActivity, com.mbridge.msdk.newreward.player.MBRewardVideoActivity, com.mbridge.msdk.out.LoadingActivity, com.mbridge.msdk.reward.player.MBRewardVideoActivity, com.pairip.licensecheck.LicenseActivity, com.vungle.ads.internal.ui.VungleActivity, de.hydragreatvpn.free.activity.MainActivity, de.hydragreatvpn.free.activity.OnConnectedActivityNew, de.hydragreatvpn.free.activity.OnConnectedActivty, de.hydragreatvpn.free.activity.RewardActivity, de.hydragreatvpn.free.activity.ServerAcitivty, de.hydragreatvpn.free.activity.Sharing, de.hydragreatvpn.free.activity.VpnDialog - Services:androidx.room.MultiInstanceInvalidationService, androidx.work.impl.background.systemalarm.SystemAlarmService, androidx.work.impl.background.systemjob.SystemJobService, androidx.work.impl.foreground.SystemForegroundService, com.chartboost.sdk.internal.video.repository.exoplayer.VideoRepositoryDownloadService, com.flurry.service.dev.npn.TunnelVpnService, com.flurry.service.notificationChannelSocks, com.google.android.datatransport.runtime.backends.TransportBackendDiscovery, com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService, com.google.android.gms.ads.AdService, com.google.android.gms.auth.api.signin.RevocationBoundService, com.google.firebase.components.ComponentDiscoveryService, com.google.firebase.messaging.FirebaseMessagingService, com.v2ray.ang.service.V2RayProxyOnlyService, com.v2ray.ang.service.V2RayTestService, com.v2ray.ang.service.V2RayVpnService, de.blinkt.openvpn.core.OpenVPNService, de.hydragreatvpn.free.Tool.FirebaseMessagingService, de.hydragreatvpn.free.Tool.LighteningService - Receivers:androidx.profileinstaller.ProfileInstallReceiver, androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy, androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver, androidx.work.impl.background.systemalarm.RescheduleReceiver, androidx.work.impl.diagnostics.DiagnosticsReceiver, androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver, com.flurry.service.MainReceiver, com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver, com.google.firebase.iid.FirebaseInstanceIdReceiver, com.mbridge.msdk.foundation.same.broadcast.NetWorkChangeReceiver, com.v2ray.ang.receiver.TaskerReceiver, de.hydragreatvpn.free.Api.ConnectionState - Providers:androidx.startup.InitializationProvider, com.google.android.gms.ads.MobileAdsInitProvider, com.google.firebase.provider.FirebaseInitProvider, com.pairip.licensecheck.LicenseContentProvider, com.squareup.picasso.PicassoProvider, com.vungle.ads.VungleProvider ## SDK / Endpoint ### SDK - `admob` - `firebase` ### Endpoint candidates - http://www.apache.org/licenses/ - https://github.com/ReactiveX/RxJava.git - http://www.jacoco.org/jacoco - http://source.android.com - https://github.com/google/gson - http://kotlinlang.org/ - https://github.com/orhanobut/logger - https://github.com/square/leakcanary - https://github.com/tbruyelle/RxPermissions - http://tizen.org/system/model_name - http://tizen.org/feature/platform.version - https://fonts.googleapis.com/css?family=Roboto%3A300&display=swap%5C ## Warnings - apktool manifest decode skipped 19 split APK(s) - binary AndroidManifest.xml decoded with apktool ## 下一步 - 真机/模拟器验证 onboarding、paywall、首个可感知价值和崩溃路径。 - 把 endpoint candidates 与 HAR / MITM / Frida 动态证据对齐,避免只凭静态字符串下结论。 - 多版本对比权限、SDK、endpoint、native libs 和资源路径变化。 - 订阅/广告 SDK 线索存在,后续需拆 paywall、free trial、退款和广告频率。