# Plant Identifier 状态:active Platform:android Package:com.ai.plant_identifier Version:1.1.2 Opportunity:2026-06-10-plant-identifier-plant-scanner ## 摘要 - 包类型:xapk,inner APK 数:5 - 引擎 / 框架:flutter - SDK 线索:firebase - Endpoint candidates:2 - 结论口径:本报告只基于静态 ZIP / Manifest / 字符串证据;不代表真实运行路径已验证。 ## 直接证据 - [high] Manifest package id is com.ai.plant_identifier(source: `AndroidManifest.xml`,status: `verified`) - [high] Manifest declares 11 permissions(source: `AndroidManifest.xml`,status: `verified`) - [high] Engine/framework markers: flutter(source: `APK file inventory`,status: `verified`) - [high] Static strings include 2 endpoint candidates(source: `Text/string scan`,status: `verified`) - [high] Package contains 3 native libraries(source: `APK file inventory`,status: `verified`) ## 推断 - [medium] SDK markers suggest: firebase(source: `Manifest, filenames, and text strings`,status: `inferred`) ## 权限和组件 ### 权限 - `android.permission.ACCESS_ADSERVICES_AD_ID` - `android.permission.ACCESS_ADSERVICES_ATTRIBUTION` - `android.permission.ACCESS_NETWORK_STATE` - `android.permission.INTERNET` - `android.permission.WAKE_LOCK` - `com.ai.plant_identifier.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION` - `com.android.vending.BILLING` - `com.android.vending.CHECK_LICENSE` - `com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE` - `com.google.android.gms.permission.AD_ID` - `com.google.android.providers.gsf.permission.READ_GSERVICES` ### 组件 - Activities:androidx.credentials.playservices.HiddenActivity, com.ai.plant_identifier.MainActivity, com.android.billingclient.api.ProxyBillingActivity, com.android.billingclient.api.ProxyBillingActivityV2, com.google.android.gms.auth.api.signin.internal.SignInHubActivity, com.google.android.gms.common.api.GoogleApiActivity, com.google.android.play.core.common.PlayCoreDialogWrapperActivity, com.google.firebase.auth.internal.GenericIdpActivity, com.google.firebase.auth.internal.RecaptchaActivity, com.pairip.licensecheck.LicenseActivity, com.revenuecat.purchases.amazon.purchasing.ProxyAmazonBillingActivity, com.yalantis.ucrop.UCropActivity, io.flutter.plugins.urllauncher.WebViewActivity - Services:androidx.credentials.playservices.CredentialProviderMetadataHolder, com.google.android.datatransport.runtime.backends.TransportBackendDiscovery, com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService, com.google.android.gms.auth.api.signin.RevocationBoundService, com.google.android.gms.measurement.AppMeasurementJobService, com.google.android.gms.measurement.AppMeasurementService, com.google.android.gms.metadata.ModuleDependencies, com.google.firebase.components.ComponentDiscoveryService, com.google.firebase.sessions.SessionLifecycleService - Receivers:androidx.profileinstaller.ProfileInstallReceiver, com.amazon.device.iap.ResponseReceiver, com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver, com.google.android.gms.measurement.AppMeasurementReceiver, dev.fluttercommunity.plus.share.SharePlusPendingIntent - Providers:androidx.startup.InitializationProvider, com.google.firebase.provider.FirebaseInitProvider, com.pairip.licensecheck.LicenseContentProvider, dev.fluttercommunity.plus.share.ShareFileProvider, io.flutter.plugins.imagepicker.ImagePickerFileProvider ## SDK / Endpoint ### SDK - `firebase` ### Endpoint candidates - http://www.apache.org/licenses/ - http://www.apache.org/licenses/LICENSE-2.0 ## Warnings - apktool manifest decode skipped 4 split APK(s) - binary AndroidManifest.xml decoded with apktool ## 下一步 - 真机/模拟器验证 onboarding、paywall、首个可感知价值和崩溃路径。 - 把 endpoint candidates 与 HAR / MITM / Frida 动态证据对齐,避免只凭静态字符串下结论。 - 多版本对比权限、SDK、endpoint、native libs 和资源路径变化。