# Proton Authenticator

状态：active
Platform：android
Package：proton.android.authenticator
Version：1.3.7
Opportunity：2026-06-10-proton-authenticator

## 摘要

- 包类型：xapk，inner APK 数：20
- 引擎 / 框架：native
- SDK 线索：未发现
- Endpoint candidates：50
- 结论口径：本报告只基于静态 ZIP / Manifest / 字符串证据；不代表真实运行路径已验证。

## 直接证据

- [high] Manifest package id is proton.android.authenticator（source: `AndroidManifest.xml`，status: `verified`）
- [high] Manifest declares 10 permissions（source: `AndroidManifest.xml`，status: `verified`）
- [high] Engine/framework markers: native（source: `APK file inventory`，status: `verified`）
- [high] Static strings include 50 endpoint candidates（source: `Text/string scan`，status: `verified`）
- [high] Package contains 7 native libraries（source: `APK file inventory`，status: `verified`）

## 推断

- 暂无推断；等待动态分析或人工验证。

## 权限和组件

### 权限

- `android.permission.ACCESS_NETWORK_STATE`
- `android.permission.CAMERA`
- `android.permission.FOREGROUND_SERVICE`
- `android.permission.INTERNET`
- `android.permission.POST_NOTIFICATIONS`
- `android.permission.RECEIVE_BOOT_COMPLETED`
- `android.permission.USE_BIOMETRIC`
- `android.permission.USE_FINGERPRINT`
- `android.permission.WAKE_LOCK`
- `proton.android.authenticator.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION`

### 组件

- Activities：com.google.android.gms.common.api.GoogleApiActivity, com.google.android.play.core.common.PlayCoreDialogWrapperActivity, com.journeyapps.barcodescanner.CaptureActivity, me.proton.core.accountmanager.presentation.compose.SignOutDialogActivity, me.proton.core.accountrecovery.presentation.compose.ui.AccountRecoveryDialogActivity, me.proton.core.accountrecovery.presentation.compose.ui.PasswordResetDialogActivity, me.proton.core.auth.presentation.ui.AddAccountActivity, me.proton.core.auth.presentation.ui.AuthHelpActivity, me.proton.core.auth.presentation.ui.ChooseAddressActivity, me.proton.core.auth.presentation.ui.ConfirmPasswordActivity, me.proton.core.auth.presentation.ui.DeviceApprovalActivity, me.proton.core.auth.presentation.ui.DeviceSecretActivity, me.proton.core.auth.presentation.ui.LoginActivity, me.proton.core.auth.presentation.ui.LoginSsoActivity, me.proton.core.auth.presentation.ui.LoginTwoStepActivity, me.proton.core.auth.presentation.ui.SecondFactorActivity, me.proton.core.auth.presentation.ui.TwoPassModeActivity, me.proton.core.auth.presentation.ui.signup.SignupActivity, me.proton.core.devicemigration.presentation.DeviceMigrationActivity, me.proton.core.devicemigration.presentation.TargetDeviceMigrationActivity, me.proton.core.devicemigration.presentation.qr.EdmQrCaptureActivity, me.proton.core.humanverification.presentation.ui.HumanVerificationActivity, me.proton.core.network.presentation.ui.ProtonWebViewActivity, me.proton.core.notification.presentation.ui.NotificationPermissionActivity, me.proton.core.payment.presentation.ui.BillingActivity, me.proton.core.payment.presentation.ui.PaymentOptionsActivity, me.proton.core.payment.presentation.ui.PaymentTokenApprovalActivity, me.proton.core.plan.presentation.ui.DynamicSelectPlanActivity, me.proton.core.plan.presentation.ui.DynamicUpgradePlanActivity, me.proton.core.plan.presentation.ui.UnredeemedPurchaseActivity, me.proton.core.presentation.ui.alert.ForceUpdateActivity, me.proton.core.report.presentation.ui.BugReportActivity, me.proton.core.userrecovery.presentation.compose.DeviceRecoveryDialogActivity, me.proton.core.usersettings.presentation.ui.PasswordManagementActivity, me.proton.core.usersettings.presentation.ui.SecurityKeysActivity, me.proton.core.usersettings.presentation.ui.TwoFaInputActivity, me.proton.core.usersettings.presentation.ui.UpdateRecoveryEmailActivity, proton.android.authenticator.app.ui.MainActivity
- Services：androidx.camera.core.impl.MetadataHolderService, androidx.room.MultiInstanceInvalidationService, androidx.work.impl.background.systemalarm.SystemAlarmService, androidx.work.impl.background.systemjob.SystemJobService, androidx.work.impl.foreground.SystemForegroundService
- Receivers：androidx.profileinstaller.ProfileInstallReceiver, androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy, androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver, androidx.work.impl.background.systemalarm.RescheduleReceiver, androidx.work.impl.diagnostics.DiagnosticsReceiver, androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver, me.proton.core.notification.presentation.deeplink.DeeplinkBroadcastReceiver
- Providers：androidx.core.content.FileProvider, androidx.startup.InitializationProvider, io.sentry.android.core.SentryInitProvider, io.sentry.android.core.SentryPerformanceProvider

## SDK / Endpoint

### SDK

- 未发现

### Endpoint candidates

- http://www.apache.org/licenses/
- https://ct.googleapis.com/logs/us1/argon2024/
- https://ct.googleapis.com/logs/us1/argon2025h1/
- https://ct.googleapis.com/logs/us1/argon2025h2/
- https://ct.googleapis.com/logs/us1/argon2026h1/
- https://ct.googleapis.com/logs/us1/argon2026h2/
- https://ct.googleapis.com/logs/eu1/xenon2024/
- https://ct.googleapis.com/logs/eu1/xenon2025h1/
- https://ct.googleapis.com/logs/eu1/xenon2025h2/
- https://ct.googleapis.com/logs/eu1/xenon2026h1/
- https://ct.googleapis.com/logs/eu1/xenon2026h2/
- https://ct.cloudflare.com/logs/nimbus2024/
- https://ct.cloudflare.com/logs/nimbus2025/
- https://ct.cloudflare.com/logs/nimbus2026/
- https://yeti2024.ct.digicert.com/log/
- https://yeti2025.ct.digicert.com/log/
- https://nessie2024.ct.digicert.com/log/
- https://nessie2025.ct.digicert.com/log/
- https://wyvern.ct.digicert.com/2024h2/
- https://wyvern.ct.digicert.com/2025h1/
- https://wyvern.ct.digicert.com/2025h2/
- https://wyvern.ct.digicert.com/2026h1/
- https://wyvern.ct.digicert.com/2026h2/
- https://sphinx.ct.digicert.com/2024h2/
- https://sphinx.ct.digicert.com/2025h1/
- https://sphinx.ct.digicert.com/2025h2/
- https://sphinx.ct.digicert.com/2026h1/
- https://sphinx.ct.digicert.com/2026h2/
- https://sabre.ct.comodo.com/
- https://sabre2024h2.ct.sectigo.com/
- https://sabre2025h1.ct.sectigo.com/
- https://sabre2025h2.ct.sectigo.com/
- https://mammoth2024h2.ct.sectigo.com/
- https://mammoth2025h1.ct.sectigo.com/
- https://mammoth2025h2.ct.sectigo.com/
- https://mammoth2026h1.ct.sectigo.com/
- https://mammoth2026h2.ct.sectigo.com/
- https://sabre2026h1.ct.sectigo.com/
- https://sabre2026h2.ct.sectigo.com/
- https://oak.ct.letsencrypt.org/2024h2/

## Warnings

- apktool manifest decode skipped 19 split APK(s)
- binary AndroidManifest.xml decoded with apktool

## 下一步

- 真机/模拟器验证 onboarding、paywall、首个可感知价值和崩溃路径。
- 把 endpoint candidates 与 HAR / MITM / Frida 动态证据对齐，避免只凭静态字符串下结论。
- 多版本对比权限、SDK、endpoint、native libs 和资源路径变化。