# Receipt Scanner

状态：active
Platform：android
Package：zazmic.at.invoice_parser
Version：1.0.0
Opportunity：2026-06-10-receipt-scanner

## 摘要

- 包类型：xapk，inner APK 数：20
- 引擎 / 框架：flutter
- SDK 线索：firebase
- Endpoint candidates：80
- 结论口径：本报告只基于静态 ZIP / Manifest / 字符串证据；不代表真实运行路径已验证。

## 直接证据

- [high] Manifest package id is zazmic.at.invoice_parser（source: `AndroidManifest.xml`，status: `verified`）
- [high] Manifest declares 18 permissions（source: `AndroidManifest.xml`，status: `verified`）
- [high] Engine/framework markers: flutter（source: `APK file inventory`，status: `verified`）
- [high] Static strings include 80 endpoint candidates（source: `Text/string scan`，status: `verified`）
- [high] Package contains 6 native libraries（source: `APK file inventory`，status: `verified`）

## 推断

- [medium] SDK markers suggest: firebase（source: `Manifest, filenames, and text strings`，status: `inferred`）

## 权限和组件

### 权限

- `android.permission.ACCESS_ADSERVICES_AD_ID`
- `android.permission.ACCESS_ADSERVICES_ATTRIBUTION`
- `android.permission.ACCESS_NETWORK_STATE`
- `android.permission.CAMERA`
- `android.permission.FOREGROUND_SERVICE`
- `android.permission.INTERNET`
- `android.permission.POST_NOTIFICATIONS`
- `android.permission.READ_EXTERNAL_STORAGE`
- `android.permission.RECEIVE_BOOT_COMPLETED`
- `android.permission.RECORD_AUDIO`
- `android.permission.USE_BIOMETRIC`
- `android.permission.USE_FINGERPRINT`
- `android.permission.WAKE_LOCK`
- `android.permission.WRITE_EXTERNAL_STORAGE`
- `com.android.vending.BILLING`
- `com.android.vending.CHECK_LICENSE`
- `com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE`
- `zazmic.at.invoice_parser.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION`

### 组件

- Activities：biz.cunning.cunning_document_scanner.fallback.DocumentScannerActivity, com.android.billingclient.api.ProxyBillingActivity, com.android.billingclient.api.ProxyBillingActivityV2, com.google.android.gms.auth.api.signin.internal.SignInHubActivity, com.google.android.gms.common.api.GoogleApiActivity, com.google.android.play.core.common.PlayCoreDialogWrapperActivity, com.google.mlkit.vision.documentscanner.internal.GmsDocumentScanningDelegateActivity, com.pairip.licensecheck.LicenseActivity, com.yalantis.ucrop.UCropActivity, io.flutter.plugins.urllauncher.WebViewActivity, zazmic.at.invoice_parser.MainActivity
- Services：androidx.camera.core.impl.MetadataHolderService, androidx.room.MultiInstanceInvalidationService, androidx.work.impl.background.systemalarm.SystemAlarmService, androidx.work.impl.background.systemjob.SystemJobService, androidx.work.impl.foreground.SystemForegroundService, com.google.android.datatransport.runtime.backends.TransportBackendDiscovery, com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService, com.google.android.gms.auth.api.signin.RevocationBoundService, com.google.android.gms.measurement.AppMeasurementJobService, com.google.android.gms.measurement.AppMeasurementService, com.google.android.gms.metadata.ModuleDependencies, com.google.firebase.components.ComponentDiscoveryService, com.google.firebase.sessions.SessionLifecycleService, com.google.mlkit.common.internal.MlKitComponentDiscoveryService
- Receivers：androidx.profileinstaller.ProfileInstallReceiver, androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy, androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver, androidx.work.impl.background.systemalarm.RescheduleReceiver, androidx.work.impl.diagnostics.DiagnosticsReceiver, androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver, com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver, com.google.android.gms.measurement.AppMeasurementReceiver, dev.fluttercommunity.plus.share.SharePlusPendingIntent
- Providers：androidx.startup.InitializationProvider, biz.cunning.cunning_document_scanner.fallback.DocumentScannerFileProvider, com.google.firebase.provider.FirebaseInitProvider, com.google.mlkit.common.internal.MlKitInitProvider, dev.fluttercommunity.plus.share.ShareFileProvider, io.flutter.plugins.imagepicker.ImagePickerFileProvider, net.nfet.flutter.printing.PrintFileProvider

## SDK / Endpoint

### SDK

- `firebase`

### Endpoint candidates

- http://www.apache.org/licenses/
- https://stackoverflow.com/questions/28776079/do-let-statements-create-properties-on-the-global-object/28776236#28776236
- https://login.microsoftonline.com/
- https://www.slf4j.org/codes.html#replay :See
- https://www.slf4j.org/codes.html#substituteLogger HSee
- https://www.slf4j.org/codes.html#ignoredBindings
- https://www.slf4j.org/codes.html#loggerNameMismatch
- https://www.slf4j.org/codes.html#multiple_bindings
- https://www.slf4j.org/codes.html#noProviders
- https://www.slf4j.org/codes.html#version_mismatch
- http://apache.org/xml/features/nonvalidating/load-dtd-grammar 
- http://apache.org/xml/features/nonvalidating/load-external-dtd 1http://apache.org/xml/properties/security-manager 7http://javax.xml.XMLConstants/feature/secure-processing 8http://javax.xml.XMLConstants/property/accessExternalDTD ?http%3A%2F%2Fjavax.xml.XMLConstants%2Fproperty%2FaccessExternalStylesheet%00%2Chttp%3A%2F%2Fns.adobe.com%2Fcamera-raw-settings%2F1.0%2F%00=
- http://ns.adobe.com/exif/1.0/ !http://ns.adobe.com/exif/1.0/aux/ 
- http://ns.adobe.com/pdf/1.3/ 
- http://ns.adobe.com/tiff/1.0/ 
- http://ns.adobe.com/xap/1.0/ 
- http://ns.adobe.com/xap/1.0/bj/ 
- http://ns.adobe.com/xap/1.0/mm/ #http://ns.adobe.com/xap/1.0/rights/ !http://ns.adobe.com/xap/1.0/t/pg/ )http://ns.adobe.com/xmp/1.0/DynamicMedia/ ,http://ns.adobe.com/xmp/identifier/qual/1.0/ 
- http://purl.org/dc/elements/1.1/ 
- http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit +http://www.w3.org/1999/02/22-rdf-syntax-ns# 
- https://www.slf4j.org/codes.html#unsuccessfulInit 
- http://ns.adobe.com/photoshop/1.0/ s1x s1xteen s1xty saveByte 
- http://www.apache.org/licenses/LICENSE-2.0
- https://tika.apache.org/
- http://www.isotc211.org/2005/gmd
- http://purl.org/atom/ns
- http://tools.ietf.org/html/rfc7049
- http://docs.oasis-open.org/namespace
- https://tech.ebu.ch/docs/tech/tech3264.pdf
- http://www.digitalpreservation.gov/formats/fdd/fdd000317.shtml
- http://en.wikipedia.org/wiki/Adobe_Illustrator_Artwork
- http://justsolve.archiveteam.org/wiki/Adobe_Illustrator_Artwork
- http://msdn.microsoft.com/en-us/library/windows/hardware/ff549520(v=vs.85).aspx
- http://en.wikipedia.org/wiki/.jar
- https://www.rfc-editor.org/rfc/rfc9239.html#name-text-javascript
- https://www.loc.gov/marc/community/cileader.html
- http://www.iana.org/assignments/media-types/application/msword
- http://en.wikipedia.org/wiki/.doc
- http://en.wikipedia.org/wiki/PDF
- http://www.adobe.com/devnet/pdf/pdf_reference_archive.html

## Warnings

- apktool manifest decode skipped 19 split APK(s)
- binary AndroidManifest.xml decoded with apktool

## 下一步

- 真机/模拟器验证 onboarding、paywall、首个可感知价值和崩溃路径。
- 把 endpoint candidates 与 HAR / MITM / Frida 动态证据对齐，避免只凭静态字符串下结论。
- 多版本对比权限、SDK、endpoint、native libs 和资源路径变化。