# Refoto 状态:active Platform:android Package:com.refoto.aiportrait Version:1.0.0 Opportunity:2026-06-09-refoto-ai-photo-studio ## 摘要 - 包类型:xapk,inner APK 数:20 - 引擎 / 框架:native - SDK 线索:admob, appsflyer, firebase, revenuecat - Endpoint candidates:4 - 结论口径:本报告只基于静态 ZIP / Manifest / 字符串证据;不代表真实运行路径已验证。 ## 直接证据 - [high] Manifest package id is com.refoto.aiportrait(source: `AndroidManifest.xml`,status: `verified`) - [high] Manifest declares 25 permissions(source: `AndroidManifest.xml`,status: `verified`) - [high] Engine/framework markers: native(source: `APK file inventory`,status: `verified`) - [high] Static strings include 4 endpoint candidates(source: `Text/string scan`,status: `verified`) - [high] Package contains 28 native libraries(source: `APK file inventory`,status: `verified`) ## 推断 - [medium] SDK markers suggest: admob, appsflyer, firebase, revenuecat(source: `Manifest, filenames, and text strings`,status: `inferred`) ## 权限和组件 ### 权限 - `android.permission.ACCESS_ADSERVICES_AD_ID` - `android.permission.ACCESS_ADSERVICES_ATTRIBUTION` - `android.permission.ACCESS_ADSERVICES_CUSTOM_AUDIENCE` - `android.permission.ACCESS_ADSERVICES_TOPICS` - `android.permission.ACCESS_NETWORK_STATE` - `android.permission.ACCESS_WIFI_STATE` - `android.permission.CAMERA` - `android.permission.CHANGE_WIFI_STATE` - `android.permission.FOREGROUND_SERVICE` - `android.permission.INTERNET` - `android.permission.POST_NOTIFICATIONS` - `android.permission.READ_EXTERNAL_STORAGE` - `android.permission.READ_MEDIA_IMAGES` - `android.permission.READ_MEDIA_VIDEO` - `android.permission.STORAGE` - `android.permission.VIBRATE` - `android.permission.WAKE_LOCK` - `android.permission.WRITE_EXTERNAL_STORAGE` - `com.android.vending.CHECK_LICENSE` - `com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE` - `com.google.android.gms.permission.AD_ID` - `com.huawei.appmarket.service.commondata.permission.GET_COMMON_DATA` - `com.refoto.aiportrait.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION` - `com.samsung.android.mapsagent.permission.READ_APP_INFO` - `com.vivavideo.mobile.settings.READ` ### 组件 - Activities:com.bytedance.sdk.openadsdk.activity.TTAdActivity, com.bytedance.sdk.openadsdk.activity.TTAppOpenAdActivity, com.bytedance.sdk.openadsdk.activity.TTCeilingLandingPageActivity, com.bytedance.sdk.openadsdk.activity.TTDelegateActivity, com.bytedance.sdk.openadsdk.activity.TTFullScreenExpressVideoActivity, com.bytedance.sdk.openadsdk.activity.TTFullScreenVideoActivity, com.bytedance.sdk.openadsdk.activity.TTInterstitialActivity, com.bytedance.sdk.openadsdk.activity.TTInterstitialExpressActivity, com.bytedance.sdk.openadsdk.activity.TTLandingPageActivity, com.bytedance.sdk.openadsdk.activity.TTPlayableLandingPageActivity, com.bytedance.sdk.openadsdk.activity.TTRewardExpressVideoActivity, com.bytedance.sdk.openadsdk.activity.TTRewardVideoActivity, com.bytedance.sdk.openadsdk.activity.TTVideoLandingPageLink2Activity, com.bytedance.sdk.openadsdk.activity.TTWebsiteActivity, com.facebook.CustomTabActivity, com.facebook.CustomTabMainActivity, com.facebook.FacebookActivity, com.facebook.ads.AudienceNetworkActivity, com.google.android.gms.ads.AdActivity, com.google.android.gms.ads.NotificationHandlerActivity, com.google.android.gms.ads.OutOfContextTestingActivity, com.google.android.gms.common.api.GoogleApiActivity, com.inmobi.ads.rendering.InMobiAdActivity, com.pairip.licensecheck.LicenseActivity, com.quvideo.moblie.component.adclient.act.TempAppOpenAct, com.quvideo.moblie.component.adclient.act.TwinInterAdsActivity, com.refoto.aiportrait.LauncherProxyActivity, com.refoto.aiportrait.MainActivity, com.refoto.picker.GalleryTemplateActivity, com.refoto.picker.RefotoGalleryTemplateActivity, com.secmtp.sdk.basead.ui.ATLandscapeActivity, com.secmtp.sdk.basead.ui.ATLandscapeTranslucentActivity, com.secmtp.sdk.basead.ui.ATPortraitActivity, com.secmtp.sdk.basead.ui.ATPortraitTranslucentActivity, com.secmtp.sdk.basead.ui.RewardExitConfirmDialogActivity, com.secmtp.sdk.basead.ui.activity.ATMixSplashActivity, com.secmtp.sdk.core.activity.ATGdprAuthActivity, com.secmtp.sdk.core.basead.ui.web.WebLandPageActivity, com.secmtp.sdk.expressad.reward.player.ATRewardVideoActivity, com.unity3d.ads.adplayer.FullScreenWebViewDisplay, com.unity3d.services.ads.adunit.AdUnitActivity, com.unity3d.services.ads.adunit.AdUnitSoftwareActivity, com.unity3d.services.ads.adunit.AdUnitTransparentActivity, com.unity3d.services.ads.adunit.AdUnitTransparentSoftwareActivity, com.vivavideo.mobile.h5core.ui.H5Activity, com.vivavideo.mobile.h5core.ui.H5TransActivity, com.vungle.ads.internal.ui.VungleActivity - Services:androidx.room.MultiInstanceInvalidationService, androidx.work.impl.background.systemalarm.SystemAlarmService, androidx.work.impl.background.systemjob.SystemJobService, androidx.work.impl.foreground.SystemForegroundService, com.bytedance.sdk.openadsdk.multipro.aidl.BinderPoolService, com.google.android.datatransport.runtime.backends.TransportBackendDiscovery, com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService, com.google.android.gms.ads.AdService, com.google.android.gms.measurement.AppMeasurementJobService, com.google.android.gms.measurement.AppMeasurementService, com.google.firebase.components.ComponentDiscoveryService, com.liulishuo.filedownloader.services.FileDownloadService$SeparateProcessService, com.liulishuo.filedownloader.services.FileDownloadService$SharedMainProcessService, com.prominent.ffmpeg.server.FFmpegServer - Receivers:androidx.profileinstaller.ProfileInstallReceiver, androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy, androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver, androidx.work.impl.background.systemalarm.RescheduleReceiver, androidx.work.impl.diagnostics.DiagnosticsReceiver, androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver, com.facebook.AuthenticationTokenManager$CurrentAuthenticationTokenChangedBroadcastReceiver, com.facebook.CurrentAccessTokenExpirationBroadcastReceiver, com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver, com.google.android.gms.measurement.AppMeasurementReceiver - Providers:androidx.core.content.FileProvider, androidx.startup.InitializationProvider, com.facebook.FacebookContentProvider, com.facebook.ads.AudienceNetworkContentProvider, com.facebook.internal.FacebookInitProvider, com.google.android.gms.ads.MobileAdsInitProvider, com.google.firebase.provider.FirebaseInitProvider, com.pairip.licensecheck.LicenseContentProvider, com.secmtp.sdk.core.api.ATInitializationProvider, com.squareup.picasso.PicassoProvider, com.tramini.plugin.api.TraminiContentProvider, com.vungle.ads.VungleProvider ## SDK / Endpoint ### SDK - `admob` - `appsflyer` - `firebase` - `revenuecat` ### Endpoint candidates - http://www.apache.org/licenses/ - http://www.apache.org/licenses/LICENSE-2.0 - http://tizen.org/system/model_name - http://tizen.org/feature/platform.version ## Warnings - apktool manifest decode skipped 19 split APK(s) - binary AndroidManifest.xml decoded with apktool ## 下一步 - 真机/模拟器验证 onboarding、paywall、首个可感知价值和崩溃路径。 - 把 endpoint candidates 与 HAR / MITM / Frida 动态证据对齐,避免只凭静态字符串下结论。 - 多版本对比权限、SDK、endpoint、native libs 和资源路径变化。 - 订阅/广告 SDK 线索存在,后续需拆 paywall、free trial、退款和广告频率。