# Skylight 状态:active Platform:android Package:com.skylightframe.mobile Version:2.10.0 Opportunity:2026-06-10-skylight-app ## 摘要 - 包类型:xapk,inner APK 数:4 - 引擎 / 框架:react_native - SDK 线索:appsflyer, facebook, firebase, onesignal, react_native, revenuecat - Endpoint candidates:39 - 结论口径:本报告只基于静态 ZIP / Manifest / 字符串证据;不代表真实运行路径已验证。 ## 直接证据 - [high] Manifest package id is com.skylightframe.mobile(source: `AndroidManifest.xml`,status: `verified`) - [high] Manifest declares 55 permissions(source: `AndroidManifest.xml`,status: `verified`) - [high] Engine/framework markers: react_native(source: `APK file inventory`,status: `verified`) - [high] Static strings include 39 endpoint candidates(source: `Text/string scan`,status: `verified`) - [high] Package contains 39 native libraries(source: `APK file inventory`,status: `verified`) ## 推断 - [medium] SDK markers suggest: appsflyer, facebook, firebase, onesignal, react_native, revenuecat(source: `Manifest, filenames, and text strings`,status: `inferred`) ## 权限和组件 ### 权限 - `android.permission.ACCESS_ADSERVICES_ATTRIBUTION` - `android.permission.ACCESS_COARSE_LOCATION` - `android.permission.ACCESS_FINE_LOCATION` - `android.permission.ACCESS_MEDIA_LOCATION` - `android.permission.ACCESS_NETWORK_STATE` - `android.permission.ACCESS_NOTIFICATION_POLICY` - `android.permission.ACCESS_WIFI_STATE` - `android.permission.BROADCAST_CLOSE_SYSTEM_DIALOGS` - `android.permission.CAMERA` - `android.permission.CHANGE_NETWORK_STATE` - `android.permission.DOWNLOAD_WITHOUT_NOTIFICATION` - `android.permission.FOREGROUND_SERVICE` - `android.permission.INTERNET` - `android.permission.MODIFY_AUDIO_SETTINGS` - `android.permission.POST_NOTIFICATIONS` - `android.permission.READ_APP_BADGE` - `android.permission.READ_CALENDAR` - `android.permission.READ_CONTACTS` - `android.permission.READ_EXTERNAL_STORAGE` - `android.permission.READ_MEDIA_IMAGES` - `android.permission.READ_MEDIA_VIDEO` - `android.permission.READ_MEDIA_VISUAL_USER_SELECTED` - `android.permission.READ_PHONE_STATE` - `android.permission.RECEIVE_BOOT_COMPLETED` - `android.permission.RECORD_AUDIO` - `android.permission.SCHEDULE_EXACT_ALARM` - `android.permission.SYSTEM_ALERT_WINDOW` - `android.permission.VIBRATE` - `android.permission.WAKE_LOCK` - `android.permission.WRITE_CALENDAR` - `android.permission.WRITE_EXTERNAL_STORAGE` - `android.permission.WRITE_SETTINGS` - `com.anddoes.launcher.permission.UPDATE_COUNT` - `com.android.vending.BILLING` - `com.google.android.c2dm.permission.RECEIVE` - `com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE` - `com.google.android.gms.permission.AD_ID` - `com.htc.launcher.permission.READ_SETTINGS` - `com.htc.launcher.permission.UPDATE_SHORTCUT` - `com.huawei.android.launcher.permission.CHANGE_BADGE` ### 组件 - Activities:app.notifee.core.NotificationReceiverActivity, com.android.billingclient.api.ProxyBillingActivity, com.android.billingclient.api.ProxyBillingActivityV2, com.canhub.cropper.CropImageActivity, com.facebook.react.devsupport.DevSettingsActivity, com.google.android.gms.auth.api.signin.internal.SignInHubActivity, com.google.android.gms.common.api.GoogleApiActivity, com.google.android.play.core.common.PlayCoreDialogWrapperActivity, com.google.mlkit.vision.codescanner.internal.GmsBarcodeScanningDelegateActivity, com.onesignal.NotificationOpenedActivityHMS, com.onesignal.core.activities.PermissionsActivity, com.onesignal.notifications.activities.NotificationOpenedActivity, com.onesignal.notifications.activities.NotificationOpenedActivityAndroid22AndOlder, com.reactnativestripesdk.CustomPaymentMethodActivity, com.skylightframe.mobile.presentation.MainActivity, com.skylightframe.mobile.presentation.share.ShareActivity, com.skylightframe.mobile.presentation.widgets.configuration.WidgetConfigurationActivity, com.stripe.android.attestation.AttestationActivity, com.stripe.android.challenge.confirmation.IntentConfirmationChallengeActivity, com.stripe.android.challenge.passive.PassiveChallengeActivity, com.stripe.android.challenge.passive.warmer.activity.PassiveChallengeWarmerActivity, com.stripe.android.customersheet.CustomerSheetActivity, com.stripe.android.financialconnections.FinancialConnectionsSheetActivity, com.stripe.android.financialconnections.FinancialConnectionsSheetRedirectActivity, com.stripe.android.financialconnections.lite.FinancialConnectionsSheetLiteActivity, com.stripe.android.financialconnections.lite.FinancialConnectionsSheetLiteRedirectActivity, com.stripe.android.financialconnections.ui.FinancialConnectionsSheetNativeActivity, com.stripe.android.googlepaylauncher.GooglePayLauncherActivity, com.stripe.android.googlepaylauncher.GooglePayPaymentMethodLauncherActivity, com.stripe.android.link.LinkActivity, com.stripe.android.link.LinkForegroundActivity, com.stripe.android.link.LinkRedirectHandlerActivity, com.stripe.android.paymentelement.confirmation.cpms.CustomPaymentMethodProxyActivity, com.stripe.android.paymentelement.embedded.form.FormActivity, com.stripe.android.paymentelement.embedded.manage.ManageActivity, com.stripe.android.payments.StripeBrowserLauncherActivity, com.stripe.android.payments.StripeBrowserProxyReturnActivity, com.stripe.android.payments.bankaccount.ui.CollectBankAccountActivity, com.stripe.android.payments.core.authentication.threeds2.Stripe3ds2TransactionActivity, com.stripe.android.payments.paymentlauncher.PaymentLauncherConfirmationActivity, com.stripe.android.paymentsheet.ExternalPaymentMethodProxyActivity, com.stripe.android.paymentsheet.PaymentOptionsActivity, com.stripe.android.paymentsheet.PaymentSheetActivity, com.stripe.android.paymentsheet.addresselement.AddressElementActivity, com.stripe.android.paymentsheet.addresselement.AutocompleteActivity, com.stripe.android.paymentsheet.paymentdatacollection.bacs.BacsMandateConfirmationActivity, com.stripe.android.paymentsheet.paymentdatacollection.cvcrecollection.CvcRecollectionActivity, com.stripe.android.paymentsheet.paymentdatacollection.polling.PollingActivity, com.stripe.android.paymentsheet.ui.SepaMandateActivity, com.stripe.android.shoppay.ShopPayActivity, com.stripe.android.stripe3ds2.views.ChallengeActivity, com.stripe.android.view.PaymentAuthWebViewActivity, com.stripe.android.view.PaymentRelayActivity, com.yalantis.ucrop.UCropActivity, expo.modules.imagepicker.ExpoCropImageActivity, expo.modules.video.FullscreenPlayerActivity, expo.modules.webbrowser.BrowserProxyActivity - Services:androidx.camera.core.impl.MetadataHolderService, androidx.room.MultiInstanceInvalidationService, androidx.work.impl.background.systemalarm.SystemAlarmService, androidx.work.impl.background.systemjob.SystemJobService, androidx.work.impl.foreground.SystemForegroundService, app.notifee.core.ForegroundService, app.notifee.core.ReceiverService, com.google.android.datatransport.runtime.backends.TransportBackendDiscovery, com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService, com.google.android.gms.auth.api.signin.RevocationBoundService, com.google.android.gms.metadata.ModuleDependencies, com.google.firebase.components.ComponentDiscoveryService, com.google.firebase.messaging.FirebaseMessagingService, com.google.mlkit.common.internal.MlKitComponentDiscoveryService, com.onesignal.SyncJobService, com.onesignal.core.services.SyncJobService, com.onesignal.notifications.services.HmsMessageServiceOneSignal, expo.modules.location.services.LocationTaskService, io.invertase.firebase.messaging.ReactNativeFirebaseMessagingHeadlessService, io.invertase.firebase.messaging.ReactNativeFirebaseMessagingService, me.pushy.sdk.services.PushyJobService, me.pushy.sdk.services.PushySocketService - Receivers:androidx.profileinstaller.ProfileInstallReceiver, androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy, androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy, androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver, androidx.work.impl.background.systemalarm.RescheduleReceiver, androidx.work.impl.diagnostics.DiagnosticsReceiver, androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver, app.notifee.core.AlarmPermissionBroadcastReceiver, app.notifee.core.BlockStateBroadcastReceiver, app.notifee.core.NotificationAlarmReceiver, app.notifee.core.RebootBroadcastReceiver, com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver, com.google.firebase.iid.FirebaseInstanceIdReceiver, com.onesignal.notifications.receivers.BootUpReceiver, com.onesignal.notifications.receivers.FCMBroadcastReceiver, com.onesignal.notifications.receivers.NotificationDismissReceiver, com.onesignal.notifications.receivers.UpgradeReceiver, com.skylightframe.mobile.presentation.calendar.widget.large.CalendarLargeWidgetProvider, com.skylightframe.mobile.presentation.calendar.widget.small.CalendarSmallWidgetProvider, com.skylightframe.mobile.presentation.lists.widget.ListsWidgetProvider, com.skylightframe.mobile.presentation.tasks.widget.TasksWidgetProvider, io.invertase.firebase.messaging.ReactNativeFirebaseMessagingReceiver, me.pushy.sdk.react.receivers.PushReceiver, me.pushy.sdk.receivers.PushyBootReceiver, me.pushy.sdk.receivers.PushyUpdateReceiver - Providers:androidx.core.content.FileProvider, androidx.startup.InitializationProvider, cl.json.RNShareFileProvider, com.ReactNativeBlobUtil.Utils.FileProvider, com.canhub.cropper.CropFileProvider, com.google.firebase.provider.FirebaseInitProvider, com.google.mlkit.common.internal.MlKitInitProvider, com.reactnative.ivpusic.imagepicker.IvpusicImagePickerFileProvider, com.reactnativecommunity.webview.RNCWebViewFileProvider, expo.modules.filesystem.FileSystemFileProvider, expo.modules.imagepicker.fileprovider.ImagePickerFileProvider, io.invertase.firebase.app.ReactNativeFirebaseAppInitProvider, io.invertase.notifee.NotifeeInitProvider, io.sentry.android.core.SentryInitProvider, io.sentry.android.core.SentryPerformanceProvider ## SDK / Endpoint ### SDK - `appsflyer` - `facebook` - `firebase` - `onesignal` - `react_native` - `revenuecat` ### Endpoint candidates - http://www.apache.org/licenses/ - https://static.ada.support/embed2.js - https://en.wikipedia.org/wiki/Hindu_astrology#R%C4%81%C5%9Bi_%E2%80%93_zodiacal_signs - https://js.stripe.com/v3/ - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-revolutpay_short@3x-47e4b480552b0cfd1fed66a5ba3be5d2.png - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-revolutpay_short_dark@3x-ec3652df1f96643bd4f79d1c2b1661c6.png - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-revolutpay_short-f46613e58de99e61babba9695c855909.svg - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-revolutpay_short_dark-1775e3eb78f72f625198c10961b0b00a.svg - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-amazonpay_light@3x-46eb8b8a4a252b78d7b4c3b96d4ed7ae.png - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-alma_dark-9adee7a095478e23c76054e7fcb4c275.png - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-alma_light-41fe66ba84194788e98548aa6e749c79.png - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-sunbit-a9696ab3716536d4801155fa7cbee0de.png - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-sunbit_dark-8c10fb207141120b576d40156767f060.png - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-sunbit-fdcaea94ae6a18dbf86d11ac9c21a397.svg - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-sunbit_dark-f66855f32a39171dd749d7ffa05fe986.svg - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-billie-e8200232ef6c1a997eb8705685917dcd.png - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-billie_dark-81eb72c63b66f9e68b15287526918836.png - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-billie-12c7376f5623c109996ff8cd2f6d7a05.svg - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-billie_dark-6c8ac5db6e80d5c186b280da0ccd0a5b.svg - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-satispay-97b6153a7a1e191ffdfda3ca9162343f.png - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-satispay_dark-ab245f01010002d6ff7755323c1613a2.png - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-satispay-eca5006db20571e80caec1509c680c27.svg - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-satispay_dark-c01fc432e3c7b334f0204d011879bb1a.svg - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-crypto@3x-94c06c199e78e6d9ff9290210912bd5e.png - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-crypto-15fd4ffeafd1b13e40688c8a06d79ba4.svg - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-crypto_dark@3x-8f7b0e91b45cb56de550af37d41aac1d.png - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-crypto_dark-f19bb5c5400c6cde94dd53b7f1ce7217.svg - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-cashapp@3x-a89c5d8d0651cae2a511bb49a6be1cfc.png - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-cashapp-981164a833e417d28a8ac2684fda2324.svg - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-grabpay@3x-e54da1d788668a5909e4801d5c243198.png - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-fpx@3x-305453711338125d9cb4f86ff866ba6a.png - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-alipay@3x-d216a94882c3c5422274faaec75a3c81.png - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-twint@3x-0d33d2bf7c7037878c2a42232362accb.png - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-twint-d86f6ccc22b739319ca4de7c83842de0.svg - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-multibanco@3x-ac6cc40479db7fa84dbb390ab85789cd.png - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-multibanco-5823a780cf3b97484956dbb93b9ce30e.svg - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-multibanco_dark@3x-787e2e370aeae073b45e0e02ad1a9e5c.png - https://js.stripe.com/v3/fingerprinted/img/payment-methods/icon-pm-multibanco_dark-2679e8b2bc32d66da57e66cac769d628.svg - http://www.apache.org/licenses/LICENSE-2.0 ## Warnings - apktool manifest decode skipped 3 split APK(s) - binary AndroidManifest.xml decoded with apktool ## 下一步 - 真机/模拟器验证 onboarding、paywall、首个可感知价值和崩溃路径。 - 把 endpoint candidates 与 HAR / MITM / Frida 动态证据对齐,避免只凭静态字符串下结论。 - 多版本对比权限、SDK、endpoint、native libs 和资源路径变化。 - 联系人权限存在,后续需重点验证权限解释、备份、撤销和删除前确认。 - 订阅/广告 SDK 线索存在,后续需拆 paywall、free trial、退款和广告频率。