❤️ Support the Project

If this project makes your life easier, here are a few quick ways to show some love:

⭐ Star the repo/app
☕ Buy a coffee for the developer
🛠 Contribute code, issues, or pull-requests

General report on the analysis of the application "Max"
General information about the "Max" app: The Max application is positioned as a fast and easy messenger for communication. High-quality calls, animated stickers, sending files up to 4 GB, as well as the presence of chatbots and mini-applications are declared. It is distributed on various platforms: Android (via Google Play, RuStore, AppGallery, iOS (via the App Store) and desktop versions. The application package - ru.oneme.app(According to Android Manifest.xml).
Code obfuscation: A significant part of the application code, especially in the module com.my.tracker.obfuscated, subjected to obfuscation. Names of classes (e0, c1, y2, b3, f1etc.), methods (a(), b(), c()) and variables in these osted files are meaningless and short, which makes the analysis of the logic of the application extremely difficult without debfusion. Oceanscape is often used to difficulty in reverse designing and hiding the true functions of code.
Data collected (MyTracker module): Module com.my.tracker(Judges by MyTracker.java, MyTrackerConfig.java, MyTrackerParams.java) is responsible for the extensive collection of user data and events.
The main categories of data collected:
User events :
Promotional events (trackAdEvent): Information about interaction with advertising.
Events of purchases (trackAppGalleryPurchaseEvent, trackPurchaseEvent): Details of purchases, including product ID, prices, currency, and additional parameters.
General user events (trackEvent): Universal collection of arbitrary events with customizable parameters (e.g. event name, category, value).
Events of invitations (trackInviteEvent): Tracking User invitations.
Start of applications (trackLaunchManually): Fixing each manual application start.
Level Events (trackLevelEvent): User progress by level.
Entrance Events (trackLoginEvent): User input information, including ID and login method.
Events of mini-applications (trackMiniAppEvent): User activity in mini-applications.
Events of registration (trackRegistrationEvent): Details about the user registration process.
Time spent in the annex/event (incrementEventTimeSpent, startAnytimeTimeSpent, stopAnytimeTimeSpent, startForegroundTimeSpent, stopForegroundTimeSpent): Detailed statistics of application use.
Personal data of the user :
Age (getAge, setAge)
Paul (getGender, setGender)
User ID (getCustomUserId/getCustomUserIds, setCustomUserId/setCustomUserIds)
Email Addresses (getEmail/getEmails, setEmail/setEmails)
ID from messengers and social networks: ICQ ID (getIcqIdOK.ru ID (getOkId), VK Connect ID (getVkConnectId), VK ID (getVkId)
Phone numbers (getPhone/getPhones, setPhone/setPhones)
Interface language (getLang, setLang)
Special IDs associated with MRGS (getMrgsAppId, getMrgsId, getMrgsUserId)
Arbitrary custom parameters (getCustomParam, setCustomParam): Allow developers to collect any additional information.
Attribution data :
Diplinki ( getDeeplinkFrom MyTrackerAttribution: Sources of user transfer to the application (e.g., from advertising campaigns or external links).
Data and system with it (Android Manifest.xml): File AndroidManifest.xmldescribes the requested permissions and components that allow the application to interact with the operating system and collect system data.
The main requested permissions:
Access to the network and location:
android.permission.INTERNET: Full access to the network.
android.permission.ACCESS_WIFI_STATE, android.permission.ACCESS_NETWORK_STATE, android.permission.CHANGE_NETWORK_STATE, android.permission.CHANGE_WIFI_STATE: Access to the state of Wi-Fi and cellular network, the ability to change their condition.