Info Call to dynamic code loading API

Description

List of all dynamic code loading API calls in the application. Loading code from untrsuted sources could allow the execution of malicious code in the context of the current application.

Recommendation

This entry is informative, no recommendations applicable.

Technical details

Method com.millennialmedia.android.MMAdView.initEclipseAd() calling method java.lang.System.getProperty()


    private void initEclipseAd(android.content.Context p14)
    {
        android.widget.ImageView v8_1 = new android.widget.ImageView(p14);
        java.io.InputStream v7 = 0;
        java.io.FileOutputStream v9 = 0;
        try {
            String v4 = System.getProperty("java.io.tmpdir");
        } catch (Exception v11_17) {
            try {
                if (v7 == null) {
                    if (v9 != null) {
                        v9.close();
                    }
                } else {
                    v7.close();
                }
            } catch (Exception v12) {
            }
            throw v11_17;
        } catch (Exception v11) {
            try {
                if (v7 != null) {
                    v7.close();
                }
            } catch (Exception v11) {
                this.addView(v8_1);
                return;
            }
            if (v9 == null) {
                this.addView(v8_1);
                return;
            } else {
                v9.close();
                this.addView(v8_1);
                return;
            }
            try {
                if (v7 != null) {
                    v7.close();
                }
            } catch (Exception v11) {
                this.addView(v8_1);
                return;
            }
            if (v9 == null) {
                this.addView(v8_1);
                return;
            } else {
                v9.close();
                this.addView(v8_1);
                return;
            }
        }
        if ((v4 != null) && (!v4.endsWith(java.io.File.separator))) {
            v4 = new StringBuilder().append(v4).append(java.io.File.separator).toString();
        }
        java.io.File v5_1 = new java.io.File(new StringBuilder().append(v4).append("millenial355jns6u3l1nmedia.png").toString());
        if (!v5_1.exists()) {
            java.net.HttpURLConnection v3_1 = ((java.net.HttpURLConnection) new java.net.URL("http://images.millennialmedia.com/9513/192134.gif").openConnection());
            v3_1.setDoOutput(1);
            v3_1.setConnectTimeout(3000);
            v3_1.connect();
            v7 = v3_1.getInputStream();
            java.io.FileOutputStream v10_1 = new java.io.FileOutputStream(v5_1);
            try {
                byte[] v1 = new byte[1024];
            } catch (Exception v11_17) {
                v9 = v10_1;
            } catch (Exception v11) {
                v9 = v10_1;
            }
            while(true) {
                int v2 = v7.read(v1);
                if (v2 <= 0) {
                    break;
                }
                v10_1.write(v1, 0, v2);
            }
            v9 = v10_1;
        }
        android.graphics.Bitmap v0 = android.graphics.BitmapFactory.decodeFile(v5_1.getAbsolutePath());
        if ((v8_1 != null) && (v0 != null)) {
            v8_1.setImageBitmap(v0);
        }
    }

Method com.jumptap.adtag.events.SendConversionUrlTask.sendReportToTL() calling method java.lang.System.getProperty()


    private static boolean sendReportToTL(android.content.Context p14, com.jumptap.adtag.events.JtEvent p15)
    {
        String v9 = p15.getUrl();
        com.jumptap.adtag.events.EventType v3 = p15.getEventType();
        String v1 = p15.getDate();
        int v5 = 0;
        android.util.Log.i("JtAd-Tracking", new StringBuilder().append("sending url to Jumptap servers:").append(v9).toString());
        org.apache.http.impl.client.DefaultHttpClient v0_1 = new org.apache.http.impl.client.DefaultHttpClient();
        org.apache.http.client.methods.HttpGet v4_1 = new org.apache.http.client.methods.HttpGet(v9);
        v4_1.setHeader("User-Agent", System.getProperty("http.agent"));
        try {
            int v7 = v0_1.execute(v4_1).getStatusLine().getStatusCode();
            android.util.Log.i("JtAd-Tracking", new StringBuilder().append("conversion/event tracking response status code:").append(v7).toString());
        } catch (java.io.IOException v2) {
            android.util.Log.e("JtAd-Tracking", new StringBuilder().append("JTAppReport.sendReportToTL:").append(v2.toString()).toString());
            return v5;
        }
        if (v7 != 200) {
            if ((!com.jumptap.adtag.events.EventType.download.equals(v3)) || (p14 == null)) {
                return v5;
            } else {
                com.jumptap.adtag.utils.JtAdManager.savePreferences(p14, "isFirstLaunch", v1);
                return v5;
            }
        } else {
            if ((com.jumptap.adtag.events.EventType.download.equals(v3)) && (p14 != null)) {
                com.jumptap.adtag.utils.JtAdManager.savePreferences(p14, "isFirstLaunch", "0");
                com.jumptap.adtag.utils.JtAdManager.removePreferences(p14, "installDate");
            }
            v5 = 1;
            return v5;
        }
    }

Method goldenshorestechnologies.brightestflashlight.free.BrightestFlashlightMain.<clinit>() calling method java.lang.System.loadLibrary()


    static BrightestFlashlightMain()
    {
        System.loadLibrary("ndkmoment");
        return;
    }