Muslim Pro - Prayer Times, Azan, Quran & Qibla
We retested this app on 19.02.2019. The app still exhibits the behaviour documented below.
Disclaimer: Additionally the tested app may still share data with other third parties. This is outside the scope of this work.
From the Google Play Store page:
"Recognized by more than 50 million Muslims around the world as the most accurate prayer time & azan application, Muslim Pro also features the full Quran with Arabic scripts, phonetics, translations and audio recitations as well as a Qibla locator, an Islamic Hijri calendar, a map of halal restaurants and Mosques, etc..."
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following HTTP GET request is made to graph.facebook.com
GET https://graph.facebook.com/v3.2/155477247795798?fields=supports_implicit_sdk_logging%2Cgdpv4_nux_content%2Cgdpv4_nux_enabled%2Cgdpv4_chrome_custom_tabs_enabled%2Candroid_dialog_configs%2Candroid_sdk_error_categories%2Capp_events_session_timeout%2Capp_events_feature_bitmask%2Cauto_event_mapping_android%2Cauto_event_setup_enabled%2Cseamless_login%2Csmart_login_bookmark_icon_url%2Csmart_login_menu_icon_url&format=json&advertiser_id=474364c6-e9cf-4971-8dd2-b1dc3c605450&sdk=android HTTP/1.1
With the response
{
"supports_implicit_sdk_logging":true,"gdpv4_nux_enabled":false,"gdpv4_chrome_custom_tabs_enabled":true,"android_sdk_error_categories":[ {
"name":"login_recoverable","items":[ {
"code":102
}
, {
"code":190
}
],"recovery_message":"Please log in to this app again to reconnect your Facebook account."
}
],"app_events_session_timeout":60,"app_events_feature_bitmask":7,"auto_event_setup_enabled":false,"seamless_login":1,"smart_login_bookmark_icon_url":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yh\/r\/HyQ4Fq_iGUX.png","smart_login_menu_icon_url":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yR\/r\/xi3BPJ134MF.png","id":"155477247795798"
}
Without any further user action, the app sends the following request to graph.facebook.com
format: json
sdk: android
event: MOBILE_APP_INSTALL
advertiser_id: 474364c6-e9cf-4971-8dd2-b1dc3c605450
advertiser_tracking_enabled: true
installer_package: com.android.vending
anon_id: XZ74c17f70-62b0-4018-9914-ed107d708611
application_tracking_enabled: true
extinfo: ["a2","com.bitsmedia.android.muslimpro",98609,"9.8.6","8.1.0","Nexus 5","en_GB","GMT","",1080,1776,"3.00",4,13,6,"Europe\/London"]
application_package_name: com.bitsmedia.android.muslimpro
The app receives the following response from graph.facebook.com:
{
"success":true
}
Without any further user action, the app sends the following request to graph.facebook.com
format: json
sdk: android
custom_events: [{"_eventName":"fb_sdk_initialize","_eventName_md5":"d470d22f237aee69843355edba5a8178","_logTime":1543936366,"_ui":"unknown","_implicitlyLogged":"1","core_lib_included":"1","billing_client_lib_included":"1","login_lib_included":"1","billing_service_lib_included":"1"},{"_eventName":"fb_mobile_activate_app","_eventName_md5":"cb7f3b6cd294afce05ece615d43ea7b9","_logTime":1543936367,"_ui":"MainActivity","_session_id":"9fab509e-6c8b-4274-aff1-2ba13646b7e6","fb_mobile_launch_source":"Unclassified"}]
event: CUSTOM_APP_EVENTS
advertiser_id: 474364c6-e9cf-4971-8dd2-b1dc3c605450
advertiser_tracking_enabled: true
installer_package: com.android.vending
anon_id: XZ74c17f70-62b0-4018-9914-ed107d708611
application_tracking_enabled: true
extinfo: ["a2","com.bitsmedia.android.muslimpro",98609,"9.8.6","8.1.0","Nexus 5","en_GB","GMT","",1080,1776,"3.00",4,13,6,"Europe\/London"]
application_package_name: com.bitsmedia.android.muslimpro
The app receives the following response from graph.facebook.com:
{
"success":true
}
The following HTTP GET request is made to graph.facebook.com
GET https://graph.facebook.com/v3.2/155477247795798/mobile_sdk_gk?fields=gatekeepers&format=json&sdk_version=4.38.1&sdk=android&device_id=474364c6-e9cf-4971-8dd2-b1dc3c605450&platform=android HTTP/1.1
The app receives the following response from graph.facebook.com:
{
"data":[ {
"gatekeepers":[ {
"key":"app_events_auto_logging","value":false
}
, {
"key":"app_events_if_auto_log_subs","value":false
}
]
}
]
}
Action from app: The user is asked to allow the app to access the location, and accept the privacy policy and terms and condition
Test user action 2: The user accepts the terms and conditions and privacy policy, and denys the location request
Screenshot of Dialog shown to user:
Test user action 3: The user goes through the configuration process
Action from app: Advertisments are displayed
The request to graph.facebook.com is as follows
COPPA: false
APPBUILD: 98609
KG_RESTRICTED: false
VALPARAMS: {"is_emu":"false","apk_size":"15631271"}
UNITY: false
ACCESSIBILITY_ENABLED: false
APPNAME: Muslim Pro
WIDTH: -1
NUM_ADS_REQUESTED: 1
SESSION_TIME: 1543936446.001
PLACEMENT_ID: 155477247795798_2245983322078503
MAKE: LGE
REQUEST_TIME: 1543936446.194
CARRIER:
SDK_CAPABILITY: [3,4,5,7,11,16,17]
TEMPLATE_ID: 5
CLIENT_REQUEST_ID: 5ca9212d-95dc-47b7-bf3c-5b26799d32ec
DENSITY: 3.0
AD_REPORTING_CONFIG_LAST_UPDATE_TIME:0
M_BANNER_KEY: Y29tLmJpdHNtZWRpYS5hbmRyb2lkLm11c2xpbXBybyBjb20uYW5kcm9pZC52ZW5kaW5n
SCREEN_HEIGHT: 592
SDK_VERSION: 5.1.0
PROCESS: {"process_name":"com.bitsmedia.android.muslimpro","is_ads_process":false,"client_supports":false}
SCREEN_WIDTH: 360
ID_SOURCE:
SDK: android
OSVERS: 8.1.0
CLIENT_EVENTS:
OS: Android
ANALOG: {"charging":"1","available_memory":"841449472","total_memory":"1944141824","battery":"100.0","free_space":"5983637504"}
PLACEMENT_TYPE: banner
ROOTED: 2
MODEL: Nexus 5
HEIGHT: 50
BUNDLE: com.bitsmedia.android.muslimpro
ASHAS: ac80a9856a49ea721cab93531dbe06e1209819f5;
LOCALE: en_GB
NETWORK_TYPE: 1
IDFA: 474364c6-e9cf-4971-8dd2-b1dc3c605450
ATTRIBUTION_ID:
APPVERS: 9.8.6
MEDIATION_SERVICE: ADMOB_14799018
INSTALLER: com.android.vending
IDFA_FLAG: 1
SESSION_ID: 2a93ed74-63ef-4276-b9fb-7013cf9816c8
With the partial response
{
"type": "error",
"code": 1001,
"message": "No fill",
"placements": [ {
"definition": {
"placement_id": "155477247795798_2245983322078503",
"type": "banner",
"refresh": "0",
"refresh_threshold": "-1",
"min_viewability_percentage": "1",
"viewability_check_ticker": "0",
"viewability_check_interval": "100",
"viewability_check_initial_delay": "0",
"video_time_polling_interval": "200",
"cacheable": false,
"client_max_retry_count": "1",
"invalidation_duration_in_seconds": "3600",
"conv_tracking_data": [ {
"url": "//.facebook.com",
"key": "fr",
"value": "1lRoFMx3QJwpTh1mr.AWUAn7P2eFURq9mdCZxyvKJ6EcM.BcBpm_..AAA.0.0.BcBpm_.AWVYMhlt",
"expiration": "1551712447"
}
, {
"url": "//.atdmt.com",
"key": "ATX",
"value": "e24a7288e3f27b7dc8ea313877c387726830eab3",
"expiration": "1551712447"
}
]
}
,
"feature_config": {
"adnw_android_video_caching_enabled": "true",
"adnw_enable_exoplayer": "false",
"adnw_enable_iab": "true",
"adnw_debug_logging": "true",
"adnw_block_lockscreen": "false",
"adnw_enable_debug_overlay": "false",
"adnw_ios_use_store_url": "true",
"adnw_client_request_id_enabled": "false",
"adnw_native_cookie_injection": "false",
"adnw_top_activity_viewability": "false",
"adnw_enhanced_viewability_area_check": "false",
"adnw_ios_watch_and_install": "false",
"adnw_android_disable_playable_precache": "false",
"adnw_android_disable_blur": "false",
"adnw_android_memory_opt": "true",
"adnw_viewability_check_area_based": "true",
"adnw_mapp_markup_impression_after_image_load": "false",
"adnw_ios_blur_images_enabled": "false",
"adnw_enable_inline_x_out_on_sdk": "true",
"adnw_android_wo_bot_detection_enabled": "false",
"adnw_unique_db_name_per_process": "true",
"adnw_enable_rage_shake": "false",
"adnw_enable_inline_x_out_non_fullscreen_on_sdk": "false",
"adnw_arrows_instead_of_x_skip_button": "true",
"adnw_ios_wo_bot_detection_enabled": "false",
"adnw_ios_wo_idfa_enabled": "false",
"adnw_ios_wo_bot_detection_dogfooding": "false",
"adnw_should_fail_on_cleartext_http_blocked": "true",
"adnw_use_iosurface_player_layer": "false",
"adnw_ios_wo_network_signal_enabled": "false",
"adnw_show_cta_in_rv_pre_endcards": "false",
"adnw_fail_ad_load_on_cache_failure": "true",
"adnw_images_in_display_size": "true",
"unified_logging_immediate_delay_ms": "2000",
"additional_debug_logging_sampling_percentage": "10",
"additional_debug_logging_black_list_percentage": "0",
"additional_debug_logging_black_list": "[\"ipc:2306\",\"api:1015\",\"api:1011\",\"image:2001\",\"api:1018\",\"web_view:1305\",\"cache:2101\",\"cache:2102\",\"cache:2103\",\"act_util:2203\",\"api:1010\"]",
"ad_viewability_tap_margin": "0",
"minimum_elapsed_time_after_impression": "-1",
"visible_area_check_enabled": "false",
"visible_area_percentage": "50",
"disable_in_app_app_store": "true",
"unified_logging_event_limit": "30",
"video_and_endcard_autorotate": "autorotate_enabled",
"stack_trace_sample_rate": "100",
"show_metadata_rewarded_video": "true",
Test user action 4: The user makes further interaction with app
Response from app: No futher data is sent to graph.facebook.com
Test user action 5: The user closes the application
Response from app: No futher data is sent or received by the app from graph.facebook.com
Note 1: In the videos below, the clocks between the VirtualBox Virtual Machine and the Phone handset are not synchronised.
Note 2: The phone videos are split into multiple parts due to a 180 second limitation in Android Developer Bridge screenrecord command