Checks known Qemu pipes.

Checks for known pipes used by the Android emulator to communicate with the host.

Makes use of the framework's Accessibility service

Retrieves information displayed on the phone screen using AccessibilityService.

Obtains sensitive information copied to the device clipboard

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

Queries information about running processes on the device

Application may abuse the framework's APIs to collect information about running processes on the device.

Acquires the wake lock

Creates a large amount of network flows

This may indicate a network scan to discover remotely running services.

Makes use of the framework's foreground persistence service

Application may abuse the framework's foreground service to continue running in the foreground.

Performs UI accessibility actions on behalf of the user

Application may abuse the accessibility service to prevent their removal.

Queries information about active data network

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Tries to add a device administrator.