Bundle Report

uber v4.512.10005

Bundle risk64medium

Binary-only · L1Analyzed just now

v4.512.10005build 5121000medium· 64

9f8a2c1e4b…d3f0

Platform: Android · APK
Bundle size: 175.8 MB
OS range: Android 8.0 (API 26) → Android 14 (API 34)
Architectures: arm64-v8a, armeabi-v7a
Permissions: 12

Store review readiness

Will flag at review

5 reviewer-flag items but no auto-rejection causes.

Safe to submit, but the reviewer may ask about the items above. Have answers ready and watch for review delays.

Blocking0

No pre-review rejection causes

None detected

Needs review5

Reviewer may ask

New permission: ACCESS_BACKGROUND_LOCATION· core-location
Embedded SDK with known CVE: OkHttp 4.10.0· okhttp
Outdated Firebase Analytics SDK· firebase-analytics
Binary size up 14.6 MB (+8.4%)
New native library: libmlkit-onnx.so

OK3

What was checked and passed

Data Safety form covers SDK-collected data categories
Data Safety form covers third-party sharing
4 bundled SDKs profiled against Google Data Safety

6 findings

New permission: ACCESS_BACKGROUND_LOCATIONNew permission · warning
AndroidManifest.xml line 142
component: core-location
Embedded SDK with known CVE: OkHttp 4.10.0SDK vulnerability · critical
CVE-2023-3635 — Information disclosure on bypassed cleartext check
component: okhttp
Outdated Firebase Analytics SDKSDK vulnerability · warning
21.3.0 detected; latest stable 22.1.2
component: firebase-analytics
Binary size up 14.6 MB (+8.4%)Size jump · warning
From 169.7 MB → 184.3 MB; +12.1 MB on arm64-v8a slice
New native library: libmlkit-onnx.soNative library added · warning
Added to lib/arm64-v8a/ and lib/armeabi-v7a/
New tracking SDK detected: Adjust v4.38.5Tracking SDK · info
com.adjust.sdk classes present; AndroidManifest references

Want PR-level context for this app?

Connect the GitHub repo for this app to upgrade to L3. You'll get per-PR Check Runs, source-aware risk factors, and root-cause attribution against this exact bundle.

Compare tiers