The manifest says that there’s one activity, one service and one receiver. Apart from that, the required permissions seem to be too much for a free followers application. Let’s decompile the apk using JADX.
It starts a service using startService() as soon as the application is run. A service that is started using the startService() method continues to run even if the component that started it is destroyed. Apart from that, there’s one more way in which the application starts MyService which is via the one and only broadcast receiver com.XPhantom.id.BootReceiver present in this application.
android.intent.action.BOOT_COMPLETED is a broadcast action that is sent by the system when the device completes the booting process and becomes fully operational. It starts the service MainService when the device completes the booting process. Now, let’s proceed with analyzing the service.
It renders a new view on the screen that looks like
This view will also be shown after rebooting the device because the service MainService is also started at system startup. The password to remove this view is Abdullah@ which is checked right here.