FJ Software

MPE is not an app I would distrust and need to block permissions, but it has proved particularly useful for guessing the mechanics of security apps.

Lately I have been playing to block MPE from getting Read_Phone_State permission by means of different apps, and I need help from FJ to interpret the results.


1- If the IMEI field shows the Android ID instead of the IMEI, is this due to MPE failing to get the IMEI and then getting the android ID as alternative or because something made MPE believe that the IMEI was the Android ID?.

2- If the IMEI field shows 14 zeroes, is this due to MPE getting that IMEI from the phone (probably provided by the sec app) or because MPE app failed to get any IMEI?.

3- What could cause the IMSI field to be blank?

4- What could cause the IMSI field to show "null"?


Thanks for bothering to read this. Hopefully your answer can also help other sec app testers

1. MyPhoneExplorer needs a unique ID to handle the phone profiles.
- if IMEI is available then the IMEI is shown
- for CDMA phones it uses the MEID, which has similar meaning
- if both are not available the the Android ID is used

So its not good that MyPhoneExplorer doe sshow the Android-ID on some phones but its possible and this way was needed to keep backward compatibility

2. MPE does never create fantasy numbers, it must come from your security app

3, 4. The IMSI is always shown directly from phone without fallbacks. It uses this Interface: http://developer.android.com/reference/ ... criberId()

Thanks a lot for your reply! Now I understand better

Thanks to MPE i am aware of how weak is the protection provided by current security apps.