0x18F/Lenovo_UserExperience_Spyware — reverse-engineered prompt

Build me a small security research repository that documents a static reverse engineering analysis of Lenovo UserExperience.apk. I want it to read like a clear public report, not a scary clickbait post.

The project should explain that the app appears to be an aggressive telemetry and analytics component, not a proven backdoor. Show the main findings in plain language, including collection of device identifiers like IMEI, IMSI, serial number, MAC address, Android ID, and eMMC CID, use of shell commands to read hardware info, root detection, enrichment of telemetry events, and communication with Lenovo servers over plain HTTP.

Include the key Java snippets and search evidence from the decompiled sources, plus simple reproduction commands using JADX and grep. Add a SHA256 file for the APK, organize logs and source evidence neatly, and write a strong README with tested environment, findings, impact, backdoor assessment, reproduction steps, and conclusion. Keep the tone careful, factual, and responsible.