安全分析报告: Xena Live v1.5.2

安全分数


安全分数 33/100

风险评级


等级

  1. A
  2. B
  3. C
  4. F

严重性分布 (%)


隐私风险

8

用户/设备跟踪器


调研结果

高危 19
中危 28
信息 4
安全 2
关注 2

高危 应用程序容易受到 Janus 漏洞的影响 

应用程序使用 v1 签名方案进行签名,如果仅使用 v1 签名方案进行签名,则在 Android 5.0-8.0 上容易受到 Janus 漏洞的影响。在使用 v1 和 v2/v3 方案签名的 Android 5.0-7.0 上运行的应用程序也容易受到攻击。

高危 基本配置不安全地配置为允许到所有域的明文流量。 

Scope:
*

高危 域配置不安全地配置为允许明文流量到达范围内的这些域。 

Scope:
127.0.0.1

高危 Activity (com.chill.features.splash.LoadActivity) 容易受到StrandHogg 2.0的攻击 

已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (27) 更新到 29 或更高版本以在平台级别修复此问题。

高危 Activity (com.audionew.common.outpage.OutPageDynamicLinkActivity) 容易受到StrandHogg 2.0的攻击 

已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (27) 更新到 29 或更高版本以在平台级别修复此问题。

高危 Activity (com.audionew.features.chat.ui.MDChatActivity) 容易受到 Android Task Hijacking/StrandHogg 的攻击。 

活动不应将启动模式属性设置为“singleTask”。 然后,其他应用程序可以将恶意活动放置在活动栈顶部,从而导致任务劫持/StrandHogg 1.0 漏洞。 这使应用程序成为网络钓鱼攻击的易受攻击目标。 可以通过将启动模式属性设置为“singleInstance”或设置空 taskAffinity (taskAffinity="") 属性来修复此漏洞。 您还可以将应用的目标 SDK 版本 (27) 更新到 28 或更高版本以在平台级别修复此问题。

高危 Activity (com.chill.features.chat.ChatActivity) 容易受到 Android Task Hijacking/StrandHogg 的攻击。 

活动不应将启动模式属性设置为“singleTask”。 然后,其他应用程序可以将恶意活动放置在活动栈顶部,从而导致任务劫持/StrandHogg 1.0 漏洞。 这使应用程序成为网络钓鱼攻击的易受攻击目标。 可以通过将启动模式属性设置为“singleInstance”或设置空 taskAffinity (taskAffinity="") 属性来修复此漏洞。 您还可以将应用的目标 SDK 版本 (27) 更新到 28 或更高版本以在平台级别修复此问题。

高危 Activity (com.audionew.features.main.ui.MainActivity) 容易受到 Android Task Hijacking/StrandHogg 的攻击。 

活动不应将启动模式属性设置为“singleTask”。 然后,其他应用程序可以将恶意活动放置在活动栈顶部,从而导致任务劫持/StrandHogg 1.0 漏洞。 这使应用程序成为网络钓鱼攻击的易受攻击目标。 可以通过将启动模式属性设置为“singleInstance”或设置空 taskAffinity (taskAffinity="") 属性来修复此漏洞。 您还可以将应用的目标 SDK 版本 (27) 更新到 28 或更高版本以在平台级别修复此问题。

高危 Activity (com.audio.ui.setting.AudioApkUpdateActivity) 容易受到 Android Task Hijacking/StrandHogg 的攻击。 

活动不应将启动模式属性设置为“singleTask”。 然后,其他应用程序可以将恶意活动放置在活动栈顶部,从而导致任务劫持/StrandHogg 1.0 漏洞。 这使应用程序成为网络钓鱼攻击的易受攻击目标。 可以通过将启动模式属性设置为“singleInstance”或设置空 taskAffinity (taskAffinity="") 属性来修复此漏洞。 您还可以将应用的目标 SDK 版本 (27) 更新到 28 或更高版本以在平台级别修复此问题。

高危 Activity (com.chill.features.login.ui.auth.SnapchatAuthActivity) 容易受到 Android Task Hijacking/StrandHogg 的攻击。 

活动不应将启动模式属性设置为“singleTask”。 然后,其他应用程序可以将恶意活动放置在活动栈顶部,从而导致任务劫持/StrandHogg 1.0 漏洞。 这使应用程序成为网络钓鱼攻击的易受攻击目标。 可以通过将启动模式属性设置为“singleInstance”或设置空 taskAffinity (taskAffinity="") 属性来修复此漏洞。 您还可以将应用的目标 SDK 版本 (27) 更新到 28 或更高版本以在平台级别修复此问题。

高危 Activity (com.snapchat.kit.sdk.SnapKitActivity) 容易受到 Android Task Hijacking/StrandHogg 的攻击。 

活动不应将启动模式属性设置为“singleTask”。 然后,其他应用程序可以将恶意活动放置在活动栈顶部,从而导致任务劫持/StrandHogg 1.0 漏洞。 这使应用程序成为网络钓鱼攻击的易受攻击目标。 可以通过将启动模式属性设置为“singleInstance”或设置空 taskAffinity (taskAffinity="") 属性来修复此漏洞。 您还可以将应用的目标 SDK 版本 (27) 更新到 28 或更高版本以在平台级别修复此问题。

高危 Activity (com.sobot.chat.conversation.SobotChatActivity) 容易受到 Android Task Hijacking/StrandHogg 的攻击。 

活动不应将启动模式属性设置为“singleTask”。 然后,其他应用程序可以将恶意活动放置在活动栈顶部,从而导致任务劫持/StrandHogg 1.0 漏洞。 这使应用程序成为网络钓鱼攻击的易受攻击目标。 可以通过将启动模式属性设置为“singleInstance”或设置空 taskAffinity (taskAffinity="") 属性来修复此漏洞。 您还可以将应用的目标 SDK 版本 (27) 更新到 28 或更高版本以在平台级别修复此问题。

高危 Activity (com.facebook.FacebookActivity) 容易受到 Android Task Hijacking/StrandHogg 的攻击。 

活动不应将启动模式属性设置为“singleTask”。 然后,其他应用程序可以将恶意活动放置在活动栈顶部,从而导致任务劫持/StrandHogg 1.0 漏洞。 这使应用程序成为网络钓鱼攻击的易受攻击目标。 可以通过将启动模式属性设置为“singleInstance”或设置空 taskAffinity (taskAffinity="") 属性来修复此漏洞。 您还可以将应用的目标 SDK 版本 (27) 更新到 28 或更高版本以在平台级别修复此问题。

高危 Activity (com.facebook.CustomTabActivity) 容易受到StrandHogg 2.0的攻击 

已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (27) 更新到 29 或更高版本以在平台级别修复此问题。

高危 Activity (com.applisto.appcloner.classes.DefaultProvider$MyActivity) 容易受到StrandHogg 2.0的攻击 

已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (27) 更新到 29 或更高版本以在平台级别修复此问题。

高危 启用了调试配置。生产版本不能是可调试的 

启用了调试配置。生产版本不能是可调试的
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing

Files:
andhook/lib/BuildConfig.java, line(s) 3,8
com/applisto/appcloner/classes/BuildConfig.java, line(s) 3,6

高危 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同 

默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode

Files:
com/applisto/appcloner/classes/util/SimpleCrypt.java, line(s) 55

高危 已启用远程WebView调试 

已启用远程WebView调试
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing

Files:
com/github/lzyzsd/jsbridge/BridgeWebView.java, line(s) 114,7

高危 应用程序包含隐私跟踪程序 

此应用程序有多个8隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。

中危 基本配置配置为信任系统证书。 

Scope:
*

中危 应用程序已启用明文网络流量 

[android:usesCleartextTraffic=true]
应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。

中危 Activity (com.audionew.common.outpage.OutPageDynamicLinkActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (com.audio.sys.account.AuthenticatorService) 未被保护。 

[android:exported=true]
发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Broadcast Receiver (com.appsflyer.MultipleInstallBroadcastReceiver) 未被保护。 

[android:exported=true]
发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (com.google.android.play.core.assetpacks.AssetPackExtractionService) 未被保护。 

[android:exported=true]
发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护, 但是应该检查权限的保护级别。 

Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true]
发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。 

Permission: com.google.android.c2dm.permission.SEND [android:exported=true]
发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Content Provider (com.facebook.FacebookContentProvider) 未被保护。 

[android:exported=true]
发现 Content Provider与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.facebook.CustomTabActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Content Provider (com.applisto.appcloner.classes.DefaultProvider) 未被保护。 

[android:exported=true]
发现 Content Provider与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (com.applisto.appcloner.service.RemoteService) 未被保护。 

[android:exported=true]
发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Broadcast Receiver (com.applisto.appcloner.classes.DefaultProvider$DefaultReceiver) 未被保护。 

[android:exported=true]
发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.applisto.appcloner.classes.DefaultProvider$MyActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Broadcast Receiver (com.applisto.appcloner.classes.FakeCamera$FakeCameraReceiver) 未被保护。 

存在一个intent-filter。
发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。

中危 高优先级的Intent (1000) - {2} 个命中 

[android:priority]
通过设置一个比另一个Intent更高的优先级,应用程序有效地覆盖了其他请求。

中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 

文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10

Files:
com/audio/service/AudioRoomAvService.java, line(s) 369
com/audio/ui/audioroom/AudioRoomActivity.java, line(s) 5086
com/audionew/common/image/utils/e.java, line(s) 284,278,202,136
com/audionew/common/utils/d.java, line(s) 136
com/audionew/features/anchorcmd/hot/RecommendAnchorLiveHotBottomWidget.java, line(s) 162,161,160
com/audionew/features/audioroom/data/UserInfoRepository.java, line(s) 237
com/audionew/features/audioroom/usecase/p.java, line(s) 60
com/audionew/features/feedback/sobot/SobotConfig.java, line(s) 96
com/audionew/vo/audio/AudioBackRoomInfoEntity.java, line(s) 15
com/audionew/vo/audio/AudioBoomRocketStatusReportUpdateNty.java, line(s) 11
com/audionew/vo/newmsg/MsgUserProfileTagsEntity.java, line(s) 25,57
com/sobot/network/http/builder/PostFormBuilder.java, line(s) 31
com/sobot/network/http/builder/PostMultipartFormBuilder.java, line(s) 31
com/zego/zegoavkit2/mixstream/ZegoStreamMixer.java, line(s) 6,7
fa/AudioRoomMsgChatScreenBrushGiftWin.java, line(s) 74
ie/d.java, line(s) 102
io/grpc/internal/h2.java, line(s) 95
la/e.java, line(s) 38
libx/apm/stat/sample/LibxApmStatSampler.java, line(s) 49
libx/apm/stat/sample/action/UninitializedApmBackupKt.java, line(s) 8
libx/auth/base/login/LibxAuthUser.java, line(s) 151
m8/c.java, line(s) 25,29
y8/c.java, line(s) 114

中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件 

应用程序创建临时文件。敏感信息永远不应该被写进临时文件


Files:
com/applisto/appcloner/classes/Utils.java, line(s) 429
com/audionew/features/web/WebViewActivity.java, line(s) 292
org/zeroturnaround/zip/ZipUtil.java, line(s) 760
org/zeroturnaround/zip/Zips.java, line(s) 150,159
org/zeroturnaround/zip/transform/FileZipEntryTransformer.java, line(s) 29,31

中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 

应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2

Files:
com/audionew/storage/db/po/ConversationPODao.java, line(s) 4,5,30,31,32,33,41
com/audionew/storage/db/po/FeedPostDataDao.java, line(s) 4,5,27,28,36
com/audionew/storage/db/po/GroupMessagePODao.java, line(s) 4,5,64,65,73
com/audionew/storage/db/po/LikeEachDataDao.java, line(s) 4,5,22,23,31
com/audionew/storage/db/po/MessagePODao.java, line(s) 4,5,62,63,64,65,66,67,75
com/audionew/storage/db/po/MigrationHelper.java, line(s) 5,195,196,43,118
com/audionew/storage/db/po/QuickWordsDao.java, line(s) 4,5,23,31
com/audionew/storage/db/po/RelationPODao.java, line(s) 4,5,24,25,26,27,35
com/audionew/storage/db/po/SayHelloDataDao.java, line(s) 4,5,23,24,32
com/audionew/storage/db/po/SettingPODao.java, line(s) 4,5,23,24,32
com/audionew/storage/db/po/StickerDataDao.java, line(s) 4,5,25,26,27,35
com/audionew/storage/db/po/TransChatHistoryPODao.java, line(s) 4,5,26,27,28,36
com/audionew/storage/db/po/TransChatPODao.java, line(s) 4,5,29,30,31,32,33,41
com/audionew/storage/db/po/TranslatePODao.java, line(s) 4,5,29,30,31,32,40
com/audionew/storage/db/po/UserProfilePODao.java, line(s) 4,5,32,33,41
com/danikula/videocache/sourcestorage/DatabaseSourceInfoStorage.java, line(s) 6,7,63
com/sobot/network/http/db/SobotDBHelper.java, line(s) 4,5,33
de/greenrobot/dao/a.java, line(s) 7,8,354,358,374,446,466
g8/a.java, line(s) 4,5,40,46,47,48,49
hg/e.java, line(s) 6,7,68,102,151,173,197,215
libx/apm/stat/store/StatDataDao.java, line(s) 4,22,23,31
libx/stat/android/store/StatDataDao.java, line(s) 4,22,23,31
org/greenrobot/greendao/a.java, line(s) 6,7,237
org/greenrobot/greendao/database/g.java, line(s) 5,23
wb/m0.java, line(s) 5,6,314,369,393,400,454,573,588,646
wb/t0.java, line(s) 4,5,127

中危 应用程序使用不安全的随机数生成器 

应用程序使用不安全的随机数生成器
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators

Files:
b0/a.java, line(s) 3
b0/d.java, line(s) 3
b0/e.java, line(s) 3
b0/h.java, line(s) 3
b0/j.java, line(s) 19
b0/l.java, line(s) 4
com/audio/service/StressTestService.java, line(s) 26,209,257
com/audio/ui/audioroom/bottombar/SendMsgView.java, line(s) 42
com/audio/ui/audioroom/bottombar/gift/voiceeffect/VoiceEffectSelector.java, line(s) 10
com/audio/ui/audioroom/dating/AudioDatingView.java, line(s) 34
com/audio/ui/audioroom/n0.java, line(s) 56
com/audio/ui/audioroom/widget/AudioFallRedPacketAnimView.java, line(s) 27
com/audio/ui/widget/SignInStarAnimView.java, line(s) 26
com/audio/utils/x0.java, line(s) 10
com/audionew/storage/db/service/RandomNumberGenerator.java, line(s) 6
com/sobot/network/http/HttpBaseUtils.java, line(s) 18
dj/e.java, line(s) 25
dj/h.java, line(s) 19
io/grpc/internal/DnsNameResolver.java, line(s) 21
io/grpc/internal/c0.java, line(s) 5
io/grpc/internal/j1.java, line(s) 10
io/grpc/internal/r1.java, line(s) 18
io/grpc/okhttp/f.java, line(s) 51
rj/a.java, line(s) 9
rj/b.java, line(s) 4
sf/d.java, line(s) 14
sj/a.java, line(s) 4
uc/v.java, line(s) 5
widget/ui/view/SnowView.java, line(s) 24
x4/a.java, line(s) 11

中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 

应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage

Files:
com/applisto/appcloner/classes/BundleObb.java, line(s) 79
com/applisto/appcloner/classes/FakeCamera.java, line(s) 414
com/audionew/common/file/SDCardUtils.java, line(s) 22
com/audionew/common/utils/x.java, line(s) 124
com/audionew/common/utils/z0.java, line(s) 10,10
com/danikula/videocache/StorageUtils.java, line(s) 16,33
com/sobot/network/http/download/SobotDownload.java, line(s) 115,91,133,200
libx/android/common/FilePathUtilsKt.java, line(s) 89
td/m.java, line(s) 27
widget/ui/dragsortlist/DragSortListView.java, line(s) 338

中危 MD5是已知存在哈希冲突的弱哈希 

MD5是已知存在哈希冲突的弱哈希
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
andhook/lib/xposed/XposedHelpers.java, line(s) 1088
com/danikula/videocache/ProxyCacheUtils.java, line(s) 44
com/opensource/svgaplayer/SVGACache.java, line(s) 95
gg/c.java, line(s) 284
ii/t3.java, line(s) 379
l3/a.java, line(s) 24,57
libx/android/billing/base/utils/BillingUtils.java, line(s) 40
libx/android/common/MD5Kt.java, line(s) 36
xg/a.java, line(s) 13

中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞 

不安全的Web视图实现。可能存在WebView任意代码执行漏洞
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5

Files:
com/audionew/features/audioroom/youtube/player/YoutubePlayerView.java, line(s) 542,532
libx/android/webivew/config/b.java, line(s) 78,76

中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 

可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6

Files:
com/audionew/features/audioroom/youtube/player/YoutubePlayerView.java, line(s) 539,532
libx/android/webivew/config/b.java, line(s) 43,76

中危 IP地址泄露 

IP地址泄露


Files:
com/applisto/appcloner/classes/HostsBlocker.java, line(s) 155
com/audionew/vo/setting/NioServer.java, line(s) 15
com/danikula/videocache/HttpProxyCacheServer.java, line(s) 29
com/mico/corelib/comm/DnsServersDetector.java, line(s) 23,23

中危 SHA-1是已知存在哈希冲突的弱哈希 

SHA-1是已知存在哈希冲突的弱哈希
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
ff/a.java, line(s) 74
ii/z3.java, line(s) 43

中危 Firebase远程配置已启用 

Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/63029136670/namespaces/firebase:fetch?key=AIzaSyDPlXeEkTNiY0B_DDMbUcLo8FGePVf5eoM ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:

{
    "entries": {
        "Block_Log": "false",
        "clear_fresco_memory": "false",
        "clear_fresco_memory_all": "false",
        "h5_enable_httpDns": "false",
        "open_fix_h5": "false",
        "replace_glide_gif": "true",
        "rpc_host": "rpc-hw.xenalive.me:443",
        "useHttpDns": "true"
    },
    "state": "UPDATE",
    "templateVersion": "45"
}

中危 此应用可能包含硬编码机密信息 

从应用程序中识别出以下机密确保这些不是机密或私人信息
凭证信息=> "APP_FILEROOTKEY" : "xparty"
凭证信息=> "APPSFLYER_APPKEY" : "VpnWUnkEERgFVk63R74sb3"
凭证信息=> "com.google.android.geo.API_KEY" : "AIzaSyD_zU6uz2BURAd3S_ud3ymGwTlifAObJ9c"
凭证信息=> "BUGLY_APPKEY" : "fb0469c13d"
"string_audio_search_user" : "Pengguna"
"string_room_gift_all_user" : "All"
"google_app_id" : "1:63029136670:android:10e4503f630666309e0d0f"
"facebook_client_token" : "a1f2dc8e6bf55899660504ade610fda7"
"sobot_ding_cai_sessionoff" : "Fine della conversazione, nessun feedback"
"string_audio_search_user" : "Utilisateur"
"google_api_key" : "AIzaSyDPlXeEkTNiY0B_DDMbUcLo8FGePVf5eoM"
"facebook_app_id" : "632419048857468"
"string_audio_live_visibility_private" : "Private"
"com.google.firebase.crashlytics.mapping_file_id" : "1bbf17f54f754d6d9ba2c4e4cec2cf63"
"string_audio_search_user" : "User"
"snapchat_oauth_client_id" : "80e77d20-2e7e-4755-ba6a-816fd63a85e0"
"sobot_ding_cai_sessionoff" : "Conversation ended, you can't send feedback"
"string_auth_profile_gender" : "gender"
"sobot_ding_cai_sessionoff" : "Percakapan berakhir, tidak ada umpan balik"
"string_audio_search_user" : "Utente"
"google_crash_reporting_api_key" : "AIzaSyDPlXeEkTNiY0B_DDMbUcLo8FGePVf5eoM"
"sobot_ding_cai_sessionoff" : "Perbincangan tamat, tidak dapat maklumbalas"
"string_audio_room_user_list_author" : "Homeowner"
4208666df504bf023ca008a28e867ec1
d64a4b28aaa5d81b0245212e7971509c
3c05bdde02a6e3adc8a04ebddec8176f
58d07b3fee4abf2166593acdd2c21f17
4d05ec44cb54f0e24ff93ddcbd4fd65b
a67f25ddee244520c3450cc66b8be12c
43da865746751eac4148278042c24ea9
4d1daf462d821d1108c2be1fe84da668
n4EPbNtXMNgNzgO0pJjfLc54Q9QnnUoOaUIYAPh3VtjxGkQhzM+wXdSDCxzgR/iipbLkIXQNuy2sY
bd5c89a3c3df59206504235219201883
bf4b9ba2a25828c97a6828adfe640ed4
4b018e8fa9e1c8d16cad3f55d7d6450d
cc2751449a350f668590264ed76692694a80308a
6fb2dfcb3241fb699cd7787d7c60f58a
ba866fdcb0faec13ab853a430ca5a3aa
df6b721c8b4d3b6eb44c861d4415007e5a35fc95
0932910462f43d53fca059b0cf3936b6
6e2233b58aff66b05fc93970644bf0af
A01EECAB85E9E3BA2B0F6A158C855C29
21c637786fc625301d6bb933b7fdd334
aed2a286d8428014f15cb65cc78fc20f
2ba7fc692081d8711583354759bead8a
fa1c3451bb2df1a017d657b930a79e07
0e86c4a14f57cee404b567d440e2fd46
f0ea09b1df70431ba4b5ba783c3bc839
1b90a277f734d18efb90e1c25be1b17c
c140c30a5814db68c45325a055195864
bead1109bd03cc7cd749924b970f6621
94345b5db6fff0c2c4289278716268a5
0658ba1f6a25fc980364c8eccf1b6741
fa9cea2d8e68d950deeafe247c5d1a0c
10bbfd01e9d5fa1fde15a01c3f2c27bc
fde0c408910d86b14c68b31fa27eec87
c72146be0da15221003f7275b1342cd3
61de822fb288457e2a94857290c0e901
f78f894b678a4a90ea5dd5a8779e3806
5424af4d2b61aaecb37544b5d3b1f76d
00f14a5afe75698d8769d7aa3791ee40
3e27521ef10ce23b35886f1c764a9113
fe48311e71fb38034e512ec11ee90fb3
86b326012813f09d8f1de7d6d26c986a909d
f0da0f46fa964f75e101f32b34caf26c
n78C8qoIPewXwOcK9V1kHzIi2qlRGLEB3LDSVx3KgP3rEWSlxHzAZt8OgljPjEvkcWGJmr4dyoA/A
815e4d543b8f7fe17cb49c5ac9fbb70e
AA3978F41FD96FF9914A669E186474C7
n6ILXhSq+P2Ae7qsIh4HV0REDDQ314F/QQmVQhaYmuwAAAABJRU5ErkJggg==
265d432c86245f569feb8eafbf678dec
d286e6f1052ea2654dd152aed3dfb2c0
f50b39b33c485e89e3ccb2f14062ad32
0a2bbe245853bcb310b74fc61632f046
CCD4AD38DC6669F875BC37E3F8840648
c910edefa97ec5b396e9662bcbe0182b
a7362399d4152b7e66f1ca36f91ddebc
59decafcb844abba9e86a4852f4c6d54
n+AxcP7sT90e4wsx2lRLoVkh6KOeOs1Z8IekeSce3yWOWpL9T0tglaWGb+w/x8OmdyoJXQPCPkDTc
3fedbb4199b189d13fe5fbcd3c5cba6b
f646b0d7bd789da2cbc743464a205887
684b56b3c7eeb28419c0da56301feabb
2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3
c410a441cb73c18c1711088966529571
40202e7b6820ed1b3e4b363512bbace7
f4488a6a50cb00f4b48efb4184cac65c
783d0f8f232b8b9cf4950115bd3a7607
ae642409ccc7843423d2b7ef798c795d
7e8a5ec5660136b5796691ddeab87735
b18d3238c103912503ffd85de6871559
727031961876f76d67f31b1b7de95121
9b41692bee1e20c104b13c341f20e6c1
d20839512703984a031162cdfc91e4d2
3BAF59A2E5331C30675FAB35FF5FFF0D116142D3D4664F1C3CB804068B40614F
cf07d231106f3392910d57a2e6f51f5e
5f13438166808dfda1bc69115064ba0a
dc73ffecafb8cebdc4106aeecdca537c
269af046007e33ec46852cd98cb9ae54
a41dc16866955013f2674f3565359004
33064bba761fa25ca1196a5484c31274
a91b55592506ee62aa5bbbcfd40c263e
64376b4cff41fd65eea5477fc536106c
105cf2676f634b5a992936abacd29dd1
b75a137e723cb92b7a326abe8434efbf
3c650303f5019a3aa593b53773f2df16
a59bb31110823394ef6abe58ffd9b4be
03ab5448651367acb81eed7e2bae4773
9f96068987b03ced92caab23ab510d4b
e19584533da6fad9711be95420edf13f
274c3e2d3c86643459cee2c15f85b926
e04a8d5474e77808e1bf3ef4f84cee4b
a1d9f4c3d42cf64d08b948a26d1d11ef
8377aeb99c77f453d285214c6890c8f0
nCXBIWXMAAC4jAAAuIwF4pT92AAAHk0lEQVR42u2dW6wdUxjHf98pirqURElc6tIihKZOL0rqLiEl
227b058d10dd185d2fbee09e652d6c74
13a9a418d37417217ae99cb511ef194b
a58bee58b5c1df85230221c197fd039f
8a3c4b262d721acd49a4bf97d5213199c86fa2b9
250420c66687dc164b8bda1181a67383
b32bd02bb66a2c671ced2c68691bcf8e
c3330b2d6f852d3db7a5c9df23da1114
af9c7ef3869489b4d4a199f58acf02be
72d0aba49c797adc1d86e330f533eeb4
fd600aea724da3390fd6063f44944017
52860201e63f1b0417613352e3d0fcf4
257f460d0b7078dabbd8fcc2f60d20a0
4a069632d7079b06a96e5e5125fbe8bb
d1785115be104995c4b4e8cd16e79fde
nJ2k5MBi65DXhQ6iwE5b0BHBP6FLXhB3AUWa2u5ImSNKdNMFPcp2Z7YYKaoCkmcDa0CWuCVuBu8zs
2744dce375c4430998a0ee4a73fe8aea
e08e7a3fa03ec5c0322246f5f7a949e2
e1df322175ccf383cce3a531b71bf0b8
ed516d306c505ee5e8ca59c64d0843f7
e6200f09496d57fe55aa27840644d391
4f240d6c30069e8c1506789d0ebb4990
a3ad9671fc433e8a4db630eb80984a5f
6007d419c3a9dd3aeebc140929f84bc1
40949db3512ea14f467058d433aa9f47
nd7qkHRn2vssMU5VdE3xYVka86jITBsDMNuBGM2mjDa9lhqhj7ifnqmsbvLfG5CH0PGDUkNXMvqV4
bf5203e22a94bff7644ce58dc37ab623
cfac1e3059013a0a4dfa671a756195ae
13f7cd42caa039e10a0ea9025a6755d4
nbz2PpFXK5obQPvYskh5WPqaG9rXnkDRR0q6cAjxZdP59oQNQA84ADshpO6vozBsB4DAP2/2KzrwR
f66ab2b2c971c6b95754fdd33ad00991
32eee963dc46ca726a39bbdfd45cf255
a45489e848a4963ca4bdb8803efe7521
78d769b2d6ba6b22a2da9b7a4409577c
82189266066032110388dd151cda277e
542118d41a183a6aaa8d7f19dfdca1f6
n+ZGkpzrId6ak3RlpLm1xz5kePn0QOrZ5A3H9GIMf80wHeZ+l7OZo6Qh7HwFWh45t3iCsKEiATkXo
04215d9abfa13ef4ee8772aa9d7d98ff
338c4bf3ae2807f8e83e4e9574751e29
1bb44f1ec248625b058c3b7ede3c091c
b062c0c3ff564fbd89d1ac0212de6830
2f0ec09a59ef1a5e550ecbeb68d88f9b
ec121ef0dccb6100e144e4d74b95bcfe
5213b65c8d088d08512943c2f67e6b84
8f59e1ab1a9a9b04af0966033ec10b59
ec00eb2aabbec6bc38c5bda3c396c834
bc82ead6980bc24fca762d4ce379ed0a
039be73e7193c0ac58b819df3242394a
26650f5c338a5d414070b566dcc3a3c3
fd68db1f916d5bcbb6608bc06b04cbb7
55384ff892a9f474d7cb373da961451a
nxtAB6Dkkzc+55W9DaF97Fkkv5BBgPHxbUjgkvZgS+F2SbgztX10o9cGJpAXA1cB03BOr94DlZvZT
aa88f0839b1adcb65c962a89704290c8
950ab04c361165a1b42982f3dcaca53a
2ae9fbc45bcda90b7639dcb30634c41a
40423caa5e7394835ce759b1dbab0b5e
b46802b3ae050d1961af9d26966fb995
cc8682aa4e2bb71e4e73f24b04be8a84
b3b8cd5591a6f5ff0094ef9a865e53f3
cc30e127e4fb7bb48b54f09db730d5ea
5458ded66cab6eaf506fc78c9912d77f
dc0747de028d45348685337eb4871a4c
nnEP6ewBXAAflTa7oYJUhwJEetmtGlXCvCL+m3LNYblk7NznmCXnpivcDfARoGWQz+wH3PlZaTRjs
nlwr5ETjezBRsKULS6ZJWAU8xvoIPcBxwGQRaC5I0iNvycX7oSARkPgQQQNKjwHJgQugIBGYiVLwY
1f7f0b0248b29b13f7154fd59d22f3cd
0b370650057a3a2b7e52e8dd1efa44d3
eea1df593f0e5a24e9127cc1a69cf012
ee96db83e558523cd1747d50c19e1be1
8b9ad3bfc5710c17978d8023fcea48d9
1effbba2aa1a5dbea13feed39fb11dc4
e41eff7b3842e1cb58043641a6d5176e
47a873d76fe727119f87ff9c0c703b1c
480d4ed2f87fdbe496edc48fac6e118d
da896dd7ae994b8dbd7388bc2ae66f34
8446bfaf4452404516629b2b899b5ee8
4df64341cc978a7de414
8b131cbf32eae1317a7907a82a387d25
75cebcd4b06264b695735e1c1ea0a0c8
1862cb06c55b31b1bbf44c583e5d149a
bdee0e21ea17657e81e55e8525e976ca
163b4402f5bd1144757cd36916e85350
7c2219cff132a64dd43e6885c6b4f962
637593b95cf9292c6bef08eb212bfe31
87bf784a8c47ecef05f807976066fca9
21beb9be543968463397a9964eec9a9a
5441ecf4c2369634dd7262a7f07a41a3
8bd23613f9ddb9bd63d587ec626b2c76
b9fab41bced777c6f4ffca121b001f2e
edc9c07e8681665b0106c6ed531311e4
8482aabfa7754110033f5b24c3d66bb8
8f2fc5984ede5e442cf326cde76a472a
0ff66543c5284e7297c5259dbba8e31c
d1813895defc436e389e98329511b474
4b5a79385cdd96462c52af8470855968
ee51c677e3510e13dd8454b5370be0bd
fc23cd676cdeef03aeeb291404e3fde4
nEWYD347Bz/VmtmYM96cSWoCWRCLMJVsE38naNXQ+k30gdExyI+kVj3Z1fpu0Jssdnp1GWxEkHSTp
04be732702f22f96eead8fd0b15389e0
9716f8ff53df5ab6457d2a31ec3f362d
6d581c90ee684547adb1a2ae7ee57416
020d0d5c488f92f5907f2ef70f3f3327
0b1591d840ac44dd1c965f1ff36ba54b
c6c664105223c58007e35184ab967333
ac347226e8f64f2aba673eee3fcfbc90
4f87602f6f3743d06dd5684e6290c922
fa8957bf7f204b4e38f30592086d0108
063924fd33d30553bfe87b55a38818da
d3726b5ef794ea0dc4c2f7b5a31e0484
dc57fc8e2c206e54f85e8e055be7217a
4ec5983e1b7142fff4ab6f0c848cbcc6
a896ea05f343d2d5ee95405873902c0f
c13e744c712825f17201f7e06b3127e0
681c1ad5e25e1b43471144faa2ae05a4
6fda9d8e48fb43f99adb8cacb59e6231
48c9dd4c10f14ab6013543e68a49e1d5
4c420de3260c3be6232c8202805fb1fc
6fcb99e6006785eb82e635960e1dd6f6
b145022415ada9cb7b3da6bac0772dfe
492d25c961d3cd8e862b06611ee1e997
89e335191324962b474b998812471d42
njY7OJr0mLOpwiHpt4BgUi6Q3PCZi8h1SSjpR0vaM9LxEkHSMh69dMRHz7agGfUSIhqhzKG50dHiJ
40636c0038f57fb5869a6ad0cfbd642e
f8075fc6873e90b88548363f1fb73b6a
noCasBeYxdhEKpQwBfJ50pb7yY2abgNmki7C4F0QoQ4DC2slIhFm4VchWLJb0nGeaa3F9QicidEUf
9fcb5922889994a3921ddd1adf0d214e
c8e2bd549861551a46b15ed6fe5f0240
3a96be3423cb8a0a67e0312d906993d7
b49d6c05f52097e5a86cb23e3cf2ab44
fffbce9431bbcdde55558521c913286e
b8fbee1552118a6fcb0b936f929aadbd
0b16207dd8adc50edf37d12a77ca12d7
8533fcaae7b9dbc390e3ae88907c8c17
3f23bebbad2728a7781d65294a4f2169
581ed56180169596e54196dcc0c07658
e2bf4bbb-7b41-4138-ac9b-db17e6512022-A
FBA3AF4E7757D9016E953FB3EE4671CA2BD9AF725F9A53D52ED4A38EAAA08901
705bb2b268395e6db11a7083d994a687
861021ad588d7e6917df0578e05c90a8
e89b06a6363b191f4e3861b38111c606
d4c9492d393b60474dc97c5004428bfb
70746a73f2dc0083b62521e02ecb993a
93e1624472b701296e5013e1d9c387a3
0ac3628c70c14f41ece954912aee1e01
5a7da0a640a4e71471d2838e6289352d
16bbb4060c8bbb82fe2ba828e053eebc
0244df82ee17a36ecb52d16db6fb6931
91c4fb1455470d803a602838dfcd5774
d6f35e7381db4caf476d57506e63e62e
bedabe8e5b935659d7284e213077266d
e804e33fc33a1555036164278ba73b60
2b57254988266351700e268abb4bbda3
74d3e018d789e74a37ae762e77cba126
36827badd2e4dda83c5ad4d837101a95
077107ea920632567a9fdc53acd5b504
4685e784c20046a5836b6f6b0000fabd
d94b7d47ce2140117167aac04584e014
f84693c452b3d42568c1dea649de7570
93842d7d7d0b43236f478ccdabb25698
a43569cd429f04ff54936e7503d2046e
87119e53f6e61065873347f45f6bac7b
2263640570cd6bbf5415b753a60425bc
59783649cddfc76087fcb704a662584e
78e376426eef9bc839ec9a3ed29a7d6d
9f303c69dd8111e7c446b4602098e62d
1a43b0bc9a5dd9559fe2289ca1c0fe1b
3f12ff64e9ffd9a09d7ab6846eebe641
8817b3235b618d4117ebeb9bb61a1475
a24ba2157572a563bb6aea93996b7020
a41baa51a1d8c83dc952de288543b871
76c439a46c4fc96384d6a54ebd31c924
dec92ee103c78f985fd42b71b65aab36
5dcf8f6d96eb5057892adfca40222b96
nsw0NDQ0NDQ0FUesnYpIOBE4BTsKt2ewLTEyYDCfK0MfeUYzYO8ROjmQsca3o2lrYFJm2AXuAL81s
a0244a3c10b9d81013d1d321feaac090
b8b2d73d3fc54041eb00ef30f9712779
2cbb4581206aedf30b8e7767e5e1da75
1b7244986c39b95cba5fe3da49a48ccf
3f0cd3a213957812791139f5e7a5ae14
43b2a74ef45bae6e59f987825063ae93
08e03cd24668091d8d75ca30f05376c8
a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc
9a47cb6451241fcb3a94cf38841581f9
119523acafae878890998f903560a996
21bb02ce92df5d872abe5ca535cb2f15
79e2812f6964406cb2724479ea003d51
820752e05dc6d4cc059b91346cbf3c77
fd39ee9783eafe0826dca6ce96ee60a8
8b211d93fcf23c98e9a1dac0b6814458
cb07a020abd406f4541b23b5e4b77988
31223B0BDF1DEF1FE8252971ADA3B577
b67ab8fc1e813b57a2786bbe9de222f5
ed6b1d33db4e80c4291c515d99e8e0ce
375bdb2f3afaa0e20f55b9983585fa9d
nzHYAd4WORoWsA241sxkhgw8jJi6SHgPuC+lQifwMvAu8ZGavhnYmptVM+CLc4RUzgEm42eiehP2E
nbmhoaGhoaMig8M5S0hTgENxxYMk8kg9v+nAPg34ys79CB6GnkDt8Q5KGon97Er8nPxu1LWU8UsbB
200de9d2e8fa052da18047bd6d654817
068193fe8972885f004c855a7582b18f
eec4d84bf830d4e065567d0d659650c5
72d0c7200f01457081a59aca7681551b
95c0d42ad88eda3114f54efdaf5ee3d4
f0bf0becc4da32a12e89ac5896c15fda
f42c31235fb2f4c44ebba18b475a7f82
9d91d28195cbab72c20968302ffd3c5b
18bf4533283774c1a55c0730a79bb0ea
dcc653ea1d4a68d5c791ceff356f6866
706bdc7c17aaa429c6096ce06910086c
f235bf2ceb2e460e1afcc8fde4a094ea
nJBUhcameExFCkEhow4NEJCIST32oW4TEg3ogbg+NklAaSl1KFG2lNGlJimqU0/P3sGZ0nLNn9qx9
df32a3059c7cd0e5a787a93f71498dee
04a6c51079d95861978521aae4731d00
63c16ac4b219deddf18cac7addb6ce4b
db203bafe643f07be4a6aaf36a26c5fb
cf22ad7488e5f9003c3a7771c628a389
48b12a9eea706b6d55da2d916e0a9e30
dba9899c898d6f17c0e53edcff2fc83e
8f9e81a1be53e38da16fb627be48b69e
6e176fd95d6ebbb13f893f675fcbfc37
f542936f9fa4eb25b04d7550ed2b496a
3747e7864debe7e773905094a27e9b69
e0f36f41036a8a64b28fde9036a76cde
af77e08ba482979e2a9392c44d2e3d18
c38f6162acb3b34ba44148be9fbfeeba
70d8ab4521082a962a448c89936f0b4a
3877097a275c1ea6dcd0b0a9ce0f1a0e
1f0dd15455e56cbb6efbbea47f41f126
1ec9c2d01741c5e7de0f121ff4964f79
d450e8a36e28c73c7bd2438ee45aa44b
256d417cd02774f19e03d30d96b2ed1f
76c2388a8fa4e501480d15087f23cdfd
3d0785ae6163ba0c33f733403516b4bf
8a68214d685a27e187ab7e5ab0cbedd6
54d20a86af3606d46b9e04f9ff564698
f1524f30fa94348adba29a11effdba8d
a5d67237bb1875980d601265c31b7a93
dc07b42b7e4d4279d55750c4fa678469
2c9cca4f624df7a11793957141b86a60
1409fc2bfbb97ec0acbe8f1ae85019a4
5375832d9d0ff0f2649ff4a089283853
b9d565d71e43a5507a36cb3e827eab04
d436550bed19894f0be8bf08a845408d
7313eeb50eab36eaab18c0216707720a
6e865909b92fdffdad5350d08729fde7
3a81bd05aaf8489bb54062f4590bd723
0294151920feb7996dc09fa31ee548d2
0e23e95a377925d86505ad62bafa9a2f
26be70b600214621f8d58ed643e559e4
7d81d8b97f2bb1bdd17807641b718898
84728fc08051e3a3e7404bd394712746
bd7ea8145e9fa8a5350d90e09cf7705b
18C867F0717AA67B2AB7347505BA07ED
64ed5b4be2a7b588a8a0c65b0619c493
1b569422c4d6aa98d187af69444340e0
8ffa76e4dd3a8d6f94947730204253d9
e93664219541eb8c0657ec9e4033fd90
193a8ae039094f190c57ffee3da56e3c
b22be8396b26db3d43b646c2831f2810
fc5a6f19993d711200f72bbddc3f8ae6
3a769ee7db49cc8e5462a491c186ded3
eea18272606f6568d18ad0d19059874b
bcf25e3c88975483eb328e07acc103eb
bf600e6e5f1ecdacda2caaf9a73ebe28
179ca8a47786bfe5d3870f904f438ebf
d051f5206958a6f39b0f53384cb4c93c
n2olwU2SXZdN1AtzmEfwtI+49oSQRspqj1yT9EUqAMoahx3rYvpW8MLONwFzglxT7WyQ97eOMmX0M
7087948e3974e1dde7887743a68af560
a55f3c423e2dff50d47f478995a11c12
614390974ed8841ba5ddc5ac0a1c60f5
63b750e5d13d3fc76b81823e17abacf0
66239f4089a990e37a1d09b16763d47f
906e8a39909c042bdf150ce3e9d3f7b6
f6ad626c835b3ba7e46bf7cf50c2754f
FFE391E0EA186D0734ED601E4E70E3224B7309D48E2075BAC46D8C667EAE7212
1d9b042f9185c9176278e563965c9f00
6a2d7eb05f74069c217d3c38871daf24
fad5585a716162aa9e01d7a2a59ac349
dfe0b66c5b89ab028789452dd4233ea1
9b8f518b086098de3d77736f9458a3d2f6f95a37
85b6bd7c5b51cba9987e02bd05bc338a
2143c3a25b0de6440b057bc1426e22e7
354fef0ea6a8ad00051e810d1e9db97b
880d6ea1e343bc30c1c678088ebd868c
c0114ff7a8c34c8fb22d0ec59c5c0cca
15c48351f913948bb965bdc7d0c54f55
a210460b814c04d500eb12025902d60d
cc77dbd5a721966e9ec774c03330b2f5
6d5c9a94be396a6dffe78b6602d2c9a6
95451737b2596aa4222f405d0daad86b
8d7c7cc487e5605ea34768282f0a11d4
a5dfcac97da98c95a725dfd392d64e64
A6B745BF24A2C277527716F6F36EB68D
d3e2001fc95583bc162788d513fb7ea3
50b8317bb7184858323f4d7da89bed9b
babf25cda8b5f1a953a592f0ec72b3ee
6d121ffaafa311f6639bdf77d33f6fce
477f95647e1a05469eae35e75d8faf6c
E3F9E1E0CF99D0E56A055BA65E241B3399F7CEA524326B0CDD6EC1327ED0FDC1
5e1135c95cec338052582ce91c87a195
0a478d395d29e8b399852fd8abdad992
2945250db6e7629a11610ec002204959
9e3d5e07fb80305fd71a5af175a100f5
6e0d8598c7df1d220b49f9e375c59016
e42172fd7765abd2879d6b80860f5f3f
ec427cf0106f3a72baeaf65fe1bbe0d1
b0b004e5d72b25341402270686ac3c7d
0b025b5608b120513eba79296b56e8d1
Y29tLmFwcGxpc3RvLmFwcGNsb25lci5jbGFzc2VzLnNlY29uZGFyeQ==
8ae9b2822160a3d55ed4d797b31de680
b7923a2c8877f2fe389b029aff3bd24d
f3db492b383199cd38ba2da4f6f0fdfe
e749a8b6b305951ce6f21e0fc4f428d8
d69a4a830e7f7fb45c0a9b02a13c1fb2
f0acbd27e08cfa04cd9bdf7d17893b16
a6d142b8930ba1344cafbcb30851d134
5a77b9a27513a73032cefd35e8df8ffb
2537a38eda85768bcea93d7d713078df
nZWtL6D4gxleEjTgRsiZreZ8nNC9qRwx6BC0WIWuyNpCzY/YJalfUgLEw4LPgFs0T+snumNuJ4BOD
aec79ca92601183765b7f400490023d0
c5efce917bd9ef8568a5171e0ede1645
775E696D09856872FDD8AB4F3F06B1E0
b5432631a2d50004e5287e23d1d5da50
nYfAXeebVnyGCJC3JuHeGh1/vFx2nMjvh++m8iTvax9jMPgHOBv5OMXlE0tICyhR86SYXchted46h
bf1c364e64991f0742bebda1e546b26f
4e4520d8c111c48b048fe38e4090f7af
be3bb0585a7b67dafa6c69b815ee4013
731ac1a5bd8b2c6560cfc5270c9de24c
8a443f222f18ae46794608cd10f4db38
6b12da87bb87308219e0ae3047966a38
e2c206cf7c62c20fba635b0b39bba8f8
5580841b1c8eebdc7477bee618912c55
baf7c71dea9da0a31c1437819839265d
043ffdc86799a5f361658269ec041877
07493934ff2e9a2822450635fd470ebb
n5cgy1k4ASf3A5cAFuJXKKaF9KpBPgDvM7KP4g1oIIGkCMADcBJwb2p8KOMvMPoUaCCBpALgfmBba
39cac7ae6ad7754240a2e92383b0144a
8c250398fe9220c87015a697c7ecbcf3
bdcc99e8bc10d76f79d96d454f5865ca
ab5da1257d6d2d84e04c9718257acb65
2a182b8f0989f3c0dbf77e56a5db45ac
48b5743aff496bf96e2d2a4773cd0b0a
5fa05101eeae4d31326b12980bf337c5
fa3ae9e99681ce8119adc2d5c08161f7
b9e9931d1aa57c166af88e500b112e2e
a13cbb1dc2778c373e5803bb87743f22
df9f6f4e610500473110c8a9ca1575b9
d9fa0cf8beb09f8d44379e38405294f1
34bec66c4270c1332f94869ca82c09da
cdf26b22fab5df9f8749727c836cb8a5
a0cc71263ee6a4bfd7384f23b2ea41ae
ee6129d6ad7aecd81c478050ad9ae130
c3a6f4943dcb949a7e1b02e19bffd014
d5d5d54bdfc42393e4eca7a0a477d9b8
88fd814158d4a771cd1b2c4e6354f5c9
5180a29a1e28efc7c0118057b4ffa63f
cad928983bba19acb4a1dce75b3531e7
5131b3864ef0e37e2fb5f068eaf11397
105b9001e73697182054f7cec33a5369
c0fc8cf4831c47a01a6e54c924df12d4
fea3f51316915c0a6f7ff4d68562dcf3
625a5b897f28efe89ac40e8d3920e827
03dd1f2a6c6a3604fed05052dfc76ae5
f00b6d2d0221fb9d365b49a27440354c
51fa56d568f4b0e869302c948d218526
13d4baea763d4af6a4ed38beb035e9c8
cb716eafc54d3935a47aad685023f537
c56fb7d591ba6704df047fd98f535372fea00211
8c8ffe5bc8da65151006402f9faf26b3
nAP7xsB0qOvNGAL+5kIrOvBGghKD60AgQmEYAONDD9oSiM98ndOlrwNdAPL4fjn7G/UKyedoX+C60
d8b688d2acca4aab302b76f3838bde3f
33c57a01ab59bd945908376ddfddad5d
89bc823a191c41823282b57bb0f5ec0e
fab4e3aa46c258fec7dd87db17078fc1
0f159de3365ac00757c3baa0c29366eb
00f6c57b1d0e2aeff48580539d405553
d0a842909e56f7ef11b35569f6a3ac70
9e4d6e68607630c54fdff472c69f7616

信息 应用程序记录日志信息,不得记录敏感信息 

应用程序记录日志信息,不得记录敏感信息
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs

Files:
a9/c.java, line(s) 130,129
a9/e.java, line(s) 82,81
andhook/lib/AndHook.java, line(s) 97,145,55
andhook/lib/HookHelper.java, line(s) 34,67,92,144,155,168,189,210,231,266,271,79
andhook/lib/xposed/XposedBridge.java, line(s) 30,26
andhook/lib/xposed/XposedHelpers.java, line(s) 469,480,491,502,513,524,535,546,557,568,583,594,605,616,627,638,649,660,671,682,693,704,715,726,737,748,759,770,781,792,803,814,825,836,847,858,869,882,895,908,929,944
b9/i.java, line(s) 135,186,136,187
b9/j.java, line(s) 130,177,189,203,84,129,139,165,176,188,202,228,236,92,140,229,237,166
c2/a.java, line(s) 76
c4/c.java, line(s) 23,31,39
c9/e.java, line(s) 49,59,74,80,50,75,60,81
c9/i.java, line(s) 118,102
ce/g.java, line(s) 33,43,47,65,117
ce/o.java, line(s) 112
cl/c.java, line(s) 17
cl/d.java, line(s) 18
cm/a.java, line(s) 50
cm/c.java, line(s) 21
com/applisto/appcloner/classes/AbstractActivityContentProvider.java, line(s) 25,31
com/applisto/appcloner/classes/AppClonerNative.java, line(s) 19
com/applisto/appcloner/classes/ApplicationWrapper.java, line(s) 32,189,196,203,210,217,59,71,87,99,111,123,135,147,159,175
com/applisto/appcloner/classes/AutoPressButtons.java, line(s) 30,43,60,65,70,89,104,118,98,120,124,128,151
com/applisto/appcloner/classes/AutoRotateControls.java, line(s) 18,19,38,45,36,50
com/applisto/appcloner/classes/BackKeyHandler.java, line(s) 33,35,43,52,64,72,85,54,94
com/applisto/appcloner/classes/BluetoothControls.java, line(s) 18,19,37,40,45,52,58,61,43,64
com/applisto/appcloner/classes/BootReceiver.java, line(s) 14,24
com/applisto/appcloner/classes/BundleFilesDirectories.java, line(s) 18,30,38,46,61,41,66
com/applisto/appcloner/classes/BundleObb.java, line(s) 19,29,32,43,49,70,73
com/applisto/appcloner/classes/CalculatorActivity.java, line(s) 51,61,124,249
com/applisto/appcloner/classes/ClearCacheOnExitProvider.java, line(s) 16,43,47,21,39,52
com/applisto/appcloner/classes/ClearCacheOnExitService.java, line(s) 18,24
com/applisto/appcloner/classes/ClearCacheReceiver.java, line(s) 15
com/applisto/appcloner/classes/CloneSettings.java, line(s) 82,244,255,55,95,100,252
com/applisto/appcloner/classes/Configuration.java, line(s) 23,45,64,68,71,78,88,98,37,59,82,92,102
com/applisto/appcloner/classes/ConfirmExit.java, line(s) 14
com/applisto/appcloner/classes/CrashHandler.java, line(s) 85,94,108,27,74,96,112
com/applisto/appcloner/classes/DefaultFontProvider.java, line(s) 23,37,39,58
com/applisto/appcloner/classes/DefaultProvider.java, line(s) 38,77,82,90,94,110,44,56,69,101,116,169,188
com/applisto/appcloner/classes/DisableCameras.java, line(s) 22,43,60,78,98,104,124,138,26,55,73,91,119,131
com/applisto/appcloner/classes/DisableClipboardAccess.java, line(s) 57,97,101,105,112,119,125,131,148,152,156,160,164,168,177,189,194,203,233,242,248,253,257,274,290,71,139,196,235,260,277,292
com/applisto/appcloner/classes/FacebookLoginBehavior.java, line(s) 14,34
com/applisto/appcloner/classes/FacebookMessengerProvider.java, line(s) 36,38
com/applisto/appcloner/classes/FakeCalculator.java, line(s) 12,20,27,30
com/applisto/appcloner/classes/FakeCamera.java, line(s) 56,80,87,97,122,138,152,170,179,234,262,294,308,326,359,370,377,385,496,106,289,301,321,392,397,524
com/applisto/appcloner/classes/FileAccessMonitor.java, line(s) 18,42
com/applisto/appcloner/classes/GmailSupport.java, line(s) 32,38,41,53,103,116,128,133,151,163,179,181,191,193,209,212,220,43,107,111,138,146,165
com/applisto/appcloner/classes/HeadphonesEventReceiver.java, line(s) 12,24,31,18,44
com/applisto/appcloner/classes/HostsBlocker.java, line(s) 87,115,119,139,163,166,182,238,269,277,285,293,358,369,378,387,398,411,479,105,304,350,401,494
com/applisto/appcloner/classes/InterruptionFilterControls.java, line(s) 21,22,37,47,48,57,62,64
com/applisto/appcloner/classes/LaunchTileService.java, line(s) 14,19,26
com/applisto/appcloner/classes/LoadLibraryWorkaround.java, line(s) 18,23,43,39
com/applisto/appcloner/classes/LogcatViewer.java, line(s) 47,308,61,146
com/applisto/appcloner/classes/NotificationOptions.java, line(s) 141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,188,193,198,200,249,299,308,320,327,91,232,240,251,255,283,356
com/applisto/appcloner/classes/OnAppExitListener.java, line(s) 19,26
com/applisto/appcloner/classes/OpenLinksWith.java, line(s) 27,43,51
com/applisto/appcloner/classes/PasswordActivity.java, line(s) 66,123,133,138,74,127,206,214
com/applisto/appcloner/classes/PasswordProvider.java, line(s) 12,18,20,27,30
com/applisto/appcloner/classes/PenEventReceiver.java, line(s) 12,17,33
com/applisto/appcloner/classes/PersistentApp.java, line(s) 13,21
com/applisto/appcloner/classes/PersistentAppAccessibilityService.java, line(s) 12
com/applisto/appcloner/classes/PersistentAppService.java, line(s) 18
com/applisto/appcloner/classes/PictureInPicture.java, line(s) 24,30,36,48,59,69,79,61,84
com/applisto/appcloner/classes/PowerEventReceiver.java, line(s) 12,16,19,23,27,30,40
com/applisto/appcloner/classes/PreferenceEditor.java, line(s) 24,26,29,39,56,64
com/applisto/appcloner/classes/PressBackAgainToExit.java, line(s) 17,32,55
com/applisto/appcloner/classes/SecretDialerCodeReceiver.java, line(s) 15,25
com/applisto/appcloner/classes/SetBrightnessOnStart.java, line(s) 22,23,38,47,89,59,68,83,96,105
com/applisto/appcloner/classes/ShowOnLockScreen.java, line(s) 14,25
com/applisto/appcloner/classes/Signatures.java, line(s) 37,56,59,99,106,115,120,148,86,92,143,152,155,172,181,204,217
com/applisto/appcloner/classes/SplashScreenActivity.java, line(s) 86,55,77,93
com/applisto/appcloner/classes/StartExitAppEventReceiver.java, line(s) 19,39,48,61,34,56,66
com/applisto/appcloner/classes/ToastFilter.java, line(s) 25,29,55,61,89,81,91
com/applisto/appcloner/classes/TrustAllCertificatesProvider.java, line(s) 35,37
com/applisto/appcloner/classes/Utils.java, line(s) 72,79,91,94,526,539,109,113,128,167,177,187,198,219,229,243,325,443,483,545,561,597,631,647
com/applisto/appcloner/classes/WhatsAppSupport.java, line(s) 29,52,65,55,59,67,78
com/applisto/appcloner/classes/WifiControls.java, line(s) 18,19,37,40,45,52,58,61,43,64
com/applisto/appcloner/classes/freeform/FreeFormWindow.java, line(s) 35,39,44,59
com/applisto/appcloner/classes/freeform/FreeFormWindowActivity.java, line(s) 33,49,52,72,92,55,85
com/applisto/appcloner/classes/util/IActivityManagerHook.java, line(s) 19
com/applisto/appcloner/classes/util/IPackageManagerHook.java, line(s) 20
com/applisto/appcloner/hooking/Hooking.java, line(s) 45,63,74,105,58,67,97,115
com/applisto/appcloner/service/RemoteService.java, line(s) 40,88,99
com/appsflyer/AFLogger.java, line(s) 75,95,167,93,114,125,66
com/appsflyer/internal/AFa1eSDK.java, line(s) 2303,3156,3166
com/appsflyer/internal/AFb1nSDK.java, line(s) 333
com/appsflyer/internal/AFb1sSDK.java, line(s) 121,126
com/appsflyer/internal/AFc1bSDK.java, line(s) 104,101,356,100,187
com/appsflyer/internal/AFd1fSDK.java, line(s) 117,130
com/appsflyer/internal/AFd1hSDK.java, line(s) 59
com/appsflyer/internal/AFd1jSDK.java, line(s) 64
com/appsflyer/internal/AFd1lSDK.java, line(s) 43
com/appsflyer/internal/AFd1nSDK.java, line(s) 113
com/appsflyer/internal/AFd1oSDK.java, line(s) 130,138,168,170
com/appsflyer/internal/AFd1pSDK.java, line(s) 71,108
com/appsflyer/internal/AFd1rSDK.java, line(s) 42
com/appsflyer/internal/AFd1zSDK.java, line(s) 104,141,41
com/appsflyer/internal/AFe1pSDK.java, line(s) 31,64,65,68
com/appsflyer/internal/AFf1hSDK.java, line(s) 189,245,194,266
com/appsflyer/share/LinkGenerator.java, line(s) 91
com/audio/net/ApiGrpcNewTaskService.java, line(s) 89
com/audio/net/handler/AudioIsFirstRechargeHandler.java, line(s) 29,34
com/audio/net/handler/AudioMeetChatCheckHandler.java, line(s) 26,32
com/audio/net/handler/RpcBindPhoneRewardHandler.java, line(s) 24
com/audio/net/handler/RpcNewUserCheckInDailyHandler.java, line(s) 32
com/audio/net/handler/RpcNewUserDailyTaskListHandler.java, line(s) 24
com/audio/net/handler/RpcNewUserGetDailyTaskRewardHandler.java, line(s) 28
com/audio/net/handler/RpcNewUserGetDeadlineTaskRewardHandler.java, line(s) 28
com/audio/net/handler/RpcNewUserGuideRewardHandler.java, line(s) 24
com/audio/ui/audioroom/battleroyale/BattleRoyaleStartControlView.java, line(s) 135,390
com/audio/ui/audioroom/battleroyale/BattleRoyaleTimerView.java, line(s) 40,59,65,79,82,91,103
com/audio/ui/audioroom/bottombar/gift/combo/brushgift/LuckyGiftComboNumTextView.java, line(s) 128
com/audio/ui/audioroom/bottombar/gift/utils/AnimationTimerQueue$insertData$1.java, line(s) 58
com/audio/ui/audioroom/bottombar/gift/utils/AnimationTimerQueue$resume$1.java, line(s) 71,183,193
com/audio/ui/audioroom/bottombar/gift/utils/AnimationTimerQueue.java, line(s) 56,67,74,88
com/audio/ui/audioroom/bottombar/gift/utils/GiftMixQuickComboQueue$insertData$1$time$1$1.java, line(s) 48,59,68
com/audio/ui/audioroom/bottombar/gift/utils/GiftMixQuickComboQueue$resume$1.java, line(s) 73,119
com/audio/ui/audioroom/bottombar/gift/utils/GiftMixQuickComboQueue.java, line(s) 77,95,110,145,149,155,171,177,181,185,191,210,216,237
com/audio/ui/audioroom/helper/i.java, line(s) 327,372,373
com/audio/ui/audioroom/widget/SeatBattleRoyaleAnimationView.java, line(s) 116,137,138,205,228
com/audio/ui/dailytask/fragment/DailyTaskListFragment.java, line(s) 362,518
com/audio/ui/dialog/AudioMeetChatPersonProfileDialog.java, line(s) 140,141,166,167,181
com/audio/ui/dialog/DailyCheckInDialog.java, line(s) 301
com/audio/ui/firstrecharge/AudioFirstRechargeEnterView.java, line(s) 63
com/audio/ui/floatview/c.java, line(s) 204
com/audio/ui/newtask/NewUserTaskSendGiftGuideView.java, line(s) 173,179
com/audio/ui/viewholder/DailyTaskListViewHolder.java, line(s) 312,336,360,384
com/audio/ui/widget/MeetChatHeadView.java, line(s) 45
com/audio/ui/widget/WheelPicker.java, line(s) 443,448,457,577
com/audio/utils/AudioInviteRewardUtils.java, line(s) 45
com/audio/utils/f1.java, line(s) 14
com/audio/utils/x.java, line(s) 117,173,174,182
com/audio/utils/x0.java, line(s) 36,49,68
com/audionew/apm/MatrixManager.java, line(s) 101
com/audionew/apm/a.java, line(s) 31,37
com/audionew/common/image/utils/e.java, line(s) 378,379
com/audionew/common/utils/f.java, line(s) 49
com/audionew/common/widget/shimmer/c.java, line(s) 44
com/audionew/features/application/BaseApplication.java, line(s) 146
com/audionew/features/application/initializer/AppInitializer.java, line(s) 245
com/audionew/features/chat/l.java, line(s) 94,96,109,112
com/audionew/stat/crash/a.java, line(s) 131,138
com/audionew/storage/db/po/DaoMaster.java, line(s) 20,33
com/audionew/storage/db/po/MigrationHelper.java, line(s) 206,103,261
com/audionew/storage/db/store/l.java, line(s) 152
com/audionew/vo/message/ConvSettings.java, line(s) 49
com/audionew/vo/setting/NioServer.java, line(s) 32
com/chill/share/data/room/data/SocketStreamDatasource$_socketDataSource$1$1.java, line(s) 38,45
com/danikula/videocache/HttpProxyCacheServer.java, line(s) 203,211
com/danikula/videocache/HttpUrlSource.java, line(s) 66
com/github/penfeizhou/animation/FrameAnimationDrawable.java, line(s) 136,183,225,245,254,261,279,294,303,309,321,327,338,344,361,375,395,408,432,456,513,588,605,92,110,124,88,102,120,159,167,177,557,565
com/github/penfeizhou/animation/decode/FrameSeqDecoder.java, line(s) 538,547,580,757,641,336,371,377,411,414,425,465,495,502,506,522,526,629,749,785,799,806,818,827,520,590,782,824
com/kwai/koom/javaoom/monitor/analysis/HeapAnalysisService.java, line(s) 152
com/mico/corelib/CoreLibWrapper.java, line(s) 229,391,392,393
com/mico/corelib/comm/DnsServersDetector.java, line(s) 66,82,107,143
com/mico/corelib/comm/NetworkStatusUtil.java, line(s) 69,67
com/mico/corelib/mlog/Log.java, line(s) 595,604,615,637,671,680
com/mico/gim/sdk/utils/h.java, line(s) 17
com/mico/protobuf/PbSysNotify.java, line(s) 11913
com/sobot/network/http/cookie/PersistentCookieStore.java, line(s) 94,99,121
com/sobot/network/http/download/SobotDownloadTask.java, line(s) 435
com/sobot/network/http/log/LoggerInterceptor.java, line(s) 64,65,66,68,72,74,76,79,90,92,93,94,96,99,102,107,109
com/sobot/network/http/log/SobotNetLogUtils.java, line(s) 24,110,32,118,53,58,61,166,86,126,94,102,134,142,150,158
com/sobot/network/http/upload/SobotUpload.java, line(s) 103,111,125,133,159
com/sobot/network/http/upload/SobotUploadTask.java, line(s) 316,209,321
com/sobot/network/http/utils/L.java, line(s) 12
com/swift/sandhook/ClassNeverCall.java, line(s) 14
com/swift/sandhook/HookLog.java, line(s) 18,26,30,14,10,22
com/swift/sandhook/SandHook.java, line(s) 165
com/swift/sandhook/utils/FileUtils.java, line(s) 80,86
com/swift/sandhook/utils/ReflectionUtils.java, line(s) 22
com/swift/sandhook/utils/Unsafe.java, line(s) 94,32
com/swift/sandhook/wrapper/HookWrapper.java, line(s) 364,376
com/zego/ve/AudioDevice.java, line(s) 86,94,125,133,138,141,146,335
com/zego/ve/AudioEventMonitor.java, line(s) 198,251,313,406,449,484,71,77,96,112,196,249,308,574,85,102,390
com/zego/ve/FileMediaDataSource.java, line(s) 22,33,38,27
com/zego/ve/HwAudioKit.java, line(s) 200,242,118
com/zego/ve/KaraokeHelper.java, line(s) 179
com/zego/ve/Log.java, line(s) 58
com/zego/ve/MediaCodecVideoDecoder.java, line(s) 154,170,208,218,266,303,339,344,358,365,367,417,439,526,528,588,590,603,610,620,637,643,128,375,443,457,462,546,563,580,606,627,630,670,236,243,250,257,271,279
com/zego/ve/MediaCodecVideoEncoder.java, line(s) 388,437,450,456,524,569,571,584,656,823,838,842,861,369,481,624,642,694,711,725,844,851,854,873,803,606,609,615,309,316,323,330,350,358,402,406
com/zego/ve/VCam.java, line(s) 230,270,296,324,347,373,466,523,546,557,567,596,635,673,837,926,938,963,970,984,988,1107,1132,1146,1157,1165,1189,1216,1308,1320,1357,1380,1391,1401,1434,1443,1540,1910,1927,1951,2038,119,127,135,161,174,235,292,316,336,343,362,369,471,690,698,708,784,844,931,1009,1062,1086,1128,1176,1185,1203,1212,1313,1478,1573,1575,1577,1584,1662,1703,1886,1898,1964,1965,1994,2025,2031,974
com/zego/ve/VImageReader.java, line(s) 159,77,79,100,102
com/zego/ve/VSurTex.java, line(s) 63
com/zego/zegoavkit2/receiver/Background.java, line(s) 83
com/zego/zegoavkit2/utils/SoLoadUtil.java, line(s) 103,124
com/zego/zegoliveroom/ZegoLiveRoom.java, line(s) 532,2465,2467,401
com/zego/zegoliveroom/ZegoLiveRoomJNI.java, line(s) 192
com/zego/zegoliveroom/utils/SoLoadUtil.java, line(s) 103,124
d9/a.java, line(s) 94,93
de/greenrobot/dao/d.java, line(s) 9,16,23,30,37,44
e2/a.java, line(s) 363,396
ee/f.java, line(s) 41,55,23,69,83,97
f9/c.java, line(s) 27,26
f9/d.java, line(s) 45,44
f9/f.java, line(s) 130,129
f9/s.java, line(s) 98,99
f9/t.java, line(s) 46,45
ff/a.java, line(s) 80,106
gg/c.java, line(s) 174,369
hb/a.java, line(s) 40
ii/b3.java, line(s) 34
ii/c3.java, line(s) 151,130
ii/r2.java, line(s) 66
ii/x2.java, line(s) 161,91,156
java/io/ByteArrayOutputStrean.java, line(s) 13,17,18,36,20
jm/f.java, line(s) 92
k3/b.java, line(s) 17
k8/b.java, line(s) 114
kf/c.java, line(s) 78
l9/a.java, line(s) 100,106,112,123,101,107,113,124
l9/c.java, line(s) 34,35
l9/h.java, line(s) 42,43
lh/l.java, line(s) 69,94,216,218,268,286,288,365,367,474,476
library/easypermission/EasyPermissions.java, line(s) 121,123,34
libx/android/alphamp4/GlUtils.java, line(s) 13,18,27,44
libx/android/billing/base/log/ConsoleLogger.java, line(s) 19,27,21,17,23
libx/android/common/LocaleUtilsKt.java, line(s) 105,114
libx/android/common/log/LibxBasicLog.java, line(s) 38,27
libx/android/common/log/LibxLogKt.java, line(s) 16,38,40,65,86
libx/android/design/swiperefresh/BaseSwipeRefreshLayout.java, line(s) 521,635,649,669
libx/android/image/fresco/LibxFrescoService.java, line(s) 196,198
libx/android/image/fresco/controller/DisplayFrescoImage.java, line(s) 97
libx/android/image/fresco/controller/FetchFrescoImage.java, line(s) 39
libx/android/image/fresco/controller/LoadFrescoImage.java, line(s) 38
libx/android/image/fresco/controller/RequestFrescoImageKt.java, line(s) 18
libx/android/image/fresco/controller/RetryFrescoImageLoadListener.java, line(s) 61,59
libx/android/media/bitmap/BitmapCompressKt.java, line(s) 117
libx/android/media/bitmap/BitmapDecodeKt.java, line(s) 142,292,297,342,347
libx/android/media/bitmap/BitmapServiceKt.java, line(s) 30
libx/android/okhttp/OkHttpFactoryKt.java, line(s) 44,76
libx/android/okhttp/OkHttpServiceKt$okHttpCall$1.java, line(s) 59,74
libx/android/okhttp/OkHttpServiceKt$okHttpCallFileDownload$2.java, line(s) 72,77
libx/android/okhttp/OkHttpServiceKt$okHttpCallFileUpload$2.java, line(s) 97
libx/android/okhttp/download/InterceptorDownloadNet.java, line(s) 47,49
libx/android/okhttp/download/extend/FileDownloadExtHandler.java, line(s) 31,33,56
libx/android/okhttp/intercept/InterceptorOkHttpLog.java, line(s) 26,30
libx/android/videoplayer/VideoPlayer.java, line(s) 110,120,281,403,418,498,504,513,524
libx/android/videoplayer/filter/GlUtils.java, line(s) 13,18,27,44
libx/android/webivew/config/b.java, line(s) 135
libx/apm/netdiagnosis/core/action/NetExtensionActions$diagnoseExtensionActions$4.java, line(s) 56
libx/apm/netdiagnosis/core/action/NetExtensionActions$diagnoseExtensionActions$5.java, line(s) 51
libx/apm/netdiagnosis/core/action/RouteExtensionActions$diagnoseExtensionActions$4.java, line(s) 56
libx/apm/netdiagnosis/core/action/RouteExtensionActions$diagnoseExtensionActions$5.java, line(s) 51
libx/apm/stat/LibxApmStatService.java, line(s) 47,49,106
libx/apm/stat/event/LibxApmStatEventService.java, line(s) 78
libx/apm/stat/net/UploadApiMkv.java, line(s) 34,40
libx/apm/stat/net/UploadHttpService$collectBizRequest$$inlined$okHttpCall$1.java, line(s) 61
libx/apm/stat/store/DaoMaster.java, line(s) 18,34
libx/apm/stat/upload/StatUploadService$uploadStat$1.java, line(s) 92,94,103
libx/apm/stat/upload/StatUploadService.java, line(s) 70,88,93,102
libx/auth/base/InvisibleFragmentKt.java, line(s) 16,18,26
libx/auth/base/login/InvisibleAuthFragment.java, line(s) 35
libx/auth/facebook/FacebookAuthFragment.java, line(s) 74,94
libx/auth/facebook/FacebookEventService.java, line(s) 66
libx/auth/facebook/FacebookShareFragment.java, line(s) 66,74,88,96
libx/stat/android/LibxStatService.java, line(s) 48,50,109
libx/stat/android/event/LibxStatEventService.java, line(s) 78
libx/stat/android/event/StatLifeEvent.java, line(s) 32,34
libx/stat/android/net/UploadApiMkv.java, line(s) 34,40
libx/stat/android/net/UploadHttpService$collectBizRequest$$inlined$okHttpCall$1.java, line(s) 61
libx/stat/android/store/DaoMaster.java, line(s) 18,34
libx/stat/android/upload/StatUploadService$uploadStat$1.java, line(s) 92,94,103
libx/stat/android/upload/StatUploadService.java, line(s) 79,84,93
mm/b.java, line(s) 62,90,61
mn/b.java, line(s) 34
n/c.java, line(s) 30,58,50
n9/c.java, line(s) 33,32,61,87,62,88
n9/d.java, line(s) 17,16
n9/i.java, line(s) 108,109
nf/c.java, line(s) 27,33,39,45
o9/d.java, line(s) 49,56,67,72,48,55,60,66,71,61
org/greenrobot/greendao/d.java, line(s) 9,16,23,30,37,44
org/zeroturnaround/zip/ZipUtil.java, line(s) 296,301,336,359,362,722,729,733,739,745,751,784,1101,1106,1261,1288,1293,1312,305
p3/c.java, line(s) 29,38
pb/i.java, line(s) 34,70,76,84,103,107,111,115,119
pm/a.java, line(s) 23
r9/i.java, line(s) 61,113,114,62
rx/internal/util/d.java, line(s) 18
rx/internal/util/e.java, line(s) 74
sb/a.java, line(s) 22,31,40,21,30,39,60,61,69,70
sd/a.java, line(s) 219,227,267,278,196
sd/b.java, line(s) 25
sd/f.java, line(s) 262
sd/j.java, line(s) 32
sd/n.java, line(s) 65,77,80,83,87,143,149,164
sd/q.java, line(s) 22
sd/r.java, line(s) 23
sh/a.java, line(s) 43,25,34,17
t9/a.java, line(s) 31
td/c0.java, line(s) 58
te/d.java, line(s) 28
v8/c.java, line(s) 217,226,156,216,223,157
v9/a.java, line(s) 82,83
w8/a.java, line(s) 551
wh/b.java, line(s) 23
widget/md/view/swiperefresh/SwipeRefreshLayout.java, line(s) 503,679,691,708
widget/nice/swipe/SwipeRefreshLayout.java, line(s) 566,730,744,763
x8/d.java, line(s) 88,118,87,117
x8/e.java, line(s) 549,580,588,548,579,587
xg/a.java, line(s) 27
y4/e.java, line(s) 51,57,53,55
z8/b.java, line(s) 47,46
z8/j.java, line(s) 65,182,64,181,185,189,197,193,198
z8/l.java, line(s) 48,47

信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 

此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard

Files:
com/applisto/appcloner/classes/DisableClipboardAccess.java, line(s) 8,69,254
com/audionew/common/dialog/MicoDialogProvider.java, line(s) 4,240
com/audionew/common/utils/k.java, line(s) 4,31,43
com/chill/features/chat/adapter/item/MainChatBaseViewHolder.java, line(s) 5,97
libx/apm/netdiagnosis/ui/NetDiagnosisActivity.java, line(s) 4,212

信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 

此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard

Files:
com/applisto/appcloner/classes/DisableClipboardAccess.java, line(s) 44,120,120,126,126,135,8

信息 应用程序可以写入应用程序目录。敏感信息应加密 

应用程序可以写入应用程序目录。敏感信息应加密


Files:
hh/a.java, line(s) 32,32

安全 域配置已安全配置为禁止明文流量流向范围内的这些域。 

Scope:
example.com
cdn.example2.com

安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 

此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4

Files:
com/sobot/network/http/SobotOkHttpUtils.java, line(s) 56,55,77,54,54
tg/b.java, line(s) 72,74

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api.micoplatform.com) 通信。 

{'ip': '170.33.12.52', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (sg.sobot.com) 通信。 

{'ip': '117.50.125.133', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}

安全评分: ( Xena Live 1.5.2)