安全分析报告:
安全分数
安全分数 36/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
19
用户/设备跟踪器
调研结果
高危
13
中危
23
信息
1
安全
2
关注
17
高危 应用程序存在Janus漏洞
应用程序使用了v1签名方案进行签名,如果只使用v1签名方案,那么它就容易受到安卓5.0-8.0上的Janus漏洞的攻击。在安卓5.0-7.0上运行的使用了v1签名方案的应用程序,以及同时使用了v2/v3签名方案的应用程序也同样存在漏洞。
高危 Activity (com.facebook.unity.FBUnityAppLinkActivity) is vulnerable to StrandHogg 2.0
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危 Activity (com.facebook.unity.FBUnityDeepLinkingActivity) is vulnerable to StrandHogg 2.0
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危 Activity (com.facebook.CustomTabActivity) is vulnerable to StrandHogg 2.0
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危 Activity (com.mintegral.msdk.activity.MTGCommonActivity) is vulnerable to StrandHogg 2.0
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: bolts/WebViewAppLinkResolver.java, line(s) 120,6,7 com/amazon/device/ads/AdContainer.java, line(s) 94,7 com/amazon/device/ads/ViewManager.java, line(s) 263,266,9,10 com/applovin/impl/adview/AdViewControllerImpl.java, line(s) 83,15 com/mintegral/msdk/click/f.java, line(s) 128,14,15 com/mintegral/msdk/reward/a/c.java, line(s) 204,1392,10 com/mintegral/msdk/video/module/MintegralAlertWebview.java, line(s) 89,6 com/mintegral/msdk/video/module/MintegralH5EndCardView.java, line(s) 324,16 com/tapjoy/TJAdUnit.java, line(s) 309,334,554,23,24 com/unity3d/services/core/webview/WebViewApp.java, line(s) 260,10,277,295,301,307
高危 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/unity/purchasing/BuildConfig.java, line(s) 3,6 com/unity/purchasing/googleplay/BuildConfig.java, line(s) 3,6 com/was/api/BuildConfig.java, line(s) 3,6
高危 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/ironsource/mediationsdk/utils/IronSourceUtils.java, line(s) 349
高危 WebView域控制不严格漏洞
WebView域控制不严格漏洞 Files: com/adcolony/sdk/am.java, line(s) 258,246 com/mintegral/msdk/mtgjscommon/base/BaseWebView.java, line(s) 50,49 com/unity3d/services/core/webview/WebView.java, line(s) 21,19 com/vungle/warren/ui/VungleWebViewActivity.java, line(s) 85,76
高危 已启用远程WebView调试
已启用远程WebView调试 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/applovin/impl/adview/c.java, line(s) 119,11 com/tapjoy/TapjoyLog.java, line(s) 65,8
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/ironsource/mediationsdk/utils/IronSourceAES.java, line(s) 32,56 com/was/api/WasTools.java, line(s) 243
高危 该文件是World Readable。任何应用程序都可以读取文件
该文件是World Readable。任何应用程序都可以读取文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/xiaomi/ad/c/a/d.java, line(s) 29,14
高危 应用程序包含隐私跟踪程序
此应用程序有多个19隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 Activity (com.unity3d.player.UnityPlayerActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.facebook.unity.FBUnityAppLinkActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.facebook.unity.FBUnityDeepLinkingActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Content Provider (com.facebook.FacebookContentProvider) 未被保护。
[android:exported=true] 发现 Content Provider与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.facebook.CustomTabActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.unity.purchasing.googleplay.VRPurchaseActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Broadcast Receiver (com.vungle.warren.NetworkProviderReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Activity (com.mintegral.msdk.activity.MTGCommonActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.INSTALL_PACKAGES [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (com.ss.android.socialbase.downloader.downloader.IndependentProcessDownloadService) 未被保护。
存在一个intent-filter。 发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。
中危 Service (com.ss.android.socialbase.downloader.impls.RetryJobSchedulerService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (com.bytedance.embedapplog.collector.Collector) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: bolts/MeasurementEvent.java, line(s) 19,20 com/amazon/device/ads/AdActivity.java, line(s) 13 com/amazon/device/ads/AdvertisingIdParameter.java, line(s) 6 com/amazon/device/ads/AppEventRegistrationHandler.java, line(s) 19,20 com/amazon/device/ads/Assets.java, line(s) 20 com/amazon/device/ads/DirectedIdRetriever.java, line(s) 4 com/amazon/device/ads/InterstitialAd.java, line(s) 16 com/amazon/device/ads/UserIdParameter.java, line(s) 4 com/amazon/device/ads/ViewabilityObserver.java, line(s) 13,16 com/amazon/device/ads/WebRequest.java, line(s) 24,14 com/applovin/impl/sdk/j.java, line(s) 609 com/applovin/sdk/AppLovinSdk.java, line(s) 209 com/applovin/sdk/AppLovinWebViewActivity.java, line(s) 18 com/gameanalytics/sdk/state/GAState.java, line(s) 288,290,301,312,321,325,298,309,318,100 com/ironsource/adapters/applovin/AppLovinAdapter.java, line(s) 53,157 com/ironsource/adapters/ironsource/IronSourceAdapter.java, line(s) 420,622 com/ironsource/adapters/mintegral/MintegralAdapter.java, line(s) 128 com/ironsource/adapters/supersonicads/SupersonicAdsAdapter.java, line(s) 131,999,1033 com/ironsource/adapters/supersonicads/SupersonicConfig.java, line(s) 24 com/ironsource/adapters/tapjoy/TapjoyAdapter.java, line(s) 74 com/ironsource/environment/DeviceStatus.java, line(s) 37 com/ironsource/mediationsdk/AbstractSmash.java, line(s) 28,27,26 com/ironsource/mediationsdk/AuctionDataUtils.java, line(s) 19,20,21 com/ironsource/mediationsdk/IronSourceObject.java, line(s) 2072 com/ironsource/mediationsdk/logger/LogsSender.java, line(s) 15,14 com/ironsource/mediationsdk/metadata/MetaDataConstants.java, line(s) 4 com/ironsource/mediationsdk/server/ServerURL.java, line(s) 19,33 com/ironsource/mediationsdk/utils/IronSourceConstants.java, line(s) 54,63 com/ironsource/mediationsdk/utils/IronSourceUtils.java, line(s) 38,40,30,43,45 com/ironsource/mediationsdk/utils/ServerResponseWrapper.java, line(s) 54 com/ironsource/sdk/ISNAdView/ISNAdViewConstants.java, line(s) 17,19,20,27 com/ironsource/sdk/constants/Constants.java, line(s) 49,323,32 com/ironsource/sdk/utils/IronSourceSharedPrefHelper.java, line(s) 18 com/mintegral/msdk/MIntegralConstans.java, line(s) 17,42 com/mintegral/msdk/base/entity/CampaignEx.java, line(s) 161,37 com/mintegral/msdk/base/entity/q.java, line(s) 766 com/miui/zeus/utils/g/i.java, line(s) 10 com/pgl/sys/ces/c/a.java, line(s) 24 com/pgl/sys/ces/c/b.java, line(s) 25 com/singular/sdk/internal/BaseApi.java, line(s) 31,32 com/singular/sdk/internal/Constants.java, line(s) 14,15,22,42,23,25,30,62,60,66,63,64,65,59,67,47,32,76 com/tapjoy/TapjoyConstants.java, line(s) 53,56 com/unity3d/ads/metadata/InAppPurchaseMetaData.java, line(s) 6 com/vungle/warren/tasks/DownloadJob.java, line(s) 10 com/xiaomi/ad/common/MimoSdkConfig.java, line(s) 14 com/xiaomi/analytics/LogEvent.java, line(s) 10 com/xiaomi/analytics/PolicyConfiguration.java, line(s) 6 rna/oz/v4/app/FragmentStatePagerAdapter.java, line(s) 116 rna/oz/v4/app/NotificationCompatExtras.java, line(s) 5,9 rna/oz/v4/app/NotificationCompatJellybean.java, line(s) 21,25 rna/oz/v4/app/RemoteInputCompatJellybean.java, line(s) 15
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/adcolony/sdk/ai.java, line(s) 246,252,253 com/ironsource/environment/DeviceStatus.java, line(s) 86,206 com/ironsource/mediationsdk/utils/GeneralPropertiesWorker.java, line(s) 170,189 com/ironsource/sdk/utils/SDKUtils.java, line(s) 455 com/mintegral/msdk/base/common/e/b/a.java, line(s) 77 com/mintegral/msdk/base/utils/e.java, line(s) 484 com/mintegral/msdk/base/utils/i.java, line(s) 64,89,112 com/mintegral/msdk/f/r.java, line(s) 21,27 com/miui/zeus/utils/b.java, line(s) 59,57 com/miui/zeus/utils/c/n.java, line(s) 166 com/miui/zeus/utils/h/a.java, line(s) 45 com/pgl/sys/ces/a/a.java, line(s) 37 com/ss/android/downloadlib/a.java, line(s) 165 com/ss/android/downloadlib/a/c/a.java, line(s) 29 com/ss/android/downloadlib/a/c/c.java, line(s) 20 com/tapjoy/TapjoyCache.java, line(s) 50,51,52 com/unity3d/services/core/cache/CacheDirectory.java, line(s) 29 com/vungle/warren/download/APKDirectDownloadManager.java, line(s) 189 com/vungle/warren/persistence/CacheManager.java, line(s) 49,52 com/vungle/warren/persistence/Repository.java, line(s) 641,642 com/xiaomi/ad/c/a/a.java, line(s) 14,12 rna/oz/v4/content/ContextCompat.java, line(s) 62,49,64,79 rna/oz/v4/content/ContextCompatFroyo.java, line(s) 15 rna/oz/v4/content/FileProvider.java, line(s) 183 rna/oz/v4/os/EnvironmentCompat.java, line(s) 20,22
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/ironsource/eventsmodule/DataBaseEventsStorage.java, line(s) 5,6,102 com/mintegral/msdk/base/b/i.java, line(s) 4,48 com/mintegral/msdk/f/c/a.java, line(s) 6,7,22 com/singular/sdk/internal/OfflineEventsMigrator.java, line(s) 5,58 com/singular/sdk/internal/SQLitePersistentQueue.java, line(s) 6,7,114 com/tapjoy/internal/g.java, line(s) 5,51 com/tapjoy/internal/gg.java, line(s) 6,56 com/vungle/warren/persistence/DatabaseHelper.java, line(s) 7,8,78 com/vungle/warren/persistence/Repository.java, line(s) 7,618
中危 IP地址泄露
IP地址泄露 Files: com/ironsource/adapters/facebook/FacebookAdapter.java, line(s) 116 com/mintegral/msdk/f/f.java, line(s) 53,55,60,201
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/applovin/impl/a/i.java, line(s) 18 com/ironsource/mediationsdk/utils/DailyCappingManager.java, line(s) 14 com/jg/bh/e/b.java, line(s) 7 com/mintegral/msdk/reward/c/b.java, line(s) 9 com/mintegral/msdk/thrid/okhttp/OkHttpClient.java, line(s) 31 com/mintegral/msdk/thrid/okhttp/internal/ws/RealWebSocket.java, line(s) 27 com/mintegral/msdk/thrid/okhttp/internal/ws/WebSocketWriter.java, line(s) 10 com/miui/zeus/utils/k.java, line(s) 3 com/xiaomi/analytics/a/d.java, line(s) 19
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/common/busi/CustomView.java, line(s) 66 com/ironsource/mediationsdk/utils/IronSourceUtils.java, line(s) 62 com/ironsource/sdk/controller/SecureMessagingService.java, line(s) 30 com/ironsource/sdk/utils/SDKUtils.java, line(s) 217 com/mintegral/msdk/base/utils/d.java, line(s) 18 com/mintegral/msdk/f/o.java, line(s) 61 com/miui/zeus/utils/h.java, line(s) 26,57,86 com/ss/android/downloadlib/e/h.java, line(s) 37 com/was/api/WasTools.java, line(s) 703,764 com/xiaomi/analytics/a/b/o.java, line(s) 25
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/adcolony/sdk/ak.java, line(s) 316 com/adcolony/sdk/an.java, line(s) 30 com/amazon/device/ads/StringUtils.java, line(s) 48 com/applovin/impl/sdk/utils/l.java, line(s) 145 com/applovin/impl/sdk/utils/n.java, line(s) 38 com/jg/ids/e/d.java, line(s) 75 com/miui/zeus/a/b.java, line(s) 185 com/pgl/sys/ces/c.java, line(s) 13 com/singular/sdk/internal/Utils.java, line(s) 60 com/tapjoy/internal/ch.java, line(s) 9 com/unity3d/services/core/device/Device.java, line(s) 480
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: grm/gz/MultiDexExtractor.java, line(s) 219
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: bolts/WebViewAppLinkResolver.java, line(s) 110,85 com/adcolony/sdk/am.java, line(s) 317,247 com/ironsource/sdk/ISNAdView/ISNAdView.java, line(s) 109,108 com/ironsource/sdk/controller/WebController.java, line(s) 237,238,375 com/unity3d/services/ads/webplayer/WebPlayerView.java, line(s) 90,74 com/unity3d/services/core/webview/WebView.java, line(s) 71,47
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "ca-app-pub-9341368444846909~6318288733" 友盟统计的=> "UMENG_CHANNEL" : "mzbok" 友盟统计的=> "UMENG_APPKEY" : "f6b39cc4fc4b401988388b9578922473" 308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357 c14544e18450a763c7f009cc9b892ad7 iVBORw0KGgoAAAANSUhEUgAAAAgAAAANCAYAAACUwi84AAAAAXNSR0IArs4c6QAAAHlJREFUGBljZsAOBIHCu4FYC5u0GFDwAhD/B+IN6ApkgAI3oJIrgTQrsgJlIOc+VHIukGZCltQGcp5BJScCaUZkSWMg5w1UshlZAsa+A5XcCRNApwmaANKA7IYJQD6KG2Am4vUFTBHecIApQglJrHYBVYLiYhMQnwAAeiYfS1LRd+4AAAAASUVORK5CYII= df6b721c8b4d3b6eb44c861d4415007e5a35fc95 cc2751449a350f668590264ed76692694a80308a 701478a1e3b4b7e3978ea69469410f13 996ba1cc6b50ea13770c00bfe8173210f8276291 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 iVBORw0KGgoAAAANSUhEUgAAABAAAAAaCAYAAAC+aNwHAAAAAXNSR0IArs4c6QAAAPZJREFUOBFjYCAdWAG1PADiCUDMBMQkAReg6i9A/B+KZ5Ki2w+o+AeSZpAhF4g1IBKo8Dea5utAvjQxBqQCFf1F03wOyBclRnMRmkaQs48CsQAxmuuxaN4DFOMmRnMPFs0bgWLshDSD4hUUNbBogtHLgGIshDSDFCzFonkWUIxgggE5bQMWzX1AMYIAFCi7gRjmXBjdSFAnVMFOLJqLidUM8hvIRooALi80kGIqRYEIs4iiaIQZQlFCghkConuBGBadMJqopIxsSD0WQ4jOTDCDcGVnfpgCYmiKChSYBdiKtGtASaKKNJghFBWqMEMoKtZhhqBULADcM3nkekaNxwAAAABJRU5ErkJggg== fd28fb8353d87dc1a1db3246752e21ccc3328cbf C38FB23A402222A0C17D34A92F971D1F HSrCHRtOan6wp2kwOIGJC1RDtuSrF2mWVbio2aBcMHX9KF3iTJ1lLSzCKP1ZSo5yNolPNw1kCTtWpxELFF4ah1 iVBORw0KGgoAAAANSUhEUgAAAA0AAAANCAYAAABy6+R8AAAAAXNSR0IArs4c6QAAAHtJREFUKBWVkksKwCAMREOh99+3y97GU3iTdp6tRcUoBgbJfEgCmpkF4RA2YVTo+PDbKdzCJXhBeHR8BJMxE71gGah0T/B4hqVqDbvY0QZfrF41ip3d+geZkAO89MMqV4xyTieVAW6Z3tQG6CmP94U319dXfwT+pb9HIDwrxDUcBOiFBQAAAABJRU5ErkJggg== 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 bb2cf0647ba654d7228dd3f9405bbc6a 596f823f283d4af73ead3ea6 5e8f16062ea3cd2c4a0d547876baa6f38cabf625 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 8f1d08a2d6496191a5ebae8f0590f513e2619489 9b8f518b086098de3d77736f9458a3d2f6f95a37 a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc iVBORw0KGgoAAAANSUhEUgAAAGAAAABgBAMAAAAQtmoLAAAAGFBMVEUAAAAzMzMzMzMzMzMzMzMzMzMzMzMzMzOW6p+xAAAACHRSTlMAmTkdj2BzVg1F16EAAABtSURBVHhe7dexCcAwDAVRow0+RHatDbJDFsj+02SAQMIVqvyvFw9jDPL4yzkXNwQqISAxoqSEACNKkhYEdEHgODcDDBgw8N18AXAgBIVqHwg1HJoRE18cfz17ESZMmFh8DWVE8lUaVdnwHXDOPfezMoezhMEMAAAAAElFTkSuQmCC 3082046c30820354a003020102020900e552a8ecb9011b7c300d06092a864886f70d0101050500308180310b300906035504061302434e3110300e060355040813074265696a696e673110300e060355040713074265696a696e67310f300d060355040a13065869616f6d69310d300b060355040b13044d495549310d300b060355040313044d495549311e301c06092a864886f70d010901160f6d697569407869616f6d692e636f6d301e170d3131313230363033323632365a170d3339303432333033323632365a308180310b300906035504061302434e3110300e060355040813074265696a696e673110300e060355040713074265696a696e67310f300d060355040a13065869616f6d69310d300b060355040b13044d495549310d300b060355040313044d495549311e301c06092a864886f70d010901160f6d697569407869616f6d692e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100c786568a9aff253ad74c5d3e6fbffa12fed44cd3244f18960ec5511bb551e413115197234845112cc3df9bbacd3e0f4b3528cd87ed397d577dc9008e9cbc6a25fc0664d3a3f440243786db8b250d40f6f148c9a3cd6fbc2dd8d24039bd6a8972a1bdee28c308798bfa9bb3b549877b10f98e265f118c05f264537d95e29339157b9d2a31485e0c823521cca6d0b721a8432600076d669e20ac43aa588b52c11c2a51f04c6bb31ad6ae8573991afe8e4957d549591fcb83ec62d1da35b1727dc6b63001a5ef387b5a7186c1e68da1325772b5307b1bc739ef236b9efe06d52dcaf1e32768e3403e55e3ec56028cf5680cfb33971ccf7870572bc47d3e3affa385020103a381e83081e5301d0603551d0e0416041491ae2f8c72e305f92aa9f7452e2a3160b841a15c3081b50603551d230481ad3081aa801491ae2f8c72e305f92aa9f7452e2a3160b841a15ca18186a48183308180310b300906035504061302434e3110300e060355040813074265696a696e673110300e060355040713074265696a696e67310f300d060355040a13065869616f6d69310d300b060355040b13044d495549310d300b060355040313044d495549311e301c06092a864886f70d010901160f6d697569407869616f6d692e636f6d820900e552a8ecb9011b7c300c0603551d13040530030101ff300d06092a864886f70d010105050003820101003b3a699ceb497300f2ab86cbd41c513440bf60aa5c43984eb1da140ef30544d9fbbb3733df24b26f2703d7ffc645bf598a5e6023596a947e91731542f2c269d0816a69c92df9bfe8b1c9bc3c54c46c12355bb4629fe6020ca9d15f8d6155dc5586f5616db806ecea2d06bd83e32b5f13f5a04fe3e5aa514f05df3d555526c63d3d62acf00adee894b923c2698dc571bc52c756ffa7a2221d834d10cb7175c864c30872fe217c31442dff0040a67a2fb1c8ba63eac2d5ba3d8e76b4ff2a49b0db8a33ef4ae0dd0a840dd2a8714cb5531a56b786819ec9eb1051d91b23fde06bd9d0708f150c4f9efe6a416ca4a5e0c23a952af931ad3579fb4a8b19de98f64bd9 59af7178966319ef97fb241ecf157409 026ae9c9824b3e483fa6c71fa88f57ae27816141 7bf3a1e7bbd31e612eda3310c2cdb8075c43c6b5 422de421e0f4e019426b9abfd780746bc40740eb
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: bitter/jnibridge/JNIBridge.java, line(s) 61 bolts/MeasurementEvent.java, line(s) 61,73 com/adcolony/sdk/AdColonyAdViewActivity.java, line(s) 67 com/adcolony/sdk/AdColonyAppOptions.java, line(s) 230,234 com/adcolony/sdk/AdColonyInterstitialActivity.java, line(s) 74 com/adcolony/sdk/ae.java, line(s) 56,129,66 com/adcolony/sdk/e.java, line(s) 255 com/adcolony/sdk/w.java, line(s) 61,67,69,241,63,164,65,112 com/amazon/device/ads/AdActivity.java, line(s) 64 com/amazon/device/ads/LogcatLogger.java, line(s) 26,36,16,21,31 com/applovin/adview/AppLovinInterstitialActivity.java, line(s) 25 com/applovin/adview/AppLovinInterstitialAd.java, line(s) 45,49,53 com/applovin/impl/sdk/p.java, line(s) 21,38,88,34,63,42,100,46,80 com/applovin/mediation/adapters/AppLovinMediationAdapter.java, line(s) 407,412 com/applovin/mediation/ads/MaxAdView.java, line(s) 96 com/applovin/mediation/ads/MaxInterstitialAd.java, line(s) 52,64,68 com/applovin/mediation/ads/MaxRewardedAd.java, line(s) 77 com/applovin/sdk/AppLovinWebViewActivity.java, line(s) 95 com/bytedance/embed_device_register/DrLogWriter.java, line(s) 24,34,29,19,39 com/gameanalytics/sdk/errorreporter/GameAnalyticsExceptionReportService.java, line(s) 38,66 com/gameanalytics/sdk/logging/GALogger.java, line(s) 93,87,98,91 com/gameanalytics/sdk/validators/GAValidator.java, line(s) 293,301,309,317 com/iab/omid/library/adcolony/d/c.java, line(s) 18,11 com/iab/omid/library/ironsrc/d/c.java, line(s) 11 com/iab/omid/library/mintegral/d/c.java, line(s) 11 com/ironsource/adapters/adcolony/AdColonyAdapter.java, line(s) 50,55 com/ironsource/adapters/admob/AdMobAdapter.java, line(s) 84 com/ironsource/adapters/amazon/AmazonAdapter.java, line(s) 55 com/ironsource/adapters/applovin/AppLovinAdapter.java, line(s) 86,91 com/ironsource/adapters/facebook/FacebookAdapter.java, line(s) 82 com/ironsource/adapters/ironsource/IronSourceAdapter.java, line(s) 60,64,74 com/ironsource/adapters/mintegral/MintegralAdapter.java, line(s) 73 com/ironsource/adapters/ris/RISAdapter.java, line(s) 52 com/ironsource/adapters/supersonicads/SupersonicAdsAdapter.java, line(s) 104 com/ironsource/adapters/tapjoy/TapjoyAdapter.java, line(s) 65,121,125 com/ironsource/adapters/unityads/UnityAdsAdapter.java, line(s) 46 com/ironsource/adapters/vungle/VungleAdapter.java, line(s) 67 com/ironsource/mediationsdk/DemandOnlyIsManager.java, line(s) 35 com/ironsource/mediationsdk/DemandOnlyIsSmash.java, line(s) 35 com/ironsource/mediationsdk/InterstitialManager.java, line(s) 53 com/ironsource/mediationsdk/InterstitialSmash.java, line(s) 35 com/ironsource/mediationsdk/IronSource.java, line(s) 27,31 com/ironsource/mediationsdk/IronSourceObject.java, line(s) 134,139 com/ironsource/mediationsdk/ProgIsManager.java, line(s) 66,70 com/ironsource/mediationsdk/ProgIsSmash.java, line(s) 42 com/ironsource/mediationsdk/integration/IntegrationHelper.java, line(s) 34,36,72,75,90,95,116,131,136,149,154,162,171,181,184,202,205,24,29,31,45,47,69,85,93,107,113,126,134,144,147,152,168,178,196,199,213,194,215 com/ironsource/mediationsdk/logger/ConsoleLogger.java, line(s) 36,26,22,30 com/ironsource/sdk/ISNAdView/ISNAdView.java, line(s) 25,69 com/ironsource/sdk/ISNAdView/ISNAdViewLogic.java, line(s) 32,88,102,110,191,203,234,251,280 com/ironsource/sdk/IronSourceNetwork.java, line(s) 20,24,28,32 com/ironsource/sdk/agent/IronSourceAdsPublisherAgent.java, line(s) 54,59,64 com/ironsource/sdk/controller/ControllerActivity.java, line(s) 71 com/ironsource/sdk/controller/ControllerManager.java, line(s) 32,36 com/ironsource/sdk/controller/ControllerView.java, line(s) 26 com/ironsource/sdk/controller/InterstitialActivity.java, line(s) 48 com/ironsource/sdk/controller/NativeController.java, line(s) 53,58 com/ironsource/sdk/controller/OpenUrlActivity.java, line(s) 69 com/ironsource/sdk/controller/WebController.java, line(s) 772,963,971,1080,1124,1195,1224,1296,1319,1409,1438,1456,1474,1748,1771,2235,2952,2956,2964,2972,2980,2986,2995,2997,155,160 com/ironsource/sdk/service/Connectivity/BroadcastReceiverStrategy.java, line(s) 45 com/ironsource/sdk/service/Connectivity/NetworkCallbackStrategy.java, line(s) 75,90 com/ironsource/sdk/service/TokenService.java, line(s) 112 com/ironsource/sdk/utils/Logger.java, line(s) 57,63,33,39,20,28,69,75,45,51 com/ironsource/unity/androidbridge/AndroidBridge.java, line(s) 57,61,65 com/mintegral/msdk/activity/MTGCommonActivity.java, line(s) 43 com/mintegral/msdk/base/common/b/e.java, line(s) 35 com/mintegral/msdk/base/utils/d.java, line(s) 20 com/mintegral/msdk/base/utils/g.java, line(s) 32,38,58,63,44,50 com/mintegral/msdk/click/g.java, line(s) 187 com/mintegral/msdk/f/a/e.java, line(s) 55,57 com/mintegral/msdk/f/o.java, line(s) 54 com/mintegral/msdk/f/r.java, line(s) 31,41 com/mintegral/msdk/interstitialvideo/out/MTGInterstitialVideoHandler.java, line(s) 13 com/mintegral/msdk/out/MTGInterstitialHandler.java, line(s) 12 com/mintegral/msdk/reward/player/MTGRewardVideoActivity.java, line(s) 115 com/mintegral/msdk/video/module/MintegralBaseView.java, line(s) 58,63 com/mintegral/msdk/videocommon/view/MyImageView.java, line(s) 27 com/miui/zeus/b/a/d.java, line(s) 215,211,203,199,207,213 com/miui/zeus/b/a/e.java, line(s) 39 com/miui/zeus/b/e.java, line(s) 105,176,117,170,141,174,153,178,129,172 com/miui/zeus/pm/manager/PluginManager.java, line(s) 54,311,328,359,441,446 com/miui/zeus/utils/a/c.java, line(s) 100,102 com/miui/zeus/utils/b/e.java, line(s) 32,66 com/miui/zeus/utils/c/n.java, line(s) 433,125,150,332,384,472 com/miui/zeus/utils/f/c.java, line(s) 89,183,214,226,240,254 com/moat/analytics/mobile/vng/m.java, line(s) 37 com/moat/analytics/mobile/vng/o.java, line(s) 43 com/neonplay/webviewplugin/WebViewActivity.java, line(s) 43,120 com/pgl/sys/a/b.java, line(s) 34 com/pgl/sys/ces/b.java, line(s) 252 com/singular/sdk/internal/ExternalAIFAHelper.java, line(s) 25,28 com/singular/sdk/internal/SingularLog.java, line(s) 46,53,74,81,88,60,67 com/singular/unitybridge/SingularUnityBridge.java, line(s) 92,121 com/tapjoy/HmacSignature.java, line(s) 31,60 com/tapjoy/TJAdUnit.java, line(s) 129,140,153,165,220,306,351,472,537,541,553,557,693,897,192,200,336,743,790,292,324,617,630,649,718,769,779,801,511 com/tapjoy/TJAdUnitActivity.java, line(s) 97,103,115,144,155,169,176,190,58,131 com/tapjoy/TJAdUnitJSBridge.java, line(s) 103,112,151,156,169,357,372,394,427,496,529,540,629,684,702,723,756,774,778,816,824,827,838,848,858,862,868,903,907,910,927,947,967,87,1097,81,264,276,293,318,421,442,614,924,944,964 com/tapjoy/TJCloseButton.java, line(s) 60 com/tapjoy/TJContentActivity.java, line(s) 59 com/tapjoy/TJCorePlacement.java, line(s) 129,148,198,360,466,476,575,579,403,415,419,505,204,270,336,340,345,454,496,517,556,286 com/tapjoy/TJCurrency.java, line(s) 47,64,113,116,119,123,147,155,159,183,188,192,104,150,186 com/tapjoy/TJEventOptimizer.java, line(s) 37,76,91,71,45 com/tapjoy/TJPlacement.java, line(s) 207,221,132,90,122,217,236,93,139,143 com/tapjoy/TJPlacementManager.java, line(s) 147,153,117,121 com/tapjoy/TJSplitWebView.java, line(s) 243,463,468,505,486 com/tapjoy/TJWebViewJSInterface.java, line(s) 30,34,57,81,119,126 com/tapjoy/TapjoyAdIdClient.java, line(s) 32 com/tapjoy/TapjoyAppSettings.java, line(s) 21,30,36,39,47,53,61,65,81,91,66 com/tapjoy/TapjoyCache.java, line(s) 57,75,81,93,104,129,156,161,186,189,262,263,264,265,305,319,373,59,78,89,113,121,123,147,173,379,399 com/tapjoy/TapjoyCacheMap.java, line(s) 34,59 com/tapjoy/TapjoyCachedAssetData.java, line(s) 102,117 com/tapjoy/TapjoyConnectCore.java, line(s) 246,248,531,656,660,663,890,899,937,938,954,1039,1051,1057,1062,1101,1108,1128,1161,202,206,238,242,515,528,553,573,666,677,857,863,886,941,957,970,993,1001,1010,1019,1221,1344,583,638,639,641,643,644,645,728,963,1043,1097,1113,1125,1158,1196,1319,1336,817,822,855,861,559,705,764,767 com/tapjoy/TapjoyGpsHelper.java, line(s) 24,26,27,32,34,39,40,43,52 com/tapjoy/TapjoyLog.java, line(s) 64 com/tapjoy/TapjoyURLConnection.java, line(s) 165,174,64,81,141,171,57,84,85,86,88,90,104,105,106,151,152,153,155,157 com/tapjoy/TapjoyUtil.java, line(s) 110,111,112,154,162,76 com/tapjoy/internal/dn.java, line(s) 7 com/tapjoy/internal/eq.java, line(s) 33,37,41,45,49,56,69,82,86,96,111 com/tapjoy/internal/es.java, line(s) 71,78,130,136,148,155,183,189,212,558,117,125,51,65,102,549 com/tapjoy/internal/fl.java, line(s) 38,48 com/tapjoy/internal/fm.java, line(s) 38,55 com/tapjoy/internal/fq.java, line(s) 32 com/tapjoy/internal/fz.java, line(s) 144,146 com/tapjoy/internal/gv.java, line(s) 126 com/tapjoy/internal/jg.java, line(s) 51 com/tapjoy/internal/jk.java, line(s) 48,62,66 com/unity/purchasing/googleplay/BillingServiceManager.java, line(s) 130 com/unity/purchasing/googleplay/GooglePlayPurchasing.java, line(s) 305,428 com/unity/purchasing/googleplay/IabHelper.java, line(s) 716,712,720 com/unity/purchasing/googleplay/PurchaseActivity.java, line(s) 37 com/unity/purchasing/googleplay/VRPurchaseActivity.java, line(s) 24 com/unity3d/ads/UnityAds.java, line(s) 52,57 com/unity3d/ads/metadata/MetaData.java, line(s) 62,71 com/unity3d/services/UnityServices.java, line(s) 22,32,37,45,68,53,55,65,27 com/unity3d/services/ads/UnityAdsImplementation.java, line(s) 42,47,59,137,145,153 com/unity3d/services/ads/adunit/AdUnitActivity.java, line(s) 372,374,75,92,114,136,159,197,293,338,397,164 com/unity3d/services/ads/adunit/AdUnitSoftwareActivity.java, line(s) 24 com/unity3d/services/ads/adunit/AdUnitTransparentActivity.java, line(s) 41 com/unity3d/services/ads/adunit/AdUnitTransparentSoftwareActivity.java, line(s) 24 com/unity3d/services/ads/adunit/VideoPlayerHandler.java, line(s) 33,51 com/unity3d/services/ads/api/AdUnit.java, line(s) 78,81,84,87,110,424,430,482,486,491,495,101,114,119,124,156,246,338,354,383,390 com/unity3d/services/ads/api/VideoPlayer.java, line(s) 57,75,93,111,129,165 com/unity3d/services/ads/api/WebPlayer.java, line(s) 133 com/unity3d/services/ads/configuration/AdsModuleConfiguration.java, line(s) 50,61,67 com/unity3d/services/ads/load/LoadBridge.java, line(s) 26 com/unity3d/services/ads/video/VideoPlayerView.java, line(s) 44,75,90,124,130,172,183,202 com/unity3d/services/ads/webplayer/WebPlayerView.java, line(s) 65,166,203,207,300,312,323,335,354 com/unity3d/services/ar/view/ARView.java, line(s) 196,274,100,116,239,326,331,339,356 com/unity3d/services/ar/view/GLSurfaceView.java, line(s) 267,281,451,789,528 com/unity3d/services/ar/view/ShaderLoader.java, line(s) 16,28 com/unity3d/services/banners/BannerView.java, line(s) 109 com/unity3d/services/banners/UnityBanners.java, line(s) 141 com/unity3d/services/core/api/Cache.java, line(s) 103,117,43,122,132 com/unity3d/services/core/api/DeviceInfo.java, line(s) 236,259,277,330,337,365,537 com/unity3d/services/core/api/Intent.java, line(s) 89,107,131,167,181 com/unity3d/services/core/api/Request.java, line(s) 33,45,63,75,92,104 com/unity3d/services/core/api/Sdk.java, line(s) 15,22,66,48,60,54 com/unity3d/services/core/broadcast/BroadcastEventReceiver.java, line(s) 36 com/unity3d/services/core/cache/CacheDirectory.java, line(s) 40,44,51,88,92,98,101,110,112,33,54,115 com/unity3d/services/core/cache/CacheThread.java, line(s) 29 com/unity3d/services/core/cache/CacheThreadHandler.java, line(s) 41,83,86,90 com/unity3d/services/core/configuration/Configuration.java, line(s) 109 com/unity3d/services/core/configuration/EnvironmentCheck.java, line(s) 21,40,24,27,30,33,43 com/unity3d/services/core/configuration/InitializationNotificationCenter.java, line(s) 68 com/unity3d/services/core/configuration/InitializeThread.java, line(s) 84,218,233,307,397,409,429,281,314,317,357,383,433,188,225,259 com/unity3d/services/core/connectivity/ConnectivityMonitor.java, line(s) 105,122,144 com/unity3d/services/core/device/AdvertisingId.java, line(s) 179,51,61 com/unity3d/services/core/device/Device.java, line(s) 80,334,339,348,357,384,404,418,482,590,598,607 com/unity3d/services/core/device/Storage.java, line(s) 64,34 com/unity3d/services/core/log/DeviceLog.java, line(s) 180,220,227 com/unity3d/services/core/misc/JsonStorage.java, line(s) 60,54,63,71,83,119,139,157,163 com/unity3d/services/core/misc/Utilities.java, line(s) 43,64 com/unity3d/services/core/misc/ViewUtilities.java, line(s) 18,27 com/unity3d/services/core/preferences/AndroidPreferences.java, line(s) 19,31,43,55,67 com/unity3d/services/core/properties/ClientProperties.java, line(s) 68,87,99,101 com/unity3d/services/core/properties/SdkProperties.java, line(s) 142,144 com/unity3d/services/core/request/WebRequest.java, line(s) 249,151,157,166 com/unity3d/services/core/request/WebRequestRunnable.java, line(s) 36,40,82 com/unity3d/services/core/request/WebRequestThread.java, line(s) 43,149,164 com/unity3d/services/core/sensorinfo/SensorInfoListener.java, line(s) 52 com/unity3d/services/core/webview/WebView.java, line(s) 80,28,106,110 com/unity3d/services/core/webview/WebViewApp.java, line(s) 104,110,130,159,297,302,338,123,152,195,236,251,258,263,290,310,313,316,331 com/unity3d/services/core/webview/bridge/Invocation.java, line(s) 49 com/unity3d/services/core/webview/bridge/NativeCallback.java, line(s) 40 com/unity3d/services/core/webview/bridge/WebViewBridge.java, line(s) 104 com/unity3d/services/core/webview/bridge/WebViewBridgeInterface.java, line(s) 11,27 com/unity3d/services/core/webview/bridge/WebViewCallback.java, line(s) 56 com/unity3d/services/monetization/UnityMonetization.java, line(s) 46 com/unity3d/services/monetization/core/utilities/JSONUtilities.java, line(s) 24,36,55 com/unity3d/services/monetization/placementcontent/core/PlacementContent.java, line(s) 50,63 com/unity3d/services/purchasing/core/TransactionDetailsUtilities.java, line(s) 27 com/unity3d/services/purchasing/core/TransactionErrorDetailsUtilities.java, line(s) 23 com/unity3d/services/purchasing/core/api/CustomPurchasing.java, line(s) 63 com/unity3d/services/store/StoreBilling.java, line(s) 62,26,29,33,37 com/vungle/warren/AdLoader.java, line(s) 285,321,333,459,501,643,686,784,362,373,475,546,800,311,710,331 com/vungle/warren/AdvertisementPresentationFactory.java, line(s) 107,139,167 com/vungle/warren/Plugin.java, line(s) 15,18,21 com/vungle/warren/Vungle.java, line(s) 167,170,301,407,578,747,128,133,417,441,653,666,674,682,704,711,719,811,845,853,875 com/vungle/warren/VungleApiClient.java, line(s) 196,350,304,310,314,331,352,356,366,379 com/vungle/warren/VungleJobRunner.java, line(s) 41 com/vungle/warren/analytics/MoatTracker.java, line(s) 138,148,151,63 com/vungle/warren/analytics/VungleAnalytics.java, line(s) 52,57,35,37 com/vungle/warren/download/APKDirectDownloadManager.java, line(s) 101,108,122,154,229,234,88,171,194,212,236 com/vungle/warren/downloader/AssetDownloader.java, line(s) 72,187,201,255,289,301,310,319,323,336,351,373,413,440,443,446,450,461,462,464,470,338 com/vungle/warren/persistence/GraphicDesigner.java, line(s) 67,87 com/vungle/warren/persistence/Repository.java, line(s) 563,576,230,254,516,463 com/vungle/warren/tasks/CleanupJob.java, line(s) 35,48,73,75,88,81,61,64 com/vungle/warren/tasks/JobInfo.java, line(s) 106 com/vungle/warren/tasks/SendReportsJob.java, line(s) 36,50,59 com/vungle/warren/tasks/runnable/JobRunnable.java, line(s) 41,49,51,57,43,61,63 com/vungle/warren/ui/JavascriptBridge.java, line(s) 23 com/vungle/warren/ui/VungleActivity.java, line(s) 115,186,188,208,222,94 com/vungle/warren/ui/VungleFlexViewActivity.java, line(s) 24,43 com/vungle/warren/ui/VungleWebViewActivity.java, line(s) 49,69 com/vungle/warren/ui/presenter/LocalAdPresenter.java, line(s) 186,524,533 com/vungle/warren/ui/presenter/MRAIDAdPresenter.java, line(s) 296,300,304,442 com/vungle/warren/ui/view/BaseAdView.java, line(s) 64,68 com/vungle/warren/ui/view/FullAdWidget.java, line(s) 218 com/vungle/warren/ui/view/LocalAdView.java, line(s) 203,136,161 com/vungle/warren/ui/view/VungleNativeView.java, line(s) 66,179,94,183 com/vungle/warren/ui/view/VungleWebClient.java, line(s) 61,162,63,187,188,201,202 com/vungle/warren/utility/ExternalRouter.java, line(s) 23,31 com/vungle/warren/utility/NetworkProvider.java, line(s) 156,98 com/vungle/warren/utility/UnzipUtility.java, line(s) 113 com/was/api/PermissionChecker.java, line(s) 18,24 com/was/api/dym/Hlwdsb.java, line(s) 26 com/was/api/dym/Xj3sb.java, line(s) 30 com/was/api/dym/Zy2sb.java, line(s) 38,185,206,209,236,374 com/was/m/ApplovinFacadeRewardListener.java, line(s) 12,24,32 com/was/m/ApplovinRewardListener.java, line(s) 8,19 com/was/m/ChartboostAdsUnityRewardListener.java, line(s) 8,16 com/was/m/GoogleAdsRewardListener.java, line(s) 11,21,29,39,48 com/was/m/GoogleAdsUnityRewardListener.java, line(s) 9,18,27,37,47 com/was/m/HeyzapRewardListener.java, line(s) 9,19 com/was/m/InappsettingsRewardListener.java, line(s) 8,14 com/was/m/IronsourceRewardListener.java, line(s) 12,22,31,43,54,63,72 com/was/m/MaxUnityRewardListener.java, line(s) 9,17 com/was/m/MopubRewardListener.java, line(s) 15,41,49,58,67,78 com/was/m/RewardController.java, line(s) 59,61,108,110,157,159,181,187,200,206 com/was/m/StubRewardListener.java, line(s) 8,13 com/was/m/UnitySendUtils.java, line(s) 12,15,21 com/was/m/VideoRewardListener.java, line(s) 8,13 com/was/m/WrapRewardListener.java, line(s) 37,46,55,64,73,82,91,100,18,106 com/xiaomi/analytics/Action.java, line(s) 64,74,84,98,108 com/xiaomi/analytics/Analytics.java, line(s) 119 com/xiaomi/analytics/EventAction.java, line(s) 17 com/xiaomi/analytics/LogEvent.java, line(s) 140 com/xiaomi/analytics/LoggerFactory.java, line(s) 24 com/xiaomi/analytics/a/a/b.java, line(s) 48,34,63,74,85,95,105,119,129 com/xiaomi/analytics/a/a/c.java, line(s) 50,73,89,125,148,158,181,204,214,225,235,244,263,34,45 com/xiaomi/analytics/a/b.java, line(s) 26 com/xiaomi/analytics/a/b/b.java, line(s) 11,17,23,29,47,53,35,41 com/xiaomi/analytics/a/b/e.java, line(s) 43,77 com/xiaomi/analytics/a/b/h.java, line(s) 42 com/xiaomi/analytics/a/b/k.java, line(s) 47 com/xiaomi/analytics/a/b/l.java, line(s) 12 com/xiaomi/analytics/a/b/m.java, line(s) 27 com/xiaomi/analytics/a/c.java, line(s) 362,54,260,278,311,319 com/xiaomi/analytics/a/d.java, line(s) 72,88,92,97,109 com/yasirkula/unity/NativeShare.java, line(s) 26 grm/gz/MultiDex.java, line(s) 66,93,41,43,87,134,202,209,211,220,61,72,79,89,108,205,213,217,238 grm/gz/MultiDexExtractor.java, line(s) 209,211,46,59,64,69,79,123,139,195,199,220,233,53,143,159,191,197,255,259,263,272 org/fmod/FMODAudioDevice.java, line(s) 66 org/fmod/a.java, line(s) 75 rna/oz/v4/app/ActionBarDrawerToggleHoneycomb.java, line(s) 33,38,56 rna/oz/v4/app/BackStackRecord.java, line(s) 464,470,478,500,518,547,562,712 rna/oz/v4/app/BackStackState.java, line(s) 110,136 rna/oz/v4/app/FragmentActivity.java, line(s) 90,96,509,515 rna/oz/v4/app/FragmentManagerImpl.java, line(s) 148,149,158,166,610,619,635,656,675,696,717,724,739,751,859,869,884,894,900,914,999,1022,1116,1122,1137,1147,1170,1196,1206,1233,1248,1480,1218 rna/oz/v4/app/FragmentState.java, line(s) 85 rna/oz/v4/app/FragmentStatePagerAdapter.java, line(s) 148 rna/oz/v4/app/LoaderManagerImpl.java, line(s) 58,79,90,115,129,138,145,181,185,192,200,212,216,223,231,266,382,387,391,408,415,423,429,434,440,447,462,498,514,530,548,572,580,503,519,535 rna/oz/v4/app/NavUtils.java, line(s) 48 rna/oz/v4/app/NotificationCompatJellybean.java, line(s) 156,170,174,221,240,261,264 rna/oz/v4/app/NotificationManagerCompat.java, line(s) 268,276,302,312,355,363,379,385,267,275,301,311,354,362,378,384,293,329,349,388 rna/oz/v4/app/RemoteInput.java, line(s) 119,125 rna/oz/v4/app/ShareCompat.java, line(s) 467,480,493 rna/oz/v4/app/TaskStackBuilder.java, line(s) 134 rna/oz/v4/content/ContextCompat.java, line(s) 154 rna/oz/v4/content/LocalBroadcastManager.java, line(s) 148,153,161,171,181,188 rna/oz/v4/content/ModernAsyncTask.java, line(s) 59 rna/oz/v4/content/WakefulBroadcastReceiver.java, line(s) 49 rna/oz/v4/graphics/drawable/DrawableCompatJellybeanMr1.java, line(s) 23,32,44,53 rna/oz/v4/graphics/drawable/RoundedBitmapDrawableFactory.java, line(s) 50,58 rna/oz/v4/media/MediaMetadataCompat.java, line(s) 153,163 rna/oz/v4/media/RatingCompat.java, line(s) 100,104,112 rna/oz/v4/media/TransportMediatorJellybeanMR2.java, line(s) 55 rna/oz/v4/media/routing/MediaRouterJellybean.java, line(s) 273,275,278 rna/oz/v4/media/routing/MediaRouterJellybeanMr1.java, line(s) 63,81,83 rna/oz/v4/media/session/MediaControllerCompat.java, line(s) 461,475,491,509,519,529,539,549,559,569,581,591,601,610,619,628,651,660,669,678,687,696,705,714,723,732,741,750,759,773 rna/oz/v4/os/EnvironmentCompat.java, line(s) 26 rna/oz/v4/print/PrintHelperKitkat.java, line(s) 118,292,366 rna/oz/v4/provider/DocumentsContractApi19.java, line(s) 90,104,122 rna/oz/v4/provider/DocumentsContractApi21.java, line(s) 43 rna/oz/v4/provider/RawDocumentFile.java, line(s) 29,146 rna/oz/v4/speech/tts/TextToSpeechICS.java, line(s) 19 rna/oz/v4/text/ICUCompatApi23.java, line(s) 26,29 rna/oz/v4/text/ICUCompatIcs.java, line(s) 26,45,47,60,62 rna/oz/v4/util/AtomicFile.java, line(s) 32,62,75 rna/oz/v4/util/LogWriter.java, line(s) 38 rna/oz/v4/view/ActionProvider.java, line(s) 75 rna/oz/v4/view/LayoutInflaterCompatHC.java, line(s) 47,56 rna/oz/v4/view/MenuItemCompat.java, line(s) 214,222 rna/oz/v4/view/ViewCompat.java, line(s) 496,514,531 rna/oz/v4/view/ViewCompatEclairMr1.java, line(s) 25,32,34,36 rna/oz/v4/view/ViewPager.java, line(s) 460,466,2092,490 rna/oz/v4/view/ViewParentCompatLollipop.java, line(s) 17,26,34,42,50,58,67 rna/oz/v4/widget/CompoundButtonCompatDonut.java, line(s) 50,59 rna/oz/v4/widget/NestedScrollView.java, line(s) 440,488 rna/oz/v4/widget/PopupWindowCompatApi21.java, line(s) 19,29,40 rna/oz/v4/widget/SlidingPaneLayout.java, line(s) 311,774,1141,1147,1159 rna/oz/v4/widget/SwipeRefreshLayout.java, line(s) 495,747,770
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/mintegral/msdk/thrid/okhttp/internal/Util.java, line(s) 520,519,518,518 com/pgl/sys/a/b/c.java, line(s) 51,55 com/vungle/warren/VungleApiClient.java, line(s) 288,205,380
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/gameanalytics/sdk/GAPlatform.java, line(s) 352,333,341,337,341,341,341,341,74,327
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (hb.rayjump.com) 通信。
{'ip': '47.236.6.128', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (hybird.rayjump.com) 通信。
{'ip': '114.230.204.68', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (i.snssdk.com) 通信。
{'ip': '117.27.226.177', 'country_short': 'CN', 'country_long': '中国', 'region': '福建', 'city': '福州', 'latitude': '26.061390', 'longitude': '119.306107'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (a.dan665.com) 通信。
{'ip': '39.108.120.165', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '深圳', 'latitude': '22.545673', 'longitude': '114.068108'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (lf3-ttcdn-tos.pstatp.com) 通信。
{'ip': '117.27.148.85', 'country_short': 'CN', 'country_long': '中国', 'region': '福建', 'city': '福州', 'latitude': '26.061390', 'longitude': '119.306107'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (config.unityads.unity3d.com) 通信。
{'ip': '13.224.163.13', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (sdfp.snssdk.com) 通信。
{'ip': '117.68.76.69', 'country_short': 'CN', 'country_long': '中国', 'region': '安徽', 'city': '六安', 'latitude': '31.650000', 'longitude': '118.525002'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (cdn-adn-https.rayjump.com) 通信。
{'ip': '49.71.77.86', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (config.unityads.unitychina.cn) 通信。
{'ip': '58.222.30.67', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (setting.rayjump.com) 通信。
{'ip': '112.126.23.181', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (sdkconfig.ad.xiaomi.com) 通信。
{'ip': '118.26.253.71', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (bds.snssdk.com) 通信。
{'ip': '61.147.168.157', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '镇江', 'latitude': '32.209366', 'longitude': '119.434372'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (analytics.rayjump.com) 通信。
{'ip': '123.56.168.170', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (zeus.ad.xiaomi.com) 通信。
{'ip': '118.26.253.153', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (ws.tapjoyads.com) 通信。
{'ip': '13.225.103.24', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (ad.toutiao.com) 通信。
{'ip': '221.230.244.93', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (net.rayjump.com) 通信。
{'ip': '112.126.29.58', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}