安全分析报告: EhViewer v1.9.8.0

安全分数


安全分数 52/100

风险评级


等级

  1. A
  2. B
  3. C
  4. F

严重性分布 (%)


隐私风险

3

用户/设备跟踪器


调研结果

高危 0
中危 30
信息 3
安全 1
关注 3

中危 应用程序数据可以被备份 

[android:allowBackup=true]
这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。

中危 Activity (com.hippo.ehviewer.ui.MainActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.hippo.ehviewer.ui.GalleryActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.hippo.ehviewer.ui.SettingsActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.hippo.ehviewer.ui.ExcludedLanguagesActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.hippo.ehviewer.ui.DirPickerActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.hippo.ehviewer.ui.LicenseActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.hippo.ehviewer.ui.FilterActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.hippo.ehviewer.ui.BlackListActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.hippo.ehviewer.ui.SetSecurityActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.hippo.ehviewer.ui.UConfigActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.hippo.ehviewer.ui.MyTagsActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.hippo.ehviewer.ui.HostsActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.hippo.ehviewer.shortcuts.ShortcutsActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.hippo.ehviewer.ui.wifi.WiFiServerActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.hippo.ehviewer.ui.wifi.WiFiClientActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (com.hippo.ehviewer.download.DownloadService) 未被保护。 

[android:exported=true]
发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.microsoft.appcenter.distribute.DeepLinkActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Broadcast Receiver (com.microsoft.appcenter.distribute.DownloadManagerReceiver) 未被保护。 

[android:exported=true]
发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞 

不安全的Web视图实现。可能存在WebView任意代码执行漏洞
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5

Files:
com/hippo/android/recaptcha/RecaptchaV1Task.java, line(s) 52,51

中危 IP地址泄露 

IP地址泄露


Files:
com/hippo/ehviewer/BuildConfig.java, line(s) 10
com/hippo/ehviewer/client/EhDns.java, line(s) 27,27,36,36,36,36,39,39,27,30,31,32,33,34,30,31,32,33,34,39,39,40,39,39,40,39,39,40,30,31,32,33,34,30,31,32,33,34,29,35,35,28,28
com/hippo/ehviewer/ui/wifi/WiFiServerActivity.java, line(s) 176

中危 应用程序使用不安全的随机数生成器 

应用程序使用不安全的随机数生成器
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators

Files:
com/hippo/ehviewer/ui/scene/topList/EhTopListScene.java, line(s) 34
com/hippo/yorozuya/MathUtils.java, line(s) 3
com/microsoft/appcenter/http/HttpClientRetryer.java, line(s) 9
org/greenrobot/greendao/test/DbTest.java, line(s) 7
org/jsoup/helper/DataUtil.java, line(s) 18

中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 

文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10

Files:
com/hippo/ehviewer/client/EhConfig.java, line(s) 74
com/hippo/ehviewer/client/wifi/ConnectThread.java, line(s) 24,25,26,30
com/hippo/ehviewer/ui/scene/GalleryCommentsScene.java, line(s) 72
com/microsoft/appcenter/AppCenter.java, line(s) 42,50
com/microsoft/appcenter/Constants.java, line(s) 8
com/microsoft/appcenter/channel/DefaultChannel.java, line(s) 422
com/microsoft/appcenter/distribute/DistributeConstants.java, line(s) 47,48,49,25
com/microsoft/appcenter/http/DefaultHttpClient.java, line(s) 16,18
com/microsoft/appcenter/ingestion/OneCollectorIngestion.java, line(s) 25,27,32
com/microsoft/appcenter/ingestion/models/WrapperSdk.java, line(s) 9
com/microsoft/appcenter/ingestion/models/one/CommonSchemaLog.java, line(s) 15
com/microsoft/appcenter/persistence/DatabasePersistence.java, line(s) 38
com/microsoft/appcenter/utils/context/SessionContext.java, line(s) 14
com/microsoft/appcenter/utils/storage/DatabaseManager.java, line(s) 16
org/jsoup/helper/W3CDom.java, line(s) 52
org/jsoup/nodes/DocumentType.java, line(s) 12,13,15

中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 

应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2

Files:
com/hippo/database/MSQLiteOpenHelper.java, line(s) 4,5,34
com/hippo/ehviewer/EhDB.java, line(s) 5,6,555
com/hippo/ehviewer/Hosts.java, line(s) 6,7,33
com/hippo/ehviewer/dao/BlackListDao.java, line(s) 4,35
com/hippo/ehviewer/dao/BookmarksBao.java, line(s) 4,38
com/hippo/ehviewer/dao/DownloadDirnameDao.java, line(s) 4,28
com/hippo/ehviewer/dao/DownloadLabelDao.java, line(s) 4,32
com/hippo/ehviewer/dao/DownloadsDao.java, line(s) 4,42
com/hippo/ehviewer/dao/FilterDao.java, line(s) 4,32
com/hippo/ehviewer/dao/GalleryTagsDao.java, line(s) 4,44
com/hippo/ehviewer/dao/HistoryDao.java, line(s) 4,38
com/hippo/ehviewer/dao/LocalFavoritesDao.java, line(s) 4,37
com/hippo/ehviewer/dao/QuickSearchDao.java, line(s) 4,38
com/hippo/ehviewer/widget/SearchDatabase.java, line(s) 7,8,84
com/hippo/network/CookieDatabase.java, line(s) 6,7,8,100
com/hippo/util/SqlUtils.java, line(s) 5,13
com/microsoft/appcenter/persistence/DatabasePersistence.java, line(s) 6,7,69
com/microsoft/appcenter/utils/storage/DatabaseManager.java, line(s) 7,8,9,10,40
org/greenrobot/greendao/AbstractDao.java, line(s) 6,7,417
org/greenrobot/greendao/DbUtils.java, line(s) 6,42
org/greenrobot/greendao/database/StandardDatabase.java, line(s) 5,64

中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 

应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage

Files:
com/hippo/content/FileProvider.java, line(s) 193
com/hippo/ehviewer/AppConfig.java, line(s) 59,62
com/hippo/ehviewer/ui/scene/gallery/detail/GalleryDetailScene.java, line(s) 573
com/hippo/util/DownloadUtil.java, line(s) 43
com/hippo/widget/DirExplorer.java, line(s) 125,126
np/protect/assets/C0065.java, line(s) 251

中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件 

应用程序创建临时文件。敏感信息永远不应该被写进临时文件


Files:
com/hippo/ehviewer/AppConfig.java, line(s) 27
com/hippo/ehviewer/ui/MainActivity.java, line(s) 394
com/hippo/ehviewer/ui/scene/gallery/detail/GalleryDetailScene.java, line(s) 1327
com/hippo/ehviewer/widget/ImageSearchLayout.java, line(s) 192
com/hippo/unifile/UriRandomAccessFile.java, line(s) 66

中危 MD5是已知存在哈希冲突的弱哈希 

MD5是已知存在哈希冲突的弱哈希
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
com/hippo/beerbelly/SimpleDiskCache.java, line(s) 241

中危 SHA-1是已知存在哈希冲突的弱哈希 

SHA-1是已知存在哈希冲突的弱哈希
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
com/hippo/ehviewer/client/EhTagDatabase.java, line(s) 136
com/hippo/util/PackageUtils.java, line(s) 16

中危 应用程序包含隐私跟踪程序 

此应用程序有多个3隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。

中危 此应用可能包含硬编码机密信息 

从应用程序中识别出以下机密确保这些不是机密或私人信息
WebKitFormBoundaryU7CgQs9WnqlZYKs6
5oKo55qE5pSv5oyB5piv5oiR5pu05paw55qE5pyA5aSn5Yqo5Yqb77yM5oKo5Y+v5Lul5oiq5Zu+5ZCO5Zyo5b6u5L+h5oiW5pSv5LuY5a6d5Lit5omr5o+P5LqM57u056CB5o+Q5L6b546w6YeR5pSv5oyB77yM5Lmf5Y+v5Lul6YCa6L+H6YKu5Lu25YWI5L2c6ICF5o+Q5Ye65oKo5oOz6KaB55qE5paw5Yqf6IO95oiW55uu5YmN5piv5LiN5aW955So55qE5Yqf6IO977yM5oiR5Lya5LiA5LiA5Zue5aSN5bm25YGa5Ye65oSf6LCi44CCKCDigKLMgCDPiSDigKLMgSAp4pyn
a47010fb-702a-415a-ad93-ab5c674093ca
ea87655719898b9807d7a88878e9de051d12af172d2fab563c9881b5e404e7d4

信息 应用程序记录日志信息,不得记录敏感信息 

应用程序记录日志信息,不得记录敏感信息
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs

Files:
com/acsbendi/requestinspectorwebview/RequestInspectorJavaScriptInterface.java, line(s) 392,358,389,394,405
com/acsbendi/requestinspectorwebview/RequestInspectorWebViewClient.java, line(s) 43,50
com/github/amlcurran/showcaseview/ShowcaseAreaCalculator.java, line(s) 19
com/github/amlcurran/showcaseview/targets/ActionBarViewWrapper.java, line(s) 125,128,139,142,85
com/github/ybq/android/spinkit/animation/SpriteAnimatorBuilder.java, line(s) 162
com/h6ah4i/android/widget/advrecyclerview/animator/GeneralItemAnimator.java, line(s) 33,44,52,60,77
com/h6ah4i/android/widget/advrecyclerview/animator/impl/ItemAddAnimationManager.java, line(s) 19,27
com/h6ah4i/android/widget/advrecyclerview/animator/impl/ItemChangeAnimationManager.java, line(s) 19,27
com/h6ah4i/android/widget/advrecyclerview/animator/impl/ItemMoveAnimationManager.java, line(s) 19,27
com/h6ah4i/android/widget/advrecyclerview/animator/impl/ItemRemoveAnimationManager.java, line(s) 19,27
com/h6ah4i/android/widget/advrecyclerview/draggable/DraggableItemWrapperAdapter.java, line(s) 158
com/h6ah4i/android/widget/advrecyclerview/draggable/RecyclerViewDragDropManager.java, line(s) 895
com/hippo/beerbelly/BeerBelly.java, line(s) 192
com/hippo/beerbelly/DiskLruCache.java, line(s) 432
com/hippo/beerbelly/SimpleDiskCache.java, line(s) 344,351,387
com/hippo/conaco/Conaco.java, line(s) 136,137,107
com/hippo/conaco/ConacoTask.java, line(s) 512,492
com/hippo/drawable/BitmapPool.java, line(s) 31
com/hippo/drawable/UnikeryDrawable.java, line(s) 79
com/hippo/ehviewer/EhDB.java, line(s) 617,675,711
com/hippo/ehviewer/Settings.java, line(s) 289,434,479,488,514,671
com/hippo/ehviewer/client/EhEngine.java, line(s) 106,152,193,233,281,358,406,517,551,614,650,689,725,768,806,841,880,912,945,979,1013,1049,1100,1108,1166,1213,1252,1293,1347
com/hippo/ehviewer/client/EhFilter.java, line(s) 37,94,111
com/hippo/ehviewer/client/EhUrlOpener.java, line(s) 39
com/hippo/ehviewer/client/data/FavListUrlBuilder.java, line(s) 66
com/hippo/ehviewer/client/parser/EhHomeParser.java, line(s) 25
com/hippo/ehviewer/client/parser/GalleryListParser.java, line(s) 244,273
com/hippo/ehviewer/client/parser/ProfileParser.java, line(s) 34
com/hippo/ehviewer/client/wifi/ConnectThread.java, line(s) 43,171,174
com/hippo/ehviewer/client/wifi/ListenerThread.java, line(s) 49,67,74
com/hippo/ehviewer/dao/DaoMaster.java, line(s) 26,43
com/hippo/ehviewer/download/DownloadManager.java, line(s) 708,1073,1087,125,143,163,187,506,563,603,608,615,970,1046
com/hippo/ehviewer/download/DownloadService.java, line(s) 487,500
com/hippo/ehviewer/gallery/DirGalleryProvider.java, line(s) 94,144
com/hippo/ehviewer/spider/SpiderInfo.java, line(s) 217
com/hippo/ehviewer/spider/SpiderQueen.java, line(s) 1104,279,305,365,608,999,1054,639
com/hippo/ehviewer/sync/GalleryDetailTagsSyncTask.java, line(s) 179
com/hippo/ehviewer/ui/dialog/ArchiverDownloadDialog.java, line(s) 161,135,137,139,142,144
com/hippo/ehviewer/ui/scene/FavoritesScene.java, line(s) 718
com/hippo/ehviewer/ui/scene/GalleryCommentsScene.java, line(s) 466,823
com/hippo/ehviewer/ui/scene/SolidScene.java, line(s) 43
com/hippo/ehviewer/ui/scene/ThumbSpanHelper.java, line(s) 53,72,73,78,79,90,91,96,97,132,133,138,139,151
com/hippo/ehviewer/ui/scene/download/DownloadsScene.java, line(s) 1319
com/hippo/ehviewer/ui/scene/gallery/list/GalleryListScene.java, line(s) 778
com/hippo/ehviewer/ui/wifi/WiFiClientActivity.java, line(s) 170
com/hippo/ehviewer/ui/wifi/WiFiServerActivity.java, line(s) 239,247,339,365
com/hippo/ehviewer/widget/ImageSearchLayout.java, line(s) 242
com/hippo/ehviewer/widget/SearchDatabase.java, line(s) 111
com/hippo/glview/glrenderer/BasicTexture.java, line(s) 163
com/hippo/glview/glrenderer/GLES11Canvas.java, line(s) 678
com/hippo/glview/glrenderer/GLES20Canvas.java, line(s) 635,195,196,210,403
com/hippo/glview/glrenderer/NativeTexture.java, line(s) 15
com/hippo/glview/glrenderer/RawTexture.java, line(s) 35
com/hippo/glview/image/ImageWrapper.java, line(s) 97
com/hippo/glview/view/GLRootView.java, line(s) 393,150,210,221,343,174
com/hippo/glview/view/GLView.java, line(s) 370
com/hippo/lib/glgallery/PagerLayoutManager.java, line(s) 638,644
com/hippo/lib/glgallery/ScrollLayoutManager.java, line(s) 745,749,854,861,902,909,939
com/hippo/network/CookieDatabase.java, line(s) 80,82,142,147,169,177
com/hippo/network/EhSSLSocketFactory.java, line(s) 386,348,350
com/hippo/network/EhSSLSocketFactoryLowSDK.java, line(s) 57
com/hippo/preference/ActivityPreference.java, line(s) 39
com/hippo/refreshlayout/RefreshLayout.java, line(s) 339,344,380,405,449,494,550
com/hippo/ripple/Ripple.java, line(s) 30,46
com/hippo/scene/StageActivity.java, line(s) 59,64,130,206,212,336,345,401,454,68
com/hippo/tuxiang/DefaultContextFactory.java, line(s) 32
com/hippo/tuxiang/DefaultWindowSurfaceFactory.java, line(s) 15
com/hippo/tuxiang/EglHelper.java, line(s) 130,31,82
com/hippo/tuxiang/GLThread.java, line(s) 167
com/hippo/unifile/DocumentsContractApi19.java, line(s) 47
com/hippo/unifile/DocumentsContractApi21.java, line(s) 33,76
com/hippo/unifile/RawFile.java, line(s) 35,92
com/hippo/unifile/TreeDocumentFile.java, line(s) 74
com/hippo/unifile/UriRandomAccessFile.java, line(s) 29,36,38
com/hippo/util/DownloadUtil.java, line(s) 44
com/hippo/util/PackageUtils.java, line(s) 30,41,45
com/hippo/widget/AvatarImageView.java, line(s) 360
com/hippo/widget/ContentLayout.java, line(s) 154,343
com/hippo/widget/LoadImageView.java, line(s) 254
com/hippo/widget/LoadImageViewNew.java, line(s) 257
com/microsoft/appcenter/AbstractAppCenterService.java, line(s) 163,221,158,191,209
com/microsoft/appcenter/AppCenter.java, line(s) 250,684,87,111,116,172,347,521,526,531,559,564,678,702,709,719,731,166,234,237,256,271,274,414,449,461,465,474,507,511,546,554,120,420,496,600,143,180,671,726
com/microsoft/appcenter/Constants.java, line(s) 25
com/microsoft/appcenter/Flags.java, line(s) 23
com/microsoft/appcenter/ServiceInstrumentationUtils.java, line(s) 27
com/microsoft/appcenter/UncaughtExceptionHandler.java, line(s) 39,45,48
com/microsoft/appcenter/analytics/Analytics.java, line(s) 94,110,145,284,136,149,238,242,326,335,372,195,196,330,332,338,339,340
com/microsoft/appcenter/analytics/AnalyticsTransmissionTarget.java, line(s) 38,42,46,49,192
com/microsoft/appcenter/analytics/AuthenticationProvider.java, line(s) 47,51,66,53,55
com/microsoft/appcenter/analytics/EventProperties.java, line(s) 20,34,45,26
com/microsoft/appcenter/analytics/channel/AnalyticsValidator.java, line(s) 84,81,102,106,108,111,115,137,142,146,158,161
com/microsoft/appcenter/analytics/channel/SessionTracker.java, line(s) 36,61,68,78,106,109,44,66,75
com/microsoft/appcenter/analytics/ingestion/models/EventLog.java, line(s) 28,28
com/microsoft/appcenter/analytics/ingestion/models/json/EventLogFactory.java, line(s) 29
com/microsoft/appcenter/channel/DefaultChannel.java, line(s) 182,189,277,282,285,294,308,337,356,410,414,422,426,430,462,465,478,501,506,141,261,370,391,433,374
com/microsoft/appcenter/channel/OneCollectorChannelListener.java, line(s) 126,121
com/microsoft/appcenter/distribute/BrowserUtils.java, line(s) 51,64,70,73,78,42,31
com/microsoft/appcenter/distribute/DeepLinkActivity.java, line(s) 19,22,23,26,29,32,43
com/microsoft/appcenter/distribute/Distribute.java, line(s) 100,106,114,120,151,187,214,218,222,225,283,295,299,310,320,323,328,336,423,428,474,488,518,550,559,592,651,689,727,741,777,805,887,921,1050,1136,1145,1157,1167,1171,1180,1184,275,287,360,389,630,632,860,997,1002,1006,1012,1024,281,340,350,439,458,464,478,481,940,1093,271,555,239,251,670,685,1161,1174,1187
com/microsoft/appcenter/distribute/DistributeUtils.java, line(s) 98,107,68,91
com/microsoft/appcenter/distribute/DownloadManagerReceiver.java, line(s) 13
com/microsoft/appcenter/distribute/InstallerUtils.java, line(s) 40
com/microsoft/appcenter/distribute/ReleaseDownloadListener.java, line(s) 87,63,75
com/microsoft/appcenter/distribute/ResumeFromBackgroundTask.java, line(s) 21,27
com/microsoft/appcenter/distribute/UpdateInstaller.java, line(s) 55
com/microsoft/appcenter/distribute/UpdateReceiver.java, line(s) 27,34
com/microsoft/appcenter/distribute/download/manager/DownloadManagerReleaseDownloader.java, line(s) 56,65,139,50,153
com/microsoft/appcenter/distribute/download/manager/DownloadManagerRequestTask.java, line(s) 27
com/microsoft/appcenter/distribute/ingestion/DistributeIngestion.java, line(s) 34,40
com/microsoft/appcenter/distribute/install/AbstractReleaseInstaller.java, line(s) 25,30,35
com/microsoft/appcenter/distribute/install/ReleaseInstallerActivity.java, line(s) 35,56,66
com/microsoft/appcenter/distribute/install/session/InstallStatusReceiver.java, line(s) 45,36,67,59
com/microsoft/appcenter/distribute/install/session/PackageInstallerListener.java, line(s) 24,29,34
com/microsoft/appcenter/distribute/install/session/SessionReleaseInstaller.java, line(s) 38,118,162,203,91,106
com/microsoft/appcenter/http/AbstractAppCallTemplate.java, line(s) 14,20
com/microsoft/appcenter/http/DefaultHttpClient.java, line(s) 60
com/microsoft/appcenter/http/DefaultHttpClientCallTask.java, line(s) 97,126,129
com/microsoft/appcenter/http/HttpClientNetworkStateHandler.java, line(s) 49,65
com/microsoft/appcenter/http/HttpClientRetryer.java, line(s) 48
com/microsoft/appcenter/ingestion/OneCollectorIngestion.java, line(s) 108,58,68
com/microsoft/appcenter/ingestion/models/AbstractLog.java, line(s) 53,53,61,61,49,49
com/microsoft/appcenter/ingestion/models/one/CommonSchemaDataUtils.java, line(s) 48,63,69,77,82
com/microsoft/appcenter/ingestion/models/one/CommonSchemaLog.java, line(s) 67,63,63,55,55,51,51,39,39
com/microsoft/appcenter/persistence/DatabasePersistence.java, line(s) 123,154,163,174,175,180,199,250,284,288,289,296,308,336,338,344,114,147,222,233,240,265,281
com/microsoft/appcenter/utils/AppCenterLog.java, line(s) 19,30,41,52,71,82,113,124,135,146
com/microsoft/appcenter/utils/AsyncTaskUtils.java, line(s) 15
com/microsoft/appcenter/utils/DeviceInfoHelper.java, line(s) 123,50,66,88,120
com/microsoft/appcenter/utils/IdHelper.java, line(s) 11
com/microsoft/appcenter/utils/NetworkStateHelper.java, line(s) 57,65,72,120
com/microsoft/appcenter/utils/context/SessionContext.java, line(s) 67,63
com/microsoft/appcenter/utils/context/UserIdContext.java, line(s) 26,35,42,46
com/microsoft/appcenter/utils/crypto/CryptoUtils.java, line(s) 238,241,281,285,288,168,176,193,253,263,293
com/microsoft/appcenter/utils/storage/DatabaseManager.java, line(s) 191,203,88,101,110,153,162,174,188,225,235,141,229,232,139,143
com/microsoft/appcenter/utils/storage/FileManager.java, line(s) 107,127
np/protect/assets/ShellApplication.java, line(s) 172,665,1310,1441,3343,3633
np/protect/assets/a/C0017.java, line(s) 271,796,1125,2176,2497,2795,3182
np/protect/assets/a/C0018.java, line(s) 78
np/protect/assets/a/C0019.java, line(s) 183
np/protect/assets/a/C0020.java, line(s) 27
np/protect/assets/a/C0022.java, line(s) 242
org/ccil/cowan/tagsoup/CommandLine.java, line(s) 89,90,95,98,100,102,105,125,126,149,158,168
org/ccil/cowan/tagsoup/jaxp/JAXPTest.java, line(s) 15,21,22,24,25
org/greenrobot/eventbus/Logger.java, line(s) 78,83
org/greenrobot/eventbus/util/ErrorDialogConfig.java, line(s) 43
org/greenrobot/eventbus/util/ErrorDialogManager.java, line(s) 165
org/greenrobot/eventbus/util/ExceptionToResourceMapping.java, line(s) 30
org/greenrobot/greendao/AbstractDao.java, line(s) 476,659,714
org/greenrobot/greendao/DaoException.java, line(s) 28,29
org/greenrobot/greendao/DaoLog.java, line(s) 15,19,27,35,39,43,51,55,23,59,63,67
org/greenrobot/greendao/DbUtils.java, line(s) 63,33
org/greenrobot/greendao/async/AsyncOperationExecutor.java, line(s) 289,299,311,387
org/greenrobot/greendao/internal/LongHashMap.java, line(s) 64
org/greenrobot/greendao/query/QueryBuilder.java, line(s) 98,101
org/greenrobot/greendao/test/AbstractDaoTest.java, line(s) 29,32,61
org/greenrobot/greendao/test/AbstractDaoTestLongPk.java, line(s) 18,23
org/greenrobot/greendao/test/DbTest.java, line(s) 63

信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 

此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard

Files:
com/hippo/ehviewer/preference/IdentityCookiePreference.java, line(s) 4,98
com/hippo/ehviewer/ui/fragment/AboutFragment.java, line(s) 4,45
com/hippo/ehviewer/ui/scene/GalleryCommentsScene.java, line(s) 5,541
com/hippo/ehviewer/ui/scene/GalleryInfoScene.java, line(s) 4,198
com/hippo/ehviewer/ui/scene/gallery/detail/GalleryDetailScene.java, line(s) 5,911
com/hippo/ehviewer/ui/scene/gallery/list/GalleryListSecenDialog.java, line(s) 4,28
com/hippo/ehviewer/util/ClipboardUtil.java, line(s) 4,36,52,60
com/hippo/util/AppHelper.java, line(s) 6,35

信息 此应用程序使用SQL Cipher,确保密钥没有硬编码在代码中 

此应用程序使用SQL Cipher,确保密钥没有硬编码在代码中


Files:
com/microsoft/appcenter/utils/storage/DatabaseManager.java, line(s) 137,145

安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 

此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4

Files:
com/hippo/ehviewer/EhApplication.java, line(s) 255,273,324,342,254,253,253,271,271,322,322,340,340

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (firebase-settings.crashlytics.com) 通信。 

{'ip': '180.163.150.162', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (pagead2.googlesyndication.com) 通信。 

{'ip': '180.163.150.161', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (app-measurement.com) 通信。 

{'ip': '180.163.150.161', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}

安全评分: ( EhViewer 1.9.8.0)