安全分析报告:
安全分数
安全分数 49/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
1
用户/设备跟踪器
调研结果
高危
3
中危
22
信息
1
安全
2
关注
12
高危 应用程序存在Janus漏洞
应用程序使用了v1签名方案进行签名,如果只使用v1签名方案,那么它就容易受到安卓5.0-8.0上的Janus漏洞的攻击。在安卓5.0-7.0上运行的使用了v1签名方案的应用程序,以及同时使用了v2/v3签名方案的应用程序也同样存在漏洞。
高危 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: org/wlf/filedownloader/file_download/HttpConnectionHelper.java, line(s) 64,17,18,19,20,21,22
高危 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/yijianwan/child/BuildConfig.java, line(s) 3,4
中危 应用程序数据存在被泄露的风险
未设置[android:allowBackup]标志 这个标志 [android:allowBackup]应该设置为false。默认情况下它被设置为true,允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Service (com.my.service.musicPlayService) 受权限保护, 但是应该检查权限的保护级别。
Permission: oem.permission.SENDMAIL [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (com.yijianwan.child.DownloadService) 受权限保护, 但是应该检查权限的保护级别。
Permission: oem.permission.SENDMAIL [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (com.my.boot.BootBroadcastReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.yijianwan.child.MyBroadcastReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Service (com.beetstra.jutf7.Utf7ImeService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_INPUT_METHOD [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (com.yijianwan.child.qhb.testTouchClick) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_ACCESSIBILITY_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Content Provider (android.support.v4.content.FileProvider) 如果应用程序在API级别低于17的设备上运行,则不会受到保护。
[Content Provider, targetSdkVersion >= 17] 如果应用程序运行在一个API级别低于17的设备上,内容提供者( Content Provider)就会被导出。在这种情况下,它会被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。
中危 Activity (com.tencent.tauth.AuthActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 高优先级的Intent (1000)
[android:priority] 通过设置一个比另一个Intent更高的优先级,应用程序有效地覆盖了其他请求。
中危 高优先级的Intent (1000)
[android:priority] 通过设置一个比另一个Intent更高的优先级,应用程序有效地覆盖了其他请求。
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/my/init/getDevMsg.java, line(s) 109 com/switfpass/pay/bean/RequestMsg.java, line(s) 197 com/switfpass/pay/utils/Constants.java, line(s) 11,16,5 com/yijianwan/child/MainActivity.java, line(s) 452 com/yijianwan/child/login_tokey.java, line(s) 40 com/zhy/http/okhttp/builder/PostFormBuilder.java, line(s) 48
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/baidu/paddle/lite/demo/object_detection/ObjectUtils.java, line(s) 143 com/baidu/paddle/lite/demo/ocr/Utils.java, line(s) 144 com/my/http/OkHttpUtils.java, line(s) 272,291 com/switfpass/pay/utils/Util.java, line(s) 164 org/wlf/filedownloader/FileDownloadConfiguration.java, line(s) 29 org/wlf/filedownloader/util/FileUtil.java, line(s) 43,50
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/yijianwan/child/PayActivity.java, line(s) 562,561 com/yijianwan/pay/DBTWxPay.java, line(s) 127,67
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/haoi/dt/ImService.java, line(s) 384 com/haoi/dt/haoi.java, line(s) 370 com/haoi/dt/utils/MD5.java, line(s) 8 com/switfpass/pay/utils/MD5.java, line(s) 13,32 com/switfpass/pay/utils/Rsa.java, line(s) 48
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: org/wlf/filedownloader/file_download/db_recorder/DownloadFileDao.java, line(s) 3,4,18
中危 IP地址泄露
IP地址泄露 Files: com/shotscreen/ScreenShotSocket.java, line(s) 55 com/yijianwan/Util/Util.java, line(s) 1547 com/yijianwan/child/qhb/input/AnJianSocket.java, line(s) 87,119 com/yijianwan/kaifaban/guagua/ccalljava/CCallJava.java, line(s) 335,382
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/my/login/login_save.java, line(s) 13 com/switfpass/pay/utils/Util.java, line(s) 21 com/yijianwan/Util/Util.java, line(s) 75 com/yijianwan/child/MainActivity.java, line(s) 78
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/my/view/crop/CropUtil.java, line(s) 131
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/switfpass/pay/utils/Util.java, line(s) 285 com/yijianwan/pay/SignUtils.java, line(s) 18
中危 应用程序包含隐私跟踪程序
此应用程序有多个1隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 友盟统计的=> "UMENG_CHANNEL" : "yijianwan" 友盟统计的=> "UMENG_APPKEY" : "5aec6e588f4a9d6ab300022a" 2FDgvkGVlKtvyo6NX8HbSycCiDHWR2gaqJRI3JrAqT9lGxZAxTnmUE8MNnhRWfoNZJHX2 d6931904dec60b24b1edc762e0d9d8253e3ecd6ceb1de2ff068ca8e8bca8cd6bd3786ea70aa76ce60ebb0f993559ffd93e77a943e7e83d4b64b8e4fea2d3e656f1e267a81bbfb230b578c20443be4c7218b846f5211586f038a14e89c2be387f8ebecf8fcac3da1ee330c9ea93d0a7c3dc4af350220d50080732e0809717ee6a053359e6a694ec2cb3f284a0a466c87a94d83b31093a67372e2f6412c06e6d42f15818dffe0381cc0cd444da6cddc3b82458194801b32564134fbfde98c9287748dbf5676a540d8154c8bbca07b9e247553311c46b9af76fdeeccc8e69e7c8a2d08e782620943f99727d3c04fe72991d99df9bae38a0b2177fa31d5b6afee91f 891b9b2a1d867f95eefd537a56d4d805 39280363481451541647 0a54b19a13b6712dc04d1b49215423d8 -39280363481451541647 zxcvbnmlkjhgfdsaqwertyuiopQWERTYUIOPASDFGHJKLZXCVBNM1234567890 3BDA727BF325A847037D398AE320F165 0dc1c1c001c4d6c48241ce1ac41fd5a0 cdaee79f6ddf069e70f20f7abbc784cf173b0cda1128b839601ff69eb6f5b668d824d55080954ff7c647560521f04bd400b38e32ced93502b66d7ceddec4ef9769fe4736460542cbdd8541867986353714fa569b0a64b48f7ba2cc06932992881bd37497d6564e82e7d0d46cde916f05b418138ffbd4875cfd610942dfe658fd45a89ae62e3b36ab7afa252ff1cca8699dfd99b42fe075707f67fed8fb9f538cc7f0aae2e1984b1844a909d607e205c64446824b5e947e44836e332e94648c6f58a7ac079144c1a33f4f8fac83277da823eb0c663e51ed752357ee9e696c50a438faa484032a3b481f9f4050b20554fc716ac691c5a30151cb2dd2300e0736f9 2FsPONw4QOqEQkzYvoiuVATWxbyQmsCJ ab95615a5637ce42b0c0dc4792fc7627 hjwg16Y0G83C18H9wpMLWi25KDSLyNLA2I509GQ5wydMj2qRYVHjf9fV7Xl9cfcFstlYsOtRAxdUcMOa0nkO1qhsbeEqirQRJmnW0Yub6Yar1FzfWJTlHutV43HJmd8E
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/aidl/aidlCall.java, line(s) 33 com/alipay/test/a.java, line(s) 13,14,20,21,27,28,34,35,41,42,48,49,55,56,62,63,69,70,76,77,83,84,90,91,97,98,101,102,105,106,109,110,113,114,117,118,121,122,125,126,129,130,133,134,137,138,141,142 com/baidu/paddle/lite/demo/object_detection/ObjectPredictor.java, line(s) 119,50,54,58,62,66,70,178,200,75,98,105,161,215,216,222,245,274,275 com/baidu/paddle/lite/demo/ocr/OCRPredictorNative.java, line(s) 43,47,86 com/baidu/paddle/lite/demo/ocr/Predictor.java, line(s) 58,62,66,70,74,78,171,296,111,168,193,216,219,231,315 com/baidu/paddle/lite/demo/yolo_tiny/YoloPredictor.java, line(s) 108,146,51,55,59,63,67,71,142,189,211,76,237,247 com/beetstra/jutf7/CharsetProvider.java, line(s) 54,57,64,65,66,67 com/beetstra/jutf7/Utf7ImeService.java, line(s) 37,41,49,76 com/ggexe/ggSocket.java, line(s) 26,38,418 com/haoi/dt/ImService.java, line(s) 297,245,307,104,127,143,176,193,207,334,340,366,62,95,179,353 com/haoi/dt/LianzhongDemo.java, line(s) 88 com/haoi/dt/LzDemo.java, line(s) 35,50,185 com/haoi/dt/SaveService.java, line(s) 35 com/haoi/dt/haoi.java, line(s) 213,215,224,228,427,144,419,445,460 com/haoi/dt/utils/HostUtil.java, line(s) 56,99 com/haoi/dt/utils/PostUtils.java, line(s) 81 com/kugou/music.java, line(s) 290,303,53,57,141,145,148,165,175,211,214,216,220,347 com/my/file/MyFileHoop.java, line(s) 45,64,113,134,153,293,298,102,133,384,426 com/my/file/copyFile.java, line(s) 23,31,69 com/my/file/srcCopyToData.java, line(s) 28 com/my/ftp/UserFtp.java, line(s) 60,70,83,87,93,107,144 com/my/ftp/ftpUpDown.java, line(s) 53,63,77,80,85,92,101,107,115,182,203,206,274,395,480,486,502,506,543,591,603,605,648 com/my/ftp/myFtp.java, line(s) 13,16,21,24,30,36,42,49 com/my/http/OkHttpUtils.java, line(s) 83,168,264 com/my/http/httpRead.java, line(s) 82,83 com/my/http/initDoDown.java, line(s) 28,33,38,43,48,59,64,71 com/my/id/createID.java, line(s) 47,50,66,68 com/my/init/agent_card.java, line(s) 353,117 com/my/init/getDevMsg.java, line(s) 85,96,109,113,144,163,184,214,222,251,257 com/my/init/initAutoRun.java, line(s) 47 com/my/init/initGuaGuaDown.java, line(s) 59,166 com/my/init/initHttpDown.java, line(s) 25,30,35,40,45,56,61,68 com/my/init/initSetting.java, line(s) 400,408,412,415,426,465,468,484,692,753,367,430,462,672 com/my/init/initUser.java, line(s) 275,301,332,354,369,389,578,343 com/my/init/loadScript.java, line(s) 303,306 com/my/init/loadSo.java, line(s) 29,32,40,62,66,68,72,74,99,129,158,160,179,290,346,349,364,399,407,413,416,427,189,223,436,439 com/my/init/resetUIConfig.java, line(s) 16,17,48,56,68,87,88,119,127,139,161 com/my/init/userLogin.java, line(s) 51 com/my/listview/my_text4_item.java, line(s) 128 com/my/login/login_save.java, line(s) 24,77,323,326,391 com/my/login/my_login_msg.java, line(s) 39,285 com/my/login/my_login_user.java, line(s) 52,57,344 com/my/popuplayout/popup_yesno.java, line(s) 56 com/my/register/my_register_terms.java, line(s) 43,60 com/my/service/musicPlayService.java, line(s) 290,303,53,57,141,145,148,165,175,211,214,216,220,347 com/my/setting/AppInfo.java, line(s) 32 com/my/setting/BaseDialog.java, line(s) 54,73,109,160,167,173,179,184 com/my/setting/setTimerStartScript.java, line(s) 51 com/my/tool/closeBackgroundApp.java, line(s) 30,43,78,81,83 com/my/tool/log/Log.java, line(s) 23,38,57,72,91,106,125,140 com/my/tool/root/RootUtil.java, line(s) 146,149,168,171,290,55,76,82,94,102,123,127,225,249 com/my/update/update.java, line(s) 69,150,184,218,222,255,63,71,77,83,95,101,107,119,125,131,144,162,178,197,242,244,274,276,293,307 com/my/update/updateOss.java, line(s) 29,106,135,166,35,41,60,66,85,91,117,147,155,170,173,189,190,192,205,215,217,234,248 com/my/user/Server.java, line(s) 38,40,53,55,90,92 com/my/user/gcName.java, line(s) 20,22,45,48 com/my/user/serverProt.java, line(s) 42,44 com/my/user/userFile.java, line(s) 23,25,44,46 com/my/view/RoundImageView.java, line(s) 76 com/my/view/crop/CropImageActivity.java, line(s) 123,126,323,326,352 com/my/view/crop/CropUtil.java, line(s) 56,72 com/my/view/crop/Log.java, line(s) 10,14 com/my/zip/BitmapHelper.java, line(s) 305 com/my/zip/FileZip.java, line(s) 53,56 com/my/zip/FolderZip.java, line(s) 62,65 com/my/zip/upFileZip.java, line(s) 28,34,40,68,88,102 com/shotscreen/ScreenShotService.java, line(s) 62,68,75,80,126,132,135,136,148,154,161,172,184,121 com/shotscreen/ScreenShotSocket.java, line(s) 61 com/shotscreen/ScreenShotUtil.java, line(s) 66,98 com/shotscreen/ShotScreenSocket.java, line(s) 44,72,92,96,103 com/shotscreen/screenShot.java, line(s) 23,57,73,87,152,153,163,164,186,187 com/switfpass/pay/activity/BasePayActivity.java, line(s) 21,41 com/switfpass/pay/activity/C0055n.java, line(s) 86 com/switfpass/pay/activity/D.java, line(s) 27,55 com/switfpass/pay/service/b.java, line(s) 56,30 com/switfpass/pay/service/c.java, line(s) 71,31,48 com/switfpass/pay/service/d.java, line(s) 63,48 com/switfpass/pay/service/e.java, line(s) 76,35,54 com/switfpass/pay/service/f.java, line(s) 61,35,53 com/switfpass/pay/service/g.java, line(s) 60 com/switfpass/pay/service/h.java, line(s) 64,35,52 com/switfpass/pay/service/i.java, line(s) 76,34 com/switfpass/pay/service/j.java, line(s) 78,39,42 com/switfpass/pay/thread/NetHelper.java, line(s) 161,177,230,244,148 com/switfpass/pay/utils/C0075n.java, line(s) 45,86 com/switfpass/pay/utils/HandlerC0071j.java, line(s) 16 com/switfpass/pay/utils/P.java, line(s) 23 com/switfpass/pay/utils/PayDialogInfo.java, line(s) 200,254,104 com/switfpass/pay/utils/Rsa.java, line(s) 22,23,25 com/switfpass/pay/utils/Util.java, line(s) 72,75,252,102,124,184,189,194,204,213,218,254,258,262,273,99,105,118,246 com/switfpass/pay/utils/W.java, line(s) 44 com/switfpass/pay/utils/Y.java, line(s) 43,85 com/yijianwan/Floating/FloatingCreate.java, line(s) 78,81,85,96,73 com/yijianwan/Floating/FloatingInterface1.java, line(s) 116,711,714 com/yijianwan/Floating/FloatingLeHeYouGame.java, line(s) 75 com/yijianwan/Floating/FloatingShow.java, line(s) 799,827,155,170,173,178,277,292,294,298,698,719 com/yijianwan/Floating/FloatingView.java, line(s) 173,399,424 com/yijianwan/Floating/FloatingView1.java, line(s) 279 com/yijianwan/Floating/MyDefaultToastMsg.java, line(s) 110 com/yijianwan/Floating/MyToastMsg.java, line(s) 177 com/yijianwan/Floating/PopupImage/popupEvent.java, line(s) 30 com/yijianwan/Floating/PopupImage/popupImage.java, line(s) 121,125,197 com/yijianwan/Floating/runScript.java, line(s) 86,94,106,114,120,122,126,168,181,272,283,296,319,331,346,369,137 com/yijianwan/UI/custom/myComboView.java, line(s) 107,116 com/yijianwan/UI/myEventClick.java, line(s) 38 com/yijianwan/UI/myEventRun.java, line(s) 31 com/yijianwan/UI/myEventTextInputEnd.java, line(s) 10,13 com/yijianwan/UI/myImage.java, line(s) 77 com/yijianwan/UI/myProperties.java, line(s) 219,405 com/yijianwan/UI/myTab.java, line(s) 32,37,138 com/yijianwan/UI/myUI.java, line(s) 159,491,832,836,842 com/yijianwan/UI/myView.java, line(s) 190,213,238 com/yijianwan/UI/myWindow.java, line(s) 68 com/yijianwan/Util/FloatWindowManager.java, line(s) 217,103,143,156,169,182,195,213 com/yijianwan/Util/Util.java, line(s) 580,598,626,780,180,186,196,218,221,252,311,319,327,340,353,369,372,376,431,646,655,666,689,697,744,763,795,803,811,824,833,839,848,870,885,943,946,1032,1056,1069,1071,1436,1586,1592,1632,1639,1641,1643,1648,1688,1703 com/yijianwan/Util/getInstallApp.java, line(s) 14,31 com/yijianwan/Util/rom/HuaweiUtils.java, line(s) 46,53,56,69,72 com/yijianwan/Util/rom/MeizuUtils.java, line(s) 32,35,49,52 com/yijianwan/Util/rom/MiuiUtils.java, line(s) 22,23,46,49,69,86,98,110,130 com/yijianwan/Util/rom/OppoUtils.java, line(s) 33,36 com/yijianwan/Util/rom/QikuUtils.java, line(s) 32,35,52 com/yijianwan/Util/rom/RomUtils.java, line(s) 30,56,63,68,79 com/yijianwan/binder.java, line(s) 13,30,35 com/yijianwan/bmpFile/bmpFile.java, line(s) 39,42,95,99,103 com/yijianwan/bmpFile/screencap.java, line(s) 42 com/yijianwan/child/DownloadService.java, line(s) 55 com/yijianwan/child/MainActivity.java, line(s) 476,494,523,806,808,814,816,827,830,860,862,864,882,896,902,921,1116,1247,1261,1280,1282,1295,1301,1313,1323,1554,1556,1562,1568,133,229,368,391,427,452,486,495,512,819,1343,1351 com/yijianwan/child/MyPackService.java, line(s) 287,300,50,54,138,142,145,162,172,208,211,213,217,344 com/yijianwan/child/MyServerWindow.java, line(s) 25,28,30,38 com/yijianwan/child/NoticeService.java, line(s) 21,27 com/yijianwan/child/PayActivity.java, line(s) 421,451,127,217,337,358,426,429,436,456,459,466,481,496,516,523 com/yijianwan/child/PayBatchActivity.java, line(s) 55,358 com/yijianwan/child/PaySelectActivity.java, line(s) 44,50,79,138,178,227 com/yijianwan/child/UISynchronous.java, line(s) 26,107 com/yijianwan/child/ads.java, line(s) 72,81 com/yijianwan/child/autoRun.java, line(s) 22,29,43,110,118,90 com/yijianwan/child/check_run_activity.java, line(s) 349,517 com/yijianwan/child/getScript.java, line(s) 29,42,44,46,48,51 com/yijianwan/child/login_tokey.java, line(s) 40 com/yijianwan/child/notificationActivity.java, line(s) 13 com/yijianwan/child/qhb/input/AnJian.java, line(s) 16 com/yijianwan/child/qhb/input/AnJianSocket.java, line(s) 21,43,46,56,93,125 com/yijianwan/child/qhb/input/ggSocket.java, line(s) 35,73,79,86 com/yijianwan/child/qhb/node/nodeSave.java, line(s) 301,305,311,313,323,327,333,335,421,43,71,79,173,316,338 com/yijianwan/child/qhb/testTouchClick.java, line(s) 37,68,87,93,97,110,116,120,132,138,142,154,160,164 com/yijianwan/child/rootSelect.java, line(s) 125,184 com/yijianwan/child/wxapi/WXEntryActivity.java, line(s) 61,67,71,75,80,45,57,58 com/yijianwan/cpp.java, line(s) 28,32,39 com/yijianwan/doTool/do_tool.java, line(s) 81,96,86 com/yijianwan/invoke.java, line(s) 22,37,71 com/yijianwan/kaifaban/guagua/ai/AIIdentify.java, line(s) 20 com/yijianwan/kaifaban/guagua/ai/AIYoloIdentify.java, line(s) 18 com/yijianwan/kaifaban/guagua/ai/drawAiResults.java, line(s) 95,108 com/yijianwan/kaifaban/guagua/ccalljava/CCallJava.java, line(s) 92,228,238,247,256,591,610,624,626,629,632,643,697,80,127,142,225,234,243,252,334,354,379,387,430,436,445,466,479,487,513,1008,1013,1131,1155,1159,1197,1221,1230,1240,1251,1333,1349,1361,1366,1378,1404 com/yijianwan/kaifaban/guagua/ccalljava/CCallUI.java, line(s) 85,253,301,331,361,389,431,259 com/yijianwan/kaifaban/guagua/guagua.java, line(s) 534,537,541,542 com/yijianwan/network/openUrl.java, line(s) 77,79,81 com/yijianwan/oss/myOss.java, line(s) 33,36,43,54,56,61,63,69,75,81,88,118,124,130,136,142,149 com/yijianwan/oss/ossUtil.java, line(s) 60,72,113,114,115,80,81,82,83,126,127,128,129,176,200 com/yijianwan/pay/DBTWxPay.java, line(s) 44,190 com/zhy/http/okhttp/cookie/store/PersistentCookieStore.java, line(s) 142,155,158 com/zhy/http/okhttp/log/LoggerInterceptor.java, line(s) 42,45,46,47,49,52,55,58,60,72,73,74,76,80,82,84,87 com/zhy/http/okhttp/utils/L.java, line(s) 10 org/wlf/filedownloader/DownloadCacher.java, line(s) 79,84,95,99,426 org/wlf/filedownloader/DownloadConfiguration.java, line(s) 327,378,254,260,269,275,290 org/wlf/filedownloader/DownloadFileChangeObserver.java, line(s) 25,40,60,77,93 org/wlf/filedownloader/FileDownloadConfiguration.java, line(s) 42,45,47,50,63,35,72 org/wlf/filedownloader/FileDownloadManager.java, line(s) 55 org/wlf/filedownloader/base/BaseDownloadConfigBuilder.java, line(s) 20,33 org/wlf/filedownloader/base/Log.java, line(s) 26,33,75,82,40,47,12,19,54,61,68 org/wlf/filedownloader/file_delete/DeleteDownloadFileTask.java, line(s) 43,46,48,56,59,61,75,78,80,83,96,99,102,104,110,113,115,121,124,126,131,134,136 org/wlf/filedownloader/file_delete/DeleteDownloadFilesTask.java, line(s) 81,85,89,93,95,105,109,127,133,139,173,189,200,209,218 org/wlf/filedownloader/file_delete/DownloadDeleteManager.java, line(s) 42,45,49,56 org/wlf/filedownloader/file_download/DetectUrlFileTask.java, line(s) 108,139,150,182,232,267,298,328,348,364,388,394,403,412,185 org/wlf/filedownloader/file_download/DownloadStatusObserver.java, line(s) 28,43,53,60,67,73,79,85,91,98 org/wlf/filedownloader/file_download/DownloadTaskImpl.java, line(s) 66,219,258,261,296,332,368,410,444,472,491,503,513,516,736,747,753,672,722,526,541,556,594,623,630,637,644,658,684,701,714 org/wlf/filedownloader/file_download/DownloadTaskManager.java, line(s) 158,200,204,213,406,409,424,430,192 org/wlf/filedownloader/file_download/HttpConnectionHelper.java, line(s) 80,99,104 org/wlf/filedownloader/file_download/RetryableDownloadTaskImpl.java, line(s) 287,304,326,341,344,362,388,399,414,428,439,445,215,265,120,137,166,173,180,187,201,227,244,257 org/wlf/filedownloader/file_download/db_recorder/DownloadFileDao.java, line(s) 23 org/wlf/filedownloader/file_download/file_saver/FileSaver.java, line(s) 79,101,111,124,137,149,169,184,198,220,253,229,237,247 org/wlf/filedownloader/file_download/http_downloader/HttpDownloader.java, line(s) 93,107,126,157,165,173,191,100 org/wlf/filedownloader/file_move/DownloadMoveManager.java, line(s) 42,45,49,56 org/wlf/filedownloader/file_move/MoveDownloadFileTask.java, line(s) 46,49,51,59,62,64,78,81,83,90,93,95,113,116,118,125,128,130,146,149,151,157,160,162,167,170,172 org/wlf/filedownloader/file_move/MoveDownloadFilesTask.java, line(s) 87,91,95,99,101,111,115,133,139,145,179,195,206,215,225 org/wlf/filedownloader/file_rename/DownloadRenameManager.java, line(s) 38,41,45,52 org/wlf/filedownloader/file_rename/RenameDownloadFileTask.java, line(s) 48,51,53,61,64,66,83,86,88,95,98,100,114,117,119,149,152,154,161,164,166,173,181,184,186,195,198,200 org/wlf/filedownloader/util/UrlUtil.java, line(s) 214,240,241,251,252,253,254,255,256,257,258,259,281
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/yijianwan/Util/Util.java, line(s) 1376,1392,1376,1392
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/switfpass/pay/thread/NetHelper.java, line(s) 54,85 com/switfpass/pay/utils/Util.java, line(s) 308,318 com/zhy/http/okhttp/https/HttpsUtils.java, line(s) 111,174,43,109,109,172,172
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (paygate-yf.meituan.com) 通信。
{'ip': '101.236.69.63', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (h5.m.taobao.com) 通信。
{'ip': '110.75.132.131', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '镇江', 'latitude': '32.209366', 'longitude': '119.434372'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.gg13.cn) 通信。
{'ip': '110.75.132.131', 'country_short': 'CN', 'country_long': '中国', 'region': '山东', 'city': '青岛', 'latitude': '36.098610', 'longitude': '120.371941'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (alog.umengcloud.com) 通信。
{'ip': '110.75.132.131', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '南京', 'latitude': '32.061668', 'longitude': '118.777992'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (log.umsns.com) 通信。
{'ip': '110.75.132.131', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (pay.swiftpass.cn) 通信。
{'ip': '110.75.132.131', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.yijianwan.com) 通信。
{'ip': '110.75.132.131', 'country_short': 'CN', 'country_long': '中国', 'region': '山东', 'city': '青岛', 'latitude': '36.098610', 'longitude': '120.371941'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (cmnsguider.yunos.com) 通信。
{'ip': '110.75.132.131', 'country_short': 'CN', 'country_long': '中国', 'region': '安徽', 'city': '苏州', 'latitude': '33.636440', 'longitude': '116.978851'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (my.api.leheyou.cn) 通信。
{'ip': '110.75.132.131', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (mobilegw.alipaydev.com) 通信。
{'ip': '110.75.132.131', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (gg13.cn) 通信。
{'ip': '47.105.65.92', 'country_short': 'CN', 'country_long': '中国', 'region': '山东', 'city': '青岛', 'latitude': '36.098610', 'longitude': '120.371941'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (fapi.suanst.com) 通信。
{'ip': '121.196.202.143', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}