安全分析报告:
安全分数
安全分数 44/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
5
用户/设备跟踪器
调研结果
高危
8
中危
35
信息
2
安全
2
关注
9
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危 Activity (net.itgoo.upush.UPushActivity) is vulnerable to StrandHogg 2.0
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危 Activity (com.vivo.push.sdk.LinkProxyClientActivity) is vulnerable to StrandHogg 2.0
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: anet/channel/util/b.java, line(s) 12,5,6,7,8,9,10 anet/channel/util/j.java, line(s) 11,12,13,3 anetwork/channel/config/NetworkConfigCenter.java, line(s) 71,23,24
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/loc/cv.java, line(s) 62,99,159,172 com/loc/m.java, line(s) 291 com/loc/q.java, line(s) 82,185 com/ta/utdid2/a/a/a.java, line(s) 35,42 com/uc/crashsdk/a/c.java, line(s) 37 org/android/agoo/common/a.java, line(s) 49
高危 该文件是World Readable。任何应用程序都可以读取文件
该文件是World Readable。任何应用程序都可以读取文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/hbyundu/basepush/util/PushPrefsUtil.java, line(s) 194
高危 使用弱加密算法
使用弱加密算法 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/heytap/mcssdk/utils/DESUtil.java, line(s) 12,19
高危 应用程序包含隐私跟踪程序
此应用程序有多个5隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 应用程序存在Janus漏洞
应用程序使用了v1签名方案进行签名,如果只使用v1签名方案,那么它就容易受到安卓5.0-8.0上的Janus漏洞的攻击。在安卓5.0-7.0上运行的使用了v1签名方案的应用程序,以及同时使用了v2/v3签名方案的应用程序也同样存在漏洞。
中危 应用程序可以安装在有漏洞的已更新 Android 版本上
Android 5.0-5.0.2, [minSdk=21] 该应用程序可以安装在具有多个未修复漏洞的旧版本 Android 上。这些设备不会从 Google 接收合理的安全更新。支持 Android 版本 => 10、API 29 以接收合理的安全更新。
中危 Service (com.taobao.accs.ChannelService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Service (com.taobao.accs.data.MsgDistributeService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Broadcast Receiver (com.taobao.accs.EventReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.taobao.accs.ServiceReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Service (org.android.agoo.accs.AgooService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Service (com.umeng.message.UmengIntentService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Service (com.umeng.message.XiaomiIntentService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Broadcast Receiver (com.taobao.agoo.AgooCommondReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Service (com.umeng.message.UmengMessageIntentReceiverService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Activity (net.itgoo.upush.UPushActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Broadcast Receiver (net.itgoo.upush.UPushMeizuReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Activity (com.darsh.multipleimageselect.activities.AlbumSelectActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.darsh.multipleimageselect.activities.ImageSelectActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Broadcast Receiver (org.android.agoo.huawei.HuaweiPushReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Service (com.meizu.cloud.pushsdk.NotificationService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Service (com.heytap.mcssdk.PushService) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.coloros.mcs.permission.SEND_MCS_MESSAGE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (com.heytap.mcssdk.AppPushService) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.heytap.mcs.permission.SEND_MCS_MESSAGE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (com.vivo.push.sdk.service.CommandClientService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Activity (com.vivo.push.sdk.LinkProxyClientActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Broadcast Receiver (org.android.agoo.vivo.PushMessageReceiverImpl) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Service (com.xiaomi.mipush.sdk.PushMessageHandler) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Broadcast Receiver (com.xiaomi.push.service.receivers.NetworkStatusReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Broadcast Receiver (org.android.agoo.xiaomi.MiPushBroadcastReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 IP地址泄露
IP地址泄露 Files: com/blankj/utilcode/util/NetworkUtils.java, line(s) 97 com/uc/crashsdk/a/d.java, line(s) 181 com/uc/crashsdk/a/h.java, line(s) 149 com/uc/crashsdk/e.java, line(s) 708 org/android/spdy/SpdyAgent.java, line(s) 336 org/android/spdy/SpdyRequest.java, line(s) 26,52,71,94,119,139,165,184,207,232
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: anet/channel/appmonitor/a.java, line(s) 24 anet/channel/bytes/a.java, line(s) 5 anet/channel/strategy/dispatch/b.java, line(s) 7 anet/channel/strategy/dispatch/c.java, line(s) 32 com/loc/Cdo.java, line(s) 37 com/loc/bw.java, line(s) 10 com/ta/utdid2/a/a/e.java, line(s) 7 com/ta/utdid2/device/c.java, line(s) 14 com/uc/crashsdk/e.java, line(s) 54 lombok/core/debug/AssertionLogger.java, line(s) 9 org/android/spdy/SpdyBytePool.java, line(s) 3
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: anet/channel/strategy/dispatch/DispatchConstants.java, line(s) 7 anetwork/channel/util/RequestConstant.java, line(s) 3 com/alibaba/android/arouter/utils/Consts.java, line(s) 3 com/bjhuitou/evaluate/satisfaction/manage/SatisfactionManage.java, line(s) 17,18,19,21,22 com/blankj/utilcode/constant/RegexConstants.java, line(s) 26 com/bumptech/glide/load/Option.java, line(s) 73 com/bumptech/glide/load/engine/DataCacheKey.java, line(s) 33 com/bumptech/glide/load/engine/EngineResource.java, line(s) 90 com/bumptech/glide/load/engine/ResourceCacheKey.java, line(s) 80 com/bumptech/glide/manager/RequestManagerRetriever.java, line(s) 32 com/heytap/mcssdk/mode/CommandMessage.java, line(s) 11,12 com/heytap/mcssdk/utils/CryptoUtil.java, line(s) 9 net/grandcentrix/tray/core/SharedPreferencesImport.java, line(s) 53 net/grandcentrix/tray/provider/TrayContract.java, line(s) 26,27 net/grandcentrix/tray/provider/TrayDBHelper.java, line(s) 13,14 net/itgoo/component/general/manage/GeneralManage.java, line(s) 6,7,8,9,10 net/itgoo/component/push/core/PushService.java, line(s) 22,24,26 net/itgoo/component/push/manager/PushManager.java, line(s) 15 net/itgoo/tabbadgeview/TabBadgeReceiver.java, line(s) 8,9 org/android/agoo/common/AgooConstants.java, line(s) 39 org/android/agoo/common/Config.java, line(s) 15 org/android/spdy/SpdyProtocol.java, line(s) 41
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: anetwork/channel/download/DownloadManager.java, line(s) 542,567 com/blankj/utilcode/util/CleanUtils.java, line(s) 31 com/blankj/utilcode/util/CrashUtils.java, line(s) 45,47 com/blankj/utilcode/util/LogUtils.java, line(s) 661,662 com/blankj/utilcode/util/PathUtils.java, line(s) 165,169,173,177,181,185,189,193,197,201,207,209,106,110,114,118,122,126,130,134,138,142,148,150 com/blankj/utilcode/util/SDCardUtils.java, line(s) 19,23 com/blankj/utilcode/util/UriUtils.java, line(s) 50,69,159 com/loc/Cdo.java, line(s) 814,815 com/loc/an.java, line(s) 35 com/loc/p.java, line(s) 561,562 com/qiangxi/checkupdatelibrary/Q.java, line(s) 35 com/ta/utdid2/b/a/c.java, line(s) 54,189,322,364 com/uc/crashsdk/e.java, line(s) 1094,1107 com/uc/crashsdk/g.java, line(s) 427 org/devio/takephoto/uitl/TImageFiles.java, line(s) 139 org/devio/takephoto/uitl/TUriParse.java, line(s) 30
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/loc/Cdo.java, line(s) 9,166 com/loc/ar.java, line(s) 3,13 com/loc/ba.java, line(s) 3,29 com/loc/cw.java, line(s) 5,268 com/loc/cy.java, line(s) 3,13 net/grandcentrix/tray/provider/TrayDBHelper.java, line(s) 4,5,66 org/android/agoo/message/MessageService.java, line(s) 5,6,194
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: anet/channel/util/StringUtils.java, line(s) 39 com/blankj/utilcode/util/EncryptUtils.java, line(s) 106 com/blankj/utilcode/util/FileUtils.java, line(s) 806 com/loc/r.java, line(s) 20,108 com/uc/crashsdk/a/g.java, line(s) 505 org/android/agoo/common/a.java, line(s) 62
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/loc/l.java, line(s) 178 com/ta/utdid2/device/c.java, line(s) 314 org/android/agoo/common/a.java, line(s) 73
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/soundcloud/android/crop/CropUtil.java, line(s) 130 lombok/installer/OsUtils.java, line(s) 23 lombok/javac/apt/Processor.java, line(s) 60
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/loc/h.java, line(s) 112,111
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "upush_umeng_secret" : "e153883d5986da7f03c4913de4da7ffa" "upush_mi_app_key" : "5191873291368" "upush_mz_app_key" : "b6acd046e4e848f699a6f30699db9120" "upush_vivo_app_key" : "" "tray__authority" : "legacyTrayAuthority" "upush_umeng_app_key" : "5f87ac49d5962636b2b1bc07" 239CE372F804D4BE4EAFFD183668379BDF274440E6F246AB16BBE6F5D1D30DEACFBBF0C942485727FF12288228760A9E AF2228680EDC323FBA035362EB7E1E38A0C33E1CF6F6FB805EE553A230CBA754CD9552EB9B546542CBE619E8293151BE EYW5kcm9pZC5wZXJtaXNzaW9uLkFDQ0VTU19DT0FSU0VfTE9DQVRJT04= QrMgt8GGYI6T52ZY5AnhtxkLzb8egpFn3j5JELI8H6wtACbUnZ5cc3aYTsTRbmkAkRJeYbtx92LPBWm7nBO9UIl7y5i5MQNmUZNf5QENurR5tGyo7yJ2G0MBjWvy6iAtlAbacKP0SwOUeUWx5dsBdyhxa7Id1APtybSdDgicBDuNjI0mlZFUzZSS9dmN8lBD0WTVOMz0pRZbR3cysomRXOO1ghqjJdTcyDIxzpNAEszN8RMGjrzyU7Hjbmwi6YNK WY29tLmFtYXAuYXBpLmFpdW5ldC5OZXRSZXVlc3RQYXJhbQ IaHR0cDovL2xvZ3MuYW1hcC5jb20vd3MvbG9nL3VwbG9hZD9wcm9kdWN0PSVzJnR5cGU9JXMmcGxhdGZvcm09JXMmY2hhbm5lbD0lcyZzaWduPSVz 256b0f26bb2a9506be6cfdb84028ae08 fe643c382e5c3b3962141f1a2e815a78 F13160D440C7D0229DA95450F66AF92154AC84DF088F8CA3100B2E8131D57F3DC67124D4C466056E7A3DFBE035E1B9A4B9DA4DB68AE65A43EDFD92F5C60EF0C9 a1f5886b7153004c5c99559f5261676f ADgAIwBbAA8AagAIAHIAEwCFAD8AxABDAQcAIQEoADgBYAA8AZwAnwI7APADKwAHAzIADAM+AA9LWVc1a2NtOXBaQzV2Y3k1VFpYSjJhV05sVFdGdVlXZGxjZ1FaMlYwVTJWeWRtbGpaUUljR2h2Ym1VVWFYQm9iMjVsYzNWaWFXNW1id01ZMjl0TG1GdVpISnZhV1F1YVc1MFpYSnVZV3d1ZEdWc1pYQm9iMjU1TGtsVVpXeGxjR2h2Ym5ra1UzUjFZZ1FZMjl0TG1GdVpISnZhV1F1YVc1MFpYSnVZV3d1ZEdWc1pYQm9iMjU1TGtsUWFHOXVaVk4xWWtsdVptOGtVM1IxWWdHVkZKQlRsTkJRMVJKVDA1ZloyVjBSR1YyYVdObFNXUT1FWTI5dExtRnVaSEp2YVdRdWFXNTBaWEp1WVd3dWRHVnNaWEJvYjI1NUxrbFVaV3hsY0dodmJua0lZMjl0TG1GdVpISnZhV1F1YVc1MFpYSnVZV3d1ZEdWc1pYQm9iMjU1TGtsUWFHOXVaVk4xWWtsdVptOEVJbXRsZVNJNklpVnpJaXdpY0d4aGRHWnZjbTBpT2lKaGJtUnliMmxrSWl3aVpHbDFJam9pSlhNaUxDSndhMmNpT2lJbGN5SXNJbTF2WkdWc0lqb2lKWE1pTENKaGNIQnVZVzFsSWpvaUpYTWlMQ0poY0hCMlpYSnphVzl1SWpvaUpYTWlMQ0p6ZVhOMlpYSnphVzl1SWpvaUpYTWlMQUdJbXRsZVNJNklpVnpJaXdpY0d4aGRHWnZjbTBpT2lKaGJtUnliMmxrSWl3aVpHbDFJam9pSlhNaUxDSnRZV01pT2lJbGN5SXNJblJwWkNJNklpVnpJaXdpZFcxcFpIUWlPaUlsY3lJc0ltMWhiblZtWVdOMGRYSmxJam9pSlhNaUxDSmtaWFpwWTJVaU9pSWxjeUlzSW5OcGJTSTZJaVZ6SWl3aWNHdG5Jam9pSlhNaUxDSnRiMlJsYkNJNklpVnpJaXdpWVhCd2RtVnljMmx2YmlJNklpVnpJaXdpWVhCd2JtRnRaU0k2SWlWeklnPUlZV2xrUFFNZkhObGNtbGhiRDBRWVc1a2NtOXBaRjlwWkE= 668319f11506def6208d6afe320dfd52 b2e8bd171989cb2c3c13bd89b4c1067a AYW5kcm9pZC5wZXJtaXNzaW9uLkFDQ0VTU19ORVRXT1JLX1NUQVRF 16a09e667f3bcc908b2fb1366ea957d3e3adec17512775099da2f590b0667322a 53E53D46011A6BBAEA4FAE5442E659E0577CDD336F930C28635C322FB3F51C3C63F7FBAC9EAE448DFA2E5E5D716C4807 WYW5kcm9pZC5wZXJtaXNzaW9uLkFDQ0VTU19XSUZJX1NUQVRF FB923EE67A8B4032DAA517DD8CD7A26FF7C25B0C3663F92A0B61251C4FFFA858DF169D61321C3E7919CB67DF8EFEC827 EImtleSI6IiVzIiwicGxhdGZvcm0iOiJhbmRyb2lkIiwiZGl1IjoiJXMiLCJwa2ciOiIlcyIsIm1vZGVsIjoiJXMiLCJhcHBuYW1lIjoiJXMiLCJhcHB2ZXJzaW9uIjoiJXMiLCJzeXN2ZXJzaW9uIjoiJXMiLA= 9a571aa113ad987d626c0457828962e6 WYW5kcm9pZC5wZXJtaXNzaW9uLlJFQURfUEhPTkVfU1RBVEU= a9a9d23668a1a7ea93de9b21d67e436a D2FF99A88BEB04683D89470D4FA72B1749DA456AB0D0F1A476477CE5A6874F53A9106423D905F9D808C0FCE8E7F1E04AC642F01FE41D0C7D933971F45CBA72B7
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: anet/channel/AccsSessionManager.java, line(s) 54,72,45,53 anet/channel/Config.java, line(s) 96 anet/channel/GlobalAppRuntimeInfo.java, line(s) 40 anet/channel/Session.java, line(s) 130,181,183 anet/channel/SessionCenter.java, line(s) 327,331,483,52,80,94,97,147,241,244,247,250,314,377,479,504,525,131,140,238,384,393,424,425,430,431,498,523,531,339 anet/channel/SessionRequest.java, line(s) 125,134,136,157,195,204,250,279,292,363,419,435,440,87,113,270,287,289,339,496,156,164,194,203,362,400 anet/channel/TaobaoNetworkAdapter.java, line(s) 33,24 anet/channel/a.java, line(s) 28,35 anet/channel/a/a.java, line(s) 17 anet/channel/appmonitor/a.java, line(s) 95,109,98,134,79,94,108,123,124 anet/channel/b/a.java, line(s) 47,63,77,91,24 anet/channel/c/a.java, line(s) 33,55,63,26,40,49 anet/channel/d/a.java, line(s) 50,78,103,133,139 anet/channel/d/b.java, line(s) 24,64 anet/channel/d/c.java, line(s) 22,34 anet/channel/d/d.java, line(s) 17 anet/channel/d/e.java, line(s) 33 anet/channel/d/f.java, line(s) 28 anet/channel/e.java, line(s) 25,33,38 anet/channel/e/a.java, line(s) 63 anet/channel/f.java, line(s) 18 anet/channel/f/a.java, line(s) 30,38,48,27 anet/channel/heartbeat/a.java, line(s) 53,58,68,24,34,52 anet/channel/monitor/a.java, line(s) 27 anet/channel/monitor/b.java, line(s) 81,63,80,65 anet/channel/monitor/d.java, line(s) 54,53,61 anet/channel/request/Request.java, line(s) 395,398 anet/channel/request/b.java, line(s) 18 anet/channel/request/c.java, line(s) 29,26 anet/channel/security/b.java, line(s) 55,74,92,110 anet/channel/session/TnetSpdySession.java, line(s) 180,379,390,629,648,208,248,265,268,271,301,320,344,350,406,410,413,415,453,466,488,494,500,516,520,530,540,569,588,610,656,152,153,154,155,179,228,378,389,451,471,472,489,577,628,647,721,722 anet/channel/session/b.java, line(s) 90,99,108,117,126,135,144,152,162,192,197,207,213,222,228,237,243,253,258,268,273,282,288,297,302,311,317,331,336,374,425,446,511,542,547,553,567,590,81,83,84,85,180,181,185,585 anet/channel/session/d.java, line(s) 62,57 anet/channel/session/g.java, line(s) 19,20 anet/channel/session/h.java, line(s) 20 anet/channel/session/i.java, line(s) 21 anet/channel/session/j.java, line(s) 30,25,26 anet/channel/statist/SessionStatistic.java, line(s) 101,100 anet/channel/status/NetworkStatusHelper.java, line(s) 195 anet/channel/status/a.java, line(s) 22 anet/channel/status/b.java, line(s) 50,93,69,102,143,256,49,109,133,138 anet/channel/status/c.java, line(s) 18,25 anet/channel/strategy/StrategyCollection.java, line(s) 76 anet/channel/strategy/StrategyConfig.java, line(s) 71,72,70 anet/channel/strategy/StrategyInfoHolder.java, line(s) 60 anet/channel/strategy/StrategyList.java, line(s) 74 anet/channel/strategy/StrategyTable.java, line(s) 152,159,259,126,252,264,268,75,120,148,193,258 anet/channel/strategy/a.java, line(s) 24,23,50,65 anet/channel/strategy/b.java, line(s) 41,51,40,50 anet/channel/strategy/d.java, line(s) 19,22,50 anet/channel/strategy/dispatch/HttpDispatcher.java, line(s) 52,55,56 anet/channel/strategy/dispatch/a.java, line(s) 21 anet/channel/strategy/dispatch/b.java, line(s) 71,22,65 anet/channel/strategy/dispatch/c.java, line(s) 175,220,186,201,213,230,246,252,265,276,282,288,301,306,315,337,360,390,431,154,174,219,260 anet/channel/strategy/dispatch/e.java, line(s) 19,24,123 anet/channel/strategy/g.java, line(s) 79,105,132,147,214,43,95,108,163,171,226,35,41,104,146,157,233,203 anet/channel/strategy/h.java, line(s) 19 anet/channel/strategy/l.java, line(s) 14 anet/channel/strategy/m.java, line(s) 26,33,44,36,63,79,66 anet/channel/strategy/utils/a.java, line(s) 29,37 anet/channel/strategy/utils/b.java, line(s) 15 anet/channel/strategy/utils/c.java, line(s) 137 anet/channel/thread/ThreadPoolExecutorFactory.java, line(s) 64,44,63 anet/channel/util/ALog.java, line(s) 56,76,81,61,112,66,71 anet/channel/util/AppLifecycle.java, line(s) 60,111 anet/channel/util/HMacUtil.java, line(s) 14 anet/channel/util/SerializeHelper.java, line(s) 44,81,110,108,153,173,176,154,177 anet/channel/util/Utils.java, line(s) 89,101,106,126,177,161 anet/channel/util/b.java, line(s) 71 anet/channel/util/c.java, line(s) 132,138,199,125,216,246 anet/channel/util/e.java, line(s) 21 anet/channel/util/j.java, line(s) 89,63,64,88,84 anetwork/channel/aidl/NetworkResponse.java, line(s) 128 anetwork/channel/aidl/NetworkService.java, line(s) 36,37 anetwork/channel/aidl/ParcelableHeader.java, line(s) 53 anetwork/channel/aidl/ParcelableRequest.java, line(s) 106,137 anetwork/channel/aidl/adapter/ParcelableFutureResponse.java, line(s) 57 anetwork/channel/aidl/adapter/ParcelableNetworkListenerWrapper.java, line(s) 60,69,75,85,89,59,68,74,84 anetwork/channel/aidl/adapter/a.java, line(s) 37,47,57,73,89 anetwork/channel/aidl/adapter/b.java, line(s) 137,39,55,82,83,92,126,128 anetwork/channel/aidl/adapter/d.java, line(s) 44,36,38,40,54,55,67 anetwork/channel/aidl/adapter/e.java, line(s) 11,12,23,24 anetwork/channel/aidl/adapter/f.java, line(s) 9 anetwork/channel/cache/CacheManager.java, line(s) 98 anetwork/channel/config/NetworkConfigCenter.java, line(s) 176,228,273,327,131,141,142,292,293 anetwork/channel/cookie/CookieManager.java, line(s) 32,71 anetwork/channel/download/DownloadManager.java, line(s) 89,95,120,252,390,559,85,86,132,133 anetwork/channel/entity/RequestImpl.java, line(s) 72,95 anetwork/channel/entity/c.java, line(s) 36,37,55,56 anetwork/channel/entity/f.java, line(s) 86,57,60 anetwork/channel/entity/g.java, line(s) 147 anetwork/channel/http/NetworkSdkSetting.java, line(s) 32,42,58,73,75 anetwork/channel/interceptor/InterceptorManager.java, line(s) 17,23 anetwork/channel/monitor/Monitor.java, line(s) 34,42,56 anetwork/channel/unified/UnifiedNetworkDelegate.java, line(s) 42,59 anetwork/channel/unified/a.java, line(s) 47,58,72,73 anetwork/channel/unified/c.java, line(s) 77,79 anetwork/channel/unified/e.java, line(s) 130,90,91,103,104,116,117,183,209,215 anetwork/channel/unified/h.java, line(s) 41,32 anetwork/channel/unified/i.java, line(s) 66,171,202,214,223,48,49,50,83,118,121,146,164,165,108,150 anetwork/channel/unified/k.java, line(s) 92,54,72,73 anetwork/channel/unified/n.java, line(s) 24 com/afollestad/materialdialogs/list/DialogListExtKt.java, line(s) 81 com/afollestad/materialdialogs/list/DialogMultiChoiceExtKt.java, line(s) 50 com/afollestad/materialdialogs/list/DialogSingleChoiceExtKt.java, line(s) 47 com/alibaba/android/arouter/launcher/_ARouter.java, line(s) 126,115,124 com/alibaba/android/arouter/utils/ClassUtils.java, line(s) 76,109,119,61,122,150,158 com/alibaba/android/arouter/utils/DefaultLogger.java, line(s) 41,82,74,52,63 com/bjhuitou/evaluate/satisfaction/ui/account/SatisfactionAccountActivity$$ARouter$$Autowired.java, line(s) 22 com/bjhuitou/evaluate/satisfaction/ui/approve/SatisfactionApproveActivity$$ARouter$$Autowired.java, line(s) 22 com/bjhuitou/evaluate/satisfaction/ui/changeface/SatisfactionChangeFaceActivity$$ARouter$$Autowired.java, line(s) 22 com/bjhuitou/evaluate/satisfaction/ui/changepwd/SatisfactionChangePwdActivity$$ARouter$$Autowired.java, line(s) 22 com/bjhuitou/evaluate/satisfaction/ui/check/SatisfactionCheckActivity$$ARouter$$Autowired.java, line(s) 22 com/bjhuitou/evaluate/satisfaction/ui/collect/SatisfactionCollectActivity$$ARouter$$Autowired.java, line(s) 22 com/bjhuitou/evaluate/satisfaction/ui/gather/SatisfactionGatherActivity$$ARouter$$Autowired.java, line(s) 22 com/bjhuitou/evaluate/satisfaction/ui/gatherinfo/ModuleGatherInfoActivity$$ARouter$$Autowired.java, line(s) 22 com/bjhuitou/evaluate/satisfaction/ui/gatherlist/SatisfactionGatherListActivity$$ARouter$$Autowired.java, line(s) 22 com/bjhuitou/evaluate/satisfaction/ui/leave/SatisfactionLeaveActivity$$ARouter$$Autowired.java, line(s) 22 com/bjhuitou/evaluate/satisfaction/ui/punch/SatisfactionPunchActivity$$ARouter$$Autowired.java, line(s) 22 com/bjhuitou/evaluate/satisfaction/ui/receive/SatisfactionReceiveActivity$$ARouter$$Autowired.java, line(s) 22 com/bjhuitou/evaluate/satisfaction/ui/receivedetail/SatisfactionReceiveDetailActivity$$ARouter$$Autowired.java, line(s) 22 com/bjhuitou/evaluate/satisfaction/ui/receiveleavedetail/SatisfactionReceiveLeaveDetailActivity$$ARouter$$Autowired.java, line(s) 22 com/bjhuitou/evaluate/satisfaction/ui/receivereportdetail/SatisfactionReceiveReportDetailActivity$$ARouter$$Autowired.java, line(s) 22 com/bjhuitou/evaluate/satisfaction/ui/report/SatisfactionReportActivity$$ARouter$$Autowired.java, line(s) 22 com/bjhuitou/evaluate/satisfaction/ui/send/SatisfactionSendActivity$$ARouter$$Autowired.java, line(s) 22 com/bjhuitou/evaluate/satisfaction/ui/senddetail/SatisfactionSendDetailActivity$$ARouter$$Autowired.java, line(s) 22 com/bjhuitou/evaluate/satisfaction/ui/sendleavedetail/SatisfactionSendLeaveDetailActivity$$ARouter$$Autowired.java, line(s) 22 com/bjhuitou/evaluate/satisfaction/ui/sendreportdetail/SatisfactionSendReportDetailActivity$$ARouter$$Autowired.java, line(s) 22 com/bjhuitou/evaluate/satisfaction/ui/settings/SatisfactionSettingsActivity$$ARouter$$Autowired.java, line(s) 22 com/bjhuitou/evaluate/satisfaction/ui/signin/SatisfactionSignInActivity$$ARouter$$Autowired.java, line(s) 22 com/bjhuitou/evaluate/satisfaction/ui/user/SatisfactionUserActivity$$ARouter$$Autowired.java, line(s) 22 com/blankj/utilcode/util/ActivityUtils.java, line(s) 959,988,1023,1026 com/blankj/utilcode/util/AdaptScreenUtils.java, line(s) 106 com/blankj/utilcode/util/ApiUtils.java, line(s) 77,81 com/blankj/utilcode/util/AppUtils.java, line(s) 70,156,169 com/blankj/utilcode/util/BusUtils.java, line(s) 173,184,362,385,408,413,421 com/blankj/utilcode/util/CacheDiskUtils.java, line(s) 97 com/blankj/utilcode/util/ClickUtils.java, line(s) 240 com/blankj/utilcode/util/FileIOUtils.java, line(s) 67,201,209,269,277,341,636,706 com/blankj/utilcode/util/FlashlightUtils.java, line(s) 39,65,70 com/blankj/utilcode/util/FragmentUtils.java, line(s) 584 com/blankj/utilcode/util/ImageUtils.java, line(s) 924 com/blankj/utilcode/util/JsonUtils.java, line(s) 141,152 com/blankj/utilcode/util/KeyboardUtils.java, line(s) 126,205,241 com/blankj/utilcode/util/LanguageUtils.java, line(s) 116 com/blankj/utilcode/util/LogUtils.java, line(s) 534,590 com/blankj/utilcode/util/MessengerUtils.java, line(s) 137,45,77,144,156,173,176,187,227,36,48,55,69,86,198,151 com/blankj/utilcode/util/NetworkUtils.java, line(s) 137 com/blankj/utilcode/util/PermissionUtils.java, line(s) 182,201,332,348 com/blankj/utilcode/util/ProcessUtils.java, line(s) 48,50,61 com/blankj/utilcode/util/SpanUtils.java, line(s) 881,894 com/blankj/utilcode/util/ThreadUtils.java, line(s) 317,340,439,503,522,527,568,511 com/blankj/utilcode/util/ToastUtils.java, line(s) 319,361,366 com/blankj/utilcode/util/UiMessageUtils.java, line(s) 182,67,76,85,98,103,145 com/blankj/utilcode/util/UriUtils.java, line(s) 41,52,62,102,104,117,127,136,142,165,168,175,179 com/blankj/utilcode/util/Utils.java, line(s) 49 com/blankj/utilcode/util/UtilsActivityLifecycleImpl.java, line(s) 292,335,344,358,370 com/blankj/utilcode/util/ZipUtils.java, line(s) 211,221,302 com/bumptech/glide/Glide.java, line(s) 214,223,141,140,213,220,252,253 com/bumptech/glide/gifdecoder/GifHeaderParser.java, line(s) 236,275,235,274 com/bumptech/glide/gifdecoder/StandardGifDecoder.java, line(s) 151,169,188,150,168,187,209,218 com/bumptech/glide/load/data/AssetPathFetcher.java, line(s) 36,35 com/bumptech/glide/load/data/HttpUrlFetcher.java, line(s) 53,133,52,56,61,68,132,65,69 com/bumptech/glide/load/data/LocalUriFetcher.java, line(s) 38,37 com/bumptech/glide/load/data/mediastore/ThumbFetcher.java, line(s) 52,51 com/bumptech/glide/load/data/mediastore/ThumbnailStreamOpener.java, line(s) 61,111,60,110 com/bumptech/glide/load/engine/DecodeJob.java, line(s) 341,387,448 com/bumptech/glide/load/engine/DecodePath.java, line(s) 56,57 com/bumptech/glide/load/engine/Engine.java, line(s) 27,111 com/bumptech/glide/load/engine/GlideException.java, line(s) 82 com/bumptech/glide/load/engine/SourceGenerator.java, line(s) 89,90 com/bumptech/glide/load/engine/bitmap_recycle/LruArrayPool.java, line(s) 89,143,90,144 com/bumptech/glide/load/engine/bitmap_recycle/LruBitmapPool.java, line(s) 143,173,181,205,88,95,142,152,172,180,194,204,213,89,96,153,219,195 com/bumptech/glide/load/engine/cache/DiskLruCacheWrapper.java, line(s) 52,62,76,82,112,123,53,77,63,83,113,124 com/bumptech/glide/load/engine/cache/MemorySizeCalculator.java, line(s) 65,49 com/bumptech/glide/load/engine/executor/GlideExecutor.java, line(s) 183,180 com/bumptech/glide/load/engine/executor/RuntimeCompat.java, line(s) 37,36 com/bumptech/glide/load/engine/prefill/BitmapPreFillRunner.java, line(s) 69,68 com/bumptech/glide/load/model/ByteBufferEncoder.java, line(s) 20,19 com/bumptech/glide/load/model/ByteBufferFileLoader.java, line(s) 59,58 com/bumptech/glide/load/model/FileLoader.java, line(s) 65,64 com/bumptech/glide/load/model/ResourceLoader.java, line(s) 39,40 com/bumptech/glide/load/model/StreamEncoder.java, line(s) 39,38 com/bumptech/glide/load/resource/ImageDecoderResourceDecoder.java, line(s) 64,65 com/bumptech/glide/load/resource/bitmap/BitmapEncoder.java, line(s) 61,60 com/bumptech/glide/load/resource/bitmap/BitmapImageDecoderResourceDecoder.java, line(s) 18,19 com/bumptech/glide/load/resource/bitmap/DefaultImageHeaderParser.java, line(s) 115,122,139,146,179,189,201,215,229,235,239,244,250,254,114,121,138,145,178,188,200,214,228,234,238,243,249,253 com/bumptech/glide/load/resource/bitmap/Downsampler.java, line(s) 219,340,373,168,192,218,302,339,372,169,303,399 com/bumptech/glide/load/resource/bitmap/DrawableToBitmapConverter.java, line(s) 44,49,45,50 com/bumptech/glide/load/resource/bitmap/HardwareConfigState.java, line(s) 133,134 com/bumptech/glide/load/resource/bitmap/TransformationUtils.java, line(s) 168,112,121,128,145,150,167,113,122,129,130,131,135,146,151 com/bumptech/glide/load/resource/bitmap/VideoDecoder.java, line(s) 134,133 com/bumptech/glide/load/resource/gif/ByteBufferGifDecoder.java, line(s) 80,85,90,99,81,86,91,100 com/bumptech/glide/load/resource/gif/GifDrawableEncoder.java, line(s) 25,26 com/bumptech/glide/load/resource/gif/StreamGifDecoder.java, line(s) 55,56 com/bumptech/glide/manager/DefaultConnectivityMonitor.java, line(s) 22,21,51,69,52,70 com/bumptech/glide/manager/DefaultConnectivityMonitorFactory.java, line(s) 15,14 com/bumptech/glide/manager/RequestManagerFragment.java, line(s) 123,124 com/bumptech/glide/manager/RequestManagerRetriever.java, line(s) 319,320,328 com/bumptech/glide/manager/RequestTracker.java, line(s) 24,25 com/bumptech/glide/manager/SupportRequestManagerFragment.java, line(s) 130,139,131,140 com/bumptech/glide/module/ManifestParser.java, line(s) 22,29,40,45,21,28,33,39,44,34 com/bumptech/glide/request/SingleRequest.java, line(s) 406,53,527,453 com/bumptech/glide/request/target/CustomViewTarget.java, line(s) 280,281,295,296 com/bumptech/glide/request/target/ViewTarget.java, line(s) 277,278,292,293 com/bumptech/glide/signature/ApplicationVersionSignature.java, line(s) 46 com/bumptech/glide/util/ContentLengthInputStream.java, line(s) 28,27 com/bumptech/glide/util/pool/FactoryPools.java, line(s) 89,90 com/heytap/mcssdk/utils/LogUtil.java, line(s) 17,23,35,41,47,61,67,135,141,147,153 com/loc/a.java, line(s) 312 com/loc/v.java, line(s) 217,218,219,225,226,227,236,237,238,244,245,246,255,256,257,263,264,265,584,594 com/previewlibrary/wight/BezierBannerView.java, line(s) 338,348,357 com/qiangxi/checkupdatelibrary/dialog/InternalDialog.java, line(s) 151,153 com/qiangxi/checkupdatelibrary/utils/L.java, line(s) 8,28 com/seeta/verify/camera/CameraPreview.java, line(s) 125,130,136 com/soundcloud/android/crop/CropImageActivity.java, line(s) 155,161,388,396,428 com/soundcloud/android/crop/CropUtil.java, line(s) 48,62 com/soundcloud/android/crop/Log.java, line(s) 9,13 com/taobao/agoo/BaseNotifyClickActivity.java, line(s) 38,50 com/taobao/agoo/TaobaoMessageIntentReceiverService.java, line(s) 9 com/taobao/agoo/TaobaoRegister.java, line(s) 264,320,105,118,170,196,220,238,277,299,338,61,83,86,111,125,151,176,260,261,316,317,357,358,84 com/taobao/agoo/a.java, line(s) 58,103,25,31,84,100 com/taobao/agoo/a/a.java, line(s) 41,77,80,65 com/taobao/agoo/a/a/a.java, line(s) 21,18 com/taobao/agoo/a/a/c.java, line(s) 38,90,35,77 com/taobao/agoo/a/a/d.java, line(s) 27,24 com/taobao/agoo/a/b.java, line(s) 129,68 com/taobao/agoo/b.java, line(s) 63,76,81,88,96,101,58 com/taobao/agoo/c.java, line(s) 16,22 com/taobao/agoo/d.java, line(s) 18,26,23 com/taobao/agoo/e.java, line(s) 18,26,23 com/taobao/agoo/f.java, line(s) 18,26,23 com/taobao/agoo/g.java, line(s) 22 com/taobao/agoo/h.java, line(s) 121,71,81 com/taobao/tlog/adapter/TLogConfigSwitchReceiver.java, line(s) 34,36,44,51,57,72,84 com/taobao/tlog/adapter/TLogFileUploader.java, line(s) 34,38,46,50,73,77 com/uc/crashsdk/a/a.java, line(s) 8,27,29,54,20,38,14,46 com/uc/crashsdk/b.java, line(s) 555 lombok/bytecode/PoolConstantsApp.java, line(s) 68,69,51,55,57,61,65 lombok/bytecode/PostCompilerApp.java, line(s) 86,87,56,63,67,75,82 lombok/core/DiagnosticsReceiver.java, line(s) 6,11 lombok/core/Main.java, line(s) 83,45,77 lombok/core/PublicApiCreatorApp.java, line(s) 36,47,60,116,87,105 lombok/core/Version.java, line(s) 13,15 lombok/core/configuration/ConfigurationProblemReporter.java, line(s) 12 lombok/core/debug/FileLog.java, line(s) 23 lombok/core/debug/ProblemReporter.java, line(s) 71,79,87 lombok/core/runtimeDependencies/CreateLombokRuntimeApp.java, line(s) 88,159,106,109,111,128,148 lombok/delombok/Delombok.java, line(s) 223,225,256,299,302,312,322,323,215,238,240,241,242,243,245,246,318 lombok/delombok/DelombokApp.java, line(s) 63 lombok/eclipse/TransformEclipseAST.java, line(s) 69 lombok/eclipse/handlers/EclipseSingularsRecipes.java, line(s) 68,80 lombok/installer/Installer.java, line(s) 213,214,215,244,246,249,252,254,257,270,273,279,280,281,210,291 lombok/javac/CompilerMessageSuppressor.java, line(s) 92 lombok/javac/HandlerLibrary.java, line(s) 128 lombok/javac/JavacAST.java, line(s) 140 lombok/javac/JavacResolution.java, line(s) 209 lombok/javac/JavacTreeMaker.java, line(s) 419,477 lombok/javac/handlers/HandleBuilder.java, line(s) 545 lombok/javac/handlers/HandleVal.java, line(s) 89,100 lombok/javac/handlers/JavacSingularsRecipes.java, line(s) 47,59 lombok/patcher/ClassRootFinder.java, line(s) 78 lombok/patcher/ScriptManager.java, line(s) 137,151 lombok/patcher/Version.java, line(s) 9 lombok/patcher/scripts/SetSymbolDuringMethodCallScript.java, line(s) 119 me/shaohui/advancedluban/Luban.java, line(s) 151,150 net/grandcentrix/tray/core/AbstractTrayPreference.java, line(s) 119 net/grandcentrix/tray/core/Preferences.java, line(s) 28,63,67,75,84,93,102,111,120,134,158,161,164,172,57 net/grandcentrix/tray/core/SharedPreferencesImport.java, line(s) 38,48,36 net/grandcentrix/tray/core/TrayLog.java, line(s) 12,19,23,5,29,37,45,49,56 net/grandcentrix/tray/provider/ContentProviderStorage.java, line(s) 93,91 net/grandcentrix/tray/provider/TrayContentProvider.java, line(s) 138,114,116 net/grandcentrix/tray/provider/TrayContract.java, line(s) 49,69 net/grandcentrix/tray/provider/TrayDBHelper.java, line(s) 43,45,54,59 net/itgoo/component/view/widget/activity/BaseTakePhotoActivity.java, line(s) 54,60,65 net/itgoo/component/view/widget/fragment/BaseTakePhotoFragment.java, line(s) 53,58,62 net/itgoo/upush/UPushService.java, line(s) 99 net/itgoo/validator/ValidatableEditText.java, line(s) 50 org/android/agoo/accs/AgooService.java, line(s) 26,39,140,48,55,70,111,118,136,144,149,154,34,35,54,69,85,86,93,94,98,101,109,110,117,126,127,139,143,148,153 org/android/agoo/common/Config.java, line(s) 38,51,144,28,31,46,49,73,82,63,84 org/android/agoo/control/AgooFactory.java, line(s) 158,294,417,437,442,451,452,454,458,478,483,485,486,73,178,265,288,302,309,312,321,346,400,421,460,68,69,94,95,99,264,272,336,337,402,403,416 org/android/agoo/control/BaseIntentService.java, line(s) 73,83,127,69,86,94,101,102,126 org/android/agoo/control/NotifManager.java, line(s) 215,73,92,104,109,151,159,188,70,72,103,158,205 org/android/agoo/control/a.java, line(s) 54,39,40 org/android/agoo/control/c.java, line(s) 23 org/android/agoo/control/d.java, line(s) 58,31,40,41 org/android/agoo/control/f.java, line(s) 28,33,38,46,36 org/android/agoo/control/g.java, line(s) 19,22 org/android/agoo/control/l.java, line(s) 53,75,67,68,74 org/android/agoo/control/m.java, line(s) 56,78,70,71,77 org/android/agoo/huawei/HuaWeiRegister.java, line(s) 27,47,50,33,38,58 org/android/agoo/huawei/HuaweiMsgParseImpl.java, line(s) 18,24 org/android/agoo/huawei/HuaweiPushReceiver.java, line(s) 37,59,32,51 org/android/agoo/intent/IntentUtil.java, line(s) 47,27,67,80,92 org/android/agoo/message/MessageReceiverService.java, line(s) 27 org/android/agoo/message/MessageService.java, line(s) 258,705,95,107,113,121,131,145,219,287,302,311,320,331,350,405,456,463,477,494,529,722,738,137,138,144,179,180,218,274,275,286,301,310,319,330,404,424,436,455,462,476,493,509,528,593,594,655,656,661,662,737 org/android/agoo/mezu/MeizuPushReceiver.java, line(s) 55,80,101,33,38,46,58,67,72,74,89,95 org/android/agoo/mezu/MeizuRegister.java, line(s) 35,52,60,23,29,57 org/android/agoo/oppo/OppoMsgParseImpl.java, line(s) 20,28,25 org/android/agoo/oppo/OppoRegister.java, line(s) 76,100,72,81,90,94,97,105,110,115,120 org/android/agoo/vivo/PushMessageReceiverImpl.java, line(s) 19,36 org/android/agoo/vivo/VivoBadgeReceiver.java, line(s) 21,29,32,40 org/android/agoo/vivo/VivoMsgParseImpl.java, line(s) 20,28,25 org/android/agoo/vivo/VivoRegister.java, line(s) 28,34,66,51,54,26,59 org/android/agoo/xiaomi/MiPushBroadcastReceiver.java, line(s) 31,47,55 org/android/agoo/xiaomi/MiPushRegistar.java, line(s) 34,39,29,46,53,61,48,82 org/android/spdy/NetTimeGaurd.java, line(s) 31,41 org/android/spdy/ProtectedPointerTest.java, line(s) 13,20,38 org/android/spdy/spduLog.java, line(s) 11,53,25,18,32,39,46 org/devio/takephoto/app/TakePhotoActivity.java, line(s) 54,60,65 org/devio/takephoto/app/TakePhotoFragment.java, line(s) 54,60,65 org/devio/takephoto/app/TakePhotoFragmentActivity.java, line(s) 54,60,65 org/devio/takephoto/uitl/IntentUtils.java, line(s) 29 org/devio/takephoto/uitl/TFileUtils.java, line(s) 17,16 org/devio/takephoto/uitl/TImageFiles.java, line(s) 118,83 org/devio/takephoto/uitl/TUriParse.java, line(s) 104,65 org/devio/takephoto/uitl/TUtils.java, line(s) 120 org/greenrobot/eventbus/util/ErrorDialogConfig.java, line(s) 34 org/greenrobot/eventbus/util/ErrorDialogManager.java, line(s) 189 org/greenrobot/eventbus/util/ExceptionToResourceMapping.java, line(s) 24 org/joda/time/tz/DateTimeZoneBuilder.java, line(s) 933,934,959 org/joda/time/tz/ZoneInfoCompiler.java, line(s) 102,103,104,105,106,221,232,269,325,418,650 org/opencv/android/AsyncServiceHelper.java, line(s) 28,31,39,40,42,46,49,52,53,55,60,63,64,66,79,83,84,87,88,89,91,96,97,99,106,107,108,110,134,136,137,139,145,148,149,150,153,155,159,160,162,169,170,172,215,232,235,238,239,240,241,247,248,249,260,282,284,285,297,300,303,310,314,323,116,129,255,277,57 org/opencv/android/BaseLoaderCallback.java, line(s) 33,36,20,49 org/opencv/android/FpsMeter.java, line(s) 59,49 org/opencv/android/StaticHelper.java, line(s) 24,32,33,35,41,46,49,52,59,62,29,37 pub/devrel/easypermissions/EasyPermissions.java, line(s) 138,140,33 pub/devrel/easypermissions/helper/ActivityPermissionHelper.java, line(s) 36 pub/devrel/easypermissions/helper/BaseSupportPermissionsHelper.java, line(s) 19 uk/co/senab2/photoview2/PhotoViewAttacher.java, line(s) 60 uk/co/senab2/photoview2/log/LoggerDefault.java, line(s) 17,22,47,52,27,32,7,12,37,42
信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: com/hbyundu/basepush/util/PushPrefsUtil.java, line(s) 194
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/blankj/utilcode/util/DeviceUtils.java, line(s) 222,30 com/uc/crashsdk/a/g.java, line(s) 395
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/loc/bn.java, line(s) 106,342 net/itgoo/component/sdk/rest/RetrofitClient.java, line(s) 11,11
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (apilocatesrc.amap.com) 通信。
{'ip': '59.82.33.223', 'country_short': 'CN', 'country_long': 'China', 'region': 'Shanghai', 'city': 'Shanghai', 'latitude': '31.224333', 'longitude': '121.469139'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (www.tssx.site) 通信。
{'ip': '36.139.131.94', 'country_short': 'CN', 'country_long': 'China', 'region': 'Gansu', 'city': 'Lanzhou', 'latitude': '36.056389', 'longitude': '103.792221'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (apilocate.amap.com) 通信。
{'ip': '59.82.34.100', 'country_short': 'CN', 'country_long': 'China', 'region': 'Shanghai', 'city': 'Shanghai', 'latitude': '31.224333', 'longitude': '121.469139'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (abroad.apilocate.amap.com) 通信。
{'ip': '203.209.230.18', 'country_short': 'CN', 'country_long': 'China', 'region': 'Zhejiang', 'city': 'Hangzhou', 'latitude': '30.293650', 'longitude': '120.161423'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (lbs.amap.com) 通信。
{'ip': '59.82.31.203', 'country_short': 'CN', 'country_long': 'China', 'region': 'Guangdong', 'city': 'Guangzhou', 'latitude': '23.127361', 'longitude': '113.264252'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (applog.uc.cn) 通信。
{'ip': '123.182.48.26', 'country_short': 'CN', 'country_long': 'China', 'region': 'Hebei', 'city': 'Zhangjiakou', 'latitude': '40.810001', 'longitude': '114.879440'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (metrics.data.hicloud.com) 通信。
{'ip': '171.15.136.21', 'country_short': 'CN', 'country_long': 'China', 'region': 'Henan', 'city': 'Zhengzhou', 'latitude': '34.757778', 'longitude': '113.648613'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (restapi.amap.com) 通信。
{'ip': '106.11.226.133', 'country_short': 'CN', 'country_long': 'China', 'region': 'Zhejiang', 'city': 'Hangzhou', 'latitude': '30.293650', 'longitude': '120.161423'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (adiu.amap.com) 通信。
{'ip': '59.82.29.231', 'country_short': 'CN', 'country_long': 'China', 'region': 'Zhejiang', 'city': 'Hangzhou', 'latitude': '30.293650', 'longitude': '120.161423'}