安全分析报告:
安全分数
安全分数 41/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
1
用户/设备跟踪器
调研结果
高危
7
中危
15
信息
3
安全
2
关注
1
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危 WebView域控制不严格漏洞
WebView域控制不严格漏洞 Files: com/phone/tenc/widget/X5WebView.java, line(s) 52,43,46,47,65,66
高危 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/jetpack/lib/common/e/k.java, line(s) 97,89,93,101 com/jetpack/lib/common/e/r.java, line(s) 24
高危 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: com/phone/tenc/b.java, line(s) 164,31,32,33,34,35,36,37,38
高危 应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文
应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode Files: com/app/common/userModel/play/PlayParse.java, line(s) 17 com/app/glide/glide/b/a.java, line(s) 148
高危 使用弱加密算法
使用弱加密算法 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/phone/tenc/a/d.java, line(s) 17,29
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/phone/tenc/a/d.java, line(s) 17,29
中危 应用程序存在Janus漏洞
应用程序使用了v1签名方案进行签名,如果只使用v1签名方案,那么它就容易受到安卓5.0-8.0上的Janus漏洞的攻击。在安卓5.0-7.0上运行的使用了v1签名方案的应用程序,以及同时使用了v2/v3签名方案的应用程序也同样存在漏洞。
中危 应用程序可以安装在有漏洞的已更新 Android 版本上
Android 5.0-5.0.2, [minSdk=21] 该应用程序可以安装在具有多个未修复漏洞的旧版本 Android 上。这些设备不会从 Google 接收合理的安全更新。支持 Android 版本 => 10、API 29 以接收合理的安全更新。
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 Activity-Alias (com.phone.tenc.activity_alias) 未被保护。
存在一个intent-filter。 发现 Activity-Alias与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity-Alias是显式导出的。
中危 Service (com.phone.tenc.service.PlayMusicService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: bin/mt/signature/KillerApplication.java, line(s) 76 com/d/a/d/c.java, line(s) 23,45 com/devil/library/camera/a.java, line(s) 396 com/devil/library/camera/c/e.java, line(s) 6 com/devil/library/media/utils/b.java, line(s) 49 com/f/a/c.java, line(s) 59 com/jetpack/lib/common/e/c.java, line(s) 130,131 com/jetpack/lib/common/e/g.java, line(s) 47,59 com/jetpack/lib/common/e/h.java, line(s) 308 com/jetpack/lib/common/e/j.java, line(s) 13,14,32,33,51,52,69 com/phone/tenc/a/g.java, line(s) 80,119 com/phone/tenc/a/h.java, line(s) 66,70 com/phone/tenc/a/k.java, line(s) 247 com/phone/tenc/a/m.java, line(s) 11,18,19,37,38,98,99,110 com/phone/tenc/a/t.java, line(s) 21 com/phone/tenc/updateApp/AppUpgradeManager.java, line(s) 264,337,365,386 com/phone/tenc/widget/j.java, line(s) 94 com/phone/tenc/widget/o.java, line(s) 51 com/resource/ffmpeg/lib/c/c.java, line(s) 12,13,80,81 com/resource/ffmpeg/lib/interceptLoad/b.java, line(s) 10,11,65,66 com/yzq/zxinglibrary/d/g.java, line(s) 30 me/iwf/photopicker/d/b.java, line(s) 29
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/d/a/f/e.java, line(s) 4,5,39 com/d/a/f/f.java, line(s) 4,8 com/phone/tenc/ab/greendao/ActorEntityDao.java, line(s) 4,49 com/phone/tenc/ab/greendao/ActorModyDataEntityDao.java, line(s) 4,28 com/phone/tenc/ab/greendao/AdClickEntityDao.java, line(s) 4,32 com/phone/tenc/ab/greendao/ApiCacheEntityDao.java, line(s) 4,28 com/phone/tenc/ab/greendao/ChannelLabelEntityDao.java, line(s) 4,45 com/phone/tenc/ab/greendao/ChannelLabelStatusEntityDao.java, line(s) 4,33 com/phone/tenc/ab/greendao/ComicSaveCacheEntityDao.java, line(s) 4,32 com/phone/tenc/ab/greendao/LfMemberEntityDao.java, line(s) 4,46 com/phone/tenc/ab/greendao/MovieEsRecordEntityDao.java, line(s) 4,32 com/phone/tenc/ab/greendao/MovieWatchRecordEntityDao.java, line(s) 4,32 com/phone/tenc/ab/greendao/MyProductEntityDao.java, line(s) 4,45 com/phone/tenc/ab/greendao/PicComicEntityDao.java, line(s) 4,36 com/phone/tenc/ab/greendao/ResourceOperateEntityDao.java, line(s) 4,33 com/phone/tenc/ab/greendao/SubscribeNotifyEntityDao.java, line(s) 4,31 com/phone/tenc/ab/greendao/TabLikeEntityDao.java, line(s) 4,30 com/phone/tenc/ab/greendao/UserSubscribeEntityDao.java, line(s) 4,34 com/phone/tenc/ab/greendao/VideoPositionEntityDao.java, line(s) 4,31 com/phone/tenc/greenDao/GreenDaoCompatibleUpdateHelper.java, line(s) 4,62 com/phone/tenc/greenDao/b.java, line(s) 4,41 org/greenrobot/greendao/AbstractDao.java, line(s) 6,7,395 org/greenrobot/greendao/DbUtils.java, line(s) 6,41 org/greenrobot/greendao/database/StandardDatabase.java, line(s) 4,62
中危 IP地址泄露
IP地址泄露 Files: cn/hutool/core/p/b.java, line(s) 288,288,35,288,288,288,288 cn/hutool/f/a/h.java, line(s) 78 com/c/c/h/m/a.java, line(s) 27,33,36,39,30,45,42,48,51 com/c/c/h/m/af.java, line(s) 30 com/c/c/h/m/ag.java, line(s) 12,13,5,3,4,8,9,10,11,14,15 com/c/c/h/m/c.java, line(s) 21,22,23,24,28,29,30,31,32,25,20,26,27,36,35,33 com/c/c/h/m/e.java, line(s) 25,27,27 com/c/c/h/m/j.java, line(s) 19,52,53,42,41,43,21,56,57,22,58,59,23,60,61,20,54,55,37,38,39,40,25,64,65,24,62,63,26,66,67,31,32,33,30,28,27,29,44,68 com/c/c/h/m/k.java, line(s) 20,21,22,23,18,19,14,15,16,13,10,11,12,24 com/c/c/h/m/z.java, line(s) 316
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: cn/hutool/core/k/e.java, line(s) 35 cn/hutool/core/m/y.java, line(s) 4 cn/hutool/core/t/o.java, line(s) 11 cn/hutool/core/t/r.java, line(s) 14 com/a/a/e.java, line(s) 11 com/miyouquan/library/DVPermissionUtils.java, line(s) 19 com/phone/tenc/d/l.java, line(s) 47 com/phone/tenc/fragment/TabShortVideoFragment.java, line(s) 73 com/phone/tenc/widget/jzPlayer/common/b.java, line(s) 21 com/resource/ffmpeg/lib/e/a/h.java, line(s) 7 com/resource/ffmpeg/lib/preLoad/b.java, line(s) 22 d/a/a/b/b.java, line(s) 3 d/a/a/b/f.java, line(s) 3 e/a/k/a.java, line(s) 22 e/a/k/d.java, line(s) 9 e/z.java, line(s) 17 org/greenrobot/greendao/test/DbTest.java, line(s) 7
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: cn/hutool/c/b/b.java, line(s) 44 cn/hutool/core/m/m.java, line(s) 39 com/bumptech/glide/load/Option.java, line(s) 79 com/bumptech/glide/load/engine/DataCacheKey.java, line(s) 34 com/bumptech/glide/load/engine/EngineResource.java, line(s) 92 com/bumptech/glide/load/engine/ResourceCacheKey.java, line(s) 64 com/bumptech/glide/manager/RequestManagerRetriever.java, line(s) 39 com/d/a/b/a.java, line(s) 11,83 com/d/a/g/a.java, line(s) 14,10
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: cn/hutool/core/t/r.java, line(s) 151 com/apk/secury/f.java, line(s) 47 com/c/c/h/cm.java, line(s) 542 com/c/c/h/en.java, line(s) 1219 com/c/c/h/m/z.java, line(s) 283,285 com/jetpack/lib/common/e/h.java, line(s) 494
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: cn/hutool/core/l/g.java, line(s) 237 com/c/c/h/ez.java, line(s) 57
中危 应用程序包含隐私跟踪程序
此应用程序有多个1隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "share_username" : "老汤站长" 123456789012345678901234 nHQYDVR0OBBYEFPCq2xUfWU81+hJKpht8NmyMZmEaMA0GCSqGSIb3DQEBCwUAA4IBAQAe6LZmWsoT nwOqQw6BVfTFsAwjZCfvAgc+LOz/U8Ho6zywOlnEVeaBByHAezt1dn97Pr49N3TOPfxnBkR6qj7xo naAnMrgit6/NuuB3yQv7el5jyDhj3vuwVSylyIuXBpCr2I8pKiQlp0vFNI0UB7+2A6LpqQizcTOD7 nm4K5gEUXtf957pzQDRIKbg+HpEPwjG949qIGjfNiiK3+OBtR7lon9RFk02vJ/qxv9u9eGKjkuZhF 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 npDHKsoH5IwE47AU1SPUEuAX/6ijU096b8fgDXBxzdzdP3PUAzfrygaivd7SPhF7PbKV5gV0W92ll nolV91Sl3SKkp3t4hInKV97vtjq39brnJTDDbfXBdGUkEVgwVbQrl42ziZoQy1Iqeqmoa9G+Pl9jA edef8ba9-79d6-4ace-a3c8-27dcd51d21ed eU9ZnV46iYnLaFjXqM0peerbhB6gTrq2UvsrYkqwxFksmLxupK2qU8GOfC5VTxKS 630efeca88ccdf4b7e1b448c nKDQS2OFdW5LO7W0ius4bY2ed+yvqPxUSLRN+y1l/FMhRY43W8WzVCBBjSBuYqKgsGwzzSApLDDSn jhjlpKWdCoFcQnvCIkBbRWkWpVHNvZUGFZ2kJQLNdLk1tYCKAYC6oosAfEPFJzmE 0123456789ABCDEFGHJKLMNPQRTUWXY MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjnbr+S0KiEX9khkHKO+hykq2LjfydCRYidhYEM89XpGrskYxAbKmcBh9e3NNXIWtwrZZ9KRYnWANvtsGQbFU+Y+Hb8Le8b5ONOyKMFVgUpylPmMgiCdGvZe1vDpXd84rUWh84LCTSBWNYXaLGJ+LmKQ1PeAaKoPsxBKzelU8lIQIDAQAB n45+ZUk+OFQs7DQue7txD5CIdtIUdEETNeGqNtG4Jje5yB+Q+3mD6CzS4KTNmL0MCAwEAAaMhMB8w MIIDLzCCAhegAwIBAgIELR6qBTANBgkqhkiG9w0BAQsFADBIMQowCAYDVQQGEwExMQowCAYDVQQI 1oaCdygBKwvea3xtj3kVCELqyBfMjZ6T nAQEBBQADggEPADCCAQoCggEBAJQql4IEIGNirDTA4yZDmXdvpMkZvlqCrwOuBxmeRYe301p/MYxr 630efe8805844627b536bc22
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: bin/mt/signature/KillerApplication.java, line(s) 115,160 cn/hutool/core/m/e.java, line(s) 40,52,6,32,48 cn/hutool/l/a/d/b.java, line(s) 19 cn/jzvd/JZTextureView.java, line(s) 47,77,78 cn/jzvd/Jzvd.java, line(s) 118,122,365,708,924,519,635,641,647,656,698,742,751,760,773,788,811,831,837,885,990 cn/jzvd/e.java, line(s) 55 com/aiqiyi/customewheel/adapter/AbstractWheelTextAdapter.java, line(s) 49 com/app/common/userModel/a/a.java, line(s) 11,21 com/app/common/userModel/c/d.java, line(s) 35 com/app/common/userModel/c/j.java, line(s) 76 com/app/common/userModel/d/b.java, line(s) 69 com/app/common/userModel/play/PlayParse.java, line(s) 22,26 com/app/glide/glide/b/a.java, line(s) 152 com/app/glide/glide/c/d.java, line(s) 89 com/bumptech/glide/GeneratedAppGlideModuleImpl.java, line(s) 14,13 com/bumptech/glide/Glide.java, line(s) 260,269,204,175,203,259,266,176 com/bumptech/glide/gifdecoder/GifHeaderParser.java, line(s) 84,114,83,113 com/bumptech/glide/gifdecoder/StandardGifDecoder.java, line(s) 572,595,602,570,593,600,644,653 com/bumptech/glide/load/data/AssetPathFetcher.java, line(s) 51,50 com/bumptech/glide/load/data/HttpUrlFetcher.java, line(s) 64,165,63,164,168,174,182,179,183 com/bumptech/glide/load/data/LocalUriFetcher.java, line(s) 52,51 com/bumptech/glide/load/data/mediastore/ThumbFetcher.java, line(s) 112,111 com/bumptech/glide/load/data/mediastore/ThumbnailStreamOpener.java, line(s) 81,80 com/bumptech/glide/load/engine/DecodeJob.java, line(s) 185,199,289 com/bumptech/glide/load/engine/DecodePath.java, line(s) 57,58 com/bumptech/glide/load/engine/Engine.java, line(s) 30,198 com/bumptech/glide/load/engine/GlideException.java, line(s) 196 com/bumptech/glide/load/engine/SourceGenerator.java, line(s) 36,37 com/bumptech/glide/load/engine/bitmap_recycle/LruArrayPool.java, line(s) 118,156,119,157 com/bumptech/glide/load/engine/bitmap_recycle/LruBitmapPool.java, line(s) 140,183,193,258,104,139,149,172,182,192,235,242,257,110,150,236,243,173 com/bumptech/glide/load/engine/cache/DiskLruCacheWrapper.java, line(s) 58,70,79,89,103,109,80,104,59,71,90,110 com/bumptech/glide/load/engine/cache/MemorySizeCalculator.java, line(s) 156,140 com/bumptech/glide/load/engine/executor/GlideExecutor.java, line(s) 77,74 com/bumptech/glide/load/engine/executor/RuntimeCompat.java, line(s) 37,36 com/bumptech/glide/load/engine/prefill/BitmapPreFillRunner.java, line(s) 104,103 com/bumptech/glide/load/model/ByteBufferEncoder.java, line(s) 21,20 com/bumptech/glide/load/model/ByteBufferFileLoader.java, line(s) 51,50 com/bumptech/glide/load/model/FileLoader.java, line(s) 104,103 com/bumptech/glide/load/model/ResourceLoader.java, line(s) 99,100 com/bumptech/glide/load/model/StreamEncoder.java, line(s) 40,39 com/bumptech/glide/load/resource/bitmap/BitmapEncoder.java, line(s) 70,69,86,87 com/bumptech/glide/load/resource/bitmap/DefaultImageHeaderParser.java, line(s) 192,199,274,284,296,309,327,334,340,344,347,350,364,369,191,198,273,283,295,308,326,333,339,343,346,349,363,368 com/bumptech/glide/load/resource/bitmap/Downsampler.java, line(s) 93,109,272,92,108,176,218,234,271,177,219,346 com/bumptech/glide/load/resource/bitmap/DrawableToBitmapConverter.java, line(s) 47,52,48,53 com/bumptech/glide/load/resource/bitmap/HardwareConfigState.java, line(s) 40,41 com/bumptech/glide/load/resource/bitmap/TransformationUtils.java, line(s) 290,115,120,164,173,180,289,116,121,165,174,181,182,183,187 com/bumptech/glide/load/resource/bitmap/VideoDecoder.java, line(s) 129,128 com/bumptech/glide/load/resource/gif/ByteBufferGifDecoder.java, line(s) 99,105,110,115,125,100,106,111,116,126 com/bumptech/glide/load/resource/gif/GifDrawableEncoder.java, line(s) 21,22 com/bumptech/glide/load/resource/gif/StreamGifDecoder.java, line(s) 41,42 com/bumptech/glide/manager/DefaultConnectivityMonitor.java, line(s) 23,22,48,67,49,68 com/bumptech/glide/manager/DefaultConnectivityMonitorFactory.java, line(s) 17,16 com/bumptech/glide/manager/RequestManagerFragment.java, line(s) 150,151 com/bumptech/glide/manager/RequestManagerRetriever.java, line(s) 343,344 com/bumptech/glide/manager/RequestTracker.java, line(s) 109,110 com/bumptech/glide/manager/SupportRequestManagerFragment.java, line(s) 145,146 com/bumptech/glide/module/ManifestParser.java, line(s) 50,57,68,73,49,56,61,67,72,62 com/bumptech/glide/request/SingleRequest.java, line(s) 251,71,184,218 com/bumptech/glide/request/target/CustomViewTarget.java, line(s) 57,98,99,58 com/bumptech/glide/request/target/ViewTarget.java, line(s) 56,97,98,57 com/bumptech/glide/signature/ApplicationVersionSignature.java, line(s) 26 com/bumptech/glide/util/ContentLengthInputStream.java, line(s) 46,45 com/bumptech/glide/util/pool/FactoryPools.java, line(s) 37,38 com/c/b/a.java, line(s) 454,462,475,483,514,532,542,621,644,678 com/c/c/g/h.java, line(s) 20,25 com/c/c/g/i.java, line(s) 48,59,64,69,74,79 com/c/c/h/a/a.java, line(s) 1007,1042,1071,1108,1109 com/c/c/h/an.java, line(s) 55 com/c/c/h/df.java, line(s) 27 com/c/c/h/ge.java, line(s) 69 com/c/c/h/k/l.java, line(s) 122 com/c/c/h/k/q.java, line(s) 124 com/c/c/h/l.java, line(s) 847 com/cl/downLoad/a/a/c.java, line(s) 29,62,128 com/cl/downLoad/c.java, line(s) 13 com/d/a/l/d.java, line(s) 40,70,50,14,60 com/devil/library/camera/JCameraView.java, line(s) 446 com/devil/library/camera/a.java, line(s) 149,318,291,365,406,412,417,470,577,604,614,627 com/devil/library/camera/c/b.java, line(s) 85,96,100,107,111,125 com/devil/library/camera/c/c.java, line(s) 16,25 com/devil/library/camera/c/f.java, line(s) 10 com/devil/library/media/ui/activity/DVCameraActivity.java, line(s) 108,113,119 com/devil/library/media/ui/activity/SelectMediaTempActivity.java, line(s) 78 com/devil/library/media/utils/d.java, line(s) 71 com/e/a/n.java, line(s) 98,100,183,185,303,335,368,370,422,440,442,511,513 com/huxq17/handygridview/HandyGridView.java, line(s) 216 com/jetpack/lib/common/BaseActivity.java, line(s) 101 com/jetpack/lib/common/a.java, line(s) 191 com/jetpack/lib/common/a/a.java, line(s) 46 com/jetpack/lib/common/c/c.java, line(s) 9,19,29,38 com/jetpack/lib/common/d/a.java, line(s) 31,56 com/jetpack/lib/common/e/d.java, line(s) 41 com/jetpack/lib/common/e/f.java, line(s) 121,162 com/jetpack/lib/common/e/m.java, line(s) 52 com/jetpack/lib/common/e/x.java, line(s) 87,90 com/phone/tenc/a/b.java, line(s) 80 com/phone/tenc/a/g.java, line(s) 102,137,144,151,153 com/phone/tenc/a/h.java, line(s) 59 com/phone/tenc/a/k.java, line(s) 186,190 com/phone/tenc/a/n.java, line(s) 48 com/phone/tenc/a/p.java, line(s) 6 com/phone/tenc/a/r.java, line(s) 38 com/phone/tenc/a/t.java, line(s) 60,100 com/phone/tenc/a/x.java, line(s) 52,98 com/phone/tenc/ab/greendao/DaoMaster.java, line(s) 25,42 com/phone/tenc/activity/AboutUsActivity.java, line(s) 100,69,73 com/phone/tenc/activity/LauncherActivity.java, line(s) 125,150 com/phone/tenc/activity/ShortVideoPlayActivity.java, line(s) 398 com/phone/tenc/activity/VideoDetailActivity.java, line(s) 900 com/phone/tenc/activity/event/EventPlayActivity.java, line(s) 346 com/phone/tenc/activity/event/LfDetailActivity.java, line(s) 225 com/phone/tenc/activity/pay/WithDrawPasswardActivity.java, line(s) 57 com/phone/tenc/activity/videoNotice/NoticeDetailActivity.java, line(s) 302 com/phone/tenc/b.java, line(s) 56,74,77,80,186,191 com/phone/tenc/b/a.java, line(s) 97,104,258,416 com/phone/tenc/b/d.java, line(s) 24 com/phone/tenc/d/a/f.java, line(s) 15,36 com/phone/tenc/d/a/j.java, line(s) 95,152 com/phone/tenc/d/e.java, line(s) 69 com/phone/tenc/d/l.java, line(s) 139,307 com/phone/tenc/d/m.java, line(s) 32,60,70 com/phone/tenc/d/q.java, line(s) 34,47,68 com/phone/tenc/fragment/EventFragment.java, line(s) 187 com/phone/tenc/fragment/TabMeFrament.java, line(s) 173,214 com/phone/tenc/fragment/TabShortVideoFragment.java, line(s) 243 com/phone/tenc/fragment/WebViewFragment.java, line(s) 129 com/phone/tenc/fragment/label/LabelVideoFragment.java, line(s) 144 com/phone/tenc/fragment/main/a.java, line(s) 75 com/phone/tenc/fragment/pay/findPass/SetNewWithDrawPassFragment.java, line(s) 52 com/phone/tenc/fragment/search/SearchShortVideoFragment.java, line(s) 115 com/phone/tenc/fragment/search/SearchVideoFragment.java, line(s) 108 com/phone/tenc/g/a.java, line(s) 31,58 com/phone/tenc/g/c.java, line(s) 45,47,48,49,50 com/phone/tenc/g/d.java, line(s) 82,191,277,299 com/phone/tenc/greenDao/MyGreenDaoDbHelper.java, line(s) 24,26,30,35,38 com/phone/tenc/greenDao/b.java, line(s) 80,84,85,89,94,102,110,114,117,120,129,135,138,145,150,158,163,166,183,189 com/phone/tenc/ipNet/LoadDomianZipWorker.java, line(s) 96 com/phone/tenc/ipNet/a.java, line(s) 97,155,164 com/phone/tenc/photoView/c.java, line(s) 126,161,178,409,436,485,19 com/phone/tenc/service/ActorIntentService.java, line(s) 128,141,188,241 com/phone/tenc/updateApp/AppUpgradeManager.java, line(s) 75,101,139,145,146,157,236,241,268,269,347 com/phone/tenc/widget/CanvasImageView.java, line(s) 27 com/phone/tenc/widget/CircleImageView.java, line(s) 125 com/phone/tenc/widget/a/a.java, line(s) 174 com/phone/tenc/widget/aa.java, line(s) 149 com/phone/tenc/widget/ab.java, line(s) 147 com/phone/tenc/widget/af.java, line(s) 162 com/phone/tenc/widget/f.java, line(s) 228 com/phone/tenc/widget/j.java, line(s) 109,234,260,284 com/phone/tenc/widget/jzPlayer/ad/a.java, line(s) 202 com/phone/tenc/widget/jzPlayer/common/MyCacheDataSource.java, line(s) 369 com/phone/tenc/widget/n.java, line(s) 68,86 com/phone/tenc/widget/o.java, line(s) 69 com/phone/tenc/widget/version2/CommentDialogFragment.java, line(s) 215 com/phone/tenc/widget/version_3_7/subscribe/ActorFilterListLayout.java, line(s) 243,266,288 com/phone/tenc/widget/x.java, line(s) 138,62,101 com/phone/tenc/widget/y.java, line(s) 132 com/resource/ffmpeg/lib/c/d.java, line(s) 6,10 com/resource/ffmpeg/lib/d/a.java, line(s) 39,43 com/resource/ffmpeg/lib/e/a.java, line(s) 100,105,114,90,229 com/resource/ffmpeg/lib/e/a/a.java, line(s) 61,132,134,136,138,140,142 com/resource/ffmpeg/lib/e/a/e.java, line(s) 17,23,25,27 com/resource/ffmpeg/lib/e/b.java, line(s) 70 com/resource/ffmpeg/lib/e/c/a.java, line(s) 86,90,106,116,117,261 com/resource/ffmpeg/lib/e/d/a.java, line(s) 36 com/resource/ffmpeg/lib/e/d/b.java, line(s) 76 com/resource/ffmpeg/lib/interceptLoad/CreateM3u8FileWorker.java, line(s) 33,94 com/resource/ffmpeg/lib/interceptLoad/InterceptConvertWorker.java, line(s) 26,46 com/resource/ffmpeg/lib/interceptLoad/InterceptMaskWorker.java, line(s) 63,77 com/resource/ffmpeg/lib/interceptLoad/LoadTsWorker.java, line(s) 115,216,220 com/resource/ffmpeg/lib/interceptLoad/a.java, line(s) 121 com/resource/ffmpeg/lib/preLoad/PreloadWorker.java, line(s) 123,219 com/resource/ffmpeg/lib/transcode/KeySaveWorker.java, line(s) 47,61 com/resource/ffmpeg/lib/transcode/LoadM3u8FileWorker.java, line(s) 121 com/resource/ffmpeg/lib/transcode/LoadSliceWorker.java, line(s) 100,167 com/resource/ffmpeg/lib/transcode/LoadSliceWorkerByOkhttp.java, line(s) 100,214 com/resource/ffmpeg/lib/transcode/WaterMaskWorker.java, line(s) 61 com/shizhefei/view/largeimage/a.java, line(s) 84,91,115,142,175,221,232,244,272,305,341,370,495,516,594,647,796,948,959,966,972,1024,1139,1162,1163,1167,1174,1186 com/yzq/zxinglibrary/android/CaptureActivity.java, line(s) 55,58 com/yzq/zxinglibrary/android/a.java, line(s) 40 com/yzq/zxinglibrary/android/d.java, line(s) 27,78,84 com/yzq/zxinglibrary/b/a.java, line(s) 53,75,89 com/yzq/zxinglibrary/b/b.java, line(s) 47,160,178,68,85,109,121 com/yzq/zxinglibrary/b/c.java, line(s) 69,187,111,109,119 com/yzq/zxinglibrary/b/d.java, line(s) 37,40,20,44 com/yzq/zxinglibrary/b/e.java, line(s) 27 com/yzq/zxinglibrary/d/e.java, line(s) 56 de/greenrobot/event/BackgroundPoster.java, line(s) 39 de/greenrobot/event/EventBus.java, line(s) 162,114,121,124,433 de/greenrobot/event/SubscriberMethodFinder.java, line(s) 85 de/greenrobot/event/util/AsyncExecutor.java, line(s) 97 de/greenrobot/event/util/ErrorDialogConfig.java, line(s) 42 de/greenrobot/event/util/ErrorDialogManager.java, line(s) 166 de/greenrobot/event/util/ExceptionToResourceMapping.java, line(s) 30 in/srain/cube/views/GridViewWithHeaderAndFooter.java, line(s) 252,264,318 me/iwf/photopicker/PhotoPickerActivity.java, line(s) 97,326,339,341,354 me/iwf/photopicker/a/a.java, line(s) 81 me/iwf/photopicker/d/b.java, line(s) 31 me/iwf/photopicker/widget/TouchImageView.java, line(s) 667 org/a/b/b/a/b.java, line(s) 24,43 org/a/b/c/a/b.java, line(s) 49 org/a/b/c/a/c.java, line(s) 186,122,165,174 org/a/b/c/a/d.java, line(s) 23 org/greenrobot/greendao/AbstractDao.java, line(s) 449,690,746 org/greenrobot/greendao/DaoException.java, line(s) 27,28 org/greenrobot/greendao/DaoLog.java, line(s) 14,18,26,34,38,42,50,54,22,58,62,66 org/greenrobot/greendao/DbUtils.java, line(s) 62,32 org/greenrobot/greendao/async/AsyncOperationExecutor.java, line(s) 193,203,215,291 org/greenrobot/greendao/internal/LongHashMap.java, line(s) 64 org/greenrobot/greendao/query/QueryBuilder.java, line(s) 99,102 org/greenrobot/greendao/test/AbstractDaoTest.java, line(s) 27,31,58 org/greenrobot/greendao/test/AbstractDaoTestLongPk.java, line(s) 17,22 org/greenrobot/greendao/test/AbstractDaoTestSinglePk.java, line(s) 27 org/greenrobot/greendao/test/DbTest.java, line(s) 61 org/lsposed/hiddenapibypass/HiddenApiBypass.java, line(s) 74,312 top/zibin/luban/d.java, line(s) 135,167,134 v0c68ee8d/l0c68ee8d.java, line(s) 278,306
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/phone/tenc/a/o.java, line(s) 3,19 com/phone/tenc/activity/LoginActivity.java, line(s) 6,243 com/phone/tenc/activity/event/LfDetailActivity.java, line(s) 5,222 com/phone/tenc/activity/game/GameDetailActivity.java, line(s) 5,357 com/phone/tenc/d/l.java, line(s) 6,136 com/phone/tenc/widget/j.java, line(s) 6,231,257 com/phone/tenc/widget/n.java, line(s) 6,83 com/phone/tenc/widget/version_3/d.java, line(s) 6,67 com/phone/tenc/widget/x.java, line(s) 6,58
信息 此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密
此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密 Files: org/greenrobot/greendao/database/DatabaseOpenHelper.java, line(s) 18,6,14
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/cl/downLoad/a/a/a.java, line(s) 138,73,136,136 com/d/a/h/a.java, line(s) 140,73,138,138 com/phone/tenc/b.java, line(s) 70,69,68 e/z.java, line(s) 498,497,496,496
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/apk/secury/e.java, line(s) 18,18,18,18,18 com/phone/tenc/updateApp/c.java, line(s) 111,112
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (ulogs.umengcloud.com) 通信。
{'ip': '223.109.148.178', 'country_short': 'CN', 'country_long': 'China', 'region': 'Jiangsu', 'city': 'Nanjing', 'latitude': '32.061668', 'longitude': '118.777779'}