安全分析报告:
安全分数
安全分数 43/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
15
用户/设备跟踪器
调研结果
高危
8
中危
20
信息
3
安全
3
关注
0
高危 域配置不安全地配置为允许明文流量到达范围内的这些域。
Scope: 127.0.0.1
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/applovin/impl/adview/b.java, line(s) 514,14 com/applovin/impl/sdk/e/q.java, line(s) 109,4 com/fyber/inneractive/sdk/activities/InneractiveInternalBrowserActivity.java, line(s) 147,13 com/fyber/inneractive/sdk/config/IAConfigManager.java, line(s) 101,4 com/mbridge/msdk/click/h.java, line(s) 242,13,14 com/mbridge/msdk/mbbanner/common/bridge/BannerExpandDialog.java, line(s) 190,14 com/mbridge/msdk/video/bt/module/MBridgeBTWebView.java, line(s) 353,14 com/mbridge/msdk/video/module/MBridgeAlertWebview.java, line(s) 101,6 com/mbridge/msdk/video/module/MBridgeH5EndCardView.java, line(s) 896,17 com/unity3d/services/core/webview/WebViewApp.java, line(s) 145,9,52,58,72,98 net/gree/unitywebview/CWebViewPlugin.java, line(s) 376,21,22
高危 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/ironsource/mediationsdk/utils/IronSourceUtils.java, line(s) 480
高危 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/fyber/inneractive/sdk/web/d.java, line(s) 732,23 net/gree/unitywebview/CWebViewPlugin.java, line(s) 185,21,22
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/fyber/inneractive/sdk/player/exoplayer2/extractor/hls/a.java, line(s) 39 com/ironsource/mediationsdk/utils/IronSourceAES.java, line(s) 70,136
高危 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
a/a.java, line(s) 36
高危 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/stansassets/mnp/BuildConfig.java, line(s) 3,6
高危 应用程序包含隐私跟踪程序
此应用程序有多个15隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 Service (com.kooapps.unityplugins.notification.UnityFirebaseMessagingService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.kooapps.unityplugins.utils.ReferrerReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.INSTALL_PACKAGES [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (com.google.android.gms.messaging.cpp.MessageForwardingService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/applovin/impl/sdk/n.java, line(s) 678 com/applovin/mediation/ads/MaxAdView.java, line(s) 178,168 com/applovin/mediation/ads/MaxAppOpenAd.java, line(s) 60,50 com/applovin/mediation/ads/MaxInterstitialAd.java, line(s) 85,75 com/applovin/mediation/ads/MaxRewardedAd.java, line(s) 112,102 com/applovin/mediation/ads/MaxRewardedInterstitialAd.java, line(s) 81,71 com/applovin/mediation/nativeAds/MaxNativeAdLoader.java, line(s) 90,85 com/applovin/sdk/AppLovinSdk.java, line(s) 234 com/applovin/sdk/AppLovinSdkSettings.java, line(s) 94 com/applovin/sdk/AppLovinWebViewActivity.java, line(s) 19 com/bykv/vk/openvk/component/video/a/b/i.java, line(s) 121 com/ironsource/adapters/admob/AdMobAdapter.java, line(s) 560,563,566,890,134,135,136 com/ironsource/adapters/applovin/AppLovinAdapter.java, line(s) 629,45,46 com/ironsource/adapters/facebook/FacebookAdapter.java, line(s) 732,740 com/ironsource/adapters/fyber/FyberAdapter.java, line(s) 673,41 com/ironsource/adapters/ironsource/IronSourceAdapter.java, line(s) 78,43,42,617,199 com/ironsource/adapters/mintegral/MintegralAdapter.java, line(s) 836,52,53,55,58,59 com/ironsource/adapters/pangle/PangleAdapter.java, line(s) 824,56,57,60,62,61,64,65 com/ironsource/adapters/supersonicads/SupersonicAdsAdapter.java, line(s) 86,268,749 com/ironsource/adapters/supersonicads/SupersonicConfig.java, line(s) 23 com/ironsource/adapters/unityads/UnityAdsAdapter.java, line(s) 724,321,115,121 com/ironsource/adapters/vungle/VungleAdapter.java, line(s) 743 com/ironsource/mediationsdk/C0092d.java, line(s) 217,332 com/ironsource/mediationsdk/C1298d.java, line(s) 229,344 com/ironsource/mediationsdk/CachedResponse.java, line(s) 37 com/ironsource/mediationsdk/InitConfig.java, line(s) 43 com/ironsource/mediationsdk/L.java, line(s) 1438,1421 com/ironsource/mediationsdk/server/ServerURL.java, line(s) 24,49 com/ironsource/mediationsdk/utils/IronSourceConstants.java, line(s) 91,102 com/kooapps/unityplugins/analytics/localytics/LocalyticsPlugin.java, line(s) 25 com/localytics/android/AnalyticsProvider.java, line(s) 497,452,487 com/localytics/android/BackgroundService.java, line(s) 12,10,13,11 com/localytics/android/Constants.java, line(s) 59,14,53,54,56,55,57,16,18,19,31,60,20,21,22,63,30,33,40,44,45,47,52,66,65,80,97,100,105,64,110,113,142,146,147,151,148,158,162,163,171,174,202,203,206,207,208,58,67,216,217 com/localytics/android/FrequencyCappingEngine.java, line(s) 24,25,26,27,42,29,31,32,45,44,33,34,35,36 com/localytics/android/JavaScriptClient.java, line(s) 18 com/localytics/android/JsonObjects.java, line(s) 39 com/localytics/android/Localytics.java, line(s) 31 com/localytics/android/LocationProvider.java, line(s) 14 com/localytics/android/LoggingHandler.java, line(s) 64,65,63,70,37,38,71,69,68,67,66 com/localytics/android/LoguanaPairingConnection.java, line(s) 15,16 com/localytics/android/MarketingProvider.java, line(s) 98,583,651,712 com/localytics/android/MigrationDatabaseHelper.java, line(s) 128,140,162,238 com/localytics/android/ProfilesHandler.java, line(s) 24,25,26 com/localytics/android/ProfilesProvider.java, line(s) 126 com/mbridge/msdk/MBridgeConstans.java, line(s) 14,51 com/mbridge/msdk/click/b/a.java, line(s) 34 com/mbridge/msdk/foundation/db/l.java, line(s) 58,44 com/mbridge/msdk/foundation/download/core/DownloadCommon.java, line(s) 21 com/mbridge/msdk/foundation/download/core/DownloaderReporter.java, line(s) 14 com/mbridge/msdk/foundation/entity/CampaignEx.java, line(s) 34 com/mbridge/msdk/foundation/entity/m.java, line(s) 186,207,222,244,313,347,372,401,412,433,444,464,474,494,506,546,562,268,283,773 com/mbridge/msdk/foundation/same/report/d.java, line(s) 280 com/mbridge/msdk/playercommon/exoplayer2/drm/DefaultDrmSessionManager.java, line(s) 30 com/mbridge/msdk/video/dynview/moffer/MOfferModel.java, line(s) 112 com/tenjin/android/config/TenjinConsts.java, line(s) 33,34,35,41 com/unity/androidnotifications/UnityNotificationManager.java, line(s) 31,33 com/unity/udp/sdk/internal/LocalPurchaseCache.java, line(s) 17 com/unity/udp/sdk/internal/Utils.java, line(s) 40,45 com/unity3d/ads/metadata/InAppPurchaseMetaData.java, line(s) 13 com/unity3d/services/ads/gmascar/utils/ScarConstants.java, line(s) 4,5,6,8,9 com/unity3d/services/core/configuration/ExperimentObject.java, line(s) 7,8 com/unity3d/services/core/device/reader/DeviceInfoReaderFilterProvider.java, line(s) 11,12 com/unity3d/services/core/device/reader/JsonStorageKeyNames.java, line(s) 4,6,7,9,10,11,8,12,5,13,14,15 com/unity3d/services/core/properties/SdkProperties.java, line(s) 27 com/vungle/warren/log/LogManager.java, line(s) 24,25,26,27 com/vungle/warren/log/LogSender.java, line(s) 22,23 com/vungle/warren/model/Cookie.java, line(s) 21,22 io/opencensus/metrics/AutoValue_LabelKey.java, line(s) 44 io/opencensus/tags/AutoValue_Tag.java, line(s) 54 io/opencensus/trace/AutoValue_Tracestate_Entry.java, line(s) 46
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/apm/insight/h.java, line(s) 8 com/applovin/exoplayer2/h/z.java, line(s) 4 com/applovin/impl/b/m.java, line(s) 18 com/fyber/inneractive/sdk/player/exoplayer2/upstream/cache/i.java, line(s) 21 com/ironsource/mediationsdk/utils/e.java, line(s) 14 com/ironsource/mediationsdk/utils/g.java, line(s) 6 com/mbridge/msdk/dycreator/baseview/rewardpopview/MBAcquireRewardPopView.java, line(s) 24 com/mbridge/msdk/playercommon/exoplayer2/source/ShuffleOrder.java, line(s) 4 com/mbridge/msdk/playercommon/exoplayer2/trackselection/RandomTrackSelection.java, line(s) 6 com/mbridge/msdk/playercommon/exoplayer2/upstream/cache/CachedContentIndex.java, line(s) 21 com/mbridge/msdk/thrid/okhttp/OkHttpClient.java, line(s) 30 com/mbridge/msdk/thrid/okhttp/internal/ws/RealWebSocket.java, line(s) 27 com/mbridge/msdk/thrid/okhttp/internal/ws/WebSocketWriter.java, line(s) 9 com/unity3d/services/core/request/metrics/SDKMetrics.java, line(s) 9 io/opencensus/trace/SpanId.java, line(s) 4 io/opencensus/trace/TraceId.java, line(s) 4
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/applovin/impl/sdk/utils/StringUtils.java, line(s) 31 com/applovin/impl/sdk/utils/n.java, line(s) 147 com/fyber/inneractive/sdk/player/cache/h.java, line(s) 318 com/localytics/android/Utils.java, line(s) 388 com/unity/udp/sdk/common/Crypto.java, line(s) 20 com/unity/udp/sdk/internal/Utils.java, line(s) 213 com/unity3d/services/core/device/Device.java, line(s) 160
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/apm/insight/entity/d.java, line(s) 21 com/apm/insight/l/w.java, line(s) 38,88,99 com/apm/insight/nativecrash/b.java, line(s) 663 com/fyber/inneractive/sdk/network/i0.java, line(s) 31 com/fyber/inneractive/sdk/util/n.java, line(s) 156 com/fyber/inneractive/sdk/web/d.java, line(s) 580 com/ironsource/environment/h.java, line(s) 511,321 com/ironsource/mediationsdk/utils/h.java, line(s) 153,275 com/ironsource/sdk/utils/SDKUtils.java, line(s) 252 com/kooapps/helpchatter/HelpchatterActivity.java, line(s) 408,637 com/kooapps/helpchatter/PhotoViewActivity.java, line(s) 46,148 com/kooapps/unityplugins/screenrecording/ScreenRecording.java, line(s) 139,140 com/kooapps/unityplugins/utils/ShareUtils.java, line(s) 29,42 com/localytics/android/Localytics.java, line(s) 405 com/mbridge/msdk/foundation/same/report/b/a.java, line(s) 82 com/mbridge/msdk/foundation/tools/y.java, line(s) 86,96,108 com/unity3d/services/core/cache/CacheDirectory.java, line(s) 57 com/vungle/warren/VungleApiClient.java, line(s) 423 com/vungle/warren/persistence/CacheManager.java, line(s) 122,124 com/vungle/warren/persistence/Repository.java, line(s) 84,85 com/vungle/warren/utility/platform/AndroidPlatform.java, line(s) 134
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/apm/insight/e/b/a.java, line(s) 4,38 com/apm/insight/e/b/b.java, line(s) 4,45,46,39 com/bykv/vk/openvk/component/video/a/b/b/d.java, line(s) 4,5,14,20,21,23,25 com/ironsource/b/a.java, line(s) 5,6,122,127 com/ironsource/environment/f.java, line(s) 6,7,25,47,111 com/localytics/android/AnalyticsProvider.java, line(s) 7,32,37,38,42,46,50,71,72,95,96,97,98,411,422 com/localytics/android/BaseProvider.java, line(s) 7,8,9,10,11,305 com/localytics/android/LocationProvider.java, line(s) 4,64,65,69,73,78,79,80,88,99 com/localytics/android/ManifestProvider.java, line(s) 4,28,46 com/localytics/android/MarketingProvider.java, line(s) 7,184 com/localytics/android/MigrationDatabaseHelper.java, line(s) 8,9,373,374,1084,1111,1114,1157,1165,1174,1183,1191,1195,1201,1205,1209,1217,1226,1230,1253,1261,1262,1271,1279,1283,1291,1295,1299,1303,1306,1307,1308,1309,1310,1312,1322 com/localytics/android/ProfilesProvider.java, line(s) 6,25,29,38,87,98 com/mbridge/msdk/foundation/db/BatchReportDao.java, line(s) 6,66,81 com/mbridge/msdk/foundation/db/e.java, line(s) 6,925,938,985 com/mbridge/msdk/foundation/db/g.java, line(s) 4,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70 com/mbridge/msdk/foundation/download/database/DatabaseHelper.java, line(s) 6,86,154,196,302,310 com/vungle/warren/persistence/DatabaseHelper.java, line(s) 9,10,134 com/vungle/warren/persistence/Repository.java, line(s) 7,137
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/kooapps/unityplugins/screenrecording/ScreenRecording.java, line(s) 128 com/mbridge/msdk/playercommon/exoplayer2/util/Util.java, line(s) 237 ms/bd/o/Pgl/pblg.java, line(s) 29
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/fyber/inneractive/sdk/web/o.java, line(s) 486,479 com/unity3d/services/ads/webplayer/WebPlayerView.java, line(s) 533,517 com/unity3d/services/core/webview/WebView.java, line(s) 103,76 net/gree/unitywebview/CWebViewPlugin.java, line(s) 305,317
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/ironsource/sdk/utils/d.java, line(s) 33,35 com/localytics/android/MarketingWebView.java, line(s) 40,38 com/mbridge/msdk/foundation/webview/BrowserView.java, line(s) 89,86 com/mbridge/msdk/mbsignalcommon/base/BaseWebView.java, line(s) 91,88 com/unity3d/services/core/webview/WebView.java, line(s) 50,76 com/vungle/warren/ui/view/WebSettingsUtils.java, line(s) 14,10 net/gree/unitywebview/CWebViewPlugin.java, line(s) 319,317
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/apm/insight/l/v.java, line(s) 69 com/bykv/vk/openvk/component/video/api/f/b.java, line(s) 49 com/fyber/inneractive/sdk/player/cache/h.java, line(s) 331 com/ironsource/mediationsdk/utils/IronSourceUtils.java, line(s) 381 com/ironsource/sdk/controller/t.java, line(s) 25 com/ironsource/sdk/utils/SDKUtils.java, line(s) 173 com/localytics/android/Utils.java, line(s) 379 com/mbridge/msdk/foundation/download/resource/MBResourceManager.java, line(s) 101 com/mbridge/msdk/foundation/tools/s.java, line(s) 19 com/unity/udp/sdk/common/Hash.java, line(s) 15 d/a.java, line(s) 13
中危 IP地址泄露
IP地址泄露 Files: com/kooapps/helpchatter/ServerApiHelper.java, line(s) 237
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "ca-app-pub-7799788185947239~5269545612" 凭证信息=> "helpchatter.appKey" : "db8dce616cc6d5f4362534786e22c9b5" 凭证信息=> "com.google.android.gms.games.APP_ID" : "\ 715834620584" Google_Drive_API_Key: AIzaSyD8dE6fmLmLa84kbG78PrFBy2dlT6rHxbk Google_Drive_API_Key: AIzaSyAm56vg8NTRDcYcDptCR7Iq5E13v1RN1NM "com.google.firebase.crashlytics.unity_version" : "2020.3.47f1" "dyStrategy.privateAddress" : "privateAddress" "firebase_database_url" : "https://snakeio-86cad.firebaseio.com" "google_api_key" : "AIzaSyAm56vg8NTRDcYcDptCR7Iq5E13v1RN1NM" "google_app_id" : "1:715834620584:android:06c0b2547daad9c7" "google_crash_reporting_api_key" : "AIzaSyAm56vg8NTRDcYcDptCR7Iq5E13v1RN1NM" "ll_app_key" : "0421bf2602b144aa04d8f98-c10d8960-a6bc-11e9-1106-007c928ca240" "password" : "Password" 0000016742C00BDA259000000168CE0F13200000016588840DCE7118A0002FBF1C31C3275D78 eyJhbGciOiJSUzI1NiIsIng1YyI6WyJNSUlDNlRDQ0FkRUNBU293RFFZSktvWklodmNOQVFFTEJRQXdEekVOTUFzR0ExVUVBd3dFVW05dmREQWVGdzB4TkRFeE1UZ3hOalUwTUROYUZ3MHpOREV4TVRNeE5qVTBNRE5hTUdZeEN6QUpCZ05WQkFZVEFsVlRNUk13RVFZRFZRUUlEQXBEWVd4cFptOXlibWxoTVJZd0ZBWURWUVFIREExTmIzVnVkR0ZwYmlCV2FXVjNNUlF3RWdZRFZRUUtEQXRIYjI5bmJHVWdTVzVqTGpFVU1CSUdBMVVFQXd3TFptOXZMbUpoY2k1amIyMHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDekZWS0pPa3FUbXl5ak1IV0JPckxkcFltYzBFY3ZHM01vaGFWK1VKclZySTJTRHlrWThZV1NrVEt6OUJLbUY4SFAvR2pQUERzMzE4NENlajliMVdleXZWQjhSajNndUgzb0wrc0pUM3U5VjJ5NHp5bzV4TzZGV01CWUVRNlg4RGtHbFl0VHA1dGhlWWJSclhORUx1bDRsRitMdEhUQ2FBQU5STWtPbDBORW9MYTZCUmhPRzY4Z0ZmSUF4eDVsVDhSRUU5dXR2UHV5K3JDYUJIbmZIT1BmOHBuMExTdmNlQmlqU0lGb1MzWTVjcmpQVmp5aVBBWlVIV25IVEZBaWxmSG5wTEJsR3hwQ3lsZVBRaE1LclBjZ3ZEb0Q5bmQwTEE2eFlMRjdEUFhYU2E4RkxPK2ZQVjhDTkpDQXNGdXE5UmxmMlR0M1NqTHRXUll1aDVMdWN0UDdBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFFc01BQlpsKzhSbGswaHFCa3RzRHVycmk0bkYvMDdDblNCZS96VWJUaVloTXByN1ZSSURsSExvZTVsc2xMaWxmWHp2YXltY01GZUgxdUJ4TndoZjdJTzdXdkl3UWVVSFNWK3JIeU55Z1RUaWVPMEpuOEh3KzRTQ29oSEFkTXZENXVXRXduM0x2K1c0eTdPaGFTYnpsaFZDVkNuRkxWS2ljQmF5VVhIdGRKWEpJQ29rUjQraC9XTk03ZzBpS1RoYWtaT3lmYjhoMXBoeTdUTVRWbFBGS3JjVkRvNW05K0dodFBDNFBOakdMb2s2ci9qeDlDSU9DYXBJcWk4ZlhKRU94S3ZpbFllQVlxZmpXdmh4MDBqdUVVQkhycENROHdUNFRBK0xsSTAyY1J6NXJ4VzRGUUF6MU5kb0c5SFpEWldhK05ORlRaZEFtdFdQSk1MZCs4TDhzbDQ9IiwiTUlJQzhUQ0NBZG1nQXdJQkFnSUpBTU5JMTVIckd5bGtNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1BOHhEVEFMQmdOVkJBTU1CRkp2YjNRd0hoY05NVFF4TVRFNE1UWTFOREF6V2hjTk16UXhNVEV6TVRZMU5EQXpXakFQTVEwd0N3WURWUVFEREFSU2IyOTBNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXplVU5jNGJTV0hoT1RVKzVNUS9sT21talFXcGZCaStGSnV4dm9lT21Rd2k2ZnJQS0tzYUtLWUdmQ1RQbEtFMGRtckVQOTVibmkvcUw1eEFwUDE3b3JqVWU2S1J0SkF3Rk5JNUVaYWRJZmpiaC9xKzg1QzFDcDJCUzJZbXVaUXpYWkhQNjN5eUJwMDVZY2JNS3dDQkhYYUFnWWJtVFRrKzQrMXBqTnBIUDZZaUYyZ0NQdlNmem9rR3loYnZCcW5QYm5UZEk5dzZmak5CWUFici91Qk9UVTB2SzRrdHpsV2s1bHZzbTUxZTh2c0xTcVdob0hBRHEwQXJpQWVsVTRTSHNTQUNrUlVRU3hXVjBLNWh6VHY0ZWN2Q2JHOWRza2lEQ3dXZyt1VFJTb0FGZVpPaE9OTDAwMHE3VmV5M0RaVGNMbDgvTzROUVZhWlI1aUFnVldsV2Nzd0lEQVFBQm8xQXdUakFkQmdOVkhRNEVGZ1FVc2ltbElSRGNKUjBvZlI3b004S3dIRk9IK3NJd0h3WURWUjBqQkJnd0ZvQVVzaW1sSVJEY0pSMG9mUjdvTThLd0hGT0grc0l3REFZRFZSMFRCQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFXUWw4U21iUW9CVjN0ak9KOHpNbGNOMHhPUHBTU05ieDBnN0VML2RRZ0pwZXQwTWNXNjJSSGxnUUFPS2JTM1BSZW8ybnNSQi9aUnlZRHU0aTEzWkhaOGJNc0dPRVM0QlFwejEzbXRtWGc5UmhzWHFMMGVEWWZCY2pqdGxydVVieGhuQUxwNFZOMXpWZHlXQVBDajBldTNNeHBnTVdjeW41MFFtaUpTai9FcXUvbExodmUvd0t2akc1V2huVjh1UktSdUZiRmN0MERIQUhNblpxRkhjR1M1U28wY1luU2ZLNWZiQlJOZWxHZmxocGJiUHAwVjBhWGlxaW5xRDBZZTNPYVpkRnErMnJQMW9DL2E1L091NExzcFkzYjVvRDlyRU5keTdicTBLZXdQRnRnUHZVa0pySjNUemJpd3ZwZ2haN3pHMjZibko1STd1YzR5MVZ1anFhT0E9PSJdfQ yHTAZeApn5rh6Uzfx06Gv6eHdM34YL ed01172dc7edce0416bde7fa240784c2bd3c9d5a DFKwWgtuDkKwLZPwD+z8H+N/xj26Vjcdx5KanjKnxVN= C38FB23A402222A0C17D34A92F971D1F DFKwWgtuDkKwLZPwD+z8H+N/xjQZxVfV+T2SZVe6V2xS5c5n 936dcbdd57fe235fd7cf61c2e93da3c4 eWzIsJF4PExQap9HK6Vlz8DGlgGwoiLCtyOEK0Bfu tgLRb4bjuZVA8xvQ9uHNs8UtpBIOiUcagzvtKyyfCofk5U5sNb54GgVVYxa6p4A1ObdJv1jjlUOnzR8keX5LsAM4Ia7xeqiFh0GER4l0ulVChy W1zcp5YuPDw8mIQDVCH2uQY7qs2ejdZj5LIgIz4CbQ0wg53rlwE7DDQM6MNUgZLnzNmMSMfFrpE7 DFKwWgtuDkKwLZPwD+z8H+N/xj26Vjcdx5KyVj5GxVN= 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 515c6b6622462eff0e907cc250a97175
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: bitter/jnibridge/JNIBridge.java, line(s) 65 com/apm/insight/b/j.java, line(s) 54 com/apm/insight/h/a.java, line(s) 48 com/apm/insight/k/k.java, line(s) 72 com/apm/insight/l/q.java, line(s) 44,26,32,38,8,20,14,50 com/applovin/exoplayer2/l/q.java, line(s) 30,70,40,60 com/applovin/impl/adview/activity/b/f.java, line(s) 634 com/applovin/impl/sdk/a/f.java, line(s) 80,86,92 com/applovin/impl/sdk/f.java, line(s) 101,103 com/applovin/impl/sdk/nativeAd/AppLovinMediaView.java, line(s) 153 com/applovin/impl/sdk/v.java, line(s) 49,71,101,67,105,75,109,79,97 com/bykv/vk/openvk/component/video/a/b/d.java, line(s) 52,305,311,125,161,171,200,224,241,287,324,331,351,357,363,436 com/bykv/vk/openvk/component/video/a/b/e.java, line(s) 50,58 com/bykv/vk/openvk/component/video/a/b/f.java, line(s) 53,111,123,235 com/bykv/vk/openvk/component/video/a/b/g.java, line(s) 134,167,202,261,269,274,288,293,369,385,392,432,436,210,303,345,379,286,316 com/bykv/vk/openvk/component/video/a/c/a.java, line(s) 226,232,239,246,255,260,334,341,164,182,217,274,290 com/bykv/vk/openvk/component/video/api/f/c.java, line(s) 47,54,99,106,79,86,61,93 com/fyber/inneractive/sdk/external/InneractiveAdManager.java, line(s) 358 com/fyber/inneractive/sdk/logger/a.java, line(s) 11,19,21,29,41,43,51,58,65 com/fyber/inneractive/sdk/network/d0.java, line(s) 75 com/fyber/inneractive/sdk/player/cache/c.java, line(s) 244 com/fyber/inneractive/sdk/player/exoplayer2/audio/c.java, line(s) 457 com/fyber/inneractive/sdk/player/exoplayer2/extractor/mp4/e.java, line(s) 41,47,65,77,128,138,148 com/fyber/inneractive/sdk/player/exoplayer2/extractor/ogg/j.java, line(s) 228 com/fyber/inneractive/sdk/player/exoplayer2/extractor/ts/d.java, line(s) 118 com/fyber/inneractive/sdk/player/exoplayer2/extractor/ts/l.java, line(s) 48 com/fyber/inneractive/sdk/player/exoplayer2/extractor/ts/o.java, line(s) 43,46,102 com/fyber/inneractive/sdk/player/exoplayer2/extractor/wav/a.java, line(s) 47 com/fyber/inneractive/sdk/player/exoplayer2/extractor/wav/c.java, line(s) 39,62,69 com/fyber/inneractive/sdk/player/exoplayer2/g.java, line(s) 39,111 com/fyber/inneractive/sdk/player/exoplayer2/h.java, line(s) 171,662,894,899,904 com/fyber/inneractive/sdk/player/exoplayer2/mediacodec/a.java, line(s) 35,56 com/fyber/inneractive/sdk/player/exoplayer2/mediacodec/d.java, line(s) 335,338,261 com/fyber/inneractive/sdk/player/exoplayer2/source/chunk/b.java, line(s) 15,17 com/fyber/inneractive/sdk/player/exoplayer2/upstream/cache/i.java, line(s) 149 com/fyber/inneractive/sdk/player/exoplayer2/upstream/o.java, line(s) 231 com/fyber/inneractive/sdk/player/exoplayer2/upstream/x.java, line(s) 144,150,162 com/fyber/inneractive/sdk/player/exoplayer2/util/b.java, line(s) 34,78 com/fyber/inneractive/sdk/util/s.java, line(s) 55 com/iab/omid/library/applovin/utils/d.java, line(s) 18,11 com/iab/omid/library/fyber/d/c.java, line(s) 18,11 com/iab/omid/library/ironsrc/utils/d.java, line(s) 18,11 com/iab/omid/library/mmadbridge/d/c.java, line(s) 18,11 com/iab/omid/library/vungle/d/c.java, line(s) 18,11 com/ironsource/a/b.java, line(s) 43 com/ironsource/adapters/fyber/FyberAdapter.java, line(s) 312 com/ironsource/adapters/ironsource/IronSourceAdapter.java, line(s) 592 com/ironsource/adapters/mintegral/MintergralRewardedVideoListener.java, line(s) 39 com/ironsource/adapters/supersonicads/SupersonicAdsAdapter.java, line(s) 720 com/ironsource/b/a.java, line(s) 86,108 com/ironsource/environment/a.java, line(s) 44,366 com/ironsource/environment/e.java, line(s) 93,190,202,207,208 com/ironsource/environment/k.java, line(s) 66 com/ironsource/lifecycle/a/a.java, line(s) 59 com/ironsource/mediationsdk/C1305p.java, line(s) 198 com/ironsource/mediationsdk/L.java, line(s) 507,509,517,519,1375,1398 com/ironsource/mediationsdk/bidding/b.java, line(s) 46 com/ironsource/mediationsdk/integration/IntegrationHelper.java, line(s) 74,32,37,96,110,114,128,133,28,35,62,87,93,106,124,131 com/ironsource/mediationsdk/logger/a.java, line(s) 34,27,23,29 com/ironsource/sdk/a/d.java, line(s) 39 com/ironsource/sdk/b/b.java, line(s) 36,62,101 com/ironsource/sdk/c/c.java, line(s) 117,186 com/ironsource/sdk/controller/x.java, line(s) 231,247,362,370,450,950,1045,1065,1094,1114,1136,1156,1182,1348,1366,2029,1803 com/ironsource/sdk/service/Connectivity/a.java, line(s) 50 com/ironsource/sdk/service/Connectivity/e.java, line(s) 82,96 com/ironsource/sdk/service/d.java, line(s) 48 com/ironsource/sdk/utils/Logger.java, line(s) 12,18,24,30,40,48,53,59,65,71 com/kooapps/helpchatter/Helpchatter.java, line(s) 507,462 com/kooapps/unityplugins/analytics/localytics/LocalyticsPlugin.java, line(s) 328 com/kooapps/unityplugins/iap/IapPlugin.java, line(s) 118,134,187,199,333,338,197,148,228,229,274,276,285,287,299,301,352 com/kooapps/unityplugins/iap/util/Security.java, line(s) 27,43,46,49,52,56,65 com/kooapps/unityplugins/notification/NotificationManager.java, line(s) 86 com/kooapps/unityplugins/screenrecording/ScreenRecording.java, line(s) 124,143,349,77,73 com/kooapps/unityplugins/screenrecording/ScreenRecordingHandler.java, line(s) 111,115 com/kooapps/unityplugins/utils/KAActivityLifecycleCallback.java, line(s) 18 com/localytics/android/Localytics.java, line(s) 886 com/localytics/android/Logger.java, line(s) 81,84,75,87,72,78 com/mbridge/msdk/dycreator/a/a.java, line(s) 44,57,162,163,164,169,175,177,259 com/mbridge/msdk/dycreator/baseview/MBButton.java, line(s) 243 com/mbridge/msdk/dycreator/baseview/MBRelativeLayout.java, line(s) 336 com/mbridge/msdk/dycreator/baseview/MBScrollView.java, line(s) 74 com/mbridge/msdk/dycreator/baseview/extview/MBExtAcquireRewardPopView.java, line(s) 278 com/mbridge/msdk/dycreator/baseview/extview/MBExtFeedBackView.java, line(s) 258 com/mbridge/msdk/dycreator/baseview/extview/MBExtMBridgeBaitClickView.java, line(s) 278 com/mbridge/msdk/dycreator/baseview/extview/MBExtMBridgeTextView.java, line(s) 268 com/mbridge/msdk/dycreator/bus/BackgroundPoster.java, line(s) 40 com/mbridge/msdk/dycreator/bus/EventBus.java, line(s) 315,106,111,113,434,452,467 com/mbridge/msdk/dycreator/e/f.java, line(s) 11 com/mbridge/msdk/foundation/same/b/e.java, line(s) 37 com/mbridge/msdk/foundation/same/report/b/a.java, line(s) 220 com/mbridge/msdk/foundation/tools/s.java, line(s) 21 com/mbridge/msdk/foundation/tools/v.java, line(s) 42,63,77,56,49,70 com/mbridge/msdk/playercommon/exoplayer2/DefaultRenderersFactory.java, line(s) 92 com/mbridge/msdk/playercommon/exoplayer2/ExoPlayerImpl.java, line(s) 125,486,505 com/mbridge/msdk/playercommon/exoplayer2/ExoPlayerImplInternal.java, line(s) 621,836,1167,1172,1177,1241 com/mbridge/msdk/playercommon/exoplayer2/MediaPeriodHolder.java, line(s) 204 com/mbridge/msdk/playercommon/exoplayer2/SimpleExoPlayer.java, line(s) 283,832 com/mbridge/msdk/playercommon/exoplayer2/audio/DefaultAudioSink.java, line(s) 621,160,169,178,652 com/mbridge/msdk/playercommon/exoplayer2/drm/ClearKeyUtil.java, line(s) 45 com/mbridge/msdk/playercommon/exoplayer2/drm/DefaultDrmSession.java, line(s) 183,321 com/mbridge/msdk/playercommon/exoplayer2/drm/DefaultDrmSessionManager.java, line(s) 279 com/mbridge/msdk/playercommon/exoplayer2/extractor/mkv/MatroskaExtractor.java, line(s) 481 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp3/VbriSeeker.java, line(s) 66 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp3/XingSeeker.java, line(s) 52 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp4/FragmentedMp4Extractor.java, line(s) 275,1015 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp4/MetadataUtil.java, line(s) 172,60,67,73,193,237,249,259 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp4/PsshAtomUtil.java, line(s) 69,93 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp4/TrackEncryptionBox.java, line(s) 62 com/mbridge/msdk/playercommon/exoplayer2/extractor/ogg/VorbisUtil.java, line(s) 209 com/mbridge/msdk/playercommon/exoplayer2/extractor/ts/AdtsReader.java, line(s) 113 com/mbridge/msdk/playercommon/exoplayer2/extractor/ts/H265Reader.java, line(s) 248 com/mbridge/msdk/playercommon/exoplayer2/extractor/ts/Id3Reader.java, line(s) 31 com/mbridge/msdk/playercommon/exoplayer2/extractor/ts/PesReader.java, line(s) 57,110,113 com/mbridge/msdk/playercommon/exoplayer2/extractor/wav/WavHeaderReader.java, line(s) 49 com/mbridge/msdk/playercommon/exoplayer2/mediacodec/MediaCodecInfo.java, line(s) 78,82,41 com/mbridge/msdk/playercommon/exoplayer2/mediacodec/MediaCodecRenderer.java, line(s) 590 com/mbridge/msdk/playercommon/exoplayer2/mediacodec/MediaCodecUtil.java, line(s) 359,362,485,256,265,274,281,284,314,401,406,414,423 com/mbridge/msdk/playercommon/exoplayer2/metadata/id3/Id3Decoder.java, line(s) 197,202,211,222,375 com/mbridge/msdk/playercommon/exoplayer2/offline/DownloadManager.java, line(s) 322,462 com/mbridge/msdk/playercommon/exoplayer2/offline/DownloadService.java, line(s) 146 com/mbridge/msdk/playercommon/exoplayer2/source/chunk/BaseMediaChunkOutput.java, line(s) 48 com/mbridge/msdk/playercommon/exoplayer2/source/chunk/ChunkedTrackBlacklistUtil.java, line(s) 25,27 com/mbridge/msdk/playercommon/exoplayer2/text/cea/Cea708Decoder.java, line(s) 888,451,455,459,560,737,748,787,799,822,836 com/mbridge/msdk/playercommon/exoplayer2/text/cea/CeaUtil.java, line(s) 27 com/mbridge/msdk/playercommon/exoplayer2/text/dvb/DvbParser.java, line(s) 560 com/mbridge/msdk/playercommon/exoplayer2/text/ssa/SsaDecoder.java, line(s) 49,54,59,68 com/mbridge/msdk/playercommon/exoplayer2/text/subrip/SubripDecoder.java, line(s) 44,72,75 com/mbridge/msdk/playercommon/exoplayer2/text/ttml/TtmlDecoder.java, line(s) 615,87,98,113,293,298,307,312,341,345,439,448,460,626 com/mbridge/msdk/playercommon/exoplayer2/text/webvtt/WebvttCue.java, line(s) 60 com/mbridge/msdk/playercommon/exoplayer2/text/webvtt/WebvttCueParser.java, line(s) 144,332,352,355,488,561 com/mbridge/msdk/playercommon/exoplayer2/upstream/DefaultDataSource.java, line(s) 81 com/mbridge/msdk/playercommon/exoplayer2/upstream/DefaultHttpDataSource.java, line(s) 82 com/mbridge/msdk/playercommon/exoplayer2/upstream/Loader.java, line(s) 122,172,178,190 com/mbridge/msdk/playercommon/exoplayer2/upstream/cache/CachedRegionTracker.java, line(s) 121 com/mbridge/msdk/playercommon/exoplayer2/upstream/cache/SimpleCache.java, line(s) 115 com/mbridge/msdk/playercommon/exoplayer2/util/AtomicFile.java, line(s) 35,93 com/mbridge/msdk/playercommon/exoplayer2/util/EventLogger.java, line(s) 152,156 com/mbridge/msdk/playercommon/exoplayer2/util/Util.java, line(s) 482,496 com/mbridge/msdk/playercommon/exoplayer2/video/DummySurface.java, line(s) 73,79 com/mbridge/msdk/playercommon/exoplayer2/video/MediaCodecVideoRenderer.java, line(s) 820,448,454,659 com/mbridge/msdk/video/module/MBridgeBaseView.java, line(s) 194,206 com/mbridge/msdk/widget/FeedbackRadioGroup.java, line(s) 64 com/stansassets/mnp/DialogDispatcher.java, line(s) 30,35,42,74 com/stansassets/mnp/NativePopupsManager.java, line(s) 19,31,36 com/tenjin/android/HttpConnection.java, line(s) 45,96,155,183,201 com/tenjin/android/TenjinSDK.java, line(s) 103,109,111,129,453,776,827,1026,1040,1063,1075,1168,1181,1199,1217,1271,1292,1313 com/tenjin/android/config/SDKConfig.java, line(s) 44 com/tenjin/android/params/AttributionParams.java, line(s) 35,39,60,64,71,130 com/tenjin/android/params/PlatformParams.java, line(s) 32,35,80,86,77 com/tenjin/android/params/referral/HuaweiInstallReferrer.java, line(s) 108,159,160,161,194,199,204,210,176 com/tenjin/android/params/referral/PlayStoreInstallReferrer.java, line(s) 102,153,154,155,188,193,198,204,170 com/tenjin/android/store/SharedPrefsStore.java, line(s) 64,36,46,56,67,77 com/tenjin/android/utils/HuaweiOaid.java, line(s) 20,24,17 com/tenjin/android/utils/ImeiRequester.java, line(s) 18,13,20,22 com/tenjin/android/utils/MsaOaid.java, line(s) 71,72,73,74,75,76,79,80,81,84,85,86,87,88,91,92,93,94,97,100,101,104,119,126 com/tenjin/android/utils/OaidRequester.java, line(s) 30,36,18 com/tenjin/android/utils/Reflection.java, line(s) 37,60,64,68,72,75 com/tenjin/android/utils/SourceAppStoreLoader.java, line(s) 27,37,16,40 com/tenjin/android/utils/StoreAttribution.java, line(s) 133,102 com/tenjin/android/utils/TenjinStartup.java, line(s) 49,51,57,63,72,74 com/tenjin/android/utils/adnetwork/AdMobHelper.java, line(s) 37 com/tenjin/android/utils/adnetwork/AppLovinHelper.java, line(s) 54,63,80 com/tenjin/android/utils/adnetwork/BaseAdNetworkHelper.java, line(s) 38 com/tenjin/android/utils/adnetwork/HyperBidHelper.java, line(s) 87 com/tenjin/android/utils/adnetwork/IronSourceHelper.java, line(s) 57 com/tenjin/android/utils/adnetwork/TopOnHelper.java, line(s) 87 com/unity/androidnotifications/UnityNotificationManager.java, line(s) 67,69,165,309,434 com/unity/androidnotifications/UnityNotificationUtilities.java, line(s) 59,63,68 com/unity/udp/sdk/common/Logger.java, line(s) 23,28,32,36 com/unity3d/ads/UnityAdsBaseOptions.java, line(s) 22 com/unity3d/ads/metadata/InAppPurchaseMetaData.java, line(s) 27,40,54 com/unity3d/ads/metadata/MetaData.java, line(s) 42,57 com/unity3d/services/UnityServices.java, line(s) 41,78,85,90,98,104,117,123,111,113,127,54 com/unity3d/services/ads/UnityAdsImplementation.java, line(s) 100,77 com/unity3d/services/ads/adunit/AdUnitActivity.java, line(s) 362,364,48,125,183,217,259,291,312,380,222 com/unity3d/services/ads/adunit/AdUnitViewHandlerFactory.java, line(s) 22 com/unity3d/services/ads/adunit/VideoPlayerHandler.java, line(s) 17,35 com/unity3d/services/ads/api/AdUnit.java, line(s) 202,208,257,260,264,267,324,327,330,333,360,110,132,155,162,338,351,363,367,407,498 com/unity3d/services/ads/api/VideoPlayer.java, line(s) 60,78,101,119,170,181 com/unity3d/services/ads/api/WebPlayer.java, line(s) 53 com/unity3d/services/ads/configuration/AdsModuleConfiguration.java, line(s) 63,74,82 com/unity3d/services/ads/gmascar/adapters/ScarAdapterFactory.java, line(s) 45 com/unity3d/services/ads/gmascar/bridges/AdapterStatusBridge.java, line(s) 21,39 com/unity3d/services/ads/gmascar/bridges/InitializeListenerBridge.java, line(s) 21,40 com/unity3d/services/ads/gmascar/bridges/mobileads/MobileAdsBridge.java, line(s) 20 com/unity3d/services/ads/gmascar/bridges/mobileads/MobileAdsBridgeLegacy.java, line(s) 22 com/unity3d/services/ads/gmascar/finder/GMAInitializer.java, line(s) 53 com/unity3d/services/ads/gmascar/finder/ScarVersionFinder.java, line(s) 37,49 com/unity3d/services/ads/token/AsyncTokenStorage.java, line(s) 155,189 com/unity3d/services/ads/token/NativeTokenGenerator.java, line(s) 41 com/unity3d/services/ads/video/VideoPlayerView.java, line(s) 55,58,82,122,127,149,192,204,238 com/unity3d/services/ads/webplayer/WebPlayerView.java, line(s) 64,74,397,413,509,551,609,624,638,650 com/unity3d/services/banners/BannerView.java, line(s) 127 com/unity3d/services/core/api/Cache.java, line(s) 162,176,52,128,181 com/unity3d/services/core/api/DeviceInfo.java, line(s) 151,169,190,328,354,368,421 com/unity3d/services/core/api/Intent.java, line(s) 48,62,208,232,247 com/unity3d/services/core/api/Request.java, line(s) 33,45,96,108,126,138 com/unity3d/services/core/api/Sdk.java, line(s) 17,38,54,80,86,92,98 com/unity3d/services/core/broadcast/BroadcastEventReceiver.java, line(s) 36 com/unity3d/services/core/cache/CacheDirectory.java, line(s) 26,28,68,72,82,107,111,117,124,31,61,77 com/unity3d/services/core/cache/CacheThread.java, line(s) 73 com/unity3d/services/core/cache/CacheThreadHandler.java, line(s) 42,45,49,70 com/unity3d/services/core/configuration/ConfigurationReader.java, line(s) 25 com/unity3d/services/core/configuration/ConfigurationRequestFactory.java, line(s) 38 com/unity3d/services/core/configuration/EnvironmentCheck.java, line(s) 32,45,35,48,51,54,57 com/unity3d/services/core/configuration/ExperimentObject.java, line(s) 24 com/unity3d/services/core/configuration/ExperimentsReader.java, line(s) 24 com/unity3d/services/core/configuration/InitializationNotificationCenter.java, line(s) 47 com/unity3d/services/core/configuration/InitializeEventsMetricSender.java, line(s) 41,51,59,69,164,176 com/unity3d/services/core/configuration/InitializeThread.java, line(s) 276,312,443,458,502,510,608,620,646,702,122,285,288,319,322,365,385,557,594,706,857,866,193,346,452,534 com/unity3d/services/core/configuration/PrivacyConfigurationLoader.java, line(s) 51 com/unity3d/services/core/connectivity/ConnectivityMonitor.java, line(s) 57,85,95,77,125 com/unity3d/services/core/device/AdvertisingId.java, line(s) 126,144,154 com/unity3d/services/core/device/Device.java, line(s) 162,466,516,525,279 com/unity3d/services/core/device/OpenAdvertisingId.java, line(s) 128,150,157 com/unity3d/services/core/device/Storage.java, line(s) 47,51,58 com/unity3d/services/core/device/reader/DeviceInfoReaderCompressor.java, line(s) 20,33 com/unity3d/services/core/device/reader/DeviceInfoReaderExtended.java, line(s) 46 com/unity3d/services/core/domain/task/InitializeStateConfig$doWork$2.java, line(s) 55 com/unity3d/services/core/domain/task/InitializeStateCreate$doWork$2.java, line(s) 55,61,92 com/unity3d/services/core/domain/task/InitializeStateCreateWithRemote$doWork$2.java, line(s) 55,60,91 com/unity3d/services/core/domain/task/InitializeStateError$doWork$2.java, line(s) 52 com/unity3d/services/core/domain/task/InitializeStateLoadCache$doWork$2.java, line(s) 57,64 com/unity3d/services/core/domain/task/InitializeStateLoadCache.java, line(s) 77 com/unity3d/services/core/domain/task/InitializeStateLoadConfigFile$doWork$2.java, line(s) 56,64 com/unity3d/services/core/domain/task/InitializeStateNetworkError$doWork$2.java, line(s) 53 com/unity3d/services/core/domain/task/InitializeStateNetworkError.java, line(s) 104,122 com/unity3d/services/core/log/DeviceLog.java, line(s) 68,215,222 com/unity3d/services/core/misc/JsonFlattener.java, line(s) 43 com/unity3d/services/core/misc/JsonStorage.java, line(s) 155,26,32,51,72,84,96,164,170 com/unity3d/services/core/misc/JsonStorageAggregator.java, line(s) 34 com/unity3d/services/core/misc/Utilities.java, line(s) 38,56 com/unity3d/services/core/misc/ViewUtilities.java, line(s) 26,35 com/unity3d/services/core/preferences/AndroidPreferences.java, line(s) 14,26,38,50,62 com/unity3d/services/core/properties/ClientProperties.java, line(s) 39,70,82,84 com/unity3d/services/core/properties/SdkProperties.java, line(s) 222,224,98 com/unity3d/services/core/reflection/GenericBridge.java, line(s) 32,47,56,62,70,76,84,91 com/unity3d/services/core/request/WebRequest.java, line(s) 85,178,184 com/unity3d/services/core/request/WebRequestRunnable.java, line(s) 91,76,95 com/unity3d/services/core/request/WebRequestThread.java, line(s) 62,124,138 com/unity3d/services/core/request/metrics/MetricCommonTags.java, line(s) 64 com/unity3d/services/core/request/metrics/MetricSender.java, line(s) 60,76,80,93,95,98,104 com/unity3d/services/core/request/metrics/MetricSenderWithBatch.java, line(s) 47 com/unity3d/services/core/request/metrics/SDKMetrics.java, line(s) 37,52,62,86,97 com/unity3d/services/core/sensorinfo/SensorInfoListener.java, line(s) 28 com/unity3d/services/core/timer/BaseTimer.java, line(s) 82 com/unity3d/services/core/webview/WebView.java, line(s) 112,31,41,58 com/unity3d/services/core/webview/WebViewApp.java, line(s) 54,99,196,241,285,335,61,65,68,85,133,148,175,277,307,348 com/unity3d/services/core/webview/WebViewUrlBuilder.java, line(s) 26 com/unity3d/services/core/webview/bridge/Invocation.java, line(s) 72 com/unity3d/services/core/webview/bridge/NativeCallback.java, line(s) 45 com/unity3d/services/core/webview/bridge/WebViewBridge.java, line(s) 59 com/unity3d/services/core/webview/bridge/WebViewBridgeInterface.java, line(s) 20,35 com/unity3d/services/core/webview/bridge/WebViewCallback.java, line(s) 50 com/unity3d/services/store/core/StoreLifecycleListener.java, line(s) 43 com/unity3d/services/store/gpbl/bridges/CommonJsonResponseBridge.java, line(s) 38 com/unity3d/services/store/gpbl/bridges/PurchaseBridge.java, line(s) 37 com/vungle/warren/AdActivity.java, line(s) 134,136,207,224,238 com/vungle/warren/AdEventListener.java, line(s) 134,91,103 com/vungle/warren/AdLoader.java, line(s) 384,468,661,823,1065,113,364,372,807,839,1098,1110,893 com/vungle/warren/AdvertisementPresentationFactory.java, line(s) 233,236,103,108,119,127,131,202,227,299,322,329,358,402,407,418,425 com/vungle/warren/Banners.java, line(s) 29,34,38,43,56,95,109 com/vungle/warren/CacheBustManager.java, line(s) 28 com/vungle/warren/NativeAd.java, line(s) 204,177,172,388 com/vungle/warren/NativeAdLayout.java, line(s) 99,116,131,137,144,154,162,181,187,199,250 com/vungle/warren/Plugin.java, line(s) 14,29 com/vungle/warren/SessionTracker.java, line(s) 119,122,102,219 com/vungle/warren/Vungle.java, line(s) 286,475,482,155,159,164,175,192,223,275,299,312,408,418,428,455,560,624,683,738,745,766,784,789,812,818,828 com/vungle/warren/VungleApiClient.java, line(s) 242,559,725,408,425,505,562,566,579,684,595,621,624,630 com/vungle/warren/VungleBanner.java, line(s) 38,46,63,96,122,133,153,174,176 com/vungle/warren/VungleJobRunner.java, line(s) 120 com/vungle/warren/VungleLogger.java, line(s) 41,60,94,103,49,71,82,122,133 com/vungle/warren/analytics/VungleAnalytics.java, line(s) 82,87,44,45,48,50,53,99 com/vungle/warren/downloader/AssetDownloader.java, line(s) 143,268,347,352,424,484,501,583,605,660,663,666,670,681,688,708,713,735,751,761,770,771,773,779,786,831,833,836,838,906,996,798,887,910,955,984 com/vungle/warren/downloader/CleverCache.java, line(s) 62,112,122,290,299,303,309,323,329,344,363,367,380 com/vungle/warren/log/BaseFilePersistor.java, line(s) 92,106 com/vungle/warren/log/LogManager.java, line(s) 107,112,120,125,138 com/vungle/warren/log/LogPersister.java, line(s) 98,85,113,43,76,102 com/vungle/warren/log/LogSender.java, line(s) 67,101 com/vungle/warren/model/Advertisement.java, line(s) 562 com/vungle/warren/network/OkHttpCall.java, line(s) 127,142 com/vungle/warren/persistence/CacheManager.java, line(s) 68 com/vungle/warren/persistence/FutureResult.java, line(s) 31,45,27,41,48 com/vungle/warren/persistence/GraphicDesigner.java, line(s) 32,86 com/vungle/warren/persistence/Repository.java, line(s) 89,97,103,238,473,479,524,534,946,949,295,334,549,978 com/vungle/warren/tasks/CacheBustJob.java, line(s) 45,97,116,126,190,60,132,144,157,184,193,196,155 com/vungle/warren/tasks/CleanupJob.java, line(s) 44,73,82,84,101,92,63 com/vungle/warren/tasks/JobInfo.java, line(s) 49 com/vungle/warren/tasks/SendReportsJob.java, line(s) 43,52 com/vungle/warren/tasks/runnable/JobRunnable.java, line(s) 39,47,49,55,41,59,61 com/vungle/warren/ui/JavascriptBridge.java, line(s) 23 com/vungle/warren/ui/presenter/LocalAdPresenter.java, line(s) 326,122 com/vungle/warren/ui/presenter/MRAIDAdPresenter.java, line(s) 289 com/vungle/warren/ui/presenter/NativeAdPresenter.java, line(s) 167,191,198,236,282,297,307 com/vungle/warren/ui/view/BaseAdView.java, line(s) 105,109 com/vungle/warren/ui/view/FullAdWidget.java, line(s) 462,306,415 com/vungle/warren/ui/view/LocalAdView.java, line(s) 164,108,94 com/vungle/warren/ui/view/NativeAdView.java, line(s) 114 com/vungle/warren/ui/view/VungleBannerView.java, line(s) 237,249,253 com/vungle/warren/ui/view/VungleWebClient.java, line(s) 148,246,285,180,181,190,191,200,201,248,66,208 com/vungle/warren/utility/ActivityManager.java, line(s) 103 com/vungle/warren/utility/CookieUtil.java, line(s) 28 com/vungle/warren/utility/ExternalRouter.java, line(s) 38,24,37 com/vungle/warren/utility/FileUtility.java, line(s) 166,177,185,297,70,73 com/vungle/warren/utility/ImageLoader.java, line(s) 41,43,60 com/vungle/warren/utility/ImpressionTracker.java, line(s) 116,121 com/vungle/warren/utility/NetworkProvider.java, line(s) 136,112 com/vungle/warren/utility/UnzipUtility.java, line(s) 137 com/vungle/warren/utility/VungleUrlUtility.java, line(s) 14 com/vungle/warren/utility/platform/AndroidPlatform.java, line(s) 63,76,100,102,106,89 eb/oyspj/cvewcjdvt/vbfqzxvxxqztpjzkqq.java, line(s) 89 org/fmod/FMODAudioDevice.java, line(s) 81 org/fmod/a.java, line(s) 83
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: k/b.java, line(s) 7,427
信息 应用与Firebase数据库通信
该应用与位于 https://snakeio-86cad.firebaseio.com 的 Firebase 数据库进行通信
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/apm/insight/nativecrash/b.java, line(s) 471,471,471,471,471
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/mbridge/msdk/thrid/okhttp/internal/Util.java, line(s) 446,445,444,444
安全 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/715834620584/namespaces/firebase:fetch?key=AIzaSyAm56vg8NTRDcYcDptCR7Iq5E13v1RN1NM ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}