安全分析报告: Space War Ship v1.0

安全分数


安全分数 36/100

风险评级


等级

  1. A
  2. B
  3. C
  4. F

严重性分布 (%)


隐私风险

5

用户/设备跟踪器


调研结果

高危 8
中危 15
信息 1
安全 1
关注 4

高危 应用程序存在Janus漏洞 

应用程序使用了v1签名方案进行签名,如果只使用v1签名方案,那么它就容易受到安卓5.0-8.0上的Janus漏洞的攻击。在安卓5.0-7.0上运行的使用了v1签名方案的应用程序,以及同时使用了v2/v3签名方案的应用程序也同样存在漏洞。

高危 Activity (com.qbiki.modules.search.SearchActivity) is vulnerable to StrandHogg 2.0 

已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (17) 更新到 29 或更高版本以在平台级别修复此问题。

高危 Activity (com.qbiki.paypal.PayPalMessage) is vulnerable to StrandHogg 2.0 

已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (17) 更新到 29 或更高版本以在平台级别修复此问题。

高危 Activity (net.sourceforge.zbar.android.ZBarScanner) is vulnerable to StrandHogg 2.0 

已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (17) 更新到 29 或更高版本以在平台级别修复此问题。

高危 WebView域控制不严格漏洞 

WebView域控制不严格漏洞


Files:
com/pollfish/g/a.java, line(s) 184,157
com/qbiki/modules/fusioncharts/FusionChartsFragment.java, line(s) 112,112,114,115,116
com/qbiki/util/WebViewUtil.java, line(s) 46,18

高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 

如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7

Files:
com/qbiki/modules/epubreader/ePubReaderFragment.java, line(s) 290,14
com/qbiki/modules/karaoke/KaraokeFragment.java, line(s) 126,13,14
com/qbiki/modules/pdfeditorreader/PDFYoutubeFragment.java, line(s) 91,14
com/qbiki/modules/quizweb/QuizwebFragment.java, line(s) 108,156,10,11
com/qbiki/seattleclouds/WebViewFragment.java, line(s) 243,580,604,27,28

高危 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 

不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification

Files:
com/qbiki/seattleclouds/WebViewFragment.java, line(s) 534,533

高危 应用程序包含隐私跟踪程序 

此应用程序有多个5隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。

中危 应用程序可以安装在有漏洞的已更新 Android 版本上 

Android 2.3.3-2.3.7, [minSdk=10]
该应用程序可以安装在具有多个未修复漏洞的旧版本 Android 上。这些设备不会从 Google 接收合理的安全更新。支持 Android 版本 => 10、API 29 以接收合理的安全更新。

中危 Activity (com.qbiki.modules.search.SearchActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。

中危 Activity (com.qbiki.paypal.PayPalMessage) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。

中危 Activity (net.sourceforge.zbar.android.ZBarScanner) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。

中危 Content Provider (com.qbiki.util.InternalFileContentProvider) 未被保护。 

[android:exported=true]
发现 Content Provider与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。

中危 Broadcast Receiver (com.qbiki.gcm.GCMBroadcastReceiver) 受权限保护, 但是应该检查权限的保护级别。 

Permission: com.google.android.c2dm.permission.SEND [android:exported=true]
发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 

文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10

Files:
com/actionbarsherlock/internal/view/menu/MenuBuilder.java, line(s) 31,33
com/amazon/mas/kiwi/util/KiwiVersionEncrypter.java, line(s) 10
com/qbiki/ads/SCAdView.java, line(s) 111
com/qbiki/c2dm/AnnouncementActivity.java, line(s) 150
com/qbiki/feedback/FeedbackFragment.java, line(s) 86,1435
com/qbiki/modules/barcodescanner/BarcodeScannerFragment.java, line(s) 57
com/qbiki/modules/cameracover/CameraCoverFrgament.java, line(s) 35
com/qbiki/modules/dropbox/medialist/DropboxMediaListFragment.java, line(s) 56,57
com/qbiki/modules/facebookfeeds/FeedsListFragment.java, line(s) 59
com/qbiki/modules/goaltracker/GoalTrackerAlarmReceiver.java, line(s) 26
com/qbiki/modules/goaltracker/GoalTrackerCategories.java, line(s) 14
com/qbiki/modules/goaltracker/GoalTrackerGoalDetailsFragment.java, line(s) 23,24
com/qbiki/modules/goaltracker/GoalTrackerGoalEditFragment.java, line(s) 37,38
com/qbiki/modules/goaltracker/GoalTrackerGoalsListFragment.java, line(s) 24
com/qbiki/modules/imagelist/ImageListFragment.java, line(s) 47
com/qbiki/modules/nativetetris/BlockObject.java, line(s) 10
com/qbiki/modules/nativetetris/TetrisGame.java, line(s) 177,180,183,186,189,192,195
com/qbiki/modules/nearbylocations/NearbyLocationFragment.java, line(s) 286
com/qbiki/modules/order/OrderFragment.java, line(s) 89,99,100,101,98,94,93,90,102,104,105,106,107,103,92,53,97,91,95,87,96,88
com/qbiki/modules/product/order/POLocationsAndCategoriesListFragment.java, line(s) 27,30,31
com/qbiki/modules/product/order/POProductDetailsFragment.java, line(s) 34,35,36,37
com/qbiki/modules/product/order/POProductsListFragment.java, line(s) 23,21,22
com/qbiki/modules/puzzle/SCPuzzleGameFragment.java, line(s) 38
com/qbiki/modules/rateandreview/NewRateAndCommentActivity.java, line(s) 198
com/qbiki/modules/rateandreview/RateAndReviewFragment.java, line(s) 171,456,161
com/qbiki/modules/rateandreview/RateAndReviewHandle.java, line(s) 44
com/qbiki/modules/scoreboard/ScoreBoardFragment.java, line(s) 373,380
com/qbiki/modules/scoreboard/SendEmailAsyncTask.java, line(s) 23
com/qbiki/modules/sharepoint/SPItemEditorView.java, line(s) 863,1292
com/qbiki/modules/videolist/VideoFilesListFragment.java, line(s) 58
com/qbiki/seattleclouds/App.java, line(s) 136,137
com/qbiki/seattleclouds/asynctasks/SyncResourcesAsyncTask.java, line(s) 96,98,96
com/revmob/ads/fullscreen/client/FullscreenData.java, line(s) 16
com/revmob/android/StoredData.java, line(s) 6
com/revmob/client/RevMobClient.java, line(s) 151
org/jsoup/nodes/Comment.java, line(s) 5
org/jsoup/nodes/DataNode.java, line(s) 5
org/jsoup/nodes/TextNode.java, line(s) 7
org/jsoup/nodes/XmlDeclaration.java, line(s) 5

中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞 

不安全的Web视图实现。可能存在WebView任意代码执行漏洞
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5

Files:
com/pollfish/g/a.java, line(s) 189,161
com/qbiki/modules/karaoke/KaraokeFragment.java, line(s) 166,63
com/qbiki/modules/starbucks/ViewCardActivity.java, line(s) 116,115

中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 

应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage

Files:
com/qbiki/feedback/FeedbackFragment.java, line(s) 340,856
com/qbiki/modules/coupon/CouponFragment.java, line(s) 299
com/qbiki/modules/dropbox/medialist/DropboxMediaListFragment.java, line(s) 246
com/qbiki/modules/photoeffect/PhotoEffectFragment.java, line(s) 64,91,374,482
com/qbiki/modules/savephoto/SavePhotoActivity.java, line(s) 98,349
com/qbiki/modules/sharepoint/SPItemEditorView.java, line(s) 492,924
com/qbiki/modules/videolist/VideoFilesListFragment.java, line(s) 253
com/qbiki/seattleclouds/App.java, line(s) 241,243,368
com/qbiki/seattleclouds/AppStarterActivity.java, line(s) 149
com/qbiki/seattleclouds/WebViewFragment.java, line(s) 69,621
com/qbiki/seattleclouds/asynctasks/DownloadExternalResourcesAsyncTask.java, line(s) 49
com/qbiki/seattleclouds/mosaic/MosaicImageFragment.java, line(s) 48,153,219
com/revmob/android/FileCache.java, line(s) 16,18

中危 应用程序使用不安全的随机数生成器 

应用程序使用不安全的随机数生成器
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators

Files:
com/amazon/android/c/a.java, line(s) 19
com/amazon/android/f/c.java, line(s) 10
com/amazon/android/framework/prompt/Prompt.java, line(s) 8
com/pollfish/f/b/a.java, line(s) 23
com/qbiki/modules/nativetetris/TetrisGame.java, line(s) 13
org/kobjects/crypt/Crypt.java, line(s) 13

中危 SHA-1是已知存在哈希冲突的弱哈希 

SHA-1是已知存在哈希冲突的弱哈希
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
com/amazon/android/c/b.java, line(s) 141
com/amazon/android/l/a.java, line(s) 18
com/amazon/android/l/b.java, line(s) 63

中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 

应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2

Files:
com/qbiki/modules/calendar/DatabaseHelper.java, line(s) 6,7,48
com/qbiki/modules/favorites/Favorites.java, line(s) 6,7,189
com/qbiki/modules/notes/DatabaseHelper.java, line(s) 6,7,32

中危 IP地址泄露 

IP地址泄露


Files:
com/onbarcode/barcode/android/LicenseInformation.java, line(s) 8

中危 MD5是已知存在哈希冲突的弱哈希 

MD5是已知存在哈希冲突的弱哈希
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
com/pollfish/b/a.java, line(s) 15
com/qbiki/util/StringUtil.java, line(s) 57

中危 此应用可能包含硬编码机密信息 

从应用程序中识别出以下机密确保这些不是机密或私人信息
谷歌地图的 "com.google.android.maps.v2.API_KEY" : "@string/google_maps_v2_api_key"
"username" : "hbkeah14"
"fb_api_key" : "268726946654893"
"google_maps_api_key" : "0jbe4NyXN3WOAa8Mit_l5WwllH9gK_llPyfn_mg"
"google_maps_v2_api_key" : "AIzaSyDv34iCTHltLaJP70MvYckYMNBeb3zUJoA"
"app_licensing_public_key" : ""
"sc_api_key" : "s1w3W2h8SzoZOUMuZM6D9Urw0jo9B5tBz2SdLctURECajJCnYt"
"auth_client_requested_by_msg" : "%1$sによるリクエスト"
"auth_client_using_bad_version_title" : "កម្មវិធី​​​ព្យាយាម​ប្រើ​កំណែ​មិនល្អ​របស់​សេវា​កម្ម​ឃ្លាំ​កម្មវិធី។"
"auth_client_needs_enabling_title" : "កម្មវិធី​ទាមទារ​​បើក​សេវាកម្ម​ឃ្លាំង​កម្មវិធី។"
"auth_client_needs_installation_title" : "កម្មវិធី​ទាមទារ​ការ​ដំឡើង​សេវាកម្ម​ឃ្លាំង​កម្មវិធី។"
"auth_client_requested_by_msg" : "「%1$s」提出要求"
"auth_client_requested_by_msg" : "由“%1$s”发出"
"auth_client_requested_by_msg" : "提出要求的應用程式:%1$s"
Y29tLmFuZHJvaWQudmVuZGluZy5saWNlbnNpbmcuSUxpY2Vuc2luZ1NlcnZpY2U=
30a634c9cad463a5e5d5c7afb2496ff2
3i2ndDfv2rTHiSisAbouNdArYfORhtTPEefj3q2f
30820268308201d102044a9c4610300d06092a864886f70d0101040500307a310b3009060355040613025553310b3009060355040813024341311230100603550407130950616c6f20416c746f31183016060355040a130f46616365626f6f6b204d6f62696c653111300f060355040b130846616365626f6f6b311d301b0603550403131446616365626f6f6b20436f72706f726174696f6e3020170d3039303833313231353231365a180f32303530303932353231353231365a307a310b3009060355040613025553310b3009060355040813024341311230100603550407130950616c6f20416c746f31183016060355040a130f46616365626f6f6b204d6f62696c653111300f060355040b130846616365626f6f6b311d301b0603550403131446616365626f6f6b20436f72706f726174696f6e30819f300d06092a864886f70d010101050003818d0030818902818100c207d51df8eb8c97d93ba0c8c1002c928fab00dc1b42fca5e66e99cc3023ed2d214d822bc59e8e35ddcf5f44c7ae8ade50d7e0c434f500e6c131f4a2834f987fc46406115de2018ebbb0d5a3c261bd97581ccfef76afc7135a6d59e8855ecd7eacc8f8737e794c60a761c536b72b11fac8e603f5da1a2d54aa103b8a13c0dbc10203010001300d06092a864886f70d0101040500038181005ee9be8bcbb250648d3b741290a82a1c9dc2e76a0af2f2228f1d9f9c4007529c446a70175c5a900d5141812866db46be6559e2141616483998211f4a673149fb2232a10d247663b26a9031e15f84bc1c74d141ff98a02d76f85b2c8ab2571b6469b232d8e768a7f7ca04f7abe4a775615916c07940656b58717457b42bd928a2
boundary=3i2ndDfv2rTHiSisAbouNdArYfORhtTPEefj3q2f
AIzaSyDcbnDqRozxjllddKHhKwfQEflvej1qd8A
E213051E4666E9872FA6F50E57A3102C
8288f9f5ef393b70d5121604a25da736

信息 应用程序记录日志信息,不得记录敏感信息 

应用程序记录日志信息,不得记录敏感信息
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs

Files:
com/a/a/a/b/h.java, line(s) 131,153
com/a/a/a/c/b.java, line(s) 511,577,607,758
com/a/a/a/e/f/a.java, line(s) 293
com/a/a/a/e/l/l.java, line(s) 541,542,543,544,545,546,552,559
com/actionbarsherlock/internal/ActionBarSherlockCompat.java, line(s) 418,695
com/actionbarsherlock/internal/nineoldandroids/animation/PropertyValuesHolder.java, line(s) 98,119,169,171,185,187,218,220,320,322,379,381
com/actionbarsherlock/internal/view/menu/MenuItemImpl.java, line(s) 77
com/actionbarsherlock/internal/widget/ActionBarView.java, line(s) 139,153
com/actionbarsherlock/internal/widget/IcsToast.java, line(s) 45
com/actionbarsherlock/view/MenuInflater.java, line(s) 216,260,290
com/actionbarsherlock/widget/ActivityChooserModel.java, line(s) 488,497,556,574,582,591
com/actionbarsherlock/widget/SearchView.java, line(s) 884,771,992
com/actionbarsherlock/widget/SuggestionsAdapter.java, line(s) 173,375,485,97,155,315,342,379,382,463,468
com/amazon/android/framework/util/KiwiLogger.java, line(s) 47,53,29,35,41
com/amazon/mas/kiwi/util/KiwiVersionEncrypter.java, line(s) 109,113
com/pollfish/c/a.java, line(s) 44,47,51,55,58,64,65,66,67,80,82,83
com/pollfish/d/a.java, line(s) 281
com/pollfish/e/a.java, line(s) 24,71,89,107
com/pollfish/f/a.java, line(s) 204
com/pollfish/main/PollFish.java, line(s) 112,29,32,35,39
com/qbiki/ads/AdManager.java, line(s) 223,94,121
com/qbiki/ads/SCAdView.java, line(s) 130,125,137,140,167,294,306,318,329
com/qbiki/analytics/SCAnalyticsTracker.java, line(s) 116,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,201,199
com/qbiki/billing/PurchaseFragment.java, line(s) 236,224
com/qbiki/billing/SCIabHelper.java, line(s) 139,242,258,100,134,239,262
com/qbiki/feedback/DatePicker.java, line(s) 67,82,97,112,132,152,182,184,212,266,275
com/qbiki/feedback/FeedbackFragment.java, line(s) 951,990,1033,1095,1165,1764,1785,197,647,651,655,886,900,907,914,921,928,964,1046,1191,1203,1222,1245,1257,1287,1330,1347,1354,1361,1368,1375,1464,1467,1470,1473,1668,1671,1674,1677,1731,1437,1637,1738,1753
com/qbiki/feedback/FieldProcessing.java, line(s) 36
com/qbiki/feedback/TimePicker.java, line(s) 62,78
com/qbiki/gcm/GCMHelper.java, line(s) 78,90
com/qbiki/geofencing/GeofenceManager.java, line(s) 211,215,218,247,141,152,110,202,267
com/qbiki/geofencing/GeofenceRemover.java, line(s) 89,107,128,135,111,93
com/qbiki/geofencing/GeofenceRequester.java, line(s) 72,90,97,76
com/qbiki/geofencing/ReceiveTransitionsIntentService.java, line(s) 52,38,56,81,93
com/qbiki/location/LocationDetectorActivity.java, line(s) 78,85,106,118,126
com/qbiki/location/MarkerMapFragment.java, line(s) 143
com/qbiki/location/SimpleLocationManager.java, line(s) 93,242,249,256,263,279
com/qbiki/mbfx/DynamicHTML.java, line(s) 64,66,68,70,72,101,103,105,107,109,139,141,183,203,212,215,217,249,266,333,338,343,348,367
com/qbiki/mbfx/MBFXContext.java, line(s) 58,73,97,99,101,41,66
com/qbiki/mbfx/User.java, line(s) 105
com/qbiki/modules/barcodescanner/BarcodeScannerFragment.java, line(s) 588,468,503
com/qbiki/modules/calendar/CalendarFragment.java, line(s) 101,156
com/qbiki/modules/calendar/DatabaseHelper.java, line(s) 53,43
com/qbiki/modules/calendar/EventsSyncAsyncTask.java, line(s) 62,45,39,42
com/qbiki/modules/cameracover/CoverCamera.java, line(s) 454,310
com/qbiki/modules/cameracover/CoversPreviewFragment.java, line(s) 184,226,126
com/qbiki/modules/coupon/CouponFragment.java, line(s) 187,158,164,166
com/qbiki/modules/dropbox/medialist/AsyncTaskParseResources.java, line(s) 64,84,108,148,151,153,155,157,131
com/qbiki/modules/dropbox/medialist/DropboxMediaListFragment.java, line(s) 365,395,590
com/qbiki/modules/dropbox/medialist/GetMediaLinkAsyncTask.java, line(s) 82,39,42,54,89,92,94,96,98,69
com/qbiki/modules/dropbox/medialist/MediaFile.java, line(s) 205,142,167,202
com/qbiki/modules/dynamiclist/DynamicListAdapter.java, line(s) 451,526
com/qbiki/modules/dynamiclist/DynamicListFragment.java, line(s) 300,319,322,402,405,758,763,765,807,809,568,182
com/qbiki/modules/epubreader/Decompress.java, line(s) 62,42
com/qbiki/modules/epubreader/ePubReaderFragment.java, line(s) 177,219,225,262,292
com/qbiki/modules/facebookfeeds/AppSignInWithFacebookFragment.java, line(s) 150,154,157
com/qbiki/modules/facebookfeeds/DownloadMediaFileAsyncTask.java, line(s) 49
com/qbiki/modules/facebookfeeds/FacebookFeedsUtils.java, line(s) 19
com/qbiki/modules/facebookfeeds/FeedCommentsFragment.java, line(s) 246,272,305,373
com/qbiki/modules/facebookfeeds/FeedsListFragment.java, line(s) 763,773,783,215,217,219,324,361,439,728
com/qbiki/modules/facebookfeeds/PostFeedFragment.java, line(s) 209,218,266,253,276,278,306,350,378,392,401,410
com/qbiki/modules/favorites/Favorites.java, line(s) 85,109,251,253,261,291
com/qbiki/modules/favorites/FavoritesFragment.java, line(s) 91
com/qbiki/modules/fbfanpage/FacebookFunPageFragment.java, line(s) 341,366,382,407,411
com/qbiki/modules/fbfanpage/FacebookImageCache.java, line(s) 21,49,60
com/qbiki/modules/fusioncharts/FusionChartsFragment.java, line(s) 133,150,152,154,196,199,202,216,219
com/qbiki/modules/fusioncharts/GetChartDataAsyncTask.java, line(s) 44,56,73
com/qbiki/modules/gcmtopics/GCMTopicsFragment.java, line(s) 470,474,477,549,553,556,495,504,562,572
com/qbiki/modules/goaltracker/GoalTrackerCategories.java, line(s) 51,65,81,120,157,184,212,227,259,273
com/qbiki/modules/karaoke/KaraokeFragment.java, line(s) 68,70,192,117,119,121,123
com/qbiki/modules/locationlock/LocationLockFragment.java, line(s) 383,387,390,369
com/qbiki/modules/login/LoginFragment.java, line(s) 99
com/qbiki/modules/loyalty/LoyaltyFragment.java, line(s) 131,196,202,204
com/qbiki/modules/magazinestore/MagazineDetailsFragment.java, line(s) 36
com/qbiki/modules/magazinestore/MagazineStoreFragment.java, line(s) 76,116,170,183
com/qbiki/modules/messenger/AppSignInFragment.java, line(s) 306,381,389,397,337
com/qbiki/modules/messenger/ConversationFragment.java, line(s) 233
com/qbiki/modules/nativetetris/TetrisGame.java, line(s) 209,326,358
com/qbiki/modules/nativetetris/TetrisView.java, line(s) 244,311,312,444,263,265,267
com/qbiki/modules/nearbylocations/NearbyLocationFragment.java, line(s) 191,221,228,273,281,288,305,294
com/qbiki/modules/nearbylocations/PlaceJSONParser.java, line(s) 19,32,58
com/qbiki/modules/notes/DatabaseHelper.java, line(s) 27
com/qbiki/modules/order/OrderFragment.java, line(s) 651,921,1066
com/qbiki/modules/order/OrderPaypalActivity.java, line(s) 85
com/qbiki/modules/pdfeditorreader/PDFReaderEditorFragment.java, line(s) 82,84,176,183,236,248,291,318,340,348,417,519,526,530,686,725,746,753,790,804,823,834,640
com/qbiki/modules/pdfeditorreader/VideoViewFD.java, line(s) 86,106,216,236,400,402,404
com/qbiki/modules/pdfeditorreader/YoutubeWebView.java, line(s) 125
com/qbiki/modules/pdfreader/PDFReaderFragment.java, line(s) 352
com/qbiki/modules/pdfviewer/PDFViewerFragment.java, line(s) 135,269,448,461,508,523,544,83
com/qbiki/modules/photoeffect/MaskImageView.java, line(s) 176
com/qbiki/modules/photoeffect/PhotoEffectFragment.java, line(s) 369
com/qbiki/modules/product/order/POCategory.java, line(s) 26
com/qbiki/modules/product/order/POContext.java, line(s) 79,105,146,45,47,49,51
com/qbiki/modules/product/order/POProductDetailsFragment.java, line(s) 98,103
com/qbiki/modules/puzzle/SCPuzzleGameFragment.java, line(s) 544
com/qbiki/modules/quiz/QuizPrepareResourcesAsyncTask.java, line(s) 71,42,36,39
com/qbiki/modules/quizweb/QuizwebFragment.java, line(s) 101,151,170,181
com/qbiki/modules/rateandreview/NewRateAndCommentActivity.java, line(s) 193,205
com/qbiki/modules/rateandreview/RateAndReviewFragment.java, line(s) 461,462,466,252,260,262,378,475,487,492,504,530,533
com/qbiki/modules/rateandreview/RateAndReviewHandle.java, line(s) 48,61
com/qbiki/modules/rsspro/RssFeedsPullParser.java, line(s) 104,108,112,428
com/qbiki/modules/rsspro/RssFeedsSaxParser.java, line(s) 88,91,94
com/qbiki/modules/rsspro/RssHandler.java, line(s) 76,101,107
com/qbiki/modules/rsspro/RssReader.java, line(s) 33
com/qbiki/modules/savephoto/SavePhotoActivity.java, line(s) 475,696
com/qbiki/modules/scandocument/ImageCropFragment.java, line(s) 638,678
com/qbiki/modules/scandocument/ImageWeakCache.java, line(s) 117
com/qbiki/modules/scandocument/ScanDocumentFragment.java, line(s) 455,481,487
com/qbiki/modules/scoreboard/ScoreBoardFragment.java, line(s) 95,182,200
com/qbiki/modules/scoreboard/ScreenShotMaker.java, line(s) 48,52
com/qbiki/modules/scoreboard/SendEmailAsyncTask.java, line(s) 38,43
com/qbiki/modules/search/SearchActivity.java, line(s) 76,102,110
com/qbiki/modules/search/SearchFragment.java, line(s) 142,149,155,84,96
com/qbiki/modules/sharepoint/SPField.java, line(s) 68
com/qbiki/modules/sharepoint/SPFileDetailView.java, line(s) 84,90
com/qbiki/modules/sharepoint/SPItemEditorView.java, line(s) 1427,1448,359,1159,1255,1322,1390,1499,1520,1585,1143,1239,1397,1416
com/qbiki/modules/sharepoint/SPListViewAdapter.java, line(s) 173,228,235,238
com/qbiki/modules/sharepoint/SPParserXMLtoSOAPObject.java, line(s) 35,37,39
com/qbiki/modules/sharepoint/SPSOAPParser.java, line(s) 178
com/qbiki/modules/sharepoint/SPServer.java, line(s) 437,442,445,448,451
com/qbiki/modules/sharepoint/SPServerCredentials.java, line(s) 150
com/qbiki/modules/sharepoint/SharePointFragment.java, line(s) 189,557,564,566,598
com/qbiki/modules/signaturestamp/DrawSurfaceActivity.java, line(s) 342
com/qbiki/modules/signaturestamp/SignatureStampFragment.java, line(s) 135
com/qbiki/modules/slideshow/SlideShowFragment.java, line(s) 245
com/qbiki/modules/slotmachine/SlotMachineFragment.java, line(s) 424
com/qbiki/modules/starbucks/ViewCardActivity.java, line(s) 239
com/qbiki/modules/videolist/AsyncTaskParseResources.java, line(s) 56,30
com/qbiki/modules/videolist/DownloadFileAsyncTask.java, line(s) 90
com/qbiki/modules/videolist/VideoFilesListFragment.java, line(s) 301,320,499
com/qbiki/modules/voicerecord/SCVoiceRecordListFragment.java, line(s) 166,363
com/qbiki/modules/voicerecord/VoiceRecordPickerActivity.java, line(s) 220
com/qbiki/paypal/PayPalProcessing.java, line(s) 68,74,76,129,131,192,237
com/qbiki/scapi/SCApi.java, line(s) 131,149
com/qbiki/scapi/SCApiRequestAsyncTask.java, line(s) 35,39,47,53,62
com/qbiki/seattleclouds/App.java, line(s) 1550,252,261,332,841,849,1218,448,460,477,584,605,735,750,757,772,804,971,427,451,463,466,550
com/qbiki/seattleclouds/AppConfigHandler.java, line(s) 394,586,734,740,158,811,69
com/qbiki/seattleclouds/AppStarterActivity.java, line(s) 244,459,473,370,384,409,504
com/qbiki/seattleclouds/ExpansionFilesDownloaderAlarmReceiver.java, line(s) 17
com/qbiki/seattleclouds/LegacyTabsAppActivity.java, line(s) 109
com/qbiki/seattleclouds/NavigationFragment.java, line(s) 34
com/qbiki/seattleclouds/SCActivity.java, line(s) 63
com/qbiki/seattleclouds/SCDownloadHostedPageResourcesFragment.java, line(s) 238,326,333,346,353,364,370,377,388,394,401,412,418,425,440,447
com/qbiki/seattleclouds/SCFragmentActivity.java, line(s) 87
com/qbiki/seattleclouds/SCMapFragment.java, line(s) 53,58,67,80
com/qbiki/seattleclouds/SCPageFragmentActivity.java, line(s) 86
com/qbiki/seattleclouds/WebViewFragment.java, line(s) 599,103,647,528,637,281
com/qbiki/seattleclouds/asynctasks/DownloadExternalResourcesAsyncTask.java, line(s) 71,102,104,67,74,79,47,50
com/qbiki/seattleclouds/asynctasks/InitResourcesAsyncTask.java, line(s) 182,195,201,206,213,218,229,296,309,351,112,170,187,253,335,367,369,391,116,128,150,362
com/qbiki/seattleclouds/asynctasks/ParseAppConfigAsyncTask.java, line(s) 66,30
com/qbiki/seattleclouds/asynctasks/SyncResourcesAsyncTask.java, line(s) 165,168,210,276
com/qbiki/seattleclouds/mosaic/MosaicFragment.java, line(s) 220,292
com/qbiki/seattleclouds/mosaic/MosaicImageFragment.java, line(s) 99,296,322,346,190,223
com/qbiki/seattleclouds/previewer/PreviewerActivity.java, line(s) 156
com/qbiki/seattleclouds/previewer/PreviewerAppsFragment.java, line(s) 255,258
com/qbiki/seattleclouds/previewer/PreviewerLoginFragment.java, line(s) 526,367,370,373,440,447
com/qbiki/shoppingcart/ShoppingCart.java, line(s) 160,154
com/qbiki/util/DataUtil.java, line(s) 93,112
com/qbiki/util/DebugUtil.java, line(s) 29,30,31,32
com/qbiki/util/ImageCache.java, line(s) 21,49,60
com/qbiki/util/ImageUtil.java, line(s) 113,121,150,166
com/qbiki/util/InternalFileContentProvider.java, line(s) 31,42,49,36,45
com/qbiki/util/JObjectUtil.java, line(s) 37
com/qbiki/util/SCMediaPlayer.java, line(s) 56,59,79,82,85,110,115
com/qbiki/util/TransitionUtils.java, line(s) 32,83,100,115,134,158
com/qbiki/util/YouTubeEmbedProcessor.java, line(s) 50,39,33,64
com/qbiki/util/ZipUtil.java, line(s) 65
com/qbiki/util/asyncrequester/AsynchronousSender.java, line(s) 47,50,54,52,56,62
com/revmob/RevMob.java, line(s) 43,49,199,258,110
com/revmob/ads/banner/RevMobBanner.java, line(s) 68,77
com/revmob/ads/banner/client/BannerClientListener.java, line(s) 59
com/revmob/ads/fullscreen/FullscreenActivity.java, line(s) 137,164
com/revmob/ads/fullscreen/RevMobFullscreen.java, line(s) 70,33,72
com/revmob/ads/fullscreen/client/FullscreenClientListener.java, line(s) 72,75,79,83
com/revmob/ads/fullscreen/internal/FullscreenClickListener.java, line(s) 54
com/revmob/ads/link/RevMobLink.java, line(s) 32,41,74
com/revmob/ads/popup/RevMobPopup.java, line(s) 37,46,71,107
com/revmob/android/RevMobContext.java, line(s) 271,150,152,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170
com/revmob/client/InstallClientListener.java, line(s) 18,23
com/revmob/client/RevMobClient.java, line(s) 123,131,256,258,269,271,278,78,80,139,186,201,208,215,233,281
com/revmob/client/SessionClientListener.java, line(s) 77
com/revmob/internal/DownloadManager.java, line(s) 48,49,50,65,71
com/revmob/internal/HTTPHelper.java, line(s) 56,107,121,184,186,104,119,146,159,162,167
com/revmob/internal/MarketRedirector.java, line(s) 104,106
com/revmob/internal/RMLog.java, line(s) 8,12,20,28,36,32,16,24
com/revmob/internal/RevMobEula.java, line(s) 89,96,110
com/revmob/internal/RevMobSoundPlayer.java, line(s) 50
kankan/wheel/widget/adapters/AbstractWheelTextAdapter.java, line(s) 132
net/sourceforge/zbar/android/CameraPreview.java, line(s) 30,51
net/sourceforge/zbar/android/ZBarScanner.java, line(s) 104,298,190,196
org/jsoup/examples/ListLinks.java, line(s) 44
org/kobjects/crypt/Crypt.java, line(s) 227
org/kobjects/mime/Decoder.java, line(s) 126
org/kobjects/pim/PimParser.java, line(s) 45,49,60
org/kxml2/io/KXmlParser.java, line(s) 545
pdftron/PDF/Convert.java, line(s) 52,122
pdftron/PDF/Tools/b.java, line(s) 236
uk/co/senab/actionbarpulltorefresh/library/InstanceCreationUtils.java, line(s) 50,60,70
uk/co/senab/actionbarpulltorefresh/library/PullToRefreshAttacher.java, line(s) 58,92,393

安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 

此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4

Files:
com/amazon/android/l/b.java, line(s) 36,34,33,33

关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (www.google-analytics.com) 通信。 

{'ip': '180.163.151.33', 'country_short': 'CN', 'country_long': 'China', 'region': 'Shanghai', 'city': 'Shanghai', 'latitude': '31.224333', 'longitude': '121.469139'}

关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (www.googletagmanager.com) 通信。 

{'ip': '180.163.150.41', 'country_short': 'CN', 'country_long': 'China', 'region': 'Shanghai', 'city': 'Shanghai', 'latitude': '31.224333', 'longitude': '121.469139'}

关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (ssl.google-analytics.com) 通信。 

{'ip': '180.163.150.169', 'country_short': 'CN', 'country_long': 'China', 'region': 'Shanghai', 'city': 'Shanghai', 'latitude': '31.224333', 'longitude': '121.469139'}

关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (googleads.g.doubleclick.net) 通信。 

{'ip': '180.163.150.38', 'country_short': 'CN', 'country_long': 'China', 'region': 'Shanghai', 'city': 'Shanghai', 'latitude': '31.224333', 'longitude': '121.469139'}

安全评分: ( Space War Ship 1.0)