安全分析报告:
安全分数
安全分数 40/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
0
用户/设备跟踪器
调研结果
高危
6
中危
16
信息
3
安全
1
关注
0
高危 Activity (com.devzz.carbonlitecdn.LiveActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.devzz.carbonlitecdn.LiveActivity) 容易受到 Android Task Hijacking/StrandHogg 的攻击。
活动不应将启动模式属性设置为“singleTask”。 然后,其他应用程序可以将恶意活动放置在活动栈顶部,从而导致任务劫持/StrandHogg 1.0 漏洞。 这使应用程序成为网络钓鱼攻击的易受攻击目标。 可以通过将启动模式属性设置为“singleInstance”或设置空 taskAffinity (taskAffinity="") 属性来修复此漏洞。 您还可以将应用的目标 SDK 版本 (27) 更新到 28 或更高版本以在平台级别修复此问题。
高危 Activity (com.applisto.appcloner.classes.DefaultProvider$MyActivity) is vulnerable to StrandHogg 2.0
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (27) 更新到 29 或更高版本以在平台级别修复此问题。
高危 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
com/applisto/appcloner/classes/util/SimpleCrypt.java, line(s) 54
高危 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: andhook/lib/BuildConfig.java, line(s) 2,6 com/applisto/appcloner/classes/BuildConfig.java, line(s) 2,5
高危 该文件是全局可读写的。任何应用程序都可以读取/写入文件
该文件是全局可读写的。任何应用程序都可以读取/写入文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/devzz/carbonlitecdn/ActivateActivity.java, line(s) 96 com/devzz/carbonlitecdn/SettingsActivity.java, line(s) 81
中危 应用程序存在Janus漏洞
应用程序使用了v1签名方案进行签名,如果只使用v1签名方案,那么它就容易受到安卓5.0-8.0上的Janus漏洞的攻击。在安卓5.0-7.0上运行的使用了v1签名方案的应用程序,以及同时使用了v2/v3签名方案的应用程序也同样存在漏洞。
中危 应用程序可以安装在有漏洞的已更新 Android 版本上
Android 4.0-4.0.2, [minSdk=14] 该应用程序可以安装在具有多个未修复漏洞的旧版本 Android 上。这些设备不会从 Google 接收合理的安全更新。支持 Android 版本 => 10、API 29 以接收合理的安全更新。
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 Broadcast Receiver (com.devzz.carbonlitecdn.BootUpReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Content Provider (com.applisto.appcloner.classes.DefaultProvider) 未被保护。
[android:exported=true] 发现 Content Provider与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Service (com.applisto.appcloner.service.RemoteService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Broadcast Receiver (com.applisto.appcloner.classes.DefaultProvider$DefaultReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Activity (com.applisto.appcloner.classes.DefaultProvider$MyActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Broadcast Receiver (com.applisto.appcloner.classes.FakeCamera$FakeCameraReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/bumptech/glide/load/b/c.java, line(s) 35 com/bumptech/glide/load/b/o.java, line(s) 94 com/bumptech/glide/load/b/w.java, line(s) 74 com/bumptech/glide/load/h.java, line(s) 76 com/devzz/carbonlitecdn/c/a.java, line(s) 10
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/devzz/carbonlitecdn/c/b.java, line(s) 6,7,8,48
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/applisto/appcloner/classes/BundleObb.java, line(s) 65 com/applisto/appcloner/classes/FakeCamera.java, line(s) 411 com/devzz/carbonlitecdn/ActivateActivity.java, line(s) 91,114 com/devzz/carbonlitecdn/SettingsActivity.java, line(s) 76,99
中危 IP地址泄露
IP地址泄露 Files: com/applisto/appcloner/classes/HostsBlocker.java, line(s) 154
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: andhook/lib/xposed/XposedHelpers.java, line(s) 1090
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/applisto/appcloner/classes/Utils.java, line(s) 424
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "firebase_database_url" : "https://apxtv-6cd92.firebaseio.com" "google_api_key" : "AIzaSyA9kzyNcQJUqi4FAfAWklDNhwQ2tVdgdRg" "username" : "USUÁRIO" "password" : "SENHA" "google_crash_reporting_api_key" : "AIzaSyA9kzyNcQJUqi4FAfAWklDNhwQ2tVdgdRg" nxtAB6Dkkzc+55W9DaF97Fkkv5BBgPHxbUjgkvZgS+F2SbgztX10o9cGJpAXA1cB03BOr94DlZvZT nbz2PpFXK5obQPvYskh5WPqaG9rXnkDRR0q6cAjxZdP59oQNQA84ADshpO6vozBsB4DAP2/2KzrwR n+AxcP7sT90e4wsx2lRLoVkh6KOeOs1Z8IekeSce3yWOWpL9T0tglaWGb+w/x8OmdyoJXQPCPkDTc n4EPbNtXMNgNzgO0pJjfLc54Q9QnnUoOaUIYAPh3VtjxGkQhzM+wXdSDCxzgR/iipbLkIXQNuy2sY n5cgy1k4ASf3A5cAFuJXKKaF9KpBPgDvM7KP4g1oIIGkCMADcBJwb2p8KOMvMPoUaCCBpALgfmBba nJBUhcameExFCkEhow4NEJCIST32oW4TEg3ogbg+NklAaSl1KFG2lNGlJimqU0/P3sGZ0nLNn9qx9 572d4e421e5e6b9bc11d815e8a027112 n78C8qoIPewXwOcK9V1kHzIi2qlRGLEB3LDSVx3KgP3rEWSlxHzAZt8OgljPjEvkcWGJmr4dyoA/A noCasBeYxdhEKpQwBfJ50pb7yY2abgNmki7C4F0QoQ4DC2slIhFm4VchWLJb0nGeaa3F9QicidEUf 8J+HtPCfh7IgQW5kcm9pZCBwbHVzINin2YbYr9ix2YjZitivINio2YTYsyDwn4e08J+Hsg== Y29tLmFwcGxpc3RvLmFwcGNsb25lci5jbGFzc2VzLnNlY29uZGFyeQ== aHR0cHM6Ly90Lm1lL0FuZHJvaWRwbHVzMjAxMjA= nJ2k5MBi65DXhQ6iwE5b0BHBP6FLXhB3AUWa2u5ImSNKdNMFPcp2Z7YYKaoCkmcDa0CWuCVuBu8zs n2olwU2SXZdN1AtzmEfwtI+49oSQRspqj1yT9EUqAMoahx3rYvpW8MLONwFzglxT7WyQ97eOMmX0M nd7qkHRn2vssMU5VdE3xYVka86jITBsDMNuBGM2mjDa9lhqhj7ifnqmsbvLfG5CH0PGDUkNXMvqV4 nnEP6ewBXAAflTa7oYJUhwJEetmtGlXCvCL+m3LNYblk7NznmCXnpivcDfARoGWQz+wH3PlZaTRjs nzHYAd4WORoWsA241sxkhgw8jJi6SHgPuC+lQifwMvAu8ZGavhnYmptVM+CLc4RUzgEm42eiehP2E nYfAXeebVnyGCJC3JuHeGh1/vFx2nMjvh++m8iTvax9jMPgHOBv5OMXlE0tICyhR86SYXchted46h nlwr5ETjezBRsKULS6ZJWAU8xvoIPcBxwGQRaC5I0iNvycX7oSARkPgQQQNKjwHJgQugIBGYiVLwY nCXBIWXMAAC4jAAAuIwF4pT92AAAHk0lEQVR42u2dW6wdUxjHf98pirqURElc6tIihKZOL0rqLiEl nAP7xsB0qOvNGAL+5kIrOvBGghKD60AgQmEYAONDD9oSiM98ndOlrwNdAPL4fjn7G/UKyedoX+C60 nbmhoaGhoaMig8M5S0hTgENxxYMk8kg9v+nAPg34ys79CB6GnkDt8Q5KGon97Er8nPxu1LWU8UsbB nEWYD347Bz/VmtmYM96cSWoCWRCLMJVsE38naNXQ+k30gdExyI+kVj3Z1fpu0Jssdnp1GWxEkHSTp njY7OJr0mLOpwiHpt4BgUi6Q3PCZi8h1SSjpR0vaM9LxEkHSMh69dMRHz7agGfUSIhqhzKG50dHiJ 01cbf821219d916778a1a3c845443ab7 nsw0NDQ0NDQ0FUesnYpIOBE4BTsKt2ewLTEyYDCfK0MfeUYzYO8ROjmQsca3o2lrYFJm2AXuAL81s n+ZGkpzrId6ak3RlpLm1xz5kePn0QOrZ5A3H9GIMf80wHeZ+l7OZo6Qh7HwFWh45t3iCsKEiATkXo nZWtL6D4gxleEjTgRsiZreZ8nNC9qRwx6BC0WIWuyNpCzY/YJalfUgLEw4LPgFs0T+snumNuJ4BOD bded73ddc4463feb2d9ef8b37fe90bb1 PGI+2KfZhti22YUg2LnZhNmJINmC2YbYp9iq2Yog2KfZhNiq2YTYrNix2KfZhSDZhNmE2K3YtdmI2YQg2LnZhNmJINin2YHYttmEINin2YTYqti32KjZitmC2KfYqiDZiNin2YTYudin2Kgg2KfZhNmF2K/ZgdmI2LnZhyDZhdis2KfZhtinIDwvYj4gPGEgaHJlZj0iaHR0cHM6Ly90Lm1lL0FuZHJvaWRwbHVzMjAxMjAiPtin2YTYp9mG2LbYp9mFINi52YTZiSDZgtmG2KfYqSDYp9mE2KrZhNis2LHYp9mFPC9hPjxicj48YnI+CgoKCjxiPiBBbmRyb2lkIHBsdXMg2KfZhtiv2LHZiNmK2K8g2KjZhNizPC9iPiA8YnI+Cgo8YnI+CgoK n6ILXhSq+P2Ae7qsIh4HV0REDDQ314F/QQmVQhaYmuwAAAABJRU5ErkJggg==
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: andhook/lib/AndHook.java, line(s) 98,146,55 andhook/lib/HookHelper.java, line(s) 33,66,92,144,155,168,190,212,234,270,275,78 andhook/lib/xposed/XposedBridge.java, line(s) 28,24 andhook/lib/xposed/XposedHelpers.java, line(s) 471,482,493,504,515,526,537,548,559,570,585,596,607,618,629,640,651,662,673,684,695,706,717,728,739,750,761,772,783,794,805,816,827,838,849,860,871,884,897,910,931,946 com/a/a/v.java, line(s) 102,98,106,10,93,110 com/alibaba/android/vlayout/VirtualLayoutManager.java, line(s) 965,652,1061 com/alibaba/android/vlayout/a.java, line(s) 597,600,602,790,927,928,929,930,935 com/alibaba/android/vlayout/a/a.java, line(s) 163,220 com/applisto/appcloner/classes/AbstractActivityContentProvider.java, line(s) 25,31 com/applisto/appcloner/classes/AppClonerNative.java, line(s) 18 com/applisto/appcloner/classes/ApplicationWrapper.java, line(s) 31,189,196,204,211,219,58,70,86,98,110,122,134,146,158,174 com/applisto/appcloner/classes/AutoPressButtons.java, line(s) 30,44,62,67,72,91,106,120,100,122,126,130,153 com/applisto/appcloner/classes/AutoRotateControls.java, line(s) 18,20,40,48,37,53 com/applisto/appcloner/classes/BackKeyHandler.java, line(s) 32,35,43,52,64,73,87,54,96 com/applisto/appcloner/classes/BluetoothControls.java, line(s) 18,20,38,41,47,55,61,64,44,67 com/applisto/appcloner/classes/BootReceiver.java, line(s) 14,24 com/applisto/appcloner/classes/BundleFilesDirectories.java, line(s) 18,31,40,48,59,43,66 com/applisto/appcloner/classes/BundleObb.java, line(s) 19,28,31,41,47,54,59 com/applisto/appcloner/classes/CalculatorActivity.java, line(s) 51,61,124,252 com/applisto/appcloner/classes/ClearCacheOnExitProvider.java, line(s) 16,39,43,21 com/applisto/appcloner/classes/ClearCacheOnExitService.java, line(s) 17,23 com/applisto/appcloner/classes/ClearCacheReceiver.java, line(s) 15 com/applisto/appcloner/classes/CloneSettings.java, line(s) 76,238,250,89,94,246 com/applisto/appcloner/classes/Configuration.java, line(s) 23,46,66,71,75,82,92,102,37,60,86,96,106 com/applisto/appcloner/classes/ConfirmExit.java, line(s) 15 com/applisto/appcloner/classes/CrashHandler.java, line(s) 83,93,107,25,71,95,111 com/applisto/appcloner/classes/DefaultFontProvider.java, line(s) 23,37,39,57 com/applisto/appcloner/classes/DefaultProvider.java, line(s) 148,151,156,164,210,263,303,327,471,529,551,614,641,663,702,741,832,855,914,936,1003,1238,1358,1473,1496,1656,1679,1845,2009,2263,2431,2688,2941,3244,3506,3550,3853,3905,3945,4248,4344,4384,4687,4695,4735,4741,4749,4752,4769,161,174,215,250,290,314,458,538,601,650,689,728,819,842,901,923,990,1081,1453,4701,4713,4726,4759,4775,4830,4849 com/applisto/appcloner/classes/DisableCameras.java, line(s) 21,42,59,77,97,103,123,138,25,54,72,90,118,130 com/applisto/appcloner/classes/DisableClipboardAccess.java, line(s) 58,98,101,104,110,116,121,126,143,146,149,152,155,158,167,179,184,193,224,234,240,245,249,266,282,72,134,186,226,252,269,284 com/applisto/appcloner/classes/FacebookLoginBehavior.java, line(s) 14,34 com/applisto/appcloner/classes/FacebookMessengerProvider.java, line(s) 36,38 com/applisto/appcloner/classes/FakeCalculator.java, line(s) 11,19,24,26 com/applisto/appcloner/classes/FakeCamera.java, line(s) 55,76,83,93,119,133,146,162,171,226,254,286,301,320,354,366,374,382,490,102,281,293,314,389,394,518 com/applisto/appcloner/classes/FileAccessMonitor.java, line(s) 17,41 com/applisto/appcloner/classes/GmailSupport.java, line(s) 31,38,42,54,105,119,132,138,157,169,186,189,200,203,219,222,230,44,109,113,143,151,171 com/applisto/appcloner/classes/HeadphonesEventReceiver.java, line(s) 11,24,32,17,45 com/applisto/appcloner/classes/HostsBlocker.java, line(s) 86,114,118,138,163,167,183,239,271,281,291,300,366,378,388,398,410,424,493,105,311,357,413,508 com/applisto/appcloner/classes/InterruptionFilterControls.java, line(s) 21,23,39,48,50,60,66,68 com/applisto/appcloner/classes/LaunchTileService.java, line(s) 13,18,25 com/applisto/appcloner/classes/LoadLibraryWorkaround.java, line(s) 18,23,43,38 com/applisto/appcloner/classes/LogcatViewer.java, line(s) 46,300,60,145 com/applisto/appcloner/classes/NotificationOptions.java, line(s) 155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,202,207,212,214,232,244,255,260,284,289,296,338,339,344,356,360,365,370,374,378,382,386,390,404,414,419,423,428,434,442,446,451,455,458,461,465,543,546,611,625,653,736,786,795,807,814,839,105,408,436,569,613,627,655,675,682,718,726,738,742,770,1031,1068,1077,1117,1137 com/applisto/appcloner/classes/OnAppExitListener.java, line(s) 19,27 com/applisto/appcloner/classes/OpenLinksWith.java, line(s) 26,42,50 com/applisto/appcloner/classes/PasswordActivity.java, line(s) 74,273,283,289,82,109,188,204,224,229,277,351,361,383,391 com/applisto/appcloner/classes/PasswordProvider.java, line(s) 11,18,20,25,27 com/applisto/appcloner/classes/PenEventReceiver.java, line(s) 12,18,34 com/applisto/appcloner/classes/PersistentApp.java, line(s) 13,21 com/applisto/appcloner/classes/PersistentAppAccessibilityService.java, line(s) 11 com/applisto/appcloner/classes/PersistentAppService.java, line(s) 17 com/applisto/appcloner/classes/PictureInPicture.java, line(s) 24,30,37,50,61,72,83,63,88 com/applisto/appcloner/classes/PowerEventReceiver.java, line(s) 12,17,20,24,28,32,42 com/applisto/appcloner/classes/PreferenceEditor.java, line(s) 23,26,30,41,59,68 com/applisto/appcloner/classes/PressBackAgainToExit.java, line(s) 17,32,55 com/applisto/appcloner/classes/SecretDialerCodeReceiver.java, line(s) 15,25 com/applisto/appcloner/classes/SetBrightnessOnStart.java, line(s) 22,24,40,50,93,62,71,86,100,109 com/applisto/appcloner/classes/ShowOnLockScreen.java, line(s) 14,26 com/applisto/appcloner/classes/Signatures.java, line(s) 36,55,58,94,100,109,114,135,84,139,156,165,185,198 com/applisto/appcloner/classes/SplashScreenActivity.java, line(s) 85,54,76,92 com/applisto/appcloner/classes/StartExitAppEventReceiver.java, line(s) 18,39,48,61,33,56,66 com/applisto/appcloner/classes/ToastFilter.java, line(s) 25,29,55,61,89,81,91 com/applisto/appcloner/classes/TrustAllCertificatesProvider.java, line(s) 34,36 com/applisto/appcloner/classes/Utils.java, line(s) 70,78,90,93,515,528,108,112,129,169,179,189,200,221,231,245,322,437,472,533,547,583,617,633 com/applisto/appcloner/classes/WhatsAppSupport.java, line(s) 29,53,66,56,60,68,80 com/applisto/appcloner/classes/WifiControls.java, line(s) 18,20,38,41,47,55,61,64,44,67 com/applisto/appcloner/classes/freeform/FreeFormWindow.java, line(s) 35,40,45,60 com/applisto/appcloner/classes/freeform/FreeFormWindowActivity.java, line(s) 32,48,51,72,93,54,85 com/applisto/appcloner/classes/util/IActivityManagerHook.java, line(s) 19 com/applisto/appcloner/classes/util/IPackageManagerHook.java, line(s) 20 com/applisto/appcloner/hooking/Hooking.java, line(s) 40,57,80,93,102,133,125,144 com/applisto/appcloner/service/RemoteService.java, line(s) 39,87,98 com/bumptech/glide/b/d.java, line(s) 92,226,91,225 com/bumptech/glide/b/e.java, line(s) 501,524,531,499,522,529 com/bumptech/glide/c.java, line(s) 180,189,106,179,186,107 com/bumptech/glide/c/e.java, line(s) 22,21,47,66,48,67 com/bumptech/glide/c/f.java, line(s) 14,13 com/bumptech/glide/c/k.java, line(s) 113,114 com/bumptech/glide/c/l.java, line(s) 203,204 com/bumptech/glide/c/n.java, line(s) 51,52 com/bumptech/glide/c/o.java, line(s) 109,110 com/bumptech/glide/d/e.java, line(s) 42,49,60,65,41,48,53,59,64,54 com/bumptech/glide/f/a/i.java, line(s) 52,89,90,53 com/bumptech/glide/f/g.java, line(s) 161,22,189,118 com/bumptech/glide/h/a/a.java, line(s) 35,36 com/bumptech/glide/load/a/a/c.java, line(s) 103,102 com/bumptech/glide/load/a/a/e.java, line(s) 85,84 com/bumptech/glide/load/a/b.java, line(s) 45,44 com/bumptech/glide/load/a/j.java, line(s) 55,154,54,153,157,163,171,168,172 com/bumptech/glide/load/a/l.java, line(s) 46,45 com/bumptech/glide/load/b/a/j.java, line(s) 121,178,122,179 com/bumptech/glide/load/b/a/k.java, line(s) 89,140,179,188,78,88,121,139,149,178,187,212,219,150,157,213,220,79 com/bumptech/glide/load/b/b/e.java, line(s) 35,45,59,65,36,60,46,66 com/bumptech/glide/load/b/b/i.java, line(s) 104,88 com/bumptech/glide/load/b/c/a.java, line(s) 72,69 com/bumptech/glide/load/b/c/b.java, line(s) 30,29 com/bumptech/glide/load/b/g.java, line(s) 548,204,381,547,269 com/bumptech/glide/load/b/h.java, line(s) 50,51 com/bumptech/glide/load/b/j.java, line(s) 15,153 com/bumptech/glide/load/b/p.java, line(s) 154 com/bumptech/glide/load/b/y.java, line(s) 31,32 com/bumptech/glide/load/c/c.java, line(s) 16,15 com/bumptech/glide/load/c/d.java, line(s) 41,40 com/bumptech/glide/load/c/f.java, line(s) 91,90 com/bumptech/glide/load/c/s.java, line(s) 81,82 com/bumptech/glide/load/c/t.java, line(s) 36,35 com/bumptech/glide/load/d/a/c.java, line(s) 65,64,81,82 com/bumptech/glide/load/d/a/i.java, line(s) 178,195,202,232,247,257,269,278,285,304,309,177,194,201,207,212,220,224,246,256,268,277,284,303,308 com/bumptech/glide/load/d/a/k.java, line(s) 156,248,332,102,118,155,247,314,331,103,216,315 com/bumptech/glide/load/d/a/l.java, line(s) 21,26,22,27 com/bumptech/glide/load/d/a/p.java, line(s) 36,37 com/bumptech/glide/load/d/a/u.java, line(s) 196,205,212,229,234,197,206,213,214,215,219,230,235 com/bumptech/glide/load/d/a/w.java, line(s) 124,123 com/bumptech/glide/load/d/e/a.java, line(s) 72,90,96,101,106,73,91,97,102,107 com/bumptech/glide/load/d/e/d.java, line(s) 22,23 com/bumptech/glide/load/d/e/j.java, line(s) 36,37 com/devzz/carbonlitecdn/ActivateActivity.java, line(s) 133,134,279,280,421,422,462,463,497,498,534,535,573,574,611,612,659 com/devzz/carbonlitecdn/LiveActivity.java, line(s) 129,458 com/devzz/carbonlitecdn/MovieDetails.java, line(s) 70 com/devzz/carbonlitecdn/SeriesDetailsActivity.java, line(s) 132 com/devzz/carbonlitecdn/SettingsActivity.java, line(s) 118,119,276 com/devzz/carbonlitecdn/c/b.java, line(s) 33,39,74,88,137,148 com/owen/tvrecyclerview/a/a.java, line(s) 20,26 com/owen/tvrecyclerview/widget/ItemSpacingOffsets.java, line(s) 40 com/owen/tvrecyclerview/widget/SpacingItemDecoration.java, line(s) 35 com/swift/sandhook/ClassNeverCall.java, line(s) 13 com/swift/sandhook/HookLog.java, line(s) 17,25,29,13,9,21 com/swift/sandhook/SandHook.java, line(s) 163 com/swift/sandhook/utils/FileUtils.java, line(s) 73,79 com/swift/sandhook/utils/ReflectionUtils.java, line(s) 21 com/swift/sandhook/utils/Unsafe.java, line(s) 93,31 com/swift/sandhook/wrapper/HookWrapper.java, line(s) 140,142,178,180,457,469 java/io/ByteArrayOutputStrean.java, line(s) 13,18,20,38,22 me/jessyan/autosize/utils/LogUtils.java, line(s) 14,20,34
信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/applisto/appcloner/classes/DisableClipboardAccess.java, line(s) 44,117,117,122,122,130,8
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/applisto/appcloner/classes/DisableClipboardAccess.java, line(s) 8,70,246
安全 此应用程序没有隐私跟踪程序
此应用程序不包括任何用户或设备跟踪器。在静态分析期间没有找到任何跟踪器。