应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
天涯PRO v1.2.4
48
安全评分
安全基线评分
48/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
5
高危
20
中危
3
信息
3
安全
隐私风险评估
0
第三方跟踪器
隐私安全
未检测到第三方跟踪器
检测结果分布
高危安全漏洞
5
中危安全漏洞
20
安全提示信息
3
已通过安全项
3
重点安全关注
8
高危安全漏洞 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危安全漏洞 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
net/aiyida/coco/shortVideo/util/m3u8downloader/utils/AES128Utils.java, line(s) 50,64
高危安全漏洞 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: net/aiyida/coco/ui/view/CustomWebView.java, line(s) 105,104 net/aiyida/coco/ui/webview/WebViewActivity.java, line(s) 173,171
高危安全漏洞 使用弱加密算法
使用弱加密算法 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/example/mvvmlibrary/utils/DESUtils.java, line(s) 16,28 com/example/mvvmlibrary/utils/DesEcbUtil.java, line(s) 19,30
高危安全漏洞 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: com/king/app/updater/http/HttpManager.java, line(s) 143,16
中危安全漏洞 基本配置配置为信任系统证书。
Scope: *
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Activity (net.aiyida.coco.ui.loading.TianqiLoadingActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (net.aiyida.coco.ui.loading.AnquanLoadingActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (net.aiyida.coco.ui.loading.QingliLoadingActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (net.aiyida.coco.ui.loading.WenjianjiaLoadingActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (net.aiyida.coco.service.DownloadPhotoService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (net.aiyida.coco.service.DownloadHotResourceService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: bin/mt/signature/KillerApplication.java, line(s) 77 com/danikula/videocache/StorageUtils.java, line(s) 15 com/example/mvvmlibrary/utils/AsyncLogger.java, line(s) 78,84 com/example/mvvmlibrary/utils/DataCleanManager.java, line(s) 43,64 com/example/mvvmlibrary/utils/DownloadMedia$2.java, line(s) 82,116 com/example/mvvmlibrary/utils/DownloadMedia.java, line(s) 79,165,201,236 com/example/mvvmlibrary/utils/DownloadUtils.java, line(s) 176,228 com/example/mvvmlibrary/utils/GetDeviceId.java, line(s) 128,129 com/example/mvvmlibrary/utils/ImageUtil.java, line(s) 21 com/example/mvvmlibrary/utils/PhotoCacheUtils.java, line(s) 144 com/example/mvvmlibrary/utils/ThumbnailUtils.java, line(s) 58,87,91,134 com/king/app/updater/service/DownloadService.java, line(s) 131 com/ypx/imagepicker/helper/CameraCompat.java, line(s) 100,109 com/ypx/imagepicker/utils/PBitmapUtils.java, line(s) 75,83,84 net/aiyida/coco/shortVideo/util/m3u8downloader/M3U8DownloaderConfig.java, line(s) 24 net/aiyida/coco/shortVideo/util/m3u8downloader/bean/APPConfig.java, line(s) 17 net/aiyida/coco/utils/PhoneInfo.java, line(s) 277,284,294 top/zibin/luban/LubanUtils.java, line(s) 28,30
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/example/mvvmlibrary/bean/TagsItem.java, line(s) 56 com/example/mvvmlibrary/bean/UserInfoBean.java, line(s) 148 com/example/mvvmlibrary/constant/Constant.java, line(s) 106 com/example/mvvmlibrary/utils/AESUtils.java, line(s) 16 com/example/mvvmlibrary/utils/SPUtil.java, line(s) 19,22,29,30 com/hjq/permissions/StartActivityManager.java, line(s) 9 com/tmall/wireless/tangram/MVResolver.java, line(s) 22 com/tmall/wireless/tangram3/dataparser/concrete/PojoDataParser.java, line(s) 81 com/uuzuche/lib_zxing/decoding/Intents.java, line(s) 45 com/zzhoujay/richtext/ImageHolder.java, line(s) 299 net/aiyida/coco/shortVideo/util/m3u8downloader/utils/SPHelper.java, line(s) 10 net/aiyida/coco/utils/ChangeIconUtil.java, line(s) 13
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/danikula/videocache/ProxyCacheUtils.java, line(s) 70 com/download/library/DownloadTask.java, line(s) 459 com/download/library/Downloader.java, line(s) 426,432,535,539 com/download/library/Runtime.java, line(s) 284,302 com/example/mvvmlibrary/utils/GetDeviceId.java, line(s) 102 com/example/mvvmlibrary/utils/MD5Utils.java, line(s) 15,26,47,59,81 com/king/app/updater/util/AppUtils.java, line(s) 127 com/zzhoujay/richtext/ext/MD5.java, line(s) 10 net/aiyida/coco/shortVideo/util/m3u8downloader/utils/MD5Utils.java, line(s) 9
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/hjq/permissions/PermissionFragment.java, line(s) 14 com/scwang/smartrefresh/header/FunGameBattleCityHeader.java, line(s) 15 com/scwang/smartrefresh/header/TaurusHeader.java, line(s) 26 com/scwang/smartrefresh/header/storehouse/StoreHouseBarItem.java, line(s) 8 com/ypx/imagepicker/helper/launcher/PRouter.java, line(s) 9 com/ypx/imagepicker/helper/launcher/PRouterV4.java, line(s) 9 net/aiyida/coco/ui/main/fragment/view/LoveView.java, line(s) 17 net/aiyida/coco/utils/CodeUtils.java, line(s) 7
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/example/mvvmlibrary/utils/DeviceIdUtil.java, line(s) 76
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: org/nanohttpd/protocols/http/HTTPSession.java, line(s) 474,572 org/nanohttpd/protocols/http/tempfiles/DefaultTempFile.java, line(s) 14
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/danikula/videocache/HttpProxyCacheServer.java, line(s) 21 org/nanohttpd/protocols/http/HTTPSession.java, line(s) 73
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/danikula/videocache/sourcestorage/DatabaseSourceInfoStorage.java, line(s) 6,7,28
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: net/aiyida/coco/ui/main/fragment/XuanFeiFragment.java, line(s) 104,98 net/aiyida/coco/ui/webview/WebViewActivity.java, line(s) 113,131
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: net/aiyida/coco/ui/webview/WebViewActivity.java, line(s) 136,131
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 openinstall统计的=> "com.openinstall.APP_KEY" : "itofwl" "password" : "password" "library_roundedimageview_authorWebsite" : "https://github.com/vinc3m1" "user_name" : "phone" nhkiG9w0BAQsFAAOCAQEAKJMTPYZvh4ZcFHao1HoaV2mSzzLiAI9CMLNuYSKA9AiExDTeyn856EkM eb411c2810f04ffa8aaafc42052b233820180418095416 EhMLxwqi3KFK4qzJlZG5ktmUVbTzT cb37178af1584c1588f4a01e5ecf323120180418133127 nfdoOgDdiVcANQWO0K66ZdZD3YpfXtC5KK3OU31A11tJRvRpZhPP+OIxuItfB+Cuwn6Eczv2W6uUk MIIDfjCCAmagAwIBAgIJAMVhtEEpvJ3xMA0GCSqGSIb3DQEBCwUAMGwxEDAOBgNVBAYTB1Vua25v n2jWGY55VsV6GG+KvbDDhINNZFEhNltB8CsZ1lr3lcxwEMQ+yIJJmQLgSgsAD27hY8EMTX+sMv+0j nvGqZJV8gm+4TRHCFAgMBAAGjITAfMB0GA1UdDgQWBBT0gX/32rRVGorv5rHe0RjeINqZrjANBgkq nYlwSG4C0AcWH0UDmoptLt/iNP4o6LOXbSf6AK8BhFvky1YLdixTPRCJXPh7UdhDsti5ldiJEE+Im nMjA0MjIwMTIzMDBaMGwxEDAOBgNVBAYTB1Vua25vd24xEDAOBgNVBAgTB1Vua25vd24xEDAOBgNV nEDAOBgNVBAsTB1Vua25vd24xEDAOBgNVBAMTB1Vua25vd24wIBcNMjQxMjA1MDEyMzAwWhgPMjA1 n/J2jraSFRUih+z6h0Oa1ijhHyHa8WSrTClLaGD0r8lbzp64kT+7ieWnKfsLs+0E1oVdCbIgMduIo nQmSB2I1MygLEXRoI4be9CtGwitFK8eo+fLLIhJ1OkLwu5y2YEHiPOrqfuxaC5drkF4wCQZOJ3UL+ nB1Vua25vd24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCMoAbp2ZBOZ24Gvn2iFpBz
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/example/mvvmlibrary/base/BaseActivity.java, line(s) 4,122,123 com/example/mvvmlibrary/utils/ClipBoardUtil.java, line(s) 4,14,31,32 net/aiyida/coco/ui/about/AboutActivity.java, line(s) 5,183 net/aiyida/coco/ui/main/dialog/IdentityCardDialog.java, line(s) 5,188 net/aiyida/coco/ui/main/dialog/InvitationCodeDialog.java, line(s) 5,130 net/aiyida/coco/ui/main/dialog/QRCodeDialog.java, line(s) 5,202 net/aiyida/coco/ui/main/dialog/VideoShareDialog.java, line(s) 5,225 net/aiyida/coco/ui/main/fragment/MinePageFragment.java, line(s) 5,709 net/aiyida/coco/ui/main/fragment/QLPageFragment.java, line(s) 4,180 net/aiyida/coco/ui/video/view/InviteDialog.java, line(s) 4,142 net/aiyida/coco/ui/video/view/InviteSmallDialog.java, line(s) 4,158 net/aiyida/coco/ui/video/view/ShareDialog.java, line(s) 5,159 net/aiyida/coco/ui/vip/adapter/PayLogAdapter.java, line(s) 4,120 net/aiyida/coco/ui/vip/adapter/RechargeLogAdapter.java, line(s) 4,141 net/aiyida/coco/ui/vip/adapter/WalletLogAdapter.java, line(s) 4,146
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: bin/mt/signature/KillerApplication.java, line(s) 116,126,161 com/AES.java, line(s) 25 com/C0008.java, line(s) 57 com/C0044.java, line(s) 57 com/DialogInterfaceOnClickListenerC0007.java, line(s) 22 com/DialogInterfaceOnClickListenerC0043.java, line(s) 22 com/a.java, line(s) 13 com/aleyn/mvvm/event/SingleLiveEvent.java, line(s) 22 com/b.java, line(s) 50,55,577 com/danikula/videocache/HttpProxyCacheServer.java, line(s) 61,64 com/danikula/videocache/Logger.java, line(s) 11,29,17,23 com/download/library/DownloadSubmitterImpl.java, line(s) 43 com/download/library/Runtime.java, line(s) 278,246,251 com/duck/AES.java, line(s) 23 com/duck/C0004.java, line(s) 59 com/duck/C0012.java, line(s) 59 com/duck/DialogInterfaceOnClickListenerC0003.java, line(s) 20,30 com/duck/DialogInterfaceOnClickListenerC0011.java, line(s) 20,30 com/duck/a.java, line(s) 12 com/duck/b.java, line(s) 49,54,211 com/example/mvvmlibrary/base/BaseActivity.java, line(s) 85 com/example/mvvmlibrary/base/BaseRootActivity.java, line(s) 98,100,121 com/example/mvvmlibrary/net/ApiService.java, line(s) 58 com/example/mvvmlibrary/net/ApiServiceByServerConfig.java, line(s) 56 com/example/mvvmlibrary/utils/AESUtils.java, line(s) 108 com/example/mvvmlibrary/utils/AppUpdateUtils.java, line(s) 384,398,401,407,423,474,486,488,493,497 com/example/mvvmlibrary/utils/AsyncLogger.java, line(s) 40,51 com/example/mvvmlibrary/utils/DESUtils.java, line(s) 34 com/example/mvvmlibrary/utils/DownloadMedia$2.java, line(s) 37,42,82,116 com/example/mvvmlibrary/utils/DownloadMedia.java, line(s) 46,51,117,122,79,165,201,236 com/example/mvvmlibrary/utils/FolderHelper.java, line(s) 27 com/example/mvvmlibrary/utils/LoadResourceUtil.java, line(s) 67,105,132,133,141 com/example/mvvmlibrary/utils/LogUtils.java, line(s) 48,39,86,88,121,57,75,66 com/example/mvvmlibrary/utils/SaveUtils.java, line(s) 27,121,83 com/github/gzuliyujiang/dialog/DialogLog.java, line(s) 18 com/github/ihsg/patternlocker/Logger.java, line(s) 36 com/github/ybq/android/spinkit/animation/SpriteAnimatorBuilder.java, line(s) 148 com/jakewharton/disklrucache/DiskLruCache.java, line(s) 107 com/king/app/updater/AppUpdater.java, line(s) 51 com/king/app/updater/http/HttpManager.java, line(s) 85,93,134 com/king/app/updater/http/OkHttpManager.java, line(s) 90 com/king/app/updater/service/DownloadService.java, line(s) 94,110,181,200,234,46,61,86,215 com/king/app/updater/util/AppUtils.java, line(s) 117 com/makeramen/roundedimageview/RoundedDrawable.java, line(s) 117 com/makeramen/roundedimageview/RoundedImageView.java, line(s) 268,308 com/tmall/wireless/tangram/core/resolver/ClassResolver.java, line(s) 19,25 com/tmall/wireless/tangram/dataparser/concrete/Card.java, line(s) 896 com/tmall/wireless/tangram/ext/SwipeItemTouchListener.java, line(s) 238 com/tmall/wireless/tangram/structure/ViewCreator.java, line(s) 42 com/tmall/wireless/tangram/structure/card/GridCard.java, line(s) 198 com/tmall/wireless/tangram/structure/card/LinearScrollCard.java, line(s) 37 com/tmall/wireless/tangram/support/RxTimer$1.java, line(s) 16 com/tmall/wireless/tangram/support/RxTimer$2.java, line(s) 16 com/tmall/wireless/tangram/support/RxTimer$3.java, line(s) 17 com/tmall/wireless/tangram/support/RxTimer$4.java, line(s) 20 com/tmall/wireless/tangram/util/LogUtils.java, line(s) 83,88,93,98,103,108,113 com/tmall/wireless/tangram/util/Utils.java, line(s) 124,130 com/tmall/wireless/tangram3/ComponentRenderManager.java, line(s) 74 com/tmall/wireless/tangram3/core/resolver/ClassResolver.java, line(s) 20,26 com/tmall/wireless/tangram3/ext/SwipeItemTouchListener.java, line(s) 248 com/tmall/wireless/tangram3/structure/ViewCreator.java, line(s) 41 com/tmall/wireless/tangram3/util/LogUtils.java, line(s) 81,86,91,96,101,106,111 com/tmall/wireless/tangram3/util/Utils.java, line(s) 124,130 com/uuzuche/lib_zxing/activity/CaptureActivity.java, line(s) 21,22,60 com/uuzuche/lib_zxing/activity/CaptureFragment.java, line(s) 171,172 com/uuzuche/lib_zxing/activity/CodeUtils.java, line(s) 52,84,85 com/uuzuche/lib_zxing/camera/AutoFocusCallback.java, line(s) 26 com/uuzuche/lib_zxing/camera/CameraConfigurationManager.java, line(s) 36,39,51,56,87,47,109,126,174,185 com/uuzuche/lib_zxing/camera/FlashlightManager.java, line(s) 18,20,60,71,80,83,86 com/uuzuche/lib_zxing/camera/PreviewCallback.java, line(s) 36 com/uuzuche/lib_zxing/decoding/CaptureActivityHandler.java, line(s) 53,58,70,74,61,66 com/uuzuche/lib_zxing/decoding/DecodeHandler.java, line(s) 63 com/zhpan/bannerview/utils/BannerUtils.java, line(s) 25 com/zzhoujay/markdown/style/EmailSpan.java, line(s) 35 me/jessyan/autosize/AutoSize.java, line(s) 169 me/jessyan/autosize/AutoSizeConfig.java, line(s) 108,125,134,199 me/jessyan/autosize/DefaultAutoAdaptStrategy.java, line(s) 21,31,34,15,28 me/jessyan/autosize/utils/AutoSizeLog.java, line(s) 23,35,29 me/jingbin/library/skeleton/ByStateViewSkeletonScreen.java, line(s) 63 me/yokeyword/eventbusactivityscope/EventBusActivityScope.java, line(s) 69,74 me/yokeyword/fragmentation/TransactionDelegate.java, line(s) 279,456,257,271 me/yokeyword/fragmentation/debug/DebugStackDelegate.java, line(s) 131 me/yokeyword/fragmentation/exception/AfterSaveStateTransactionWarning.java, line(s) 8 net/aiyida/coco/ap/MyApplication.java, line(s) 208 net/aiyida/coco/shortVideo/adapter/TiktokAdapter.java, line(s) 91 net/aiyida/coco/shortVideo/util/cache/PreloadManager.java, line(s) 44,87,96 net/aiyida/coco/shortVideo/util/m3u8downloader/utils/SPHelper.java, line(s) 29 net/aiyida/coco/shortVideo/widget/VerticalViewPager.java, line(s) 427,433,457 net/aiyida/coco/ui/loading/model/LoadModel.java, line(s) 59,120 net/aiyida/coco/ui/main/MainActivity.java, line(s) 331 net/aiyida/coco/ui/main/fragment/GirlFriendFragmentKt.java, line(s) 46 net/aiyida/coco/ui/main/fragment/dialog/ChooseExpandDectoraton.java, line(s) 73 net/aiyida/coco/ui/systemlog/SystemLogActivity.java, line(s) 165,205 net/aiyida/coco/ui/view/PlayPauseDrawable.java, line(s) 94,111 net/aiyida/coco/ui/vip/BuyAgentActivity.java, line(s) 167 net/aiyida/coco/ui/vip/BuyVipActivity.java, line(s) 285 net/aiyida/coco/ui/vip/WalletActivity.java, line(s) 207 net/aiyida/coco/utils/MyUncaughtExceptionHandler.java, line(s) 63,117 net/aiyida/coco/utils/OkHttpStreamFetcher.java, line(s) 63,62 net/aiyida/coco/utils/PhoneInfo.java, line(s) 103,105,127,136,167,179,182,199,225,228,244 net/aiyida/coco/utils/RendererUtil.java, line(s) 28 net/aiyida/coco/utils/TimeUtils.java, line(s) 14 org/greenrobot/eventbus/Logger$SystemOutLogger.java, line(s) 7,11 org/greenrobot/eventbus/util/ErrorDialogConfig.java, line(s) 34 org/greenrobot/eventbus/util/ErrorDialogManager.java, line(s) 182 org/lsposed/hiddenapibypass/HiddenApiBypass.java, line(s) 74,313 org/nanohttpd/util/ServerRunner.java, line(s) 15,18,24 pokercc/android/expandablerecyclerview/ExpandableAdapter.java, line(s) 403 pokercc/android/expandablerecyclerview/ExpandableItemAnimator.java, line(s) 600,638,692,763 pokercc/android/expandablerecyclerview/ExpandableRecyclerView.java, line(s) 149,192,240 top/zibin/luban/Checker.java, line(s) 61,81,87,112,120 top/zibin/luban/Luban.java, line(s) 93,92 top/zibin/luban/LubanUtils.java, line(s) 64 top/zibin/luban/io/LruArrayPool.java, line(s) 86,124,87,125 xyz/doikki/videocontroller/component/ErrorView.java, line(s) 87,95 xyz/doikki/videocontroller/component/ListPrepareView.java, line(s) 147 xyz/doikki/videocontroller/component/PrepareView.java, line(s) 197 xyz/doikki/videocontroller/component/VodControlView.java, line(s) 134 xyz/doikki/videocontroller/component/VodControlView2.java, line(s) 124 xyz/doikki/videoplayer/util/L.java, line(s) 15,21,27,33
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: com/example/mvvmlibrary/utils/SPUtil.java, line(s) 77,69,77
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/example/mvvmlibrary/net/ApiService.java, line(s) 42,88,42,88 com/example/mvvmlibrary/net/ApiServiceByServerConfig.java, line(s) 40,86,40,86 com/example/mvvmlibrary/net/DownloadService.java, line(s) 25,25 com/king/app/updater/util/SSLSocketFactoryUtils.java, line(s) 119,38,82,118,109,117,117 com/zzhoujay/richtext/ig/DefaultImageDownloader.java, line(s) 98,66 org/nanohttpd/protocols/http/NanoHTTPD.java, line(s) 126,124,126,150,123,123
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: net/aiyida/coco/utils/PhoneInfo.java, line(s) 100,100
已通过安全项 此应用程序没有隐私跟踪程序
此应用程序不包括任何用户或设备跟踪器。在静态分析期间没有找到任何跟踪器。
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (cms-bucket.nosdn.127.net) 通信。
{'ip': '117.68.67.83', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (lvye6.lanzoup.com) 通信。
{'ip': '117.68.67.83', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '南通', 'latitude': '32.030296', 'longitude': '120.874779'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api.canary.spread01.com) 通信。
{'ip': '117.68.67.83', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '无锡', 'latitude': '31.569349', 'longitude': '120.288788'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api.wuc0jp1e.com) 通信。
{'ip': '117.68.67.83', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '无锡', 'latitude': '31.569349', 'longitude': '120.288788'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (hp.hpchinaapi2.com) 通信。
{'ip': '154.86.23.52', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (vfx.mtime.cn) 通信。
{'ip': '58.218.215.99', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '徐州', 'latitude': '34.266666', 'longitude': '117.166664'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (tyapap.hyx996.com) 通信。
{'ip': '117.68.67.83', 'country_short': 'CN', 'country_long': '中国', 'region': '安徽', 'city': '六安', 'latitude': '31.650000', 'longitude': '118.525002'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (hp.hpchinaapi3.com) 通信。
{'ip': '154.86.23.218', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}
综合安全基线评分总结
天涯PRO v1.2.4
Android APK
48
综合安全评分
中风险