安全分析报告:
安全分数
安全分数 39/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
2
用户/设备跟踪器
调研结果
高危
9
中危
18
信息
2
安全
2
关注
3
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危 Activity (com.teacherlink.teachang.page.splash.SplashActivity) is vulnerable to StrandHogg 2.0
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (26) 更新到 29 或更高版本以在平台级别修复此问题。
高危 Activity (com.teacherlink.teachang.page.live.InitLiveNewActivity) is vulnerable to StrandHogg 2.0
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (26) 更新到 29 或更高版本以在平台级别修复此问题。
高危 Activity (com.teacherlink.teachang.page.live.newlive.AnchorLiveNewActivity) 容易受到 Android Task Hijacking/StrandHogg 的攻击。
活动不应将启动模式属性设置为“singleTask”。 然后,其他应用程序可以将恶意活动放置在活动栈顶部,从而导致任务劫持/StrandHogg 1.0 漏洞。 这使应用程序成为网络钓鱼攻击的易受攻击目标。 可以通过将启动模式属性设置为“singleInstance”或设置空 taskAffinity (taskAffinity="") 属性来修复此漏洞。 您还可以将应用的目标 SDK 版本 (26) 更新到 28 或更高版本以在平台级别修复此问题。
高危 Activity (com.teacherlink.teachang.page.live.newlive.AnchorLiveNewActivity) is vulnerable to StrandHogg 2.0
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (26) 更新到 29 或更高版本以在平台级别修复此问题。
高危 已启用远程WebView调试
已启用远程WebView调试 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: dc/e.java, line(s) 62,8
高危 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: ea/d.java, line(s) 29 n8/j.java, line(s) 59,28
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: dc/s0.java, line(s) 192,5 yg/x.java, line(s) 1197,25
高危 WebView域控制不严格漏洞
WebView域控制不严格漏洞 Files: dc/a.java, line(s) 40,21 yg/x.java, line(s) 1061,1058
中危 应用程序可以安装在存在漏洞的 Android 版本上
Android 8.0, minSdk=26] 该应用程序可以安装在具有多个漏洞的旧版本 Android 上。支持 Android 版本 => 10、API 29 以接收合理的安全更新。
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Activity (com.teacherlink.teachang.page.live.InitLiveNewActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Activity (com.teacherlink.teachang.page.live.newlive.AnchorLiveNewActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Activity (com.yunbao.common.arouter.SchemeFilterActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Service (com.yunbao.common.service.JWebSocketClientService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/base/library/common/http/OkHttpFactory.java, line(s) 33,55 com/bumptech/glide/load/Option.java, line(s) 69 com/bumptech/glide/load/engine/DataCacheKey.java, line(s) 34 com/bumptech/glide/load/engine/EngineResource.java, line(s) 97 com/bumptech/glide/load/engine/ResourceCacheKey.java, line(s) 66 com/bumptech/glide/manager/RequestManagerRetriever.java, line(s) 40 com/teacherlink/teachang/BuildConfig.java, line(s) 9 com/teacherlink/teachang/model/GroupEventMessage.java, line(s) 684,684 com/teacherlink/teachang/model/LiveMessage.java, line(s) 449,449 com/teacherlink/teachang/model/TencentToken.java, line(s) 164 com/teacherlink/teachang/util/LocaleUtils.java, line(s) 15 com/teacherlink/teachang/util/SysEnv.java, line(s) 22 com/tencent/xmagic/XMagicImpl.java, line(s) 22 com/tencent/xmagic/XmagicConstant.java, line(s) 85 com/tencent/xmagic/c/c.java, line(s) 369 com/tencent/xmagic/utils/AppConfig.java, line(s) 10 com/yunbao/common/bean/CommonPop.java, line(s) 148 com/yunbao/main/bean/Bank.java, line(s) 79 com/yunbao/main/bean/IncomeList.java, line(s) 262 com/yunbao/main/bean/PasswordStatus.java, line(s) 71 com/yunbao/main/bean/WsResult.java, line(s) 353 com/yunbao/main/fragment/ComprehensiveActivityFragment.java, line(s) 19 com/yunbao/main/fragment/DiscountActivityFragment.java, line(s) 19 gd/a.java, line(s) 14,10 i1/g.java, line(s) 13,12,10 k4/b.java, line(s) 53 o/d.java, line(s) 56 org/extra/tools/Reporter.java, line(s) 24,23 org/light/detector/LightFaceClassifier.java, line(s) 13 org/light/device/LightDeviceProperty.java, line(s) 10,103 org/litepal/util/cipher/CipherUtil.java, line(s) 11 w0/q0.java, line(s) 43 wh/c.java, line(s) 277 zc/a.java, line(s) 11,83
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: ep/j.java, line(s) 28,54 g9/e.java, line(s) 67 m0/l.java, line(s) 1311 wk/q.java, line(s) 177,203 xk/n.java, line(s) 448,469,473,498
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: bi/g.java, line(s) 9 c1/f.java, line(s) 10 com/blankj/utilcode/util/v.java, line(s) 207 com/blankj/utilcode/util/x.java, line(s) 418 com/just/agentweb/b.java, line(s) 238 com/teacherlink/teachang/util/MD5Digest.java, line(s) 13 com/tencent/xmagic/download/FileUtil.java, line(s) 50 ea/v.java, line(s) 153,171 n8/d.java, line(s) 42 od/c.java, line(s) 56 org/light/utils/FileUtils.java, line(s) 612,747,1057 org/litepal/util/cipher/CipherUtil.java, line(s) 39 pf/a.java, line(s) 44 w0/k1.java, line(s) 54 xe/a.java, line(s) 122,186 yg/r0.java, line(s) 10
中危 IP地址泄露
IP地址泄露 Files: com/blankj/utilcode/util/g0.java, line(s) 236,236 h3/a.java, line(s) 95 k4/i.java, line(s) 40 l2/k.java, line(s) 39 n1/d.java, line(s) 111,111,13,111,111,111,111,111 n1/f.java, line(s) 10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41 n1/j.java, line(s) 41,286
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: cd/c.java, line(s) 58,127 com/base/library/util/StringUtils.java, line(s) 49 com/blankj/utilcode/util/d1.java, line(s) 86 com/blankj/utilcode/util/e0.java, line(s) 396 com/blankj/utilcode/util/j0.java, line(s) 75,88,92,96,100,104,108,112,120,124,128,11,15,55,71,132,136,140,144,148,152,156,160 com/blankj/utilcode/util/n.java, line(s) 19 com/blankj/utilcode/util/q0.java, line(s) 69,69,73 com/blankj/utilcode/util/s.java, line(s) 218 com/just/agentweb/b.java, line(s) 615,686 com/lxj/xpopup/util/h.java, line(s) 109,129 com/teacherlink/teachang/constant/Constants.java, line(s) 14 com/teacherlink/teachang/util/SysEnv.java, line(s) 39,113 com/teacherlink/teachang/util/download/FileUtil.java, line(s) 45 com/tencent/xmagic/util/FileUtil.java, line(s) 296 com/tencent/xmagic/utils/UriUtils.java, line(s) 73 com/yalantis/ucrop/util/FileUtils.java, line(s) 106 org/light/FontBitmapManager.java, line(s) 133 org/light/device/FileOfflineUtil.java, line(s) 62 org/light/device/LightDeviceUtils.java, line(s) 133,191,193,647,656,644 org/light/report/LightReportManager.java, line(s) 29,32 org/light/utils/FileUtils.java, line(s) 137,152 org/litepal/Operator.java, line(s) 148 org/litepal/tablemanager/Connector.java, line(s) 19,21 qg/b.java, line(s) 82 yg/a0.java, line(s) 117 yg/n.java, line(s) 52,53
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: c2/j.java, line(s) 17 c2/p0.java, line(s) 6 c2/r0.java, line(s) 13 com/base/library/util/OrderUtil.java, line(s) 5 com/orient/tea/barragephoto/ui/BarrageView.java, line(s) 23 com/teacherlink/teachang/util/BitmapUtils.java, line(s) 37 d1/a.java, line(s) 5 hk/c0.java, line(s) 7 hk/x.java, line(s) 12 jl/a.java, line(s) 4 jl/b.java, line(s) 4 jl/c.java, line(s) 5 jl/d.java, line(s) 6 jl/e.java, line(s) 5 k0/f.java, line(s) 42 kl/a.java, line(s) 5 nf/h.java, line(s) 13 o7/o.java, line(s) 26 q9/d.java, line(s) 11 um/a.java, line(s) 4 um/g.java, line(s) 8 xe/a.java, line(s) 15 yg/f1.java, line(s) 17 yg/x0.java, line(s) 3
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: ao/b.java, line(s) 173 c2/r0.java, line(s) 156
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: fd/e.java, line(s) 4,5,27 fd/f.java, line(s) 4,14 org/litepal/Operator.java, line(s) 6,193 org/litepal/tablemanager/AssociationCreator.java, line(s) 5,256 org/litepal/tablemanager/Generator.java, line(s) 4,67 org/litepal/util/DBUtility.java, line(s) 4,112
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/yunbao/common/activity/WebViewActivity.java, line(s) 189,220 com/yunbao/main/activity/WebViewMainActivity.java, line(s) 196,227
中危 应用程序包含隐私跟踪程序
此应用程序有多个2隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "login_auth_cancle" : "授权取消" "login_input_pwd" : "請輸入密碼" "login_forget_pwd" : "quên" "enter_withdraw_pwd" : "请输入提现密码" "login_auth_failure" : "授权失败" "find_pwd" : "找回密码" "modify_pwd" : "重置密碼" "reg_input_pwd_3" : "邀請碼(選填)" "find_pwd_forget" : "忘記密碼" "login_auth_ing" : "正在授权登录" "main_live_type_pwd" : "密碼" "live_set_pwd" : "請設置房間密碼" "live_input_password" : "請輸入房間密碼" "auth_success_tip" : "授权成功" "modify_pwd" : "重置密码" "login_input_pwd" : "请输入密码" "login_forget_pwd" : "Forgot" "library_roundedimageview_authorWebsite" : "https://github.com/vinc3m1" "login_auth_success" : "登录成功" "live_type_pwd" : "密碼房間" "google_crash_reporting_api_key" : "AIzaSyAzbZz-06uQdi50fSRHbjpFS5-b3jO22EE" "emotion_status_secret" : "保密" "main_live_type_pwd" : "Password" "live_type_pwd" : "密码房间" "login_auth_cancle" : "授權取消" "beauty_redcheeks3_label" : "害羞" "check_noauth_tip" : "没有权限或资源缺失,若有疑问请请联系接口人咨询" "auth" : "认证" "reg_input_pwd_2" : "請確認密碼" "reg_input_pwd_1" : "請填寫密碼" "fake_user_name" : "Shakespeare" "find_pwd_forget" : "忘记密码" "beauty_redcheeks3_label" : "shy" "auth_completed" : "手机已认证" "input_payment_password" : "请输入提现密码(6位纯数字)" "reg_input_pwd_2" : "请确认密码" "live_set_pwd" : "请设置房间密码" "login_forget_pwd" : "忘记密码" "mobile_authentication" : "手机认证" "com.google.firebase.crashlytics.mapping_file_id" : "ee1a719cf8a74ce786084246669ac94c" "login_forget_pwd" : "忘記密碼" "live_type_pwd" : "Password" "beauty_lips3_label" : "珊瑚橘" "auth_failed_tip" : "授权失败" "login_auth_success" : "登錄成功" "reg_input_pwd_3" : "邀请码(选填)" "google_api_key" : "AIzaSyAzbZz-06uQdi50fSRHbjpFS5-b3jO22EE" "phone_auth" : "手机认证" "cash_input_bank_user_name" : "请输入持卡人姓名" "find_pwd_find" : "立即找回" "not_auth" : "权限不足" "login_auth_failure" : "授權失敗" "reg_input_pwd_1" : "Password" "safety_certificate" : "安全等级" "payment_password" : "提现密码" "main_live_type_pwd" : "密码" "live_input_password" : "请输入房间密码" "withdraw_pwd_str" : "提现密码" "reg_input_pwd_1" : "请填写密码" "cash_input_bank_user_name" : "請輸入持卡人姓名" "login_auth_ing" : "正在授權登錄" 7f0e37f0e366aa89801eb072297c35 XHs4z0EQaO/NLfbPMCweptBdg2T 7f0e397bd097c35b0b6fc920fb0722 97bd097bd097c35b0b6fc920fb0722 7f0e37f1487f595b0b0bb0b6fb0722 9S7moFRyWv5AKZUhc=lxY8quVrn n7ah6dOZMWxJvSJxImkM0pEIiXNnOvjEf1KJFV9Bb9GvJeLrrVY3 97b6b97bd19801ec9210c9274c920e 97b6b97bd197c36c9210c9274c920e 0123456789ABCDEFGHJKLMNPQRTUWXY b027097bd097c36b0b6fc9274c91aa 97bd07f1487f595b0b0bc920fb0722 7f07e7f0e37f149b0723b0787b0721 nKrpSL+HCITruyb6BS9mW6M4mqmxDhazDmQgMKNfsA0d2kxFucCsXTyesFNajaisk 97bd097bd07f595b0b6fc920fb0722 7ec967f0e37f14998082b0787b06bd 977837f0e37f14998082b0787b0721 7f0e27f0e47f531b0b0bb0b6fb0722 97bcf7f0e47f531b0b0bb0b6fb0722 7f0e37f0e37f14898082b072297c35 7f0e36665b66aa89801e9808297c35 7f0e26665b66a449801e9808297c35 7f0e27f1487f531b0b0bb0b6fb0722 97bcf7f1487f531b0b0bb0b6fb0722 9778397bd097c36b0b6fc9210c91aa 97b6b97bd19801ec95f8c965cc920f 97bd097bd097c36b0b6fc9210c8dc2 7f0e37f1487f531b0b0bb0b6fb0722 977837f0e37f14998082b0723b06bd 665f67f0e37f1489801eb072297c35 97bd07f5307f595b0b0bc920fb0722 9778397bd097c36b0b6fc9274c91aa 977837f0e37f14898082b0723b02d5 nycCTRkXtOIoRNB9vgd9XooTKiEdCXC7W9ryvtwCiAB82vEfHWXXgzhsPC13URuFy 7f0e397bd097c36b0b6fc9210c8dc2 9778397bd19801ec9210c9274c920e 7f07e7f0e47f531b0723b0b6fb0722 7f07e7f0e47f149b0723b0787b0721 7f07e7f0e37f14998082b0787b0721 9778397bd097c36b0b70c9274c91aa H3UM16TDFPSBZJ90CW28QYRE45AXKNGV7L 7f0e27f1487f595b0b0bb0b6fb0722 97bd09801d98082c95f8e1cfcc920f 7f0e397bd07f595b0b0bc920fb0722 7f0e37f5307f595b0b0bc920fb0722 7ec967f0e37f14998082b0723b06bd 7f07e7f0e47f531b0723b0b6fb0721 vh9wGkfK8YmqbsoENP3764SeCX0dVzrgy1HRtpnTaLjJW2xQiZAcBMUFDu5 eyJpZCI6MTQsInBob25lIjoiMTMxMjIzMzQ0NTUiLCJuaWNrbmFtZSI6ImV3MXRwNzQ2OTUyIiwiYXZhdGFyIjoiIiwiZ2VuZGVyIjowLCJjb2xsZWN0X251bSI6MCwic2lnbl9uYW1lIjoiIiwiY29uY2VybnNfbnVtYmVyIjowLCJmYW5zX251bWJlciI6MCwiZ2lmdHNfZ2l2ZW5fbnVtIjowLCJob21ldG93biI6IiIsIm9jY3VwYXRpb24iOiIiLCJhZ2UiOiIiLCJmZWVsaW5nIjoiIiwibGV2ZWwiOjEsImxldmVsX2ljb24iOiJodHRwOlwvXC8xODIuMTYwLjMuMjFcL3VwbG9hZFwvbGV2ZWxcLzEucG5nIiwibGV2ZWxfc2NvcmVfZGlmZiI6NTAsImJpcnRoZGF5IjoiIn0= 7f0e397bd07f595b0b6fc920fb0722 9778397bd097c36c9210c9274c91aa 97db43fb0b5a1a7173aa2ee50d1240ac 97b6b97bd19801ec95f8c965cc920e 76576076c1f5f657b634e966c8836a06 n1JqbWJtTCCcfsCVxuBplhVJAQ7JsF5SMntdJDkp7rJLhprgsaim2CRjcVseNmw97 9778397bd197c36c9210c9274c91aa 665f67f0e37f14898082b072297c35 665f67f0e37f14898082b0723b02d5 97b6b7f0e47f531b0723b0b6fb0722 0123456789ABCDEFGHJKLMNPQRSTUVWXYZ 97b6b7f0e47f531b0723b0b6fb0721 977837f0e37f149b0723b0787b0721 97bcf97c3598082c95f8c965cc920f 97bcf97c3598082c95f8e1cfcc920f 7f0e37f0e37f14898082b0723b02d5 9778397bd097c36b0b6fc9210c8dc2 9778397bd097c36c9210c9274c920e 97b6b97bd19801ec9210c965cc920e 97bcf97c359801ec95f8c965cc920f 977837f0e37f14998082b0787b06bd 7f07e7f0e37f14998083b0787b0721 9778397bd19801ec9210c965cc920e 97b6b7f0e47f149b0723b0787b0721 7ec967f0e37f14898082b0723b02d5 01360240043788015936020505 97bd0b06bdb0722c965ce1cfcc920f 7f0e397bd097c35b0b6fc9210c8dc2 7f0e36665b66a449801e9808297c35 7ec967f0e37f14998082b0787b0721 nrAzVJpNGO75bQFap4jYzJYskIuas6fgIS7zSmGXgRcp6i0ZBH3pkVCXcgfLfsVCO 97b6b7f0e47f531b0723b0787b0721 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4teqkW/TUruU89ElNVd 7f0e27f0e47f531b0723b0b6fb0722 97bcf7f1487f595b0b0bb0b6fb0722
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: b6/b.java, line(s) 29 c8/p.java, line(s) 32,36 com/base/library/util/OrderUtil.java, line(s) 51 com/bumptech/glide/Glide.java, line(s) 327,336 com/bumptech/glide/gifdecoder/GifHeaderParser.java, line(s) 92 com/bumptech/glide/gifdecoder/StandardGifDecoder.java, line(s) 617,641,660 com/bumptech/glide/load/data/HttpUrlFetcher.java, line(s) 82,194,196,201,207 com/bumptech/glide/load/data/mediastore/ThumbnailStreamOpener.java, line(s) 46,97 com/bumptech/glide/load/engine/DecodeJob.java, line(s) 235,249 com/bumptech/glide/load/engine/DecodePath.java, line(s) 57 com/bumptech/glide/load/engine/Engine.java, line(s) 30 com/bumptech/glide/load/engine/SourceGenerator.java, line(s) 44,61 com/bumptech/glide/load/engine/bitmap_recycle/LruArrayPool.java, line(s) 109,150 com/bumptech/glide/load/engine/bitmap_recycle/LruBitmapPool.java, line(s) 93,138,150,173,182,247,256,285 com/bumptech/glide/load/engine/cache/DiskLruCacheWrapper.java, line(s) 58,77,87,114 com/bumptech/glide/load/engine/cache/MemorySizeCalculator.java, line(s) 144 com/bumptech/glide/load/engine/executor/RuntimeCompat.java, line(s) 37 com/bumptech/glide/load/engine/prefill/BitmapPreFillRunner.java, line(s) 86 com/bumptech/glide/load/model/ResourceLoader.java, line(s) 100 com/bumptech/glide/load/model/ResourceUriLoader.java, line(s) 73,82,97,118 com/bumptech/glide/load/model/StreamEncoder.java, line(s) 39 com/bumptech/glide/load/resource/DefaultOnHeaderDecodedListener.java, line(s) 67 com/bumptech/glide/load/resource/bitmap/BitmapEncoder.java, line(s) 74,89 com/bumptech/glide/load/resource/bitmap/BitmapImageDecoderResourceDecoder.java, line(s) 28 com/bumptech/glide/load/resource/bitmap/DefaultImageHeaderParser.java, line(s) 223,241,256,380,400,413,424,429,440,454 com/bumptech/glide/load/resource/bitmap/Downsampler.java, line(s) 105,191,224,279,321,351 com/bumptech/glide/load/resource/bitmap/DrawableToBitmapConverter.java, line(s) 47,55 com/bumptech/glide/load/resource/bitmap/HardwareConfigState.java, line(s) 89 com/bumptech/glide/load/resource/bitmap/TransformationUtils.java, line(s) 174 com/bumptech/glide/load/resource/bitmap/VideoDecoder.java, line(s) 273 com/bumptech/glide/load/resource/gif/ByteBufferGifDecoder.java, line(s) 71,136,143,150 com/bumptech/glide/manager/DefaultConnectivityMonitorFactory.java, line(s) 16 com/bumptech/glide/manager/RequestManagerRetriever.java, line(s) 222,318 com/bumptech/glide/manager/SingletonConnectivityReceiver.java, line(s) 150 com/bumptech/glide/module/ManifestParser.java, line(s) 59,67 com/bumptech/glide/request/SingleRequest.java, line(s) 79 com/bumptech/glide/request/target/CustomViewTarget.java, line(s) 55 com/bumptech/glide/request/target/ViewTarget.java, line(s) 56 com/bumptech/glide/util/ContentLengthInputStream.java, line(s) 40 com/bumptech/glide/util/pool/FactoryPools.java, line(s) 37 com/gyailib/library/GYAIBody3D.java, line(s) 24 com/liteav/audio2/route/AudioDeviceProperty.java, line(s) 118,109,129,139,149,170,172,180,182,191,193,201,203,224,226,257,259 com/liteav/audio2/route/a.java, line(s) 28,94,141,56,103,112,116,126,137 com/tencent/live2/impl/V2TXLiveUtils.java, line(s) 158,137,140 com/tencent/live2/impl/a.java, line(s) 79 com/tencent/rtmp/TXLiveBase.java, line(s) 120,205,211,142 com/tencent/rtmp/ui/TXCloudVideoView.java, line(s) 63,114,136,171,147,56,66,117,241,253 com/tencent/rtmp/video/ScreenCaptureService.java, line(s) 38,34,45 com/tencent/rtmp/video/TXScreenCapture.java, line(s) 26,43,22,36,52 com/tencent/tmediacodec/f/a.java, line(s) 18,36,50,24,12,30,43 com/tencent/trtc/TRTCCloud.java, line(s) 92 com/yalantis/ucrop/util/ImageHeaderParser.java, line(s) 169,187,202,220,242,260,273,284,289,300 dev/chrisbanes/insetter/Insetter.java, line(s) 375 dk/a.java, line(s) 258 dk/c.java, line(s) 8 ek/b.java, line(s) 26,102,123 fc/a.java, line(s) 78,90,102,62 fc/b.java, line(s) 51,65,111,29,34 gc/a.java, line(s) 43,184,188 gc/h.java, line(s) 59,100,122,49 ge/a.java, line(s) 592,613,629 ge/d.java, line(s) 103 ic/b.java, line(s) 54,68 ic/c.java, line(s) 38,61,94,110,123 ic/d.java, line(s) 54,83,96,130 jc/a.java, line(s) 30,53,56,59,62,77,86,125,26,37,95,103,112 jn/c.java, line(s) 91,92,97,101,103,105,107,125,126,148 k9/b.java, line(s) 25,34,76 k9/g.java, line(s) 25 kn/a.java, line(s) 32,34 l9/l.java, line(s) 157 l9/v.java, line(s) 83 org/litepal/tablemanager/AssociationCreator.java, line(s) 132,177,191,240,252 org/litepal/tablemanager/AssociationUpdater.java, line(s) 31,74,88,90,92,94,181,247 org/litepal/tablemanager/Dropper.java, line(s) 31 org/litepal/tablemanager/Upgrader.java, line(s) 19,28,34,54,84,132,134,136,164,196 pp/m.java, line(s) 56,57 qa/b.java, line(s) 68,77 ua/b.java, line(s) 9,13,17,21,25,29,37,41,45,49,53 va/b.java, line(s) 11 w0/z.java, line(s) 13,42,62,91,123 wk/d.java, line(s) 14,19,24,29,34,39,44,49,54,60,65,70,75,80,85,90,95,100,105,110,116 yg/a.java, line(s) 53,65 yg/n0.java, line(s) 24 zl/b.java, line(s) 61
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/yunbao/common/activity/ErrorActivity.java, line(s) 4,24 com/yunbao/common/activity/WebViewActivity.java, line(s) 5,45 com/yunbao/main/activity/AnchorInfoActivity.java, line(s) 5,248 com/yunbao/main/activity/WebViewMainActivity.java, line(s) 5,39,175 yg/f1.java, line(s) 4,98
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: ci/f.java, line(s) 102,67 com/base/library/common/http/RetrofitFactory.java, line(s) 21,17 com/teacherlink/teachang/http/RetrofitClient.java, line(s) 12,12 com/teacherlink/teachang/page/live/newlive/testspeed/SpeedTestRetrofitClient.java, line(s) 24,24 com/yunbao/common/reactivehttp/http/SelfRemoteDataSource.java, line(s) 58,101 fh/a.java, line(s) 96,96 hd/a.java, line(s) 147,96,145,145 mi/a.java, line(s) 79,79
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: org/light/device/LightDeviceUtils.java, line(s) 694,694,694,694
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (avatar.trtc.tencent-cloud.com) 通信。
{'ip': '222.186.185.69', 'country_short': 'CN', 'country_long': 'China', 'region': 'Jiangsu', 'city': 'Zhenjiang', 'latitude': '32.209171', 'longitude': '119.434174'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (ip.chinaz.com) 通信。
{'ip': '103.205.5.226', 'country_short': 'CN', 'country_long': 'China', 'region': 'Jiangsu', 'city': 'Hutang', 'latitude': '31.533331', 'longitude': '119.483330'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (pv.sohu.com) 通信。
{'ip': '222.186.185.69', 'country_short': 'CN', 'country_long': 'China', 'region': 'Jiangsu', 'city': 'Zhenjiang', 'latitude': '32.209171', 'longitude': '119.434174'}