安全分析报告:
安全分数
安全分数 42/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
2
用户/设备跟踪器
调研结果
高危
7
中危
21
信息
2
安全
2
关注
9
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危 已启用远程WebView调试
已启用远程WebView调试 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: org/cocos2dx/javascript/H5PayDemoActivity.java, line(s) 107,10,11
高危 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: 肌緭/肌緭/肌緭/肌緭/垡玖/C0061.java, line(s) 8
高危 WebView域控制不严格漏洞
WebView域控制不严格漏洞 Files: org/cocos2dx/javascript/kefu/X5WebView.java, line(s) 33,30 org/cocos2dx/javascript/views/X5WebView.java, line(s) 54,50 org/cocos2dx/lib/Cocos2dxWebView.java, line(s) 112,108,109,110,111,112,113,132
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/ta/utdid2/a/a/a.java, line(s) 52,78
高危 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: cc/openshare/sdk/opensharesdk/BuildConfig.java, line(s) 2,4
高危 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: com/alipay/android/phone/mrpc/core/b.java, line(s) 105,15,3
中危 应用程序存在Janus漏洞
应用程序使用了v1签名方案进行签名,如果只使用v1签名方案,那么它就容易受到安卓5.0-8.0上的Janus漏洞的攻击。在安卓5.0-7.0上运行的使用了v1签名方案的应用程序,以及同时使用了v2/v3签名方案的应用程序也同样存在漏洞。
中危 应用程序可以安装在有漏洞的已更新 Android 版本上
Android 6.0-6.0.1, [minSdk=23] 该应用程序可以安装在具有多个未修复漏洞的旧版本 Android 上。这些设备不会从 Google 接收合理的安全更新。支持 Android 版本 => 10、API 29 以接收合理的安全更新。
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Activity (org.cocos2d.helloworld.wxapi.WXEntryActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Activity (com.tencent.tauth.AuthActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.alipay.sdk.app.PayResultActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Activity (com.alipay.sdk.app.AlipayResultActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Service (cn.jpush.android.service.DaemonService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Content Provider (cn.jpush.android.service.DownloadProvider) 未被保护。
[android:exported=true] 发现 Content Provider与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Activity设置了TaskAffinity属性
(cn.jpush.android.service.JNotifyActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity (cn.jpush.android.service.JNotifyActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 高优先级的Intent (1000)
[android:priority] 通过设置一个比另一个Intent更高的优先级,应用程序有效地覆盖了其他请求。
中危 IP地址泄露
IP地址泄露 Files: com/alipay/android/phone/mrpc/core/q.java, line(s) 303 com/lahm/library/EmulatorCheckUtil.java, line(s) 30 com/lahm/library/SecurityCheckUtil.java, line(s) 120 com/lahm/library/VirtualApkCheckUtil.java, line(s) 55,211 com/xiongmao/security/xiongmao/android/sdk/XiongMaoUtil.java, line(s) 56 com/xiongmao/security/xiongmao/android/sdk/traceroute/XMNetTraceRoute.java, line(s) 26 com/xiongmao/security/xiongmao/android/sdk/traceroute/e.java, line(s) 222,244,260 io/openinstall/sdk/ap.java, line(s) 35
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: cc/openshare/sdk/opensharesdk/OpenShareCore.java, line(s) 17 com/lahm/library/VirtualApkCheckUtil.java, line(s) 28 com/ta/utdid2/a/a/e.java, line(s) 7 com/ta/utdid2/device/c.java, line(s) 11 com/xiongmao/security/xiongmao/android/sdk/XiongMao.java, line(s) 14
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/luck/picture/lib/manager/PictureCacheManager.java, line(s) 23,40,57,91 com/luck/picture/lib/utils/DownloadFileUtils.java, line(s) 36,36,57,57,81,81 com/luck/picture/lib/utils/FileDirMap.java, line(s) 26,33,40 com/luck/picture/lib/utils/MediaStoreUtils.java, line(s) 86,99 com/luck/picture/lib/utils/PictureFileUtils.java, line(s) 192,200,208,222,394,407,144,145,396 com/lzy/okgo/convert/FileConvert.java, line(s) 26,48 com/ta/utdid2/b/a/c.java, line(s) 55,196,293,332 io/openinstall/sdk/az.java, line(s) 77,78,90,91 org/cocos2dx/javascript/AppActivity.java, line(s) 1287,1295,1314 org/cocos2dx/javascript/utils/FileUtils.java, line(s) 31,754 org/cocos2dx/javascript/utils/PictureDownUtil.java, line(s) 69,73 org/cocos2dx/javascript/utils/Utils.java, line(s) 503,501,512 org/cocos2dx/lib/Cocos2dxHelper.java, line(s) 164 skin/support/utils/SkinFileUtils.java, line(s) 10
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: cc/openshare/sdk/opensharesdk/Md5Utils.java, line(s) 12 com/luck/picture/lib/loader/SandboxFileLoader.java, line(s) 55 org/cocos2dx/javascript/utils/Utils.java, line(s) 58
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/bumptech/glide/load/Option.java, line(s) 78 com/bumptech/glide/load/engine/DataCacheKey.java, line(s) 34 com/bumptech/glide/load/engine/EngineResource.java, line(s) 92 com/bumptech/glide/load/engine/ResourceCacheKey.java, line(s) 63 com/bumptech/glide/manager/RequestManagerRetriever.java, line(s) 37 com/luck/picture/lib/config/PictureConfig.java, line(s) 21 com/lzy/okgo/cache/CacheEntity.java, line(s) 12,84 com/lzy/okgo/exception/CacheException.java, line(s) 14,10 com/tencent/tauth/AuthActivity.java, line(s) 17 com/uuzuche/lib_zxing/decoding/Intents.java, line(s) 49
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/ta/utdid2/device/c.java, line(s) 58 io/openinstall/sdk/i.java, line(s) 142
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/lzy/okgo/db/DBHelper.java, line(s) 4,5,39 com/lzy/okgo/db/DBUtils.java, line(s) 4,15 org/cocos2dx/lib/Cocos2dxLocalStorage.java, line(s) 5,6,50
中危 应用程序包含隐私跟踪程序
此应用程序有多个2隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 OpenShareInstall的 "com.OpenShareInstall.APP_KEY" : "bMeYcB3gxPvSEus" 极光推送的 "JPUSH_CHANNEL" : "developer-default" 极光推送的 "JPUSH_APPKEY" : "df63da330e9f1a468ad57bf6" openinstall统计的 "com.openinstall.APP_KEY" : "default" OpenShareInstall的 "cc.openshare.APPID" : "bMeYcB3gxPvSEus" L3N5c3RlbS9iaW4vZ2VueW1vdGlvbi12Ym94LXNm Y29tLnRlbmNlbnQuYW5kcm9pZC5xcWRvd25sb2FkZXI= L3N5c3RlbS9iaW4vbmVtdVZNLXByb3A= L3N5c3RlbS9ldGMvZXhjbHVkZWQtaW5wdXQtZGV2aWNlcy54bWw= L3N5cy9jbGFzcy9uZXQvd2xhbjAvYWRkcmVzcw== L3N5c3RlbS9iaW4vbWljcm92aXJ0LXByb3A= YW5kcm9pZC5oYXJkd2FyZS5jYW1lcmEuZmxhc2g= QrMgt8GGYI6T52ZY5AnhtxkLzb8egpFn3j5JELI8H6wtACbUnZ5cc3aYTsTRbmkAkRJeYbtx92LPBWm7nBO9UIl7y5i5MQNmUZNf5QENurR5tGyo7yJ2G0MBjWvy6iAtlAbacKP0SwOUeUWx5dsBdyhxa7Id1APtybSdDgicBDuNjI0mlZFUzZSS9dmN8lBD0WTVOMz0pRZbR3cysomRXOO1ghqjJdTcyDIxzpNAEszN8RMGjrzyU7Hjbmwi6YNK YW5kcm9pZC5oYXJkd2FyZS5ibHVldG9vdGg= L3N5c3RlbS9iaW4vZHJvaWQ0eC1wcm9w
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: cc/openshare/sdk/opensharesdk/JsonHelper.java, line(s) 132,141,158,169,178,189 cc/openshare/sdk/opensharesdk/KLog.java, line(s) 112,128,121,115,109,82,118,124,149,155,159 cc/openshare/sdk/opensharesdk/OpenShare.java, line(s) 181,192,178 cc/openshare/sdk/opensharesdk/OpenShareCore.java, line(s) 172,174 com/alipay/android/phone/mrpc/core/b.java, line(s) 78 com/bumptech/glide/Glide.java, line(s) 273,282,215,195,214,272,279,196 com/bumptech/glide/gifdecoder/GifHeaderParser.java, line(s) 92,122,91,121 com/bumptech/glide/gifdecoder/StandardGifDecoder.java, line(s) 572,588,605,570,586,603,647,656 com/bumptech/glide/load/data/AssetPathFetcher.java, line(s) 51,50 com/bumptech/glide/load/data/HttpUrlFetcher.java, line(s) 65,167,64,166,170,176,184,181,185 com/bumptech/glide/load/data/LocalUriFetcher.java, line(s) 52,51 com/bumptech/glide/load/data/mediastore/ThumbFetcher.java, line(s) 112,111 com/bumptech/glide/load/data/mediastore/ThumbnailStreamOpener.java, line(s) 57,117,56,116 com/bumptech/glide/load/engine/DecodeJob.java, line(s) 185,199,289 com/bumptech/glide/load/engine/DecodePath.java, line(s) 57,58 com/bumptech/glide/load/engine/Engine.java, line(s) 30,216 com/bumptech/glide/load/engine/GlideException.java, line(s) 198 com/bumptech/glide/load/engine/SourceGenerator.java, line(s) 36,37 com/bumptech/glide/load/engine/bitmap_recycle/LruArrayPool.java, line(s) 119,157,120,158 com/bumptech/glide/load/engine/bitmap_recycle/LruBitmapPool.java, line(s) 139,182,192,257,103,138,148,171,181,191,234,241,256,109,149,235,242,172 com/bumptech/glide/load/engine/cache/DiskLruCacheWrapper.java, line(s) 59,71,80,90,104,110,81,105,60,72,91,111 com/bumptech/glide/load/engine/cache/MemorySizeCalculator.java, line(s) 157,141 com/bumptech/glide/load/engine/executor/GlideExecutor.java, line(s) 81,78 com/bumptech/glide/load/engine/executor/RuntimeCompat.java, line(s) 37,36 com/bumptech/glide/load/engine/prefill/BitmapPreFillRunner.java, line(s) 104,103 com/bumptech/glide/load/model/ByteBufferEncoder.java, line(s) 21,20 com/bumptech/glide/load/model/ByteBufferFileLoader.java, line(s) 51,50 com/bumptech/glide/load/model/FileLoader.java, line(s) 103,102 com/bumptech/glide/load/model/ResourceLoader.java, line(s) 99,100 com/bumptech/glide/load/model/StreamEncoder.java, line(s) 40,39 com/bumptech/glide/load/resource/ImageDecoderResourceDecoder.java, line(s) 67,68 com/bumptech/glide/load/resource/bitmap/BitmapEncoder.java, line(s) 70,69,86,87 com/bumptech/glide/load/resource/bitmap/BitmapImageDecoderResourceDecoder.java, line(s) 20,21 com/bumptech/glide/load/resource/bitmap/DefaultImageHeaderParser.java, line(s) 192,199,273,283,295,311,328,335,365,378,383,191,198,272,282,294,310,327,334,340,345,353,357,377,382 com/bumptech/glide/load/resource/bitmap/Downsampler.java, line(s) 95,113,307,94,112,186,234,257,278,306,187,235,385 com/bumptech/glide/load/resource/bitmap/DrawableToBitmapConverter.java, line(s) 47,52,48,53 com/bumptech/glide/load/resource/bitmap/HardwareConfigState.java, line(s) 47,48 com/bumptech/glide/load/resource/bitmap/TransformationUtils.java, line(s) 293,120,125,169,178,185,292,121,126,170,179,186,187,188,192 com/bumptech/glide/load/resource/bitmap/VideoDecoder.java, line(s) 129,128 com/bumptech/glide/load/resource/gif/ByteBufferGifDecoder.java, line(s) 99,105,110,115,125,100,106,111,116,126 com/bumptech/glide/load/resource/gif/GifDrawableEncoder.java, line(s) 21,22 com/bumptech/glide/load/resource/gif/StreamGifDecoder.java, line(s) 42,43 com/bumptech/glide/manager/DefaultConnectivityMonitor.java, line(s) 23,22,48,67,49,68 com/bumptech/glide/manager/DefaultConnectivityMonitorFactory.java, line(s) 17,16 com/bumptech/glide/manager/RequestManagerFragment.java, line(s) 150,151 com/bumptech/glide/manager/RequestManagerRetriever.java, line(s) 348,349 com/bumptech/glide/manager/RequestTracker.java, line(s) 102,103 com/bumptech/glide/manager/SupportRequestManagerFragment.java, line(s) 152,161,153,162 com/bumptech/glide/module/ManifestParser.java, line(s) 44,51,62,67,43,50,55,61,66,56 com/bumptech/glide/request/SingleRequest.java, line(s) 255,75,188,220 com/bumptech/glide/request/target/CustomViewTarget.java, line(s) 55,96,97,56 com/bumptech/glide/request/target/ViewTarget.java, line(s) 56,97,98,57 com/bumptech/glide/signature/ApplicationVersionSignature.java, line(s) 26 com/bumptech/glide/util/ContentLengthInputStream.java, line(s) 47,46 com/bumptech/glide/util/pool/FactoryPools.java, line(s) 37,38 com/lahm/library/VirtualApkCheckUtil.java, line(s) 72,78 com/luck/picture/lib/loader/LocalMediaPageLoader.java, line(s) 494,602 com/luck/picture/lib/thread/PictureThreadUtils.java, line(s) 73,78,344,377,417,445,218,385 com/luck/picture/lib/utils/PSEglUtils.java, line(s) 72 com/luck/picture/lib/utils/PictureFileUtils.java, line(s) 339 com/lzy/okgo/utils/OkLogger.java, line(s) 14,33,43,60,70 com/uuzuche/lib_zxing/activity/CaptureActivity.java, line(s) 51 com/uuzuche/lib_zxing/camera/AutoFocusCallback.java, line(s) 15 com/uuzuche/lib_zxing/camera/CameraConfigurationManager.java, line(s) 103,187,191,202,212,199,86,140,152 com/uuzuche/lib_zxing/camera/FlashlightManager.java, line(s) 22,69,78,84,96,108 com/uuzuche/lib_zxing/camera/PreviewCallback.java, line(s) 26 com/uuzuche/lib_zxing/decoding/CaptureActivityHandler.java, line(s) 56,59,67,71 com/uuzuche/lib_zxing/decoding/DecodeHandler.java, line(s) 52 io/openinstall/sdk/cf.java, line(s) 8,16,12 org/App.java, line(s) 28,33,36 org/cocos2d/helloworld/wxapi/WXEntryActivity.java, line(s) 34,46,53,69,96,108,112,115,22,31 org/cocos2dx/javascript/AppActivity.java, line(s) 181,296,302,308,327,333,355,409,411,421,423,431,435,438,485,508,551,552,583,587,613,623,627,633,635,640,645,651,654,666,674,829,837,842,846,850,985,1015,1043,1044,1088,1092,1126,1151,1192,1220,1221,1295,1362,1377,1381,1416,1421,1452,1496,1497,1498,1499,1577,1727,1729,1735,1740,1782,1785,1843,1848,1854,1860,1862,1867,1872,1873,1874,1882,1888,1894,1896,1901,1906,1907,1908,1918,1925,1927,1932,1937,1938,1939,1956,1990,2005,2012,2015,2019,2025,2035,2042,2048,2062,2083,2095,2110,2152,2155,2157,2161,2175,2194,2206,2267,2342,2351,2403,678,727,940,947,1391,1402,1466,1467,1471,1515,1516,1524,1535,1536,1544,1574,1579,1589,1604,1612,1618,1634,1647,1764,2226,2231,2292,974,2058 org/cocos2dx/javascript/UpLoadImgUtils.java, line(s) 112,117,126,133,138,150,153,156,161,169 org/cocos2dx/javascript/WXEntryActivity.java, line(s) 104,125,126,175,250,260,271,289,100,139,142,146,162,164,183,185,234,235,236,174 org/cocos2dx/javascript/WebGameActivity.java, line(s) 456,179,217,228,353,434,435,436,478,486,505,87,93,98,116,123,248,253,285,290,316,321,531,562,569 org/cocos2dx/javascript/helper/SystemProperties.java, line(s) 18,22,44 org/cocos2dx/javascript/helper/jg/MyJPushMessageReceiver.java, line(s) 15,21,27,33,39,45,51,57 org/cocos2dx/javascript/helper/jg/MyReceiver.java, line(s) 62,50,40 org/cocos2dx/javascript/kefu/CustomerWebViewHelper.java, line(s) 84,103,46,70,147,163,166 org/cocos2dx/javascript/kefu/notchtools/helper/SystemProperties.java, line(s) 18,22,44 org/cocos2dx/javascript/kefu/notchtools/phone/HuaWeiNotchScreen.java, line(s) 115,119,122,37,41,59,63 org/cocos2dx/javascript/phone/HuaWeiNotchScreen.java, line(s) 115,119,122,37,41,59,63 org/cocos2dx/javascript/utils/FileUtils.java, line(s) 174,742,760,746 org/cocos2dx/javascript/utils/KLog.java, line(s) 112,128,121,115,109,82,118,124,149,155,159 org/cocos2dx/javascript/utils/MQTTManager.java, line(s) 123,212,38,44,53,62,71,104,105,106,107,108,161,166,172,177,214,227,232 org/cocos2dx/javascript/utils/PictureDownUtil.java, line(s) 54 org/cocos2dx/javascript/utils/SoundPoolUtil.java, line(s) 57 org/cocos2dx/javascript/utils/Utils.java, line(s) 512,541 org/cocos2dx/lib/CanvasRenderingContext2DImpl.java, line(s) 83,202 org/cocos2dx/lib/Cocos2dxActivity.java, line(s) 310,312,317,376,421,437,449,462,130,244,294,344,153,381 org/cocos2dx/lib/Cocos2dxAudioFocusManager.java, line(s) 17,19,27,35,45,62,71,65,73 org/cocos2dx/lib/Cocos2dxDownloader.java, line(s) 60,192,275 org/cocos2dx/lib/Cocos2dxEditBox.java, line(s) 124,143 org/cocos2dx/lib/Cocos2dxGLSurfaceView.java, line(s) 62 org/cocos2dx/lib/Cocos2dxHelper.java, line(s) 313,322,326,257,259,263 org/cocos2dx/lib/Cocos2dxHttpURLConnection.java, line(s) 123,137,152,182,205,270,305,322,351,364 org/cocos2dx/lib/Cocos2dxLocalStorage.java, line(s) 55,29 org/cocos2dx/lib/Cocos2dxReflectionHelper.java, line(s) 19,27,30,38,56,64,74,82 org/cocos2dx/lib/Cocos2dxVideoHelper.java, line(s) 289 org/cocos2dx/lib/Cocos2dxVideoView.java, line(s) 133,221,230 org/cocos2dx/lib/Cocos2dxWebView.java, line(s) 83,91,117,53,58 org/cocos2dx/lib/SoftKeyBoardListener.java, line(s) 37 org/cocos2dx/lib/Utils.java, line(s) 20 skin/support/content/res/SkinCompatDrawableManager.java, line(s) 70,108,392 skin/support/utils/Slog.java, line(s) 10,16,21,25 skin/support/widget/SkinCompatSpinner.java, line(s) 68 timber/log/Timber.java, line(s) 209,227 肌緭/肌緭/肌緭/肌緭/垡玖/C0066.java, line(s) 8
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: io/openinstall/sdk/bm.java, line(s) 6,173 org/cocos2dx/javascript/utils/Utils.java, line(s) 6,136 org/cocos2dx/lib/Cocos2dxHelper.java, line(s) 6,121 肌緭/肌緭/肌緭/肌緭/刻槒唱镧詴/C0058.java, line(s) 4,46
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/lahm/library/SecurityCheckUtil.java, line(s) 55,55,55,55,55 com/xiongmao/security/xiongmao/android/sdk/umid/c.java, line(s) 6,6,6,6,6,6 org/cocos2dx/javascript/AppActivity.java, line(s) 958
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/lzy/okgo/https/HttpsUtils.java, line(s) 138,87,136,136 org/cocos2dx/lib/Cocos2dxHttpURLConnection.java, line(s) 346,342,343,343
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (tsis.jpush.cn) 通信。
{'ip': '110.41.23.105', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '广州', 'latitude': '23.127361', 'longitude': '113.264572'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.163.com) 通信。
{'ip': '58.221.32.233', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '南通', 'latitude': '32.030296', 'longitude': '120.874779'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (bjuser.jpush.cn) 通信。
{'ip': '122.9.9.237', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (s.obs.cn-south-1.myhuaweicloud.com) 通信。
{'ip': '121.37.63.38', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '广州', 'latitude': '23.127361', 'longitude': '113.264572'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (sina.cn) 通信。
{'ip': '183.60.95.219', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '广州', 'latitude': '23.127361', 'longitude': '113.264572'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (mobilegw.alipaydev.com) 通信。
{'ip': '110.75.132.131', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api.sharetrace.com) 通信。
{'ip': '120.78.211.76', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.taobao.com) 通信。
{'ip': '223.247.116.197', 'country_short': 'CN', 'country_long': '中国', 'region': '安徽', 'city': '亳州', 'latitude': '33.877220', 'longitude': '115.770279'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (h5.m.taobao.com) 通信。
{'ip': '121.228.130.198', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}