移动应用安全检测报告:
安全基线评分
安全基线评分 45/100
综合风险等级
风险等级评定
- A
- B
- C
- F
漏洞与安全项分布(%)
隐私风险
4
检测到的第三方跟踪器数量
检测结果分布
高危安全漏洞
6
中危安全漏洞
26
安全提示信息
2
已通过安全项
2
重点安全关注
19
高危安全漏洞 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危安全漏洞 应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文
应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode Files: bykvm_19do/bykvm_19do/bykvm_if122/bykvm_try19/a.java, line(s) 31,56 bykvmt_19do/bykvmt_19do/bykvmt_19do/bykvmt_new1/a.java, line(s) 16
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: a0/e.java, line(s) 19 bykvm_19do/bykvm_19do/bykvm_if122/bykvm_try19/a.java, line(s) 44 com/amgcyo/cuttadon/app/o/a.java, line(s) 43,49 com/amgcyo/cuttadon/utils/comic/b.java, line(s) 121 com/sntech/net/Cif.java, line(s) 58,155 com/sntech/okhttpconnection/log/Cif.java, line(s) 27,34 com/sntech/stat/Cfor.java, line(s) 50 z0/m.java, line(s) 47
高危安全漏洞 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/amgcyo/cuttadon/utils/otherutils/f.java, line(s) 10 e0/c.java, line(s) 7 r/c.java, line(s) 11
高危安全漏洞 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: com/amgcyo/cuttadon/view/webview/d.java, line(s) 29,28
高危安全漏洞 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
io/rx_cache2/internal/encrypt/BuiltInEncryptor.java, line(s) 33,35
中危安全漏洞 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危安全漏洞 Broadcast Receiver (com.open.hule.library.DownloadReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危安全漏洞 Service (com.taobao.accs.ChannelService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Service (com.taobao.accs.data.MsgDistributeService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (com.taobao.accs.EventReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (com.taobao.accs.ServiceReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Service (org.android.agoo.accs.AgooService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Service (com.umeng.message.UmengIntentService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Service (com.umeng.message.XiaomiIntentService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (com.taobao.agoo.AgooCommondReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Service (com.umeng.message.UmengMessageIntentReceiverService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity设置了TaskAffinity属性
(com.umeng.message.notify.UPushMessageNotifyActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危安全漏洞 Activity设置了TaskAffinity属性
(com.umeng.message.UMessageNotifyActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危安全漏洞 Activity-Alias (com.umeng.message.UMessageNotifyActivity) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.bytedance.android.openliveplugin.stub.activity.DouyinAuthorizeActivityProxy) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.sntech.ads.page.WarnActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: bykvm_19do/bykvm_19do/bykvm_if122/bykvm_try19/j0.java, line(s) 36,36 bykvm_19do/bykvm_19do/bykvm_if122/bykvm_try19/m.java, line(s) 14 bykvm_19do/bykvm_19do/bykvm_if122/bykvm_try19/n.java, line(s) 264,332 bykvm_19do/bykvm_19do/bykvm_if122/bykvm_try19/w.java, line(s) 110,113 bykvm_19do/bykvm_19do/bykvm_new1/bykvm_19do/bykvm_case1/n.java, line(s) 49,75,114,122 cn/bmob/v3/util/InstallUtil.java, line(s) 13,18 com/amgcyo/cuttadon/activity/read/MkMp3FileScanerActivity.java, line(s) 184 com/amgcyo/cuttadon/utils/otherutils/ScannerUtils.java, line(s) 22 com/amgcyo/cuttadon/utils/otherutils/d.java, line(s) 231 com/amgcyo/cuttadon/utils/otherutils/z.java, line(s) 74,162,73,790,797 com/arialyy/aria/util/CommonUtil.java, line(s) 210,207,214 com/arialyy/aria/util/FileUtil.java, line(s) 40,263 com/danikula/videocache/p.java, line(s) 9 com/github/gzuliyujiang/oaid/a.java, line(s) 173,174 com/lxj/xpopup/util/b.java, line(s) 181,204 com/open/hule/library/c/c.java, line(s) 98,101 com/open/hule/library/view/m.java, line(s) 377 com/ss/android/downloadlib/addownload/ko.java, line(s) 220 com/ss/android/downloadlib/addownload/x.java, line(s) 75,77 com/ss/android/downloadlib/utils/jb.java, line(s) 108,189,458 e0/h.java, line(s) 20,26,57,76,22,57,74,104,109 me/jessyan/art/f/c.java, line(s) 9
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: bykvm_19do/bykvm_19do/bykvm_19do/v.java, line(s) 6,7,60,61,116,117,120,121,38,230,238 bykvm_19do/bykvm_19do/bykvm_if122/bykvm_for12/bykvm_19do/i.java, line(s) 8,142 bykvm_19do/bykvm_19do/bykvm_if122/bykvm_for12/bykvm_19do/j.java, line(s) 4,5,15,16,21,26,45,46,47,51 bykvm_19do/bykvm_19do/bykvm_int108/bykvm_19do/bykvm_19do/bykvm_19do/bykvm_19do/bykvm_19do/b.java, line(s) 8,136 bykvm_19do/bykvm_19do/bykvm_int108/bykvm_19do/bykvm_19do/bykvm_19do/bykvm_19do/bykvm_19do/d.java, line(s) 5,6,38 bykvm_19do/bykvm_19do/bykvm_new1/bykvm_19do/bykvm_if122/bykvm_if122/a.java, line(s) 4,35 bykvm_19do/bykvm_19do/bykvm_new1/bykvm_19do/bykvm_if122/bykvm_if122/b.java, line(s) 4,43,44,37 cn/bmob/v3/util/BmobDbOpenHelper.java, line(s) 4,5,30 com/arialyy/aria/orm/DelegateFind.java, line(s) 4,73,75,206,409,433,460 com/arialyy/aria/orm/DelegateUpdate.java, line(s) 4,70 com/arialyy/aria/orm/DelegateWrapper.java, line(s) 4,47 com/arialyy/aria/orm/SqlHelper.java, line(s) 5,6,43,53,73,185,221 com/arialyy/aria/orm/SqlUtil.java, line(s) 5,66,402 com/baidu/xenv/c/a.java, line(s) 6,7,37,50,65,74,89 com/baidu/xenv/f/a.java, line(s) 5,6,28,29,35,38 com/danikula/videocache/s/a.java, line(s) 6,7,66 com/kwai/filedownloader/a/d.java, line(s) 5,6,7,155,409,457 com/kwai/filedownloader/a/e.java, line(s) 4,5,14,15,33,34,37,38 com/ss/android/downloadlib/event/mb.java, line(s) 4,5,17,22
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: bykvm_19do/bykvm_19do/bykvm_19do/g1.java, line(s) 85 cn/bmob/v3/datatype/up/UpYunUtils.java, line(s) 28 cn/bmob/v3/realtime/Client.java, line(s) 161 com/amgcyo/cuttadon/utils/otherutils/g.java, line(s) 865 com/github/gzuliyujiang/oaid/g/n.java, line(s) 76 i0/a/a/a/a/a.java, line(s) 129 io/rx_cache2/internal/encrypt/BuiltInEncryptor.java, line(s) 23 org/minidns/AbstractDnsClient.java, line(s) 89 x0/b.java, line(s) 79
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: a0/e.java, line(s) 51,72 bykvm_19do/bykvm_19do/bykvm_if122/bykvm_try19/y.java, line(s) 47 com/amgcyo/cuttadon/utils/otherutils/z.java, line(s) 116 com/arialyy/aria/util/CommonUtil.java, line(s) 366,440,541,570 com/baidu/xenv/k/e.java, line(s) 19 com/baidu/xenv/k/k.java, line(s) 19,64 com/danikula/videocache/m.java, line(s) 57 com/kwai/filedownloader/e/f.java, line(s) 246 com/kwai/sodler/lib/d/b.java, line(s) 21 com/open/hule/library/c/b.java, line(s) 136 com/repack/bun/miitmdid/core/MdidSdk.java, line(s) 139 com/sntech/net/utils/Cif.java, line(s) 40,61 com/sntech/okhttpconnection/log/Cif.java, line(s) 87,108 e0/g.java, line(s) 14 me/jessyan/art/http/imageloader/glide/GlideFileUtil.java, line(s) 57 me/jessyan/retrofiturlmanager/a.java, line(s) 216 q/d.java, line(s) 14 r/e.java, line(s) 11
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: bykvm_19do/bykvm_19do/bykvm_if122/bykvm_try19/c.java, line(s) 6 com/amgcyo/cuttadon/activity/comic/MkComicsBaseReaderActivity.java, line(s) 117 com/amgcyo/cuttadon/adapter/comic/MkReaderAdapterQuick.java, line(s) 55 com/amgcyo/cuttadon/app/o/d.java, line(s) 4 com/amgcyo/cuttadon/f/s/b.java, line(s) 8 com/amgcyo/cuttadon/f/s/c.java, line(s) 8 com/amgcyo/cuttadon/h/a/f.java, line(s) 12 com/amgcyo/cuttadon/h/g/i.java, line(s) 13 com/amgcyo/cuttadon/utils/otherutils/g.java, line(s) 68 com/amgcyo/cuttadon/utils/otherutils/h.java, line(s) 28 com/amgcyo/cuttadon/utils/otherutils/v0.java, line(s) 3 com/amgcyo/cuttadon/view/comic/skeleton/SkeletonBlock.java, line(s) 9 com/baidu/xenv/b/m.java, line(s) 36 com/baidu/xenv/k/u.java, line(s) 4 com/baidu/xenv/k/v.java, line(s) 5 com/hjq/permissions/e.java, line(s) 19 com/zwb/danmaku/c/a.java, line(s) 5 com/zwb/danmaku/c/i.java, line(s) 5 com/zwb/danmaku/c/j.java, line(s) 5 com/zwb/danmaku/c/k.java, line(s) 5 org/android/spdy/SpdyBytePool.java, line(s) 3 org/minidns/AbstractDnsClient.java, line(s) 11 org/minidns/constants/a.java, line(s) 11 org/minidns/iterative/a.java, line(s) 11 org/minidns/util/c.java, line(s) 4
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: bykvmt_19do/bykvmt_19do/bykvmt_19do/bykvmt_int108/c.java, line(s) 41 cn/bmob/v3/datatype/up/ParallelUploader.java, line(s) 35 cn/bmob/v3/datatype/up/Params.java, line(s) 23,12,27 cn/bmob/v3/http/bean/Migration.java, line(s) 74 com/amgcyo/cuttadon/api/entity/config/BaseAd.java, line(s) 69 com/amgcyo/cuttadon/api/entity/config/Bd_Data.java, line(s) 38 com/amgcyo/cuttadon/api/entity/config/JsJsonObject.java, line(s) 62 com/amgcyo/cuttadon/api/entity/config/JsonColorStyle.java, line(s) 58 com/amgcyo/cuttadon/api/entity/migrate/DaoliuBook.java, line(s) 84 com/amgcyo/cuttadon/utils/otherutils/g.java, line(s) 1540,1551,1562 com/arialyy/aria/core/task/AbsTask.java, line(s) 16 com/open/hule/library/entity/TipsBean.java, line(s) 114 io/rx_cache2/internal/Locale.java, line(s) 5 io/rx_cache2/internal/cache/Action.java, line(s) 9 org/android/spdy/SpdyProtocol.java, line(s) 43
中危安全漏洞 IP地址泄露
IP地址泄露 Files: bykvm_19do/bykvm_19do/bykvm_if122/bykvm_19do/bykvm_19do/a.java, line(s) 292 bykvm_19do/bykvm_19do/bykvm_if122/bykvm_19do/bykvm_goto109/a.java, line(s) 273 bykvm_19do/bykvm_19do/bykvm_if122/bykvm_19do/bykvm_long108/c.java, line(s) 318 bykvm_19do/bykvm_19do/bykvm_if122/bykvm_for12/a.java, line(s) 109 bykvm_19do/bykvm_19do/bykvm_if122/bykvm_for12/bykvm_if122/b.java, line(s) 122 bykvm_19do/bykvm_19do/bykvm_if122/bykvm_int108/b.java, line(s) 154,155,184,185,79,80,323,324,169,170,109,110,139,140,231,232 bykvm_19do/bykvm_19do/bykvm_if122/bykvm_new1/a.java, line(s) 172 bykvm_19do/bykvm_19do/bykvm_if122/bykvm_new1/bykvm_for12/a.java, line(s) 344 bykvm_19do/bykvm_19do/bykvm_if122/bykvm_try19/g0.java, line(s) 8,9 bykvm_19do/bykvm_19do/bykvm_if122/bykvm_try19/n.java, line(s) 129,315,274 bykvm_19do/bykvm_19do/bykvm_if122/bykvm_try19/q.java, line(s) 127,128,130 bykvm_19do/bykvm_19do/bykvm_if122/bykvm_try19/s.java, line(s) 47,48,75,153 com/baidu/xenv/ac/F.java, line(s) 439 com/baidu/xenv/ac/XEH.java, line(s) 41 com/baidu/xenv/b/c.java, line(s) 222,225,230 com/baidu/xenv/i/a.java, line(s) 442 com/baidu/xenv/k/c.java, line(s) 347,1084 com/baidu/xenv/k/j.java, line(s) 262 com/baidu/xenv/k/q.java, line(s) 95 com/danikula/videocache/f.java, line(s) 82,142,144 com/sntech/okhttpconnection/log/Cdo.java, line(s) 51,140,52,141 com/sntech/okhttpconnection/log/IgnoreHostProxySelector.java, line(s) 12 org/android/spdy/SpdyRequest.java, line(s) 26,161,180,202,226,245,271,290,312,336 org/minidns/b.java, line(s) 80
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/kwai/sodler/lib/c.java, line(s) 168
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个4隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "anythink_myoffer_feedback_violation_of_laws" : "Illegal" "dyStrategy.privateAddress" : "privateAddress" 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 6468725e7dddcc5bad4e4001 SRX9WDHPoeAkGWfJbuntGR7RQ3rde1s6KyyCoo= JzLix2JtXzSSsVkQFD0Cnf37028Rco5rGb7 78210d6a64131b4c0b769bcf7ca33cc5 nfncquhfl9utVX+VApfrknKvYInYzmxjhdAEay+Nn6NPJKGPkCt1D7VWbf0YPiLmo 2ec6ecf5c56f7119d4b4f274709ecf27 p0frH2rtlSUlqSQ3y9NVDL8UopNj+k+fhEXfO5o2R2LU9ZncIixImnHlTYIfakbSfRb3feNLxvgz4Idb9exz3BWmbIgj/b1TPe17bwhWxws2v1rhLxYyHSwRwSzDEN5PtvkJDlSyA== cGVyc2lzdC5zeXMuaWRlbnRpZmllcmlkLnN1cHBvcnRlZA== WtGvBTWjt2PyMX5rQclkgiNR3aDxFtoBNe1UnNpbL1I= d48d6963b45da5d0cfbc43dafd962556 6PzPHS4JINi0q8yUj180JTMbpq1Q44DuQggknxVmVPA= 150831eac9d2510e4885d00832d7a11c UNzyljxPfmKANfePasqvdfmpLS4aJ1v0S1Aj2BGl75o= noCTIsuc7czZOu9pBJYjOrqCZhhJsJucc3+T/un8KioD2CjkXy0EhNMJSuvo+tHJg xPWnsnHRzg1T3rHnsrHcvg1czndtsg10snRNjrjnLn1D1n1FawWDzwHKDnbmdPbmsPbRdP1TLgdtkPHRdPHDvP1b3 9004af89f541ce27daf2d037dca2ea32 iQirV45vitYDQfzxgr68ylBY1DWLBKje2Pl428sE27Q= a5a15e08f251d517524383ba61f489d3 fCbyLrInjq1BOByP4wH4mUGBidquiIKIy6zcJCBuKtk= 74FFB5E615AA72E0B057EE43E3D5A23A8BA34AAC1672FC9B56A7106C57BA03 925fc15df8a49bed0b3eca8d2b44cb7b lUApGLCwwTIqYrpC4ZaqkVItjc8DeoJ5fB 7e3a458c996ce6f713585ba8bf5b200f vueH+/MlscTVvOSFI8LIgeKRYXrQS8Qi1k8rf5k5rZ3qTRoTcG9j5ac2RNjbkblr MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6ZetPcgLCvLsvDWzA3TYpRhEO czwe2zUrt14MfnaeH474T5prOCIik3agOnBud b0f5b12b6750869567603a347e55d20d
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: cn/bmob/v3/BmobInstallationManager.java, line(s) 118,112 cn/bmob/v3/BmobObject.java, line(s) 45 cn/bmob/v3/BmobPushManager.java, line(s) 49 cn/bmob/v3/BmobQuery.java, line(s) 314,355,432 cn/bmob/v3/BmobWrapper.java, line(s) 32 cn/bmob/v3/datatype/BmobFile.java, line(s) 92,100,110,120,130,345,167,374 cn/bmob/v3/datatype/up/BlockUploader.java, line(s) 158,175 cn/bmob/v3/datatype/up/ParallelUploader.java, line(s) 153,113,436 cn/bmob/v3/datatype/up/UpYunUploader.java, line(s) 74,103,112 cn/bmob/v3/datatype/up/UploadManager.java, line(s) 100,102,108,110,112,119,134 cn/bmob/v3/http/BmobClient.java, line(s) 82,86,95,132,135,167,268,278,317,319,328,373,384,399,264,275,118,120 cn/bmob/v3/http/BmobFactory.java, line(s) 233,279,276 cn/bmob/v3/http/BmobURL.java, line(s) 135,136,137 cn/bmob/v3/http/RequestUtils.java, line(s) 45 cn/bmob/v3/http/RxBmob.java, line(s) 138,142,146,150,227,242,246,538,544,572,610 cn/bmob/v3/http/cache/CENPolicyQuery.java, line(s) 30,37 cn/bmob/v3/http/cache/NECPolicyQuery.java, line(s) 30,49 cn/bmob/v3/http/cache/PolicyQuery.java, line(s) 70,72,82,153,162,189,42,49,171,206 cn/bmob/v3/http/interceptor/RequestInterceptor.java, line(s) 21,24,30 cn/bmob/v3/http/interceptor/ResponseInterceptor.java, line(s) 57,67,70,74,79,41,50,82,85,93 cn/bmob/v3/http/rx/PolicyAction1.java, line(s) 28,40,36 cn/bmob/v3/realtime/Client.java, line(s) 181,205,207,238,280,300,313,319,324,340,341,343,347,378,391 cn/bmob/v3/update/BmobUpdateAgent.java, line(s) 278,285 cn/bmob/v3/update/UpdateResponse.java, line(s) 29 cn/bmob/v3/util/BLog.java, line(s) 48,133 cn/bmob/v3/util/BmobResource.java, line(s) 33,32 cn/bmob/v3/util/CacheManager.java, line(s) 71,77,99,107,136,144,164 cn/bmob/v3/util/EncryptUtils.java, line(s) 148,48 cn/bmob/v3/util/HtmlUtils.java, line(s) 34 cn/bmob/v3/util/ManifestUtils.java, line(s) 135,148 cn/bmob/v3/util/ZipUtil.java, line(s) 59 com/amgcyo/cuttadon/activity/base/BaseTitleBarActivity.java, line(s) 196,243,1580,1583 com/amgcyo/cuttadon/activity/main/MkLauncherActivity.java, line(s) 144,152 com/amgcyo/cuttadon/activity/main/MkMainActivity.java, line(s) 364,370,373,681,922,1078 com/amgcyo/cuttadon/activity/setting/MkAboutActivity.java, line(s) 58,221,222,223,224,225,226,227 com/amgcyo/cuttadon/app/MkApplication.java, line(s) 313,342 com/amgcyo/cuttadon/f/o.java, line(s) 621 com/amgcyo/cuttadon/h/b/c.java, line(s) 97 com/amgcyo/cuttadon/h/b/d.java, line(s) 36,46 com/amgcyo/cuttadon/h/c/d.java, line(s) 33,101,109 com/amgcyo/cuttadon/h/d/e/i.java, line(s) 98 com/amgcyo/cuttadon/i/m.java, line(s) 44,51,54 com/amgcyo/cuttadon/j/a/a.java, line(s) 39 com/amgcyo/cuttadon/j/b/g.java, line(s) 12 com/amgcyo/cuttadon/sdk/ui/SdkFullVideoActivity.java, line(s) 101,143 com/amgcyo/cuttadon/sdk/ui/SdkSplashActivity.java, line(s) 82,85,159,192,205 com/amgcyo/cuttadon/utils/comic/b.java, line(s) 72 com/arialyy/aria/core/Aria.java, line(s) 39 com/arialyy/aria/core/AriaConfig.java, line(s) 133,140,47,118 com/arialyy/aria/core/AriaManager.java, line(s) 213 com/arialyy/aria/core/WidgetLiftManager.java, line(s) 56,70,48 com/arialyy/aria/core/command/AbsGroupCmd.java, line(s) 34 com/arialyy/aria/core/command/AbsNormalCmd.java, line(s) 26,32,37,41 com/arialyy/aria/core/command/AddCmd.java, line(s) 15 com/arialyy/aria/core/command/CancelAllCmd.java, line(s) 30 com/arialyy/aria/core/command/HighestPriorityCmd.java, line(s) 19 com/arialyy/aria/core/command/ResumeAllCmd.java, line(s) 18 com/arialyy/aria/core/command/ResumeThread.java, line(s) 99,101,103 com/arialyy/aria/core/command/StartCmd.java, line(s) 45,26,43,55 com/arialyy/aria/core/command/StopCmd.java, line(s) 19 com/arialyy/aria/core/common/AbsNormalTarget.java, line(s) 92,53 com/arialyy/aria/core/common/FtpOption.java, line(s) 127,134,140,144,148,158,170,186,218,227,261,265 com/arialyy/aria/core/common/HttpOption.java, line(s) 84,25,29,41 com/arialyy/aria/core/common/RecordHandler.java, line(s) 45,58,123 com/arialyy/aria/core/common/RecordHelper.java, line(s) 141,38,42,44,47,53,57,60,133,144,86,126 com/arialyy/aria/core/common/SFtpOption.java, line(s) 32,36,47,56,65,74,83 com/arialyy/aria/core/common/controller/FeatureController.java, line(s) 65,69,75 com/arialyy/aria/core/common/controller/NormalController.java, line(s) 55,53 com/arialyy/aria/core/config/BaseConfig.java, line(s) 26 com/arialyy/aria/core/config/BaseTaskConfig.java, line(s) 141 com/arialyy/aria/core/config/DGroupConfig.java, line(s) 83 com/arialyy/aria/core/config/DownloadConfig.java, line(s) 62 com/arialyy/aria/core/config/UploadConfig.java, line(s) 28 com/arialyy/aria/core/config/XMLReader.java, line(s) 199,343,351 com/arialyy/aria/core/download/CheckDEntityUtil.java, line(s) 29,33,37,43,89,93,103,144,76,79,125,128,134 com/arialyy/aria/core/download/CheckDGEntityUtil.java, line(s) 139,36,41,45,49,74,87,94,105,111,114,117,190,198,61,77,174 com/arialyy/aria/core/download/CheckFtpDirEntityUtil.java, line(s) 27,31,36,55,59,65,76,86,90,47 com/arialyy/aria/core/download/DownloadEntity.java, line(s) 65 com/arialyy/aria/core/download/DownloadReceiver.java, line(s) 66,86,141,163,219 com/arialyy/aria/core/download/M3U8Entity.java, line(s) 69 com/arialyy/aria/core/download/m3u8/M3U8LiveOption.java, line(s) 19 com/arialyy/aria/core/download/m3u8/M3U8Option.java, line(s) 77,56 com/arialyy/aria/core/download/m3u8/M3U8VodOption.java, line(s) 23,32,41 com/arialyy/aria/core/download/target/DNormalConfigHandler.java, line(s) 84,75,79 com/arialyy/aria/core/download/target/GroupBuilderTarget.java, line(s) 43 com/arialyy/aria/core/download/target/GroupNormalTarget.java, line(s) 52 com/arialyy/aria/core/download/target/HttpGroupConfigHandler.java, line(s) 45,49 com/arialyy/aria/core/download/target/M3U8NormalTarget.java, line(s) 19,23 com/arialyy/aria/core/download/tcp/TcpDelegate.java, line(s) 19,25,34,43 com/arialyy/aria/core/event/EventMsgUtil.java, line(s) 89,93 com/arialyy/aria/core/group/AbsGroupLoader.java, line(s) 220,69,75 com/arialyy/aria/core/group/AbsGroupLoaderUtil.java, line(s) 67 com/arialyy/aria/core/group/AbsSubDLoadUtil.java, line(s) 36,128 com/arialyy/aria/core/group/SimpleSchedulers.java, line(s) 31,104,75,119,102,113 com/arialyy/aria/core/group/SimpleSubQueue.java, line(s) 74,106,111,120,126,160,165,57,62 com/arialyy/aria/core/inf/AbsTarget.java, line(s) 39 com/arialyy/aria/core/listener/BaseListener.java, line(s) 77,100 com/arialyy/aria/core/listener/DownloadGroupListener.java, line(s) 41 com/arialyy/aria/core/loader/AbsNormalLoader.java, line(s) 77,143,144,185,203,212,232,177,193 com/arialyy/aria/core/loader/AbsNormalLoaderUtil.java, line(s) 96 com/arialyy/aria/core/loader/GroupSubThreadStateManager.java, line(s) 70,81 com/arialyy/aria/core/loader/NormalTTBuilder.java, line(s) 82,106,122,58,109 com/arialyy/aria/core/loader/NormalThreadStateManager.java, line(s) 63,74 com/arialyy/aria/core/loader/SubLoader.java, line(s) 68,73,174,175,80,85,196,137,232 com/arialyy/aria/core/manager/SubTaskManager.java, line(s) 21,26,32 com/arialyy/aria/core/manager/TaskWrapperManager.java, line(s) 62,82,96 com/arialyy/aria/core/manager/ThreadTaskManager.java, line(s) 86,111,127,154,163,166,181,211,213 com/arialyy/aria/core/queue/AbsTaskQueue.java, line(s) 114,122,215,225,235,208,328,48,131,181,230,243,247,262,270,280,292,322,325 com/arialyy/aria/core/queue/DGroupTaskQueue.java, line(s) 58 com/arialyy/aria/core/queue/DTaskQueue.java, line(s) 93,108 com/arialyy/aria/core/queue/UTaskQueue.java, line(s) 57 com/arialyy/aria/core/queue/pool/BaseCachePool.java, line(s) 72,33,58,85,106,62 com/arialyy/aria/core/queue/pool/BaseExecutePool.java, line(s) 76,33,85,89,106,142,49 com/arialyy/aria/core/queue/pool/DLoadExecutePool.java, line(s) 37,44,23 com/arialyy/aria/core/scheduler/FailureTaskHandler.java, line(s) 90 com/arialyy/aria/core/scheduler/TaskSchedulers.java, line(s) 109,112,116,122,125,55,58,61,287,315,346,325,253 com/arialyy/aria/core/task/AbsTask.java, line(s) 190,201,142,172,185,198,209,144 com/arialyy/aria/core/task/ThreadTask.java, line(s) 130,212,220,353,118,258,84,89,101,103,207,233,236,349,351,360,113,121,135,143 com/arialyy/aria/core/upload/CheckUEntityUtil.java, line(s) 24,28,36,42,49,53,60,71 com/arialyy/aria/core/upload/UploadReceiver.java, line(s) 87,100,147 com/arialyy/aria/core/upload/target/HttpNormalTarget.java, line(s) 32 com/arialyy/aria/http/ChunkedInputStream.java, line(s) 20,25,52,54 com/arialyy/aria/http/ConnectionHelp.java, line(s) 55 com/arialyy/aria/http/download/HttpDFileInfoTask.java, line(s) 89,125,191,252,291,301,329,61,295,202,225,288 com/arialyy/aria/http/download/HttpDGInfoTask.java, line(s) 49,84,151,36,65 com/arialyy/aria/http/download/HttpDTTBuilderAdapter.java, line(s) 29,49 com/arialyy/aria/http/download/HttpDThreadTaskAdapter.java, line(s) 121,124 com/arialyy/aria/http/upload/HttpULoader.java, line(s) 62 com/arialyy/aria/http/upload/HttpUThreadTaskAdapter.java, line(s) 77 com/arialyy/aria/orm/DelegateFind.java, line(s) 92,312,443,465,230,238,242,250,254,428,485,500 com/arialyy/aria/orm/DelegateUpdate.java, line(s) 81,100,121,139 com/arialyy/aria/orm/SqlHelper.java, line(s) 99,107,214,250,279,282,172,177 com/arialyy/aria/orm/SqlUtil.java, line(s) 80,89,192 com/arialyy/aria/util/AriaServiceLoader.java, line(s) 36 com/arialyy/aria/util/CheckUtil.java, line(s) 20,32,45,62,74,91,95,101,23,35,77 com/arialyy/aria/util/CommonUtil.java, line(s) 229,232,301,325,330,341,346,80,87,93,101,107,370,468,602,607,505,402 com/arialyy/aria/util/ComponentUtil.java, line(s) 122 com/arialyy/aria/util/DeleteDGRecord.java, line(s) 49,59,75 com/arialyy/aria/util/DeleteDRecord.java, line(s) 56,62,71 com/arialyy/aria/util/DeleteM3u8Record.java, line(s) 79,85,92 com/arialyy/aria/util/DeleteURecord.java, line(s) 47,53 com/arialyy/aria/util/FileUtil.java, line(s) 149,611,637,710,712,157,215,435,442,656 com/arialyy/aria/util/RecordUtil.java, line(s) 22,68,74 com/arialyy/aria/util/SSLContextUtil.java, line(s) 128 d/a/j/b.java, line(s) 136,193,217,280,311,101,102,153,198,199,235,245,246 d/a/k/a.java, line(s) 61,76,112,145,148,167,189 d/a/k/b.java, line(s) 23 d/a/k/c.java, line(s) 43 d/a/k/d.java, line(s) 60 d/a/o/b.java, line(s) 68,90 d/a/o/c.java, line(s) 52,63,86,88 d/a/o/e.java, line(s) 56,58 d/a/o/g.java, line(s) 155,85,125,126,139,141,161,163,243,249 d/a/o/j.java, line(s) 38,47 d/a/o/k.java, line(s) 102,137,153,200,52,55,79,95,96,180,181,182,217,83,242 d/a/o/m.java, line(s) 59,100,31 d/a/o/p.java, line(s) 25 g/c.java, line(s) 69,70 io/rx_cache2/internal/cache/SaveRecord.java, line(s) 27 me/jessyan/art/c/c.java, line(s) 101 org/android/spdy/ProtectedPointerTest.java, line(s) 14,19,57 org/greenrobot/eventbus/f.java, line(s) 60,65
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/amgcyo/cuttadon/f/o.java, line(s) 7,326,335 com/amgcyo/cuttadon/utils/otherutils/j.java, line(s) 4,16,37,38
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/amgcyo/cuttadon/h/a/g.java, line(s) 26,15,15,15,15,15,15 com/sntech/okhttpconnection/log/Cfor.java, line(s) 72,83,83,83,83,83
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: bykvm_19do/bykvm_19do/bykvm_for12/bykvm_19do/bykvm_19do/bykvm_if122/bykvm_if122/v.java, line(s) 274,263,273,272,272 com/arialyy/aria/util/SSLContextUtil.java, line(s) 65,58,60,65,91,56,57,57 me/jessyan/art/a/b/g.java, line(s) 47,58 org/minidns/dane/a.java, line(s) 20,19,16,18
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.chengzijianzhan.com) 通信。
{'ip': '117.85.70.232', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '盐城', 'latitude': '33.385559', 'longitude': '120.125282'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.toutiaopage.com) 通信。
{'ip': '222.186.18.195', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (rtlog.snssdk.com) 通信。
{'ip': '222.186.18.195', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (sf6-ttcdn-tos.pstatp.com) 通信。
{'ip': '117.85.70.232', 'country_short': 'CN', 'country_long': '中国', 'region': '福建', 'city': '泉州', 'latitude': '24.913891', 'longitude': '118.585831'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (gromore.pangolin-sdk-toutiao.com) 通信。
{'ip': '117.85.70.232', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '镇江', 'latitude': '32.209366', 'longitude': '119.434372'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (toblog.ctobsnssdk.com) 通信。
{'ip': '117.85.70.232', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '镇江', 'latitude': '32.209366', 'longitude': '119.434372'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (i.snssdk.com) 通信。
{'ip': '117.85.70.232', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (log.snssdk.com) 通信。
{'ip': '117.85.70.232', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '镇江', 'latitude': '32.209366', 'longitude': '119.434372'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (apmlog.snssdk.com) 通信。
{'ip': '117.85.70.232', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '无锡', 'latitude': '31.569349', 'longitude': '120.288788'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (p0.api.upyun.com) 通信。
{'ip': '183.136.236.254', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (rtapplog.snssdk.com) 通信。
{'ip': '221.230.244.90', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (ichannel.snssdk.com) 通信。
{'ip': '61.147.168.162', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '镇江', 'latitude': '32.209366', 'longitude': '119.434372'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (v0.api.upyun.com) 通信。
{'ip': '218.92.216.56', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '盐城', 'latitude': '33.385559', 'longitude': '120.125282'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (m0.api.upyun.com) 通信。
{'ip': '218.92.216.56', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '盐城', 'latitude': '33.385559', 'longitude': '120.125282'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (tobapplog.ctobsnssdk.com) 通信。
{'ip': '221.231.83.99', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '镇江', 'latitude': '32.209366', 'longitude': '119.434372'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (success.ctobsnssdk.com) 通信。
{'ip': '221.231.83.99', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '南通', 'latitude': '32.030296', 'longitude': '120.874779'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (applog.snssdk.com) 通信。
{'ip': '221.231.83.99', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '盐城', 'latitude': '33.385559', 'longitude': '120.125282'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (apps.oceanengine.com) 通信。
{'ip': '121.228.130.196', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.iyuji.cn) 通信。
{'ip': '203.107.56.180', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}