移动应用安全检测报告:
安全基线评分
安全基线评分 47/100
综合风险等级
风险等级评定
- A
- B
- C
- F
漏洞与安全项分布(%)
隐私风险
6
检测到的第三方跟踪器数量
检测结果分布
高危安全漏洞
4
中危安全漏洞
18
安全提示信息
3
已通过安全项
2
重点安全关注
0
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/applovin/impl/adview/a.java, line(s) 402,755,15
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/applovin/impl/adview/AppLovinWebViewBase.java, line(s) 22,5 com/applovin/impl/adview/l.java, line(s) 25,6
高危安全漏洞 应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文
应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode Files: com/inmobi/media/G3.java, line(s) 20
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个6隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危安全漏洞 Activity (eu.sisik.hackendebug.MainActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (eu.sisik.hackendebug.UsbReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (androidx.compose.ui.tooling.PreviewActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Activity (com.min.n.MainActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: org/junit/rules/TemporaryFolder.java, line(s) 83,157
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/applovin/impl/sdk/AppLovinSdkInitializationConfigurationImpl.java, line(s) 199,149 com/applovin/impl/sdk/j.java, line(s) 1598 com/applovin/mediation/AppLovinUtils.java, line(s) 22 com/applovin/mediation/MaxSegment.java, line(s) 37 com/applovin/mediation/ads/MaxAdView.java, line(s) 212,200 com/applovin/mediation/ads/MaxAppOpenAd.java, line(s) 86,74 com/applovin/mediation/ads/MaxInterstitialAd.java, line(s) 109,97 com/applovin/mediation/ads/MaxRewardedAd.java, line(s) 130,118 com/applovin/mediation/nativeAds/MaxNativeAdLoader.java, line(s) 113,107 com/applovin/sdk/AppLovinSdk.java, line(s) 144 com/applovin/sdk/AppLovinSdkSettings.java, line(s) 123 com/applovin/sdk/AppLovinWebViewActivity.java, line(s) 25 com/inmobi/commons/core/configs/AdConfig.java, line(s) 442 com/inmobi/commons/core/configs/RootConfig.java, line(s) 31 com/inmobi/media/C0164j0.java, line(s) 15 com/inmobi/media/C0206lc.java, line(s) 23,45 com/inmobi/media/C0259j0.java, line(s) 15 com/inmobi/media/C0301lc.java, line(s) 22,44 eu/sisik/hackendebug/SplashActivity.java, line(s) 17 eu/sisik/hackendebug/adb/AdbServerService.java, line(s) 76 eu/sisik/hackendebug/backup/BackupService.java, line(s) 38 eu/sisik/hackendebug/connection/ConnectionService.java, line(s) 33 eu/sisik/hackendebug/connection/PairDialog.java, line(s) 48 eu/sisik/hackendebug/packages/PackageIntentService.java, line(s) 90,88,89 eu/sisik/hackendebug/utils/EulaChecker.java, line(s) 26 eu/sisik/hackendebug/utils/PasswordDialog.java, line(s) 24
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/inmobi/media/C0181k3.java, line(s) 94,97,170,173 com/inmobi/media/C0276k3.java, line(s) 95,98,171,174 eu/sisik/hackendebug/files/FileManagerFragment$processPulledFile$1.java, line(s) 58 eu/sisik/hackendebug/packages/PackageFragment$packageServiceReceiver$1$onReceive$3.java, line(s) 75 eu/sisik/hackendebug/screencap/Recorder.java, line(s) 177 eu/sisik/hackendebug/screencap/ScreenServerActivity.java, line(s) 201 eu/sisik/hackendebug/utils/DownloadDialog.java, line(s) 247,252,257,262,267 eu/sisik/hackendebug/utils/Utils.java, line(s) 241
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/applovin/impl/m7.java, line(s) 18 com/applovin/impl/z6.java, line(s) 63 com/inmobi/media/C0046a9.java, line(s) 10 com/inmobi/media/C0081d1.java, line(s) 18 com/inmobi/media/C0141a9.java, line(s) 11 com/inmobi/media/C0149i.java, line(s) 11 com/inmobi/media/C0176d1.java, line(s) 33 com/inmobi/media/C0244i.java, line(s) 10 com/inmobi/media/C0302s8.java, line(s) 20 com/inmobi/media/C0397s8.java, line(s) 23 com/inmobi/media/T1.java, line(s) 4 org/jacoco/core/runtime/AbstractRuntime.java, line(s) 3 org/junit/runner/manipulation/Ordering.java, line(s) 7
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: eu/sisik/hackendebug/adb/AdbKeyKt.java, line(s) 76
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/applovin/impl/l3.java, line(s) 97,99,94,103,91,92,96,87,105,100,102,104,88,101,90,93,107,106,95,89 com/applovin/mediation/BuildConfig.java, line(s) 4 eu/sisik/hackendebug/connection/ConnectDialog.java, line(s) 330 eu/sisik/hackendebug/connection/MdnsSdResolver.java, line(s) 32 eu/sisik/hackendebug/connection/PairDialog.java, line(s) 153
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/applovin/impl/adview/l.java, line(s) 23,19
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/inmobi/media/C0055b3.java, line(s) 6,106,168 com/inmobi/media/C0150b3.java, line(s) 6,106,168
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/inmobi/media/Ba.java, line(s) 643,576
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "ca-app-pub-0000000000000000~0000000000" "key_try_autofetch_connection_params" : "key.autofetch.connection.params" "google_app_id" : "1:491014885857:android:c2c17409276c5ba4" "pref_key_vid_bitrate" : "bit_rate" "pref_key_custom_install_args" : "pref.key.custom.install.args" "pref_key_vid_resolution" : "key_screencap_res" "key_power_on_when_connected" : "power_on_when_target_connected" "category_commands_settings_key" : "key_commands" "key_enable_mirroring_audio" : "key.show.enable.mirroring.audio" "key_start_adb_server_foreground" : "key.start.adb.server.foreground" "pref_key_installer_name" : "pref.key.installer.name" "com.google.firebase.crashlytics.mapping_file_id" : "00000000000000000000000000000000" "pref_key_portrait_res" : "key_portrait_res" "key_total_screenshots" : "total_screenshots" "key_show_hidden_files" : "key.show.hidden.files" "pref_key_files_last_used_vs_custom" : "key_files_last_used_vs_custom" "google_api_key" : "AIzaSyBKD1awM_mSSiTIGEiV5z4dbXdrlLsIG_8" "google_crash_reporting_api_key" : "AIzaSyBKD1awM_mSSiTIGEiV5z4dbXdrlLsIG_8" "key_clear_all_screenshots" : "key_clear_all_screenshots" "pref_key_files_custom_initial_path" : "key_files_custom_initial_path" "key_try_autofetch_pairing_info" : "key.autofetch.pairing.info" "key_enable_custom_install_args" : "key.enable.specify.custom.install.args" "key_specify_installer_package" : "key.specify.installer.package" "firebase_database_url" : "https://hackendebug.firebaseio.com" "key_enable_screencap_sound" : "Settings..." "pref_key_max_fps" : "max_fps" "key_try_reconnect_last_wifi_targets" : "key.reconnect.last.wifi.targets" 730056C88F4BB7EA4F4A7204D97AB88C 7FC99B76D2E8A76616C108F42797A81A 79D16010181FBF6B37BC1569FF1E2ED6 7B27A4A46E8EB58B4EE6F65D08A54877 080AC2E13B0DA2B9D7A8CD3E0E4A4F1C D9CD1CC3A8C7F71CCF29AEBDCE5D2FD9 LFMrBRhUND+2ac6pPuv9NGIiF7t3Oz4z8DOZlKEBgm8= 1C09350F860199A810288BEE11855A5D
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/applovin/impl/sdk/n.java, line(s) 62,94,52,98,72,112,78,116 com/applovin/impl/w3.java, line(s) 47,53,59 com/iab/omid/library/applovin/publisher/b.java, line(s) 30,32 com/iab/omid/library/applovin/utils/d.java, line(s) 18,11,25 com/iab/omid/library/inmobi/publisher/b.java, line(s) 30,32 com/iab/omid/library/inmobi/utils/d.java, line(s) 18,11,25 com/inmobi/media/AbstractC0244o6.java, line(s) 35,45,65,70,93,98,26,58,20,53 com/inmobi/media/AbstractC0339o6.java, line(s) 35,45,65,70,93,98,26,58,20,53 com/inmobi/media/Ac.java, line(s) 171,183 com/inmobi/media/Bb.java, line(s) 38 com/inmobi/media/C0.java, line(s) 248 com/inmobi/media/C0090da.java, line(s) 27 com/inmobi/media/C0185da.java, line(s) 27 com/inmobi/media/C0205lb.java, line(s) 42,48,52 com/inmobi/media/C0300lb.java, line(s) 42,48,52 com/inmobi/media/C0387y9.java, line(s) 37,64,71 com/inmobi/media/C0482y9.java, line(s) 37,64,71 com/inmobi/media/F1.java, line(s) 33,54 com/inmobi/media/G3.java, line(s) 27 com/inmobi/media/L.java, line(s) 29,36,49 com/inmobi/media/M.java, line(s) 78,31,35,56,59,64,69,73 com/inmobi/media/M0.java, line(s) 127 com/inmobi/media/N.java, line(s) 24,46,51,56 com/inmobi/media/P.java, line(s) 221,206 com/inmobi/media/Q.java, line(s) 36,40,43,47 com/inmobi/media/Y2.java, line(s) 76 com/inmobi/media/Z.java, line(s) 72 com/inmobi/media/jd.java, line(s) 122 eu/sisik/hackendebug/MainActivity$handleReconnectLastWifiConnections$1.java, line(s) 52 eu/sisik/hackendebug/MainActivity$loadInterstitialAd$1$onAdLoaded$1.java, line(s) 21,40 eu/sisik/hackendebug/MainActivity$loadInterstitialAd$1.java, line(s) 29,38,59 eu/sisik/hackendebug/MainActivity$onConnect$1.java, line(s) 55,191,158 eu/sisik/hackendebug/MainActivity$saveConnectDataForReconnect$1.java, line(s) 89,134 eu/sisik/hackendebug/MainActivity.java, line(s) 622,655,726,736,743,768,772,815,1107,1144,1248,1263,1355,1416,1418,1445,1539,1587,1604,1621,1659,1725,1729,1730,1745,628,652,1211,1518,806,838 eu/sisik/hackendebug/SplashActivity.java, line(s) 34 eu/sisik/hackendebug/UsbReceiver.java, line(s) 29,52,57,61,26 eu/sisik/hackendebug/about/AboutDialog.java, line(s) 198 eu/sisik/hackendebug/adb/AdbClient.java, line(s) 291,299,334,342,97,179,200,203,268,282,293,315,325,336 eu/sisik/hackendebug/adb/AdbClient2.java, line(s) 308,360,490,493,495,498,514,134,214,367,370,373,436,351 eu/sisik/hackendebug/adb/AdbServerService$launchServerAsync$1.java, line(s) 68,59 eu/sisik/hackendebug/adb/AdbServerService$launchServerAsync$2.java, line(s) 48,54 eu/sisik/hackendebug/adb/AdbServerService$onStartCommand$3$1.java, line(s) 46 eu/sisik/hackendebug/adb/AdbServerService$onStartCommand$5.java, line(s) 44 eu/sisik/hackendebug/adb/AdbServerService$usbReceiver$1$onReceive$1$1.java, line(s) 46 eu/sisik/hackendebug/adb/AdbServerService.java, line(s) 112,126,168,183,193,203,234,291,304,325,456,517,527,572,620,624,633,665,684,317,522,576 eu/sisik/hackendebug/adb/AdbShellActivityKt.java, line(s) 354,359,451 eu/sisik/hackendebug/adb/AdbShellViewModel.java, line(s) 35 eu/sisik/hackendebug/adb/DeviceListingService.java, line(s) 67,71,92,114,126,143,153 eu/sisik/hackendebug/adb/ShellConnection$readAndDump$2.java, line(s) 80,83 eu/sisik/hackendebug/adb/ShellConnection.java, line(s) 54,59,64 eu/sisik/hackendebug/ads/UtilsKt.java, line(s) 27 eu/sisik/hackendebug/backup/BackupActivity$loadList$1.java, line(s) 119,126 eu/sisik/hackendebug/backup/BackupActivity.java, line(s) 312,343,326,333 eu/sisik/hackendebug/backup/BackupArchive.java, line(s) 55,57,73,107,108,109,119,231,269,280 eu/sisik/hackendebug/backup/BackupDialog.java, line(s) 519,243 eu/sisik/hackendebug/backup/BackupFragment$createBackupReceiver$1.java, line(s) 25 eu/sisik/hackendebug/backup/BackupFragment.java, line(s) 112,125,216,542,571,594,631,716,859 eu/sisik/hackendebug/backup/BackupService.java, line(s) 109,127,174,177,197,202,221 eu/sisik/hackendebug/commands/BuiltinCommandsHolder.java, line(s) 349 eu/sisik/hackendebug/commands/CommandProcessingService$adbResultListener$1.java, line(s) 26 eu/sisik/hackendebug/commands/CommandProcessingService.java, line(s) 100,115,144,185,194,199,216,224,246,253,256,260 eu/sisik/hackendebug/commands/CommandQueueService.java, line(s) 52,100,112,145,215 eu/sisik/hackendebug/commands/CommandsFragment.java, line(s) 182,372,392,393,423,612,615,643,875,889,909,344,368 eu/sisik/hackendebug/commands/CustomCommandDialog.java, line(s) 268 eu/sisik/hackendebug/commands/RawAdbCommandsService.java, line(s) 59,141 eu/sisik/hackendebug/commands/ShellActivity$onResume$1.java, line(s) 129 eu/sisik/hackendebug/commands/ShellActivity$saveCommandsHistory$1.java, line(s) 104 eu/sisik/hackendebug/commands/ShellActivity.java, line(s) 238,359,608,625,630,634,664,746,789 eu/sisik/hackendebug/commands/ShellService.java, line(s) 45,71,117,119,126,182,201,194,198 eu/sisik/hackendebug/commands/UtilsKt.java, line(s) 161,176,178,183,185 eu/sisik/hackendebug/connection/ConnectDialog$saveIpToHistoryList$1$1.java, line(s) 113 eu/sisik/hackendebug/connection/ConnectDialog$saveIpsToHistoryList$1.java, line(s) 105 eu/sisik/hackendebug/connection/ConnectDialog.java, line(s) 226,254,270,345,211,323,379 eu/sisik/hackendebug/connection/ConnectionService.java, line(s) 125,134,146,148,168,172,192 eu/sisik/hackendebug/connection/ForwardReverseModel$forwardReverse$1.java, line(s) 52 eu/sisik/hackendebug/connection/ForwardReverseModel.java, line(s) 72,81 eu/sisik/hackendebug/connection/ForwardReverseRepository.java, line(s) 21 eu/sisik/hackendebug/connection/LocalAdbCommandProcessor.java, line(s) 22 eu/sisik/hackendebug/connection/MdnsSdResolver$start$2.java, line(s) 82,89,96,104 eu/sisik/hackendebug/connection/MdnsSdResolver.java, line(s) 235 eu/sisik/hackendebug/connection/PairDialog$onResume$job$1.java, line(s) 67 eu/sisik/hackendebug/connection/PairDialog.java, line(s) 76,206,241,406,497 eu/sisik/hackendebug/connection/PairNotificationService$onStartCommand$1$1.java, line(s) 57 eu/sisik/hackendebug/connection/PairNotificationService.java, line(s) 132 eu/sisik/hackendebug/connection/QrCodePairingDialog$onNsdAdbConnectServiceFound$1$1.java, line(s) 128 eu/sisik/hackendebug/connection/QrCodePairingDialog$pairingResultReceiver$1.java, line(s) 32,49,52 eu/sisik/hackendebug/connection/QrCodePairingDialog.java, line(s) 93,125,187 eu/sisik/hackendebug/connection/ScannerService.java, line(s) 94 eu/sisik/hackendebug/connection/WorkerAdbCommandProcessor.java, line(s) 16 eu/sisik/hackendebug/device/DeviceFragment.java, line(s) 76,99,218,344,351,369 eu/sisik/hackendebug/device/DeviceInfoService.java, line(s) 453,469,474,493,273 eu/sisik/hackendebug/files/FileManagerFragment$processPulledFile$1.java, line(s) 55 eu/sisik/hackendebug/files/FileManagerFragment$receiver$1.java, line(s) 59,71,75 eu/sisik/hackendebug/files/FileManagerFragment.java, line(s) 158,510,633,672,676,684,729,738,743,880,903,956,972,982,998,1090,1100,1108,1116,1121,1128,1191,1348,1436,1482,1495,1499,674,1501 eu/sisik/hackendebug/files/FileManagerService$copyFile$1.java, line(s) 41 eu/sisik/hackendebug/files/FileManagerService$extract$1.java, line(s) 39 eu/sisik/hackendebug/files/FileManagerService$onHandleIntent$2.java, line(s) 78,84 eu/sisik/hackendebug/files/FileManagerService$pushFile$1.java, line(s) 95 eu/sisik/hackendebug/files/FileManagerService$pushFile$3.java, line(s) 35,42 eu/sisik/hackendebug/files/FileManagerService$removeFile$2.java, line(s) 31 eu/sisik/hackendebug/files/FileManagerService$zip$1.java, line(s) 39 eu/sisik/hackendebug/files/FileManagerService.java, line(s) 406,415,437,451,873,884,885,887,891,892,900,919,929,935,986,991,1013,922 eu/sisik/hackendebug/flashing/AndroidImageParserKt.java, line(s) 38,49,65 eu/sisik/hackendebug/flashing/FastbootShellActivity$saveCommandsHistory$1.java, line(s) 104 eu/sisik/hackendebug/flashing/FastbootShellActivity.java, line(s) 88,110,184,310,313,321,350,450,211 eu/sisik/hackendebug/flashing/FlashingFragment$fastbootReceiver$1$onReceive$1.java, line(s) 69 eu/sisik/hackendebug/flashing/FlashingFragment.java, line(s) 76,90,93,104,184,193,301,372,412,442,515,545 eu/sisik/hackendebug/flashing/FlashingService$onStartCommand$1.java, line(s) 51 eu/sisik/hackendebug/flashing/FlashingService$onStartCommand$2.java, line(s) 51 eu/sisik/hackendebug/flashing/FlashingService.java, line(s) 63,75,151,159,171,175,192,207,211,216,272 eu/sisik/hackendebug/flashing/SideloadDialog$receiver$1.java, line(s) 50 eu/sisik/hackendebug/flashing/SideloadDialog.java, line(s) 95 eu/sisik/hackendebug/flashing/SideloadService.java, line(s) 22,74,86 eu/sisik/hackendebug/logcat/LeanLogcatFragment.java, line(s) 131,134,138,252,305,338,363,462 eu/sisik/hackendebug/logcat/LogcatAdapter.java, line(s) 136 eu/sisik/hackendebug/logcat/LogcatService.java, line(s) 138,144,148,180 eu/sisik/hackendebug/packages/ApkItemLoaderService.java, line(s) 120 eu/sisik/hackendebug/packages/ApkListActivity.java, line(s) 98,115,122,480,491 eu/sisik/hackendebug/packages/ApkListAdapter.java, line(s) 94 eu/sisik/hackendebug/packages/InstallSelectDialog.java, line(s) 63,143,172 eu/sisik/hackendebug/packages/PackageFilterDialog.java, line(s) 76,189,205,223 eu/sisik/hackendebug/packages/PackageFragment$initView$9$1.java, line(s) 63 eu/sisik/hackendebug/packages/PackageFragment$loadPackages$1$duration$1$1.java, line(s) 91 eu/sisik/hackendebug/packages/PackageFragment$loadPackages$1.java, line(s) 76,94 eu/sisik/hackendebug/packages/PackageFragment$loadPackages$2.java, line(s) 89,91,129,173 eu/sisik/hackendebug/packages/PackageFragment$packageServiceReceiver$1$onReceive$2.java, line(s) 52 eu/sisik/hackendebug/packages/PackageFragment$packageServiceReceiver$1$onReceive$3.java, line(s) 67,73,79 eu/sisik/hackendebug/packages/PackageFragment.java, line(s) 299,504,526,625,668,771,802,840,879,881,888,898,915,925,979,988,1013,1078,1087,1117,1186,1266,1289,1364,1368,605,616 eu/sisik/hackendebug/packages/PackageInfoModel.java, line(s) 120,182 eu/sisik/hackendebug/packages/PackageIntentService.java, line(s) 277,364,412,452,512,524,567,602,606,707,778,338,366,419,771 eu/sisik/hackendebug/packages/PackageListingService$processListPackages$1.java, line(s) 64,80 eu/sisik/hackendebug/packages/PackageListingService.java, line(s) 122 eu/sisik/hackendebug/packages/TargetConnectionsManager$handleDevice$3$job$1.java, line(s) 55 eu/sisik/hackendebug/packages/TargetConnectionsManager$handleDevice$connection$1$2.java, line(s) 106 eu/sisik/hackendebug/packages/TargetConnectionsManager$receiver$1$onReceive$1$2$1.java, line(s) 31 eu/sisik/hackendebug/packages/TargetConnectionsManager$requestIcon$2.java, line(s) 52 eu/sisik/hackendebug/packages/TargetConnectionsManager$requestPackageInfo$2.java, line(s) 52 eu/sisik/hackendebug/packages/TargetConnectionsManager.java, line(s) 95,96,127,232,239,317 eu/sisik/hackendebug/prefs/PrefsFragment$initView$1$1.java, line(s) 49 eu/sisik/hackendebug/prefs/PrefsFragment$initView$11$1.java, line(s) 50 eu/sisik/hackendebug/prefs/PrefsFragment$initView$9$1.java, line(s) 50 eu/sisik/hackendebug/prefs/PrefsFragment.java, line(s) 47,290 eu/sisik/hackendebug/processes/ProcessFragment.java, line(s) 341,368,198 eu/sisik/hackendebug/processes/ProcessIntentService.java, line(s) 54,83,92 eu/sisik/hackendebug/remote/RemoteControlFragment$execKey$1.java, line(s) 41,142,101 eu/sisik/hackendebug/screencap/AudioPlayer.java, line(s) 80,88,99,102,179,43,206,219 eu/sisik/hackendebug/screencap/Recorder$addAudioSample$3.java, line(s) 71,75 eu/sisik/hackendebug/screencap/Recorder$addVideoSample$3.java, line(s) 81,86 eu/sisik/hackendebug/screencap/Recorder$stop$2.java, line(s) 75,89,100,77,91 eu/sisik/hackendebug/screencap/Recorder.java, line(s) 116,132 eu/sisik/hackendebug/screencap/ScreenMirrorActivity$startMirroring$1.java, line(s) 73,78,106,136,281 eu/sisik/hackendebug/screencap/ScreenMirrorActivity$stopMirroring$1.java, line(s) 29,50 eu/sisik/hackendebug/screencap/ScreenMirrorActivity$textureListener$1.java, line(s) 33,59,61,83,75 eu/sisik/hackendebug/screencap/ScreenMirrorActivity.java, line(s) 238,243,416,593,596,763,782,784,816,511 eu/sisik/hackendebug/screencap/ScreenRenderer.java, line(s) 66,74,89,92,172,42,187,200 eu/sisik/hackendebug/screencap/ScreenServerActivity$handleRecording$2.java, line(s) 61,67,149 eu/sisik/hackendebug/screencap/ScreenServerActivity$showRecordedVideoThumb$2.java, line(s) 100,131 eu/sisik/hackendebug/screencap/ScreenServerActivity.java, line(s) 90,101,549,554,234 eu/sisik/hackendebug/screencap/ScreenServerRenderer.java, line(s) 155,178,325,351,430,435,514,522,558,242,390,392,387 eu/sisik/hackendebug/screencap/ScreenServerSurfaceView.java, line(s) 67,74 eu/sisik/hackendebug/screencap/ScreencapFragment.java, line(s) 133,186,263 eu/sisik/hackendebug/screencap/ScreencapService.java, line(s) 106,145,150,168,117,121 eu/sisik/hackendebug/screencap/SocketPipeMediaDataSource.java, line(s) 34,60 eu/sisik/hackendebug/screencap/TargetConnection$startReceivingAudio$2.java, line(s) 99 eu/sisik/hackendebug/screencap/TargetConnection$startReceivingControlMessages$2.java, line(s) 79,82,86 eu/sisik/hackendebug/screencap/TargetConnection$stop$2.java, line(s) 83 eu/sisik/hackendebug/screencap/TargetConnection$stop$3.java, line(s) 47,49,55,60,68,69,71 eu/sisik/hackendebug/screencap/TargetConnection.java, line(s) 152,154,264,349,421,431,440,602,697,714,718,334,699 eu/sisik/hackendebug/utils/AskForReviewKt$askForReviewIfSuitable$2.java, line(s) 73,162,63,115 eu/sisik/hackendebug/utils/AskForReviewKt$recordDeviceConnected$2.java, line(s) 44 eu/sisik/hackendebug/utils/AskForReviewKt$recordSuccessfullyUsed$2.java, line(s) 44 eu/sisik/hackendebug/utils/BusyLoopScheduler.java, line(s) 60,83 eu/sisik/hackendebug/utils/DisclaimerDialog.java, line(s) 177,151 eu/sisik/hackendebug/utils/DynamicSearchDialog.java, line(s) 62,84 eu/sisik/hackendebug/utils/EulaChecker.java, line(s) 71 eu/sisik/hackendebug/utils/FatalErrorDialog.java, line(s) 81 eu/sisik/hackendebug/utils/FileCacheService.java, line(s) 101,104,186,189,221 eu/sisik/hackendebug/utils/GenericConfirmationDialog.java, line(s) 149,177 eu/sisik/hackendebug/utils/GenericDisclaimerDialog.java, line(s) 170 eu/sisik/hackendebug/utils/GlobalProgressDialog.java, line(s) 74 eu/sisik/hackendebug/utils/MsgDisclaimerDialog.java, line(s) 83 eu/sisik/hackendebug/utils/NewDisclaimerDialog.java, line(s) 157 eu/sisik/hackendebug/utils/PreferenceProvider.java, line(s) 115,433,502,515 eu/sisik/hackendebug/utils/ProgressDialog.java, line(s) 154,182 eu/sisik/hackendebug/utils/ServerExecConnection$start$3.java, line(s) 63,128 eu/sisik/hackendebug/utils/ServerExecConnection$startReceivingControlMessages$2.java, line(s) 66,83,116,74,79 eu/sisik/hackendebug/utils/ServerExecConnection$startReceivingDataMessages$2.java, line(s) 66,97 eu/sisik/hackendebug/utils/ServerExecConnection$stop$3.java, line(s) 71,104,108,118 eu/sisik/hackendebug/utils/ServerExecConnection.java, line(s) 198,340,358,139 eu/sisik/hackendebug/utils/ServerExecConnection2$start$2.java, line(s) 61,141,150,185,196,253,269,250,265 eu/sisik/hackendebug/utils/ServerExecConnection2$startReceivingControlMessages$2.java, line(s) 63,80,113,76 eu/sisik/hackendebug/utils/ServerExecConnection2$stop$2.java, line(s) 71,101,105,110,112 eu/sisik/hackendebug/utils/ServerExecConnection2.java, line(s) 89,119,194,338,345,167 eu/sisik/hackendebug/utils/ServerExecUtilKt.java, line(s) 70,72,121 eu/sisik/hackendebug/utils/TransferProgressDialog.java, line(s) 48 eu/sisik/hackendebug/utils/UtilKt.java, line(s) 106,118,128,130,155,397,405,429,470,473,500,502,936,999,1027,168,504,834,860 eu/sisik/hackendebug/utils/Utils.java, line(s) 391,392,411,433,438,497,211,356,388,437 junit/runner/BaseTestRunner.java, line(s) 252 junit/runner/Version.java, line(s) 12 junit/textui/TestRunner.java, line(s) 37,84,115
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: eu/sisik/hackendebug/commands/ShellActivity.java, line(s) 5,539,546 eu/sisik/hackendebug/screencap/ScreenMirrorActivity$startMirroring$1.java, line(s) 4,109,110
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://hackendebug.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/inmobi/media/C0373x9.java, line(s) 57,61 com/inmobi/media/C0468x9.java, line(s) 57,61
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/491014885857/namespaces/firebase:fetch?key=AIzaSyBKD1awM_mSSiTIGEiV5z4dbXdrlLsIG_8 ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}