页面标题
页面副标题
移动应用安全检测报告
All Email Access v2.0.1298
47
安全评分
安全基线评分
47/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
8
高危
78
中危
4
信息
2
安全
隐私风险评估
10
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
8
中危安全漏洞
78
安全提示信息
4
已通过安全项
2
重点安全关注
1
高危安全漏洞 域配置不安全地配置为允许明文流量到达范围内的这些域。
Scope: 127.0.0.1
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/calldorado/util/crypt/AesCbcWithIntegrity.java, line(s) 282,305 com/opensignal/TUf.java, line(s) 78,88 com/uxcam/internals/gs.java, line(s) 23
高危安全漏洞 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: com/qualityinfo/internal/o4.java, line(s) 11,12,13,14,15,3 com/qualityinfo/internal/w3.java, line(s) 15,3
高危安全漏洞 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/calldorado/c1o/sdk/framework/TUy1.java, line(s) 334 com/opensignal/m6.java, line(s) 49 com/qualityinfo/internal/w.java, line(s) 46,219
高危安全漏洞 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: com/qualityinfo/internal/jh.java, line(s) 670,668
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/applovin/impl/adview/b.java, line(s) 312,14 com/applovin/impl/sdk/e/s.java, line(s) 94,4 com/qualityinfo/internal/jh.java, line(s) 110,20,21
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/applovin/impl/adview/d.java, line(s) 166,8 com/applovin/impl/adview/y.java, line(s) 20,6
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个10隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 Broadcast Receiver (info.myapp.allemailaccess.InstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.INSTALL_PACKAGES [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.calldorado.android.blocking.CalldoradoCallScreening) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_SCREENING_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (info.myapp.allemailaccess.presentation.main.ui.MainActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (info.myapp.allemailaccess.presentation.editproviders.ui.EditModeActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (info.myapp.allemailaccess.FirebaseEventBroadcastReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (info.myapp.allemailaccess.UpgradeReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (info.myapp.allemailaccess.aftercall.SetupFragmentReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (info.myapp.allemailaccess.helper.DAUAlarmReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.calldorado.ui.settings.SettingsActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.calldorado.ui.settings.SettingsActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (info.myapp.allemailaccess.CCPABroadcastReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (info.myapp.allemailaccess.calendar.alarmManager.CalendarEventsAlarmReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (info.myapp.allemailaccess.helper.ThirdPartiesReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.facebook.ads.AudienceNetworkActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.facebook.ads.AudienceNetworkActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.ui.OverlayGuideActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.calldorado.receivers.chain.PhoneStateReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.calldorado.receivers.ActionReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.calldorado.blocking.BlockActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.calldorado.blocking.BlockActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.calldorado.blocking.BlockedNumberActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.calldorado.blocking.BlockedNumberActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.calldorado.blocking.BlockFromContactsActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.calldorado.blocking.BlockFromContactsActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.calldorado.blocking.BlockFromCallLogActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.calldorado.blocking.BlockFromCallLogActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.calldorado.permissions.PermissionCheckActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.calldorado.permissions.PermissionCheckActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.calldorado.ad.interstitial.InterstitialHolderActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.calldorado.ad.interstitial.InterstitialHolderActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.calldorado.search.manual_search.LoadingActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.calldorado.search.manual_search.LoadingActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.calldorado.ui.debug_dialog_items.DebugActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.calldorado.ui.debug_dialog_items.DebugActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.calldorado.ui.settings.LicensesActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.calldorado.ui.settings.LicensesActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.calldorado.ui.wic.WicDialogActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.calldorado.ui.wic.WicDialogActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.calldorado.ui.aftercall.CallerIdActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.calldorado.ui.aftercall.CallerIdActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.calldorado.receivers.cdfQWCBReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.calldorado.receivers.NewsDebugReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.calldorado.ui.debug_dialog_items.waterfall.WaterfallActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.calldorado.ui.debug_dialog_items.waterfall.WaterfallActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.cellrebel.sdk.utils.PhoneStateReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.calldorado.optin.receivers.LegislationTestReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.calldorado.optin.receivers.CDFQWCBReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.optin.OverlayGuideActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.optin.DoNotSellMyDataActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.optin.CpraLimitDataActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.optin.OptinActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.optin.OptinDialogActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.cuebiq.cuebiqsdk.receiver.InitializationReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.cuebiq.cuebiqsdk.service.FlushService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.opensignal.sdk.data.receiver.DataCollectorReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.opensignal.sdk.framework.TUSDKRunningReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (androidx.compose.ui.tooling.PreviewActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.google.android.play.core.assetpacks.AssetPackExtractionService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 高优先级 Intent(101) - {1} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 高优先级 Intent(998) - {1} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/calldorado/c1o/sdk/framework/TUa3.java, line(s) 3,210 com/calldorado/c1o/sdk/framework/TUc.java, line(s) 6,116,147,173,220,294,369,400 com/calldorado/c1o/sdk/framework/TUj9.java, line(s) 5,103 com/calldorado/c1o/sdk/framework/TUn8.java, line(s) 6,41,85,101,210 com/calldorado/c1o/sdk/framework/TUs3.java, line(s) 4,113 com/calldorado/c1o/sdk/framework/TUs7.java, line(s) 5,172,214,245 com/opensignal/TUq1.java, line(s) 4,5,23,24,32 com/opensignal/f6.java, line(s) 3,108 com/opensignal/g6.java, line(s) 6,69 com/opensignal/k9.java, line(s) 6,41,118,184,241 com/opensignal/q5.java, line(s) 5,112,149,221,297,324 com/qualityinfo/internal/c2.java, line(s) 8,9,206,211 com/qualityinfo/internal/sb.java, line(s) 12,13,489,778,830,855,869,1001 net/sqlcipher/database/SQLiteDatabase.java, line(s) 1347,1366,355,385,804,811,1069,1331,1451,1587,1610,1761
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/applovin/mediation/adapters/NimbusMediationAdapter.java, line(s) 30 com/applovin/mediation/adapters/facebook/BuildConfig.java, line(s) 10 com/applovin/mediation/adapters/google/BuildConfig.java, line(s) 10 com/applovin/mediation/adapters/googleadmanager/BuildConfig.java, line(s) 10 com/calldorado/c1o/sdk/framework/TUm7.java, line(s) 372 com/calldorado/c1o/sdk/framework/TUo7.java, line(s) 814 com/calldorado/c1o/sdk/framework/TUu6.java, line(s) 282 com/cellrebel/sdk/utils/n.java, line(s) 196 com/opensignal/c.java, line(s) 59 com/opensignal/p6.java, line(s) 694 com/opensignal/r6.java, line(s) 1167 com/opensignal/uc.java, line(s) 38 com/opensignal/vc.java, line(s) 30 com/qualityinfo/IC.java, line(s) 331,246,331 com/qualityinfo/internal/CT.java, line(s) 408 com/qualityinfo/internal/h9.java, line(s) 95 info/myapp/allemailaccess/helper/ThirdParties.java, line(s) 171
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/applovin/exoplayer2/h/z.java, line(s) 4 com/applovin/impl/b/m.java, line(s) 17 com/calldorado/c1o/sdk/framework/TUa.java, line(s) 13 com/calldorado/c1o/sdk/framework/TUc4.java, line(s) 51 com/calldorado/c1o/sdk/framework/TUm7.java, line(s) 22 com/calldorado/c1o/sdk/framework/TUo7.java, line(s) 14 com/calldorado/c1o/sdk/framework/TUq3.java, line(s) 15 com/calldorado/c1o/sdk/framework/TUr1.java, line(s) 11 com/calldorado/c1o/sdk/framework/TUs2.java, line(s) 8 com/calldorado/services/scraping/DataUtilityService.java, line(s) 34 com/calldorado/stats/AsyncStatsCommunicationWorker.java, line(s) 34 com/calldorado/stats/StatsCommunicationWorker.java, line(s) 33 com/calldorado/ui/aftercall/CallerIdActivity.java, line(s) 114 com/calldorado/ui/shared_wic_aftercall/viewpager/pages/reminder_page/ReminderBroadcastReceiver.java, line(s) 18 com/calldorado/ui/shared_wic_aftercall/viewpager/pages/reminder_page/ReminderViewPage.java, line(s) 43 com/calldorado/util/workmanagers/CalldoradoCommunicationWorker.java, line(s) 25 com/cellrebel/sdk/trafficprofile/b.java, line(s) 11 com/cellrebel/sdk/trafficprofile/c.java, line(s) 6 com/cellrebel/sdk/trafficprofile/udp/messages/b.java, line(s) 6 com/opensignal/TUr1.java, line(s) 9 com/opensignal/TUr8.java, line(s) 13 com/opensignal/b7.java, line(s) 7 com/opensignal/d0.java, line(s) 23 com/opensignal/k5.java, line(s) 11 com/opensignal/mh.java, line(s) 256 com/opensignal/nh.java, line(s) 5 com/opensignal/r6.java, line(s) 14 com/opensignal/sdk/common/measurements/speedtest/BaseSpeedTest.java, line(s) 11 com/opensignal/sdk/common/measurements/speedtest/cTUc.java, line(s) 17 com/opensignal/sdk/framework/TUfTU.java, line(s) 41 com/opensignal/sdk/framework/TUl2.java, line(s) 48 com/opensignal/sdk/framework/TUz1.java, line(s) 40 com/opensignal/u7.java, line(s) 17 com/opensignal/wb.java, line(s) 12 com/opensignal/y7.java, line(s) 13 com/opensignal/yc.java, line(s) 45 com/qualityinfo/IS.java, line(s) 14 com/qualityinfo/internal/CT.java, line(s) 19 com/qualityinfo/internal/a3.java, line(s) 6 com/qualityinfo/internal/j3.java, line(s) 17 com/qualityinfo/internal/j4.java, line(s) 4 com/qualityinfo/internal/y.java, line(s) 31 com/qualityinfo/internal/ye.java, line(s) 8 com/qualityinfo/internal/zc.java, line(s) 6 org/jacoco/core/runtime/AbstractRuntime.java, line(s) 3
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/applovin/impl/mediation/c/a/a.java, line(s) 35 com/applovin/impl/sdk/n.java, line(s) 1573 com/applovin/mediation/ads/MaxAdView.java, line(s) 141,131 com/applovin/mediation/ads/MaxAppOpenAd.java, line(s) 66,56 com/applovin/mediation/ads/MaxInterstitialAd.java, line(s) 75,65 com/applovin/mediation/ads/MaxRewardedAd.java, line(s) 93,83 com/applovin/mediation/ads/MaxRewardedInterstitialAd.java, line(s) 70,60 com/applovin/mediation/nativeAds/MaxNativeAdLoader.java, line(s) 70,65 com/applovin/sdk/AppLovinSdk.java, line(s) 181 com/applovin/sdk/AppLovinSdkSettings.java, line(s) 172 com/applovin/sdk/AppLovinWebViewActivity.java, line(s) 24 com/calldorado/ad/AdResultSet.java, line(s) 83 com/calldorado/ad/data_models/AdProfileModel.java, line(s) 436 com/calldorado/c1o/sdk/framework/TUj8.java, line(s) 81 com/cellrebel/sdk/database/k.java, line(s) 355 com/cellrebel/sdk/networking/beans/request/AuthRequestModel.java, line(s) 214,214 com/cuebiq/cuebiqsdk/Contextual.java, line(s) 767 com/cuebiq/cuebiqsdk/api/generic/HttpHeader.java, line(s) 162 com/cuebiq/cuebiqsdk/models/rawmodels/AppSettingsRawV1.java, line(s) 95 com/cuebiq/cuebiqsdk/models/settings/AppSettings.java, line(s) 70 com/cuebiq/cuebiqsdk/usecase/init/migration/DirtyMigration.java, line(s) 46 com/qualityinfo/internal/pc.java, line(s) 9,8 info/myapp/allemailaccess/reminder/data/remote/GeofenceManagerImpl.java, line(s) 35 info/myapp/allemailaccess/reminder/screens/ReminderFragment.java, line(s) 72 info/myapp/allemailaccess/reminder/screens/add_reminder/AddReminderFragment.java, line(s) 84,87
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/calldorado/c1o/sdk/framework/TUjTU.java, line(s) 195,195,195,195,195 com/cellrebel/sdk/utils/h.java, line(s) 20,20,20,22,20,22,20,20 com/opensignal/q9.java, line(s) 201,201,201,201,201
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/anggrayudi/storage/SimpleStorage.java, line(s) 60 com/anggrayudi/storage/file/DocumentFileCompat.java, line(s) 165,268 com/anggrayudi/storage/file/DocumentFileUtils.java, line(s) 454,471 com/anggrayudi/storage/media/MediaStoreCompat.java, line(s) 57 com/qualityinfo/internal/j2.java, line(s) 519,563 com/uxcam/screenaction/layout/FilePath.java, line(s) 14 com/uxcam/screenaction/utils/FilePath.java, line(s) 13 info/myapp/allemailaccess/DisplayWebViewActivity.java, line(s) 119 info/myapp/allemailaccess/attachments/AttachmentManager.java, line(s) 44
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/cellrebel/sdk/youtube/player/e.java, line(s) 159,155 com/qualityinfo/internal/eg.java, line(s) 574,582 com/qualityinfo/internal/jh.java, line(s) 793,801
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: info/myapp/allemailaccess/DisplayWebViewActivity.java, line(s) 119
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/applovin/impl/adview/y.java, line(s) 18,17 info/myapp/allemailaccess/DisplayWebViewActivity.java, line(s) 265,267,258 info/myapp/allemailaccess/WebviewFragment.java, line(s) 65,58
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/cellrebel/sdk/utils/n.java, line(s) 140 com/uxcam/internals/dj.java, line(s) 15
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/applovin/impl/sdk/utils/StringUtils.java, line(s) 78 com/applovin/impl/sdk/utils/p.java, line(s) 366 com/calldorado/util/crypt/AesCbcWithIntegrity.java, line(s) 325 com/calldorado/util/crypt/Cryption.java, line(s) 59
中危安全漏洞 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/825649563188/namespaces/firebase:fetch?key=AIzaSyAkg_ZF1SI4Viq_A8RHNPj92ygs3afNM-k ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"OPTIN_TO_USE": "1",
"USE_MAVLINK_ADS": "false",
"USE_NEW_ADS_FOR_CALLER": "2",
"ad_placeholder_variation": "0",
"ads_sdk_config": "{\"preloadAmount\":1,\"failThreshold\":3,\"backFillDelay\":{\"backFillDelay\":1000,\"initialBackFillDelay\":4000},\"applovinNativeConfig\":{\"adUnit\":\"33821c30c48549b4\"},\"gamConfig\":{\"adUnit\":\"/181874094/info.myapp.allemailaccess_inapp_final_AdsSDK\"},\"enableLogging\":true}",
"ads_sdk_config_av": "{\"preloadAmount\":1,\"failThreshold\":3,\"backFillDelay\":{\"backFillDelay\":1000,\"initialBackFillDelay\":4000},\"applovinNativeConfig\":{\"adUnit\":\"e9c528a27b213db9\"},\"gamConfig\":{\"adUnit\":\"/181874094/com.ztnstudio.notepad_inapp_native_avads_gz_banner\"}}",
"ads_sdk_config_bv": "{ \"preloadAmount\": 1, \"failThreshold\": 3, \"backFillDelay\": { \"backFillDelay\": 1000, \"initialBackFillDelay\": 4000 }, \"applovinNativeConfig\": { \"adUnit\": \"059586d0c1b55299\" }, \"gamConfig\": { \"adUnit\": \"/181874094/com.ztnstudio.notepad_inapp_native_avads_gz_icon\" } }",
"ads_sdk_config_cv": "{ \"preloadAmount\": 1, \"failThreshold\": 3, \"backFillDelay\": { \"backFillDelay\": 1000, \"initialBackFillDelay\": 4000 }, \"applovinNativeConfig\": { \"adUnit\": \"ef5aed0709e4c52a\" }, \"gamConfig\": { \"adUnit\": \"/181874094/com.ztnstudio.notepad_inapp_native_avads_gz_control\" } }",
"aea_ads_sdk_8_1_7": "{\"preloadAmount\":1,\"failThreshold\":3,\"backfillDelay\":1000,\"initialBackfillDelay\":4000,\"applovinNativeAdUnit\":\"33821c30c48549b4\",\"gamAdUnit\":\"/181874094/info.myapp.allemailaccess_inapp_final_AdsSDK\",\"applovinSdkKey\":\"v9NXTSNp02Na7oJxSSPXhei9s36dqobC_MC6Z514hnxhh9ZHvvnThDsFt2S2FNBzzPqKER8xCqMJyoGUf4PONJ\",\"startMuted\":true,\"adMobNativeAdUnit\":\"ca-app-pub-7756523234329066/8168846080\",\"preloadingEnabled\":true,\"primaryProvider\":\"applovin\",\"secondaryProvider\":\"gam\",\"sequentialLoading\":false}",
"app_validation": "{ \"enabled\": \"false\", \"key\": \"\", \"validation_percent\": 0 }",
"appsflyer_enabled": "true",
"back_button_behavior": "0",
"cellrebel_enable": "true",
"cmp_enabled": "false",
"cmp_enabled_fab": "true",
"cmp_hide_for_banked_users": "true",
"cmp_show_after_optin": "false",
"config_in_app_adkey": "",
"consent_days_interval": "2",
"cu_conditions": "",
"cu_enabled": "true",
"cu_terms_id": "11",
"enable_5g_detection": "false",
"enable_dnd_cards": "false",
"fab_buy_ad_free_enable": "1",
"firebase_notification_interval_hours": "1000000000",
"firebase_optin_overlay_a11_strategy": "0",
"firebase_optin_transition_animation": "2",
"firebase_overlay_tutorial_delay_ms": "700",
"firebase_reoptin_interval_hours": "0",
"firebase_screens_order": "welcome,location,overlay,notification,chinese",
"firebase_screens_order_q": "welcome,overlay,notification,location,chinese",
"firebase_should_send_notification": "false",
"flash_ads_module_config": "{\"preloadAmount\":1,\"backFillDelay\":{\"backFillDelay\":1000,\"initialBackFillDelay\":4000},\"applovinNativeConfig\":{\"adUnit\":\"9e51655ba1ab86f4\"},\"gamConfig\":{\"adUnit\":\"/181874094/flashalerts.flashlight.calls.messages_inapp_final_test\"}}",
"flash_alert_maps_api_key": "AIzaSyBG8RFi7rNfLJZ3zI23ENzAy3gaLaP0SYQ",
"gamez_op_url": "{ \"isActive\": true, \"url\": \"https://8945.play.gamezop.com/\" }",
"google_placesapi_enable": "true",
"in_app_ads_config": "{\"Type\":\"1\",\"AdTypePrio\":\"1\", \"AdProviderPriority\":\"1\", \"rendererType\":1,\"MopubNativeAdUintID\":\"11a17b188668469fb0412708c3d16813\",\"MopubBannerAdUintID\":\"b195f8dd8ded45fe847ad89ed1d016da\",\"GoogleMediationNativeAdUintID\":\"\",\"AppLovinAdUnitID\":\"\"}",
"in_app_appopen_ads": "",
"in_app_rating_controller": "false",
"inapp_update": "",
"interstitials_on_startup_enabled": "false",
"legal_urls": "{\"pp\":\"https://legal.appvestor.com/privacy-policy/\",\"eula\":\"https://legal.appvestor.com/end-user-license-agreement/\"}",
"m2_enable_data": "false",
"m2_enable_sdk": "false",
"maps_api_key": "AIzaSyBG8RFi7rNfLJZ3zI23ENzAy3gaLaP0SYQ",
"only_use_main_process": "false",
"ookla_conditions": "",
"ookla_enable": "false",
"optin_overlay_forced": "0",
"optin_variation": "A",
"os_conditions": "eula",
"os_enable": "true",
"os_terms_id": "11",
"outlogic_conditions": "",
"outlogic_enable": "true",
"overlay_reoptin_variation": "1",
"places_api_mode": "2",
"qonversion_enabled": "true",
"recording_flow": "baseline",
"reoptin_days": "0,1,3",
"reoptin_experiment": "",
"reoptin_hours_interval": "9-11",
"screen_recording": "false",
"sr_ads_sdk_test": "{\"splashLoadTime\":7000,\"splashShowTime\":2000,\"preloadAmount\":1,\"failThreshhold\":2,\"initialBackfillDelay\":4000,\"backfillDelay\":1000,\"applovinNativeAdUnit\":\"fa34cfeab45d502d\",\"aoaAdUnit\":\"ca-app-pub-7756523234329066/7863686060\",\"adMobSplashBannerAdUnit\":\"ca-app-pub-7756523234329066/7907918093\",\"applovinSdkKey\":\"v9NXTSNp02Na7oJxSSPXhei9s36dqobC_MC6Z514hnxhh9ZHvvnThDsFt2S2FNBzzPqKER8xCqMJyoGUf4PONJ\",\"interAplAdUnit\":\"83d261c0965e8f44\",\"interGamAdUnit\":\"/181874094/screen.recorder.capture.video.record_interstitial_final\",\"interPreloading\":false,\"startMuted\":true}",
"test_test": "bums",
"us_legislation": "[{\"state\":\"California\",\"privacy_act\":\"California Consumer Privacy Act\",\"privacy_act_short\":\"CCPA\",\"meta_state_code\":1000},{\"state\":\"Colorado\",\"privacy_act\":\"Colorado Privacy Act\",\"privacy_act_short\":\"CPA\",\"meta_state_code\":1001},{\"state\":\"Connecticut\",\"privacy_act\":\"Connecticut Data Privacy Act\",\"privacy_act_short\":\"CTDPA\",\"meta_state_code\":1002},{\"state\":\"Virginia\",\"privacy_act\":\"Virginia Consumer Data Protection Act\",\"privacy_act_short\":\"VCDPA\"},{\"state\":\"Utah\",\"privacy_act\":\"Utah Consumer Privacy Act\",\"privacy_act_short\":\"UCPA\"},{\"state\":\"Texas\",\"privacy_act\":\"Texas Personal Privacy and Security Act\",\"privacy_act_short\":\"TDPSA\",\"meta_state_code\":1005},{\"state\":\"Oregon\",\"privacy_act\":\"Oregon Consumer Privacy Act\",\"privacy_act_short\":\"OCPA\",\"meta_state_code\":1004},{\"state\":\"Montana\",\"privacy_act\":\"Montana Consumer Data Privacy Act\",\"privacy_act_short\":\"MCPA\",\"meta_state_code\":1006},{\"state\":\"Iowa\",\"privacy_act\":\"Iowa Data Privacy Law\",\"privacy_act_short\":\"IDP\"},{\"state\":\"Delaware\",\"privacy_act\":\"Delaware Personal Data Privacy Act\",\"privacy_act_short\":\"DPDA\",\"meta_state_code\":1007},{\"state\":\"Nebraska\",\"privacy_act\":\"Nebraska Data Privacy Act\",\"privacy_act_short\":\"NDPA\",\"meta_state_code\":1008},{\"state\":\"New Hampshire\",\"privacy_act\":\"New Hampshire Privacy Act\",\"privacy_act_short\":\"NHPA\",\"meta_state_code\":1009},{\"state\":\"New Jersey\",\"privacy_act\":\"New Jersey Data Privacy Law\",\"privacy_act_short\":\"NJDPL\",\"meta_state_code\":1010}]",
"xmode_enabled": "false",
"ztn_ads_module_config": "{\"preloadAmount\":1,\"backFillDelay\":{\"backFillDelay\":1000,\"initialBackFillDelay\":4000},\"applovinNativeConfig\":{\"adUnit\":\"ae483601fad6236a\"},\"gamConfig\":{\"adUnit\":\"/181874094/com.ztnstudio.notepad_inapp_final_AMP\"}}",
"ztn_map_key": "AIzaSyBG8RFi7rNfLJZ3zI23ENzAy3gaLaP0SYQ"
},
"state": "UPDATE",
"templateVersion": "2183"
}
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "com.calldorado.AppId" : "@string/caldorado_app_id" 凭证信息=> "com.google.android.geo.API_KEY" : "AIzaSyBG8RFi7rNfLJZ3zI23ENzAy3gaLaP0SYQ" AppLovin广告SDK的=> "applovin.sdk.key" : "v9NXTSNp02Na7oJxSSPXhei9s36dqobC_MC6Z514hnxhh9ZHvvnThDsFt2S2FNBzzPqKER8xCqMJyoGUf4PONJ" AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "ca-app-pub-7756523234329066~1462438139" 凭证信息=> "com.cuebiq.sdk.AppKey" : "@string/cuebiq_app_key" "caldorado_app_id" : "b0-b7fdf55e-b673-41db-b0a1-009c3b679014" "com.google.firebase.crashlytics.mapping_file_id" : "c8173430803c4b10bc4f6e6b56fa132b" "cuebiq_app_key" : "aCALdora" "db_key" : "9FUiOzJkIkTKmJS" "facebook_app_id" : "1971693299773637" "firebase_database_url" : "https://android-apps-696ef.firebaseio.com" "google_api_key" : "AIzaSyAkg_ZF1SI4Viq_A8RHNPj92ygs3afNM-k" "google_app_id" : "1:825649563188:android:90148fd8ca83274e" "google_crash_reporting_api_key" : "AIzaSyAkg_ZF1SI4Viq_A8RHNPj92ygs3afNM-k" "library_android_database_sqlcipher_authorWebsite" : "https://www.zetetic.net/sqlcipher/" HSrCHRtOan6wp2kwOIGJC1RDtuSrF2mWVbio2aBcMHX9KF3iTJ1lLSzCKP1ZSo5yNolPNw1kCTtWpxELFF4ah1 AIzaSyBG8RFi7rNfLJZ3zI23ENzAy3gaLaP0SYQ nIB/dEvb2QqM0husAtG+r9wP33S7bkm7C9VHSlZATLeBHltwVbkn7Rua6HBTOZnyS nY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURDbGllbnRDQUcyLmNydDANBgkqhkiG nggIFMB8GA1UdIwQYMBaAFKViIFDcu1tXl60jjzXiVGypfvlOMB0GA1UdDgQWBBQN b593276e08897d23b5a8b8c2d971b38c 4oYMlRu4LWSquHXs71RIO5QxcN5uDIYYVWbHSa5P2VEp0ocs9p 085cb427f64419be38c7dc8b999b7114 MIIFiDCCBHCgAwIBAgIQDdAIBk1BHPDNyMujLrtR2DANBgkqhkiG9w0BAQsFADBq cfe61eb49c7eba5cd65aeb7f15305c8a nCQYDVQQGEwJDQTEZMBcGA1UECBMQQnJpdGlzaCBDb2x1bWJpYTERMA8GA1UEBxMI nc3AuZGlnaWNlcnQuY29tMEcGCCsGAQUFBzAChjtodHRwOi8vY2FjZXJ0cy5kaWdp bd7aa0aa11665b626569225f5f900c70 nFrL5Jswk27N4hVahCNguOpRF9O+bJtO1ratuWV8rklsyw/exc1uGrWvSP6nyE83X nBEkRoR27jWIlfE9aoa9zYJQF2kIo3Pnd4SL5/Q== 5a45b86b63a76753c4aacda0c5b8d293 121880edefb5db84de9aa5255a2c47a9 nZXJ0LmNvbS9DUFMwgYsGA1UdHwSBgzCBgDA+oDygOoY4aHR0cDovL2NybDMuZGln naWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEQ2xpZW50Q0FHMi5jcmwwPqA8oDqG nCiv3imByibTJBvTX7tzQvcPNsxO4ozd4VD0WNp1lvxZxwggnyBVJ7RAW8i2xgpA0 nqBVqVJnfO97atBihYKn1X6jTMDAMBgNVHRMBAf8EAjAAMDQGA1UdEQQtMCuBKXR1 nOjA4BgpghkgBhv1sBAECMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2lj 21dfa19af35c6bdbbbd1ec72e0707447 n9w0BAQsFAAOCAQEAJxX4xZg8wR5YBcPbAVY0PTbof0UskTOwIr4ccB5mPTRYVK7E a5a6e30563df86d21d4fcca4cbe21d00 ba8521283ce82e974e4c16a057c846d7 njhy7Yai2oFPrrBaBTf4x1Edud4eZFWMSPn/aECW6i8oyfCtGNnvf7Tw4QhTCkFnJ nVQQLEwNPcHMxGzAZBgNVBAMTElR1dGVsYSBTaWduaW5nMjAyMjCCASIwDQYJKoZI f68b5ab19f0241345d18966da288f56f 2c8ef9feacad595728b0cc5aaf8fcae8 nhvcNAQEBBQADggEPADCCAQoCggEBALe9GnuB3BNMGAbc2Ue9BhDTErtCn8NRBfzy Y29tLnR1dGVsYXRlY2hub2xvZ2llcy5zZGsuZnJhbWV3b3JrLlR1dGVsYVNES1N0YW5kYXJk j70UUkwW+JEfWjpZJRWun8WQxLBoXVAR67p+D5zddDDJnK7qE0RlUbiJ079tWcKEqN39xeKw9Zmq+k8svN97Og== ndGVsYStzaWduaW5nMjAyMkB0dXRlbGF0ZWNobm9sb2dpZXMuY29tMA4GA1UdDwEB ef1fef927dcae695e66f6da9881c3d7d ndENBRzIuY3JsMH0GCCsGAQUFBwEBBHEwbzAkBggrBgEFBQcwAYYYaHR0cDovL29j naWVudCBDQSBHMjAeFw0yMjA2MDkwMDAwMDBaFw0yNTA2MDkyMzU5NTlaMIGIMQsw 687975afd9fd4dc3d74d17d17c540593 nDzXLEs0grbb6VkIp9+Fq4AxWJaFgSjJi7frU7pglqqovAWsefvlFCTV8TrcVD5MG nOGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRENsaWVu nd3cuZGlnaWNlcnQuY29tMSkwJwYDVQQDEyBEaWdpQ2VydCBBc3N1cmVkIElEIENs b3a463b6a81f1a2d8c37d8e1176ef23f702b3083bd6a245983a69cfb03984ad7 bf355c42da305ec6f6cbb58c532ff4b7 nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 a9-1456f4fe-8de1-4e23-9316-32eee11a1c3f a6f32595e8dc686f68dd94b670e24220 nVmljdG9yaWExIDAeBgNVBAoTF1R1dGVsYSBUZWNobm9sb2dpZXMgTHRkMQwwCgYD
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/aigestudio/wheelpicker/WheelPicker.java, line(s) 517,522,531,651 com/applovin/exoplayer2/l/q.java, line(s) 35,53,41,47 com/applovin/impl/sdk/a/f.java, line(s) 58,64,70 com/applovin/impl/sdk/x.java, line(s) 17,57,94,72,90,21,98,30,121 com/appvestor/adssdk/ads/manager/AdManager.java, line(s) 493 com/appvestor/adssdk/ads/model/logs/adfailed/AdFailedLoadLog.java, line(s) 42,80,39,80 com/appvestor/adssdk/ads/model/logs/adfailed/providers/ApplovinAdFailedLog.java, line(s) 21 com/appvestor/adssdk/ads/model/logs/adfailed/providers/GamAdFailedLog.java, line(s) 21 com/appvestor/adssdk/ads/model/logs/adshown/ApplovinAdLog.java, line(s) 33,80,42,80 com/appvestor/adssdk/ads/model/logs/adshown/GamAdLog.java, line(s) 45,96 com/calldorado/c1o/sdk/framework/AnaSDKService.java, line(s) 25,115,160,203,274,265 com/calldorado/c1o/sdk/framework/SDKStandard.java, line(s) 195,749,605,739,757,224 com/calldorado/c1o/sdk/framework/TUbTU.java, line(s) 293 com/calldorado/c1o/sdk/framework/TUdd.java, line(s) 173,441 com/calldorado/c1o/sdk/framework/TUt4.java, line(s) 119,124,131,135,151,161 com/calldorado/c1o/sdk/framework/cTUc.java, line(s) 88 com/calldorado/inappupdate/InAppUpdateActivity.java, line(s) 149,176 com/calldorado/inappupdate/InAppUpdateConfig.java, line(s) 49 com/calldorado/inappupdate/InAppUpdateLogHelper.java, line(s) 28 com/calldorado/inappupdate/InAppUpdateManager.java, line(s) 100,108,118,127,165,172,178,184,203,215,216,226,227,267,280,285 com/calldorado/inappupdate/UpgradeReceiver.java, line(s) 17 com/calldorado/inappupdate/notification/NotificationManager.java, line(s) 81 com/calldorado/inappupdate/notification/NotificationWorker$doWork$2$job$1.java, line(s) 46 com/calldorado/inappupdate/notification/NotificationWorker.java, line(s) 37,56,58,62 com/calldorado/inappupdate/notification/WorkerScheduler.java, line(s) 62 com/calldorado/optin/AutoStartPermissionHelper.java, line(s) 131,141,145,183,194,214 com/calldorado/optin/CpraLimitDataActivity.java, line(s) 63 com/calldorado/optin/DoNotSellMyDataActivity.java, line(s) 94 com/calldorado/optin/OptinActivity.java, line(s) 47,54,60,95,154,164,176,187,192,199,211,244,246,251,255,279,295,299,339,349,352,360,379,383,389,405,146 com/calldorado/optin/OptinApi.java, line(s) 115,157 com/calldorado/optin/OptinDialogActivity.java, line(s) 19,30,49,68 com/calldorado/optin/OptinNotificationBroadcast.java, line(s) 11 com/calldorado/optin/OverlayGuideActivity.java, line(s) 43 com/calldorado/optin/PreferencesManager.java, line(s) 48,59,85,89,102,115,160,165,246,545,643,109 com/calldorado/optin/ReoptinNotificationReceiver.java, line(s) 13 com/calldorado/optin/ThirdPartyConsentDialog.java, line(s) 75,77 com/calldorado/optin/Utils.java, line(s) 88,107,109,317,336,338,341,368,297 com/calldorado/optin/lists/ThirdPartyList.java, line(s) 23,98 com/calldorado/optin/model/GlobalParcelable.java, line(s) 139,142,192,21,114,169,189 com/calldorado/optin/pages/BasePage.java, line(s) 117,151,177,194,90 com/calldorado/optin/pages/ChinesePage.java, line(s) 106 com/calldorado/optin/pages/ChinesePageHelper.java, line(s) 17 com/calldorado/optin/pages/InfoPhonePage.java, line(s) 60 com/calldorado/optin/pages/LocationPage.java, line(s) 54,102,126,186,188,226,233,246,267,277 com/calldorado/optin/pages/LocationPageHelper.java, line(s) 24,29 com/calldorado/optin/pages/NotificationPage.java, line(s) 75,131 com/calldorado/optin/pages/NotificationPageHelper.java, line(s) 21 com/calldorado/optin/pages/OverlayPage.java, line(s) 36,49,61,67,148,178,242,245,264,270 com/calldorado/optin/pages/WelcomePage.java, line(s) 84,121,122,123,132,138,143,150,204,321,328,361,412,569,587,590,597,603,610,630,635,642,659,664,671,687,697,722,727 com/calldorado/optin/pages/WelcomePageHelper.java, line(s) 63,76 com/calldorado/optin/progressbar/StateProgressBar.java, line(s) 235,848,856,859 com/calldorado/optin/progressbar/utils/FontManager.java, line(s) 35 com/calldorado/optin/receivers/OptinUpgradeReceiver.java, line(s) 15,18 com/calldorado/receivers/cdfQWCBReceiver.java, line(s) 35 com/calldorado/stats/AsyncStatsCommunicationWorker.java, line(s) 56 com/calldorado/ui/shared_wic_aftercall/viewpager/CalldoradoFeatureView.java, line(s) 54 com/calldorado/ui/shared_wic_aftercall/viewpager/pages/cards_page/Fcb.java, line(s) 55 com/calldorado/ui/wic/TimePickerLayout.java, line(s) 33,35,38 com/calldorado/util/LegislationUtil.java, line(s) 39 com/cellrebel/sdk/networking/a.java, line(s) 103 com/cellrebel/sdk/ping/a.java, line(s) 84 com/cellrebel/sdk/utils/ForegroundObserver.java, line(s) 114,118,154,161,166,170,174 com/cellrebel/sdk/utils/b.java, line(s) 13,17 com/cellrebel/sdk/utils/d.java, line(s) 97,193,231,238 com/cellrebel/sdk/workers/ForegroundWorker.java, line(s) 28,55,67,90 com/cellrebel/sdk/workers/MetaWorker.java, line(s) 22 com/cellrebel/sdk/workers/TrackingManager.java, line(s) 112,207,210,216,219,228,238,263,279,313,319,326,349,352,375,412,426,465,471,501,514,519 com/cellrebel/sdk/youtube/player/e.java, line(s) 222 com/cuebiq/cuebiqsdk/utils/logger/SDKLoggerKt.java, line(s) 59,98,72,85,121,134,147,160 com/iab/omid/library/applovin/publisher/b.java, line(s) 31,33 com/iab/omid/library/applovin/utils/d.java, line(s) 25,11,18 com/opensignal/sdk/framework/cTUc.java, line(s) 35 com/opensignal/w8.java, line(s) 127 com/qualityinfo/ConnectivityJobService.java, line(s) 79,86 com/qualityinfo/ConnectivityService.java, line(s) 77,116 com/qualityinfo/InsightCore.java, line(s) 846,976,984,996 com/qualityinfo/InsightJobService.java, line(s) 51 com/qualityinfo/InsightService.java, line(s) 46,66 com/qualityinfo/InsightStarter.java, line(s) 25 com/qualityinfo/internal/BT.java, line(s) 678,139,654 com/qualityinfo/internal/CT.java, line(s) 264 com/qualityinfo/internal/b.java, line(s) 78,91,97 com/qualityinfo/internal/b0.java, line(s) 28,66 com/qualityinfo/internal/c.java, line(s) 29,41,54 com/qualityinfo/internal/c2.java, line(s) 58,84,132,137,142,151,184,194,264,274,308 com/qualityinfo/internal/db.java, line(s) 59 com/qualityinfo/internal/e.java, line(s) 207,224,251,262,287 com/qualityinfo/internal/eg.java, line(s) 262,290 com/qualityinfo/internal/f.java, line(s) 31,34 com/qualityinfo/internal/ge.java, line(s) 292 com/qualityinfo/internal/gf.java, line(s) 14,36,76 com/qualityinfo/internal/h9.java, line(s) 124 com/qualityinfo/internal/i5.java, line(s) 257,381,233,253,287,375 com/qualityinfo/internal/i9.java, line(s) 23,33,50,68,81,92 com/qualityinfo/internal/j2.java, line(s) 565,136,341,380 com/qualityinfo/internal/k1.java, line(s) 79 com/qualityinfo/internal/m0.java, line(s) 225 com/qualityinfo/internal/m1.java, line(s) 90 com/qualityinfo/internal/mg.java, line(s) 328 com/qualityinfo/internal/n.java, line(s) 294,301,535,555,129 com/qualityinfo/internal/n4.java, line(s) 74,87 com/qualityinfo/internal/ne.java, line(s) 112 com/qualityinfo/internal/p2.java, line(s) 98 com/qualityinfo/internal/pf.java, line(s) 273 com/qualityinfo/internal/qa.java, line(s) 26,42 com/qualityinfo/internal/r8.java, line(s) 159,1431,1438,1483,1619,144,1224,1237,1257,1626,1642,1689,2018,2049 com/qualityinfo/internal/sa.java, line(s) 20,32,53 com/qualityinfo/internal/sb.java, line(s) 329,358,386,416,448,476,506,581,606,636,655,665,933,992,1181,1225,1393,1431,1529,1556,1588,1631,1669,1705,1776 com/qualityinfo/internal/se.java, line(s) 142,153,179 com/qualityinfo/internal/t5.java, line(s) 20,41 com/qualityinfo/internal/ta.java, line(s) 29,37,48,70,75,83,90,102,111 com/qualityinfo/internal/uf.java, line(s) 541 com/qualityinfo/internal/v.java, line(s) 84,106,149,141 com/qualityinfo/internal/v6.java, line(s) 77 com/qualityinfo/internal/vd.java, line(s) 38 com/qualityinfo/internal/w.java, line(s) 75,92,124 com/qualityinfo/internal/w6.java, line(s) 108,133 com/qualityinfo/internal/wb.java, line(s) 149 com/qualityinfo/internal/x1.java, line(s) 62 com/qualityinfo/internal/y.java, line(s) 1313,1323,1333,1367,1467 com/qualityinfo/internal/y8.java, line(s) 205,105,193 com/qualityinfo/internal/yf.java, line(s) 508,731,744,765,773,786,794,840,848,925,956,1029,1009 com/qualityinfo/internal/zd.java, line(s) 44 com/umlaut/crowd/service/ConnectivityWorker.java, line(s) 100,64 com/uxcam/internals/gy.java, line(s) 398,408 com/uxcam/internals/ha.java, line(s) 15 com/uxcam/screenaction/layout/Util.java, line(s) 192 com/uxcam/screenaction/utils/Util.java, line(s) 193 info/myapp/allemailaccess/DisplayWebViewActivity.java, line(s) 166,167 info/myapp/allemailaccess/FirebaseEventBroadcastReceiver.java, line(s) 38 info/myapp/allemailaccess/UpgradeReceiver.java, line(s) 27,66,72,75 info/myapp/allemailaccess/aftercall/AftercallView.java, line(s) 44,119,120 info/myapp/allemailaccess/attachments/AttachmentsViewModel$special$$inlined$CoroutineExceptionHandler$1.java, line(s) 21 info/myapp/allemailaccess/calendar/alarmManager/EventsAlarmReceiverViewModel$special$$inlined$CoroutineExceptionHandler$1.java, line(s) 23 info/myapp/allemailaccess/calendar/ui/viewModel/CalendarDayEventViewModel$special$$inlined$CoroutineExceptionHandler$1.java, line(s) 20 info/myapp/allemailaccess/calendar/ui/viewModel/CalendarPagerViewModel$special$$inlined$CoroutineExceptionHandler$1.java, line(s) 20 info/myapp/allemailaccess/calendar/ui/viewModel/EditCalendarViewModel$special$$inlined$CoroutineExceptionHandler$1.java, line(s) 20 info/myapp/allemailaccess/calendar/ui/viewModel/EditCalendarViewModel.java, line(s) 179 info/myapp/allemailaccess/helper/CuebiqInitClass.java, line(s) 38,39,40,63,64,65 info/myapp/allemailaccess/helper/DAUAlarmManagerHelper.java, line(s) 42,46,53,59,64 info/myapp/allemailaccess/helper/DAUAlarmReceiver.java, line(s) 18 info/myapp/allemailaccess/helper/DeleteUserDataCommunicator.java, line(s) 15 info/myapp/allemailaccess/helper/ThirdParties$deleteOutlogicData$1.java, line(s) 133,137 info/myapp/allemailaccess/helper/ThirdParties$startOutlogicTracking$1.java, line(s) 62,65 info/myapp/allemailaccess/helper/ThirdParties$startOutlogicTracking$2.java, line(s) 40 info/myapp/allemailaccess/helper/ThirdParties.java, line(s) 53,55,62,73,76,97,118,120,128,135,137,143,145,149,151,157,159,162,165,171,173 info/myapp/allemailaccess/model/Utils.java, line(s) 45,30,33,38,41 info/myapp/allemailaccess/presentation/base/cmp/CMPManager$presentConsent$1.java, line(s) 113,124 info/myapp/allemailaccess/presentation/base/cmp/CMPManager.java, line(s) 217,224,233,244,253,260 info/myapp/allemailaccess/presentation/home/ui/HomeFragment.java, line(s) 190,198 info/myapp/allemailaccess/presentation/main/ui/MainActivity.java, line(s) 354 info/myapp/allemailaccess/reminder/data/remote/GeofenceManagerImpl.java, line(s) 35,68 info/myapp/allemailaccess/reminder/screens/ReminderViewModel$special$$inlined$CoroutineExceptionHandler$1.java, line(s) 25 info/myapp/allemailaccess/reminder/screens/add_reminder/AddReminderViewModel$special$$inlined$CoroutineExceptionHandler$1.java, line(s) 22 info/myapp/allemailaccess/reminder/screens/geofence/GeofenceBroadcastReceiver$showNotification$1.java, line(s) 53,71,83,87 info/myapp/allemailaccess/reminder/screens/geofence/GeofenceBroadcastReceiver.java, line(s) 81,124,117,126 info/myapp/allemailaccess/reminder/screens/select_email/SelectEmailViewModel$special$$inlined$CoroutineExceptionHandler$1.java, line(s) 25 info/myapp/allemailaccess/templates/ui/TemplateViewModel$special$$inlined$CoroutineExceptionHandler$1.java, line(s) 22 info/myapp/allemailaccess/utilities/AudienceNetworkInitializeHelper.java, line(s) 33 net/sqlcipher/AbstractCursor.java, line(s) 139 net/sqlcipher/BulkCursorToCursorAdaptor.java, line(s) 44,62,102,113,157,184,209,36,78,195 net/sqlcipher/DatabaseUtils.java, line(s) 117,155,596,607 net/sqlcipher/DefaultDatabaseErrorHandler.java, line(s) 14,24,26,30,18 net/sqlcipher/database/SQLiteCompiledSql.java, line(s) 50,61,71,79 net/sqlcipher/database/SQLiteContentHelper.java, line(s) 25 net/sqlcipher/database/SQLiteDatabase.java, line(s) 181,1086,1097,1463,1471 net/sqlcipher/database/SQLiteDebug.java, line(s) 8,9,10,11,12,13 net/sqlcipher/database/SQLiteOpenHelper.java, line(s) 124,143 net/sqlcipher/database/SQLiteProgram.java, line(s) 45,51 net/sqlcipher/database/SQLiteQuery.java, line(s) 115 net/sqlcipher/database/SQLiteQueryBuilder.java, line(s) 223,222 net/sqlcipher/database/SqliteWrapper.java, line(s) 29,39,53,63,73 org/koin/android/logger/AndroidLogger.java, line(s) 42,52,54,46,50
安全提示信息 此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密
此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密 Files: net/sqlcipher/database/SupportHelper.java, line(s) 12,1
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/calldorado/optin/OverlayGuideActivity.java, line(s) 4,32 com/calldorado/ui/settings/SettingsActivity.java, line(s) 7,2006 info/myapp/allemailaccess/aftercall/AftercallView.java, line(s) 4,92 info/myapp/allemailaccess/reminder/screens/add_reminder/AddReminderFragment.java, line(s) 6,259 info/myapp/allemailaccess/templates/ui/NewTemplateActivity.java, line(s) 4,122
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://android-apps-696ef.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/calldorado/c1o/sdk/framework/TUjTU.java, line(s) 131,131,131,131,131,131 com/cellrebel/sdk/utils/h.java, line(s) 256 com/opensignal/q9.java, line(s) 269,269,269,269,269,269 com/qualityinfo/internal/j2.java, line(s) 676,676,676,676,676,676
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/calldorado/c1o/sdk/framework/kTUk.java, line(s) 83,81,83,79,80,80 com/cellrebel/sdk/networking/a.java, line(s) 100,118 com/cellrebel/sdk/networking/c.java, line(s) 13,12,11,11 com/opensignal/ic.java, line(s) 88,86,88,84,85,85
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (exoplayer.dev) 通信。
{'ip': '221.228.32.13', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '无锡', 'latitude': '31.569349', 'longitude': '120.288788'}
综合安全基线评分总结
All Email Access v2.0.1298
Android APK
47
综合安全评分
中风险