安全分析报告:
安全分数
安全分数 38/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
5
用户/设备跟踪器
调研结果
高危
9
中危
22
信息
1
安全
1
关注
7
高危 Activity (com.jb.gokeyboard.theme.template.MainActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.jb.gokeyboard.theme.template.MainActivity) 容易受到 Android Task Hijacking/StrandHogg 的攻击。
活动不应将启动模式属性设置为“singleTask”。 然后,其他应用程序可以将恶意活动放置在活动栈顶部,从而导致任务劫持/StrandHogg 1.0 漏洞。 这使应用程序成为网络钓鱼攻击的易受攻击目标。 可以通过将启动模式属性设置为“singleInstance”或设置空 taskAffinity (taskAffinity="") 属性来修复此漏洞。 您还可以将应用的目标 SDK 版本 (23) 更新到 28 或更高版本以在平台级别修复此问题。
高危 Activity (com.jb.gokeyboard.theme.template.crashreport.CrashReportDialog) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 使用弱加密算法
使用弱加密算法 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/cs/bd/gdpr/core/util/b.java, line(s) 30 com/jb/ga0/commerce/util/encrypt/DesUtil.java, line(s) 31,47 com/jb/ga0/commerce/util/io/StringUtils.java, line(s) 234
高危 该文件是World Readable。任何应用程序都可以读取文件
该文件是World Readable。任何应用程序都可以读取文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/gau/go/gostaticsdk/utiltool/UtilTool.java, line(s) 166,176,214,221,200 com/jb/gokeyboard/theme/template/util/e.java, line(s) 37,62,82,99,113,121,130,144,152,161,175,183,191,205,213,249,262,270,279,292
高危 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: com/mopub/network/CustomSSLSocketFactory.java, line(s) 14,15,16,17,3
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/mopub/mobileads/BaseWebView.java, line(s) 66,8 com/mopub/mobileads/MraidActivity.java, line(s) 73,9 com/mopub/mraid/MraidBridge.java, line(s) 186,15,16
高危 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
com/jb/ga0/commerce/util/encrypt/AESCrypt.java, line(s) 35,42
高危 应用程序包含隐私跟踪程序
此应用程序有多个5隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Activity (com.jb.gokeyboard.theme.template.MainActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.jb.gokeyboard.theme.template.crashreport.CrashReportDialog) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.jb.gokeyboard.theme.template.wallpaper.LiveWallpaperService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_WALLPAPER [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (com.jb.gokeyboard.theme.template.alarm.GoKeyboardInstallCheckService) 未被保护。
存在一个intent-filter。 发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。
中危 Service (com.jb.gokeyboard.theme.template.crashreport.CrashSendService) 未被保护。
存在一个intent-filter。 发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。
中危 Broadcast Receiver (com.jb.gokeyboard.theme.template.google.analytic.ReferrerInfoReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.jb.gokeyboard.theme.template.alarm.CheckInstallGoKeyboardReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.jb.gokeyboard.theme.template.statistics.AlarmStatisticReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.jb.gokeyboard.theme.template.crashreport.CrashSendBroadCastReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.jb.gokeyboard.theme.template.httpwecloud.controller.WecloudTimingReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.jb.gokeyboard.theme.template.guideoptimize.GuideOptimizeReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.jiubang.commerce.receiver.BootBroadcastReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.jiubang.commerce.receiver.AppBroadcastReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/gau/go/gostaticsdk/encrypt/CryptTool.java, line(s) 71 com/jb/ga0/commerce/util/encrypt/CryptTool.java, line(s) 47 com/jb/ga0/commerce/util/encrypt/MD5.java, line(s) 251 com/jb/gokeyboard/theme/template/util/MD5.java, line(s) 15 com/nostra13/universalimageloader/a/a/b/c.java, line(s) 15 me/xiaopan/sketch/util/e.java, line(s) 13
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/gau/go/gostaticsdk/beans/PostBean.java, line(s) 40 com/gau/go/gostaticsdk/connect/BasicConnHandle.java, line(s) 15 com/gau/go/gostaticsdk/database/DataBaseHelper.java, line(s) 69 com/gau/go/gostaticsdk/scheduler/GetCtrlInfoTask.java, line(s) 31 com/gau/go/gostaticsdk/scheduler/StaticPostTask.java, line(s) 6 com/jb/ga0/commerce/util/DevHelper.java, line(s) 20 com/jb/ga0/commerce/util/http/GoHttpPostHandlerForNet.java, line(s) 21 com/jb/ga0/commerce/util/io/DataBaseHelper.java, line(s) 24 com/jb/ga0/commerce/util/io/MultiprocessSharedPreferences.java, line(s) 41 com/jb/ga0/commerce/util/retrofit/Interceptor/RepeatRequestCtrl.java, line(s) 10 com/jb/ga0/commerce/util/retrofit/Interceptor/RetryAfterNetOkCtrl.java, line(s) 14 com/jb/gokeyboard/theme/template/crashreport/a.java, line(s) 37 com/jb/gokeyboard/theme/template/gostore/data/c.java, line(s) 173,107,114 com/jb/gokeyboard/theme/template/gostore/data/e.java, line(s) 32 com/jb/gokeyboard/theme/template/httpwecloud/bean/a/b.java, line(s) 38 com/jiubang/commerce/ad/http/AdHttpPostHandlerForNet.java, line(s) 26 com/jiubang/commerce/ad/http/AdSdkRequestHeader.java, line(s) 39,42 com/jiubang/commerce/ad/http/decrypt/Des.java, line(s) 54,62,70,78,86 com/jiubang/commerce/ad/intelligent/api/NativePreHelper.java, line(s) 12 com/jiubang/commerce/ad/notification/ActivationGuideNotification.java, line(s) 26 com/jiubang/commerce/ad/url/ReferrerUtil.java, line(s) 17 com/jiubang/commerce/database/DataBaseHelper.java, line(s) 35 com/jiubang/commerce/database/table/AdConfigInfoTable.java, line(s) 13 com/jiubang/commerce/mopub/amazon/AmazonBannerStrategy.java, line(s) 23 com/jiubang/commerce/mopub/database/AdDataBaseHelper.java, line(s) 29 com/jiubang/commerce/mopub/mopubstate/GomoMopubView.java, line(s) 163,164 com/jiubang/commerce/mopub/utils/SimpleAB.java, line(s) 13 com/jiubang/commerce/product/Product.java, line(s) 12,13,16,17 com/jiubang/commerce/statistics/AbsBaseStatistic.java, line(s) 18,26 com/jiubang/commerce/statistics/adinfo/AppInstallMonitorTable.java, line(s) 12 com/mopub/common/AdUrlGenerator.java, line(s) 11,12,13,10,14,20,17,18,19,21,22,15,25,23,16,24,27,26 com/mopub/common/BaseUrlGenerator.java, line(s) 10,11 com/mopub/common/Constants.java, line(s) 20,21 com/mopub/common/DataKeys.java, line(s) 11,13,12,6,21,14,16,17,5,25,27,26,28,29,33,34,35 com/mopub/common/GpsHelper.java, line(s) 12,14 com/mopub/common/MoPubBrowser.java, line(s) 24 com/mopub/mobileads/BaseVideoPlayerActivity.java, line(s) 15
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/gau/go/gostaticsdk/utiltool/Machine.java, line(s) 149,154,159,230,231 com/gau/go/gostaticsdk/utiltool/UtilTool.java, line(s) 40 com/jb/ga0/commerce/util/DevHelper.java, line(s) 28 com/jb/ga0/commerce/util/LogUtils.java, line(s) 45 com/jb/ga0/commerce/util/Machine.java, line(s) 419,424,431 com/jb/ga0/commerce/util/imagemanager/AsyncImageManager.java, line(s) 14 com/jb/ga0/commerce/util/io/FileUtil.java, line(s) 287 com/jb/gokeyboard/theme/template/ThemeApplication.java, line(s) 219 com/jb/gokeyboard/theme/template/crashreport/b.java, line(s) 44 com/jb/gokeyboard/theme/template/httpwecloud/a/a.java, line(s) 326 com/jb/gokeyboard/theme/template/util/i.java, line(s) 219,233 com/jb/gokeyboard/theme/template/util/j.java, line(s) 35 com/jb/gokeyboard/theme/template/util/p.java, line(s) 23 com/jiubang/commerce/ad/AdSdkContants.java, line(s) 55,58 com/jiubang/commerce/ad/avoid/ref/AvoidManager.java, line(s) 159 com/jiubang/commerce/fbreplace/FbReplaceManager.java, line(s) 70 com/jiubang/commerce/utils/FileCacheUtils.java, line(s) 212 com/jiubang/commerce/utils/SDCardUtils.java, line(s) 7 com/mopub/mraid/MraidNativeCommandHandler.java, line(s) 109,426 com/nostra13/universalimageloader/b/e.java, line(s) 17,42 me/xiaopan/sketch/f.java, line(s) 25 me/xiaopan/sketch/util/f.java, line(s) 215,239,240,286,287
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/gau/go/gostaticsdk/StatisticsManager.java, line(s) 41 com/gau/go/gostaticsdk/encrypt/XORCrypt.java, line(s) 3 com/gau/go/gostaticsdk/scheduler/GetCtrlInfoTask.java, line(s) 14 com/jb/ga0/commerce/util/encrypt/XORCrypt.java, line(s) 3 com/jb/ga0/commerce/util/io/FileUtil.java, line(s) 20 com/jb/gokeyboard/theme/template/advertising/adSdk/d/e.java, line(s) 23 com/jb/gokeyboard/theme/template/gostore/data/c.java, line(s) 20 com/jb/gokeyboard/theme/template/gostore/data/l.java, line(s) 3 com/jb/gokeyboard/theme/template/guideoptimize/b.java, line(s) 17 com/jb/gokeyboard/theme/template/httpwecloud/controller/b.java, line(s) 19 com/jb/gokeyboard/theme/template/util/b.java, line(s) 34 com/jiubang/commerce/ad/sdk/AdLoaderUtil.java, line(s) 12 com/jiubang/commerce/mopub/autofresh/random/RandomLong.java, line(s) 3 com/jiubang/commerce/mopub/utils/SimpleAB.java, line(s) 10 com/mopub/common/event/EventSampler.java, line(s) 7
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/gau/go/gostaticsdk/database/DataBaseHelper.java, line(s) 7,8,9,97 com/jb/ga0/commerce/util/io/DataBaseHelper.java, line(s) 7,8,9,10,237 com/jiubang/commerce/database/DataBaseHelper.java, line(s) 7,8,9,97 com/jiubang/commerce/mopub/database/AdDataBaseHelper.java, line(s) 7,8,9,89
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/jb/ga0/commerce/util/encrypt/AESCrypt.java, line(s) 24,26 com/mopub/common/util/Utils.java, line(s) 13
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/jiubang/commerce/ad/ironscr/IronScrAd.java, line(s) 185,163
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "KEY_DEFAULT_KeySoundType" : "Default,com.jb.gokeyboard" "money_key" : "$" "substitute_voice_key_symbol" : "," HPJOVTREZ28LWF51WWA1YI6KUDY7C1SF 8ef191c6-26d6-4f80-8ef3-a3da9a80d2d8 4B20B6EA9127924DFE83 dEM4SDNGX0tvaDVxSjk0NVM5ZTl4Y3c6MQ NaubrwWEGiJEQqRxx7aXntbGOf4YiRmW0WY9043rcqRhJreE4sReMC1OFRaeI7TXWBJUiJQGpwA1UdSsR65vvNieo70IUqvUnj1mn1mLUTKEMqeM9l5g90WJJo4gBN3n a4485d83f0bd47b388c88ca4e4a65717 28J3ZCJLXTW06HJYEPOEKOSVVQADNNML YO0FINC2I0JSPDMB2KWMLZRJ94BHT6IA 0ee68f61b259414bbf6976dfee7c212a 4981cfd89a6740fbb2d7a20a057a99a7 aHR0cDovL2FkdnByb3RlY3QuM2cubmV0LmNuCg== 5ab6a4ae-4aa5-43f4-9da4-e30755f2b295
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/cs/bd/gdpr/core/util/e.java, line(s) 27,33,51,39 com/gau/go/gostaticsdk/encrypt/Base64.java, line(s) 31,32 com/gau/go/gostaticsdk/utiltool/DrawUtils.java, line(s) 42 com/gau/go/gostaticsdk/utiltool/UtilTool.java, line(s) 47,57 com/gau/utils/net/HttpConnectScheduler.java, line(s) 190,191,203,214,215,230,236,238 com/gau/utils/net/connector/HttpConnector.java, line(s) 129,224,235,69,73,77,82,86,91,53,63,94,145,146,223,232,263 com/gau/utils/net/connector/HttpConnectorAlive.java, line(s) 488,300,304,308,313,317,322,206,294,325,411,412,516 com/jb/ga0/commerce/util/LogUtils.java, line(s) 58,133,201,101,107,147,64,70,77,126,113,119,83,89,95,140 com/jb/ga0/commerce/util/PassTimeLogger.java, line(s) 34 com/jb/ga0/commerce/util/encrypt/Base64.java, line(s) 43,44 com/jb/ga0/commerce/util/retrofit/Interceptor/LogInterceptor.java, line(s) 54 com/jb/ga0/commerce/util/retrofit/Interceptor/RepeatRequestCtrl.java, line(s) 30 com/jb/ga0/commerce/util/retrofit/Interceptor/RetryAfterNetOkCtrl.java, line(s) 46 com/jb/ga0/commerce/util/retrofit/RetrofitProxy.java, line(s) 43 com/jb/ga0/commerce/util/retrofit/test/Test.java, line(s) 88,89,91,111,112,114,134,135,137,159,160,161,182,183,184,202,203,204,99,101,122,124,145,147,166,168,189,191,209,211 com/jb/ga0/commerce/util/thread/ThreadPoolManager.java, line(s) 170 com/jb/ga0/commerce/util/topApp/ProcessHelperUtil.java, line(s) 77 com/jb/ga0/commerce/util/topApp/TopHelper.java, line(s) 210,265,318,131 com/jb/gokeyboard/theme/template/c/a.java, line(s) 76,91,120,131 com/jb/gokeyboard/theme/template/c/b.java, line(s) 66,77 com/jb/gokeyboard/theme/template/crashreport/b.java, line(s) 69,165,180,188,190,192,286 com/jb/gokeyboard/theme/template/crashreport/c.java, line(s) 81,83,85 com/jb/gokeyboard/theme/template/d/a/a.java, line(s) 21 com/jb/gokeyboard/theme/template/google/analytic/ReferrerInfoReceiver.java, line(s) 38,17,28,30,34,50 com/jb/gokeyboard/theme/template/util/c.java, line(s) 11,20,23 com/jb/gokeyboard/theme/template/view/shimmer/a.java, line(s) 49 com/jiubang/commerce/MAdHelper.java, line(s) 48,54 com/jiubang/commerce/ad/AdSdkContants.java, line(s) 60,64 com/jiubang/commerce/ad/http/bean/ParamsBean.java, line(s) 59,61,67,69 com/jiubang/commerce/ad/ironscr/IronScrAd.java, line(s) 72 com/jiubang/commerce/database/DataBaseHelper.java, line(s) 117 com/jiubang/commerce/fbreplace/AdReplaceContext.java, line(s) 197 com/jiubang/commerce/fbreplace/PackageManagerProxy.java, line(s) 127,238 com/jiubang/commerce/mopub/amazon/AmazonBannerStrategy.java, line(s) 55 com/jiubang/commerce/mopub/utils/SimpleAB.java, line(s) 148 com/jiubang/commerce/statistics/AppOpenActivateUtil.java, line(s) 226 com/jiubang/commerce/utils/LogUtils.java, line(s) 30,36,71,75,42,48,18,24,54,60,66 com/jiubang/commerce/utils/LruCache.java, line(s) 104 com/jiubang/commerce/utils/ProcessExclusiveLock.java, line(s) 26,46,72,100 com/keyboard/gdpr/f.java, line(s) 10,16 com/mopub/common/CacheService.java, line(s) 36,101,161 com/mopub/common/ClientMetadata.java, line(s) 164 com/mopub/common/DiskLruCache.java, line(s) 98 com/mopub/common/DoubleTimeTracker.java, line(s) 33,42 com/mopub/common/ExternalViewabilitySessionManager.java, line(s) 36,39,190,188 com/mopub/common/GpsHelper.java, line(s) 79,95,120 com/mopub/common/LocationService.java, line(s) 124,127,130 com/mopub/common/MoPub.java, line(s) 142,160,162,176,194,209,223,74,138,140,172,174,190,192,203,206,219,221 com/mopub/common/MoPubHttpUrlConnection.java, line(s) 50,69 com/mopub/common/Preconditions.java, line(s) 125,137,149,161,170 com/mopub/common/UrlAction.java, line(s) 50,208 com/mopub/common/UrlHandler.java, line(s) 174,192 com/mopub/common/UrlResolutionTask.java, line(s) 77,92,115,118 com/mopub/common/a.java, line(s) 34,44,55,101,113,120,128,139,146,173,185,192,211,236,242,253,260 com/mopub/common/b.java, line(s) 23 com/mopub/common/d.java, line(s) 49,75,87,116,127,134,145,152,169,176,194,205,218,241,247,258,265 com/mopub/common/event/Event.java, line(s) 28 com/mopub/common/event/EventDispatcher.java, line(s) 24 com/mopub/common/event/EventSerializer.java, line(s) 20 com/mopub/common/event/ScribeEventRecorder.java, line(s) 41 com/mopub/common/util/DeviceUtils.java, line(s) 80,95,127,171 com/mopub/common/util/Intents.java, line(s) 114,81,106 com/mopub/common/util/Json.java, line(s) 75,79 com/mopub/common/util/ManifestUtils.java, line(s) 40,116,137 com/mopub/common/util/Streams.java, line(s) 64 com/mopub/common/util/Views.java, line(s) 35 com/mopub/mobileads/AdViewController.java, line(s) 129,172,174,184,199,208,298,361,188,383,205 com/mopub/mobileads/BannerVisibilityTracker.java, line(s) 62,67 com/mopub/mobileads/BaseHtmlWebView.java, line(s) 38,46,51 com/mopub/mobileads/BaseVideoPlayerActivity.java, line(s) 22,38,55 com/mopub/mobileads/BaseVideoViewController.java, line(s) 81,98 com/mopub/mobileads/CustomEventBannerAdapter.java, line(s) 44,49,64,76,88,95,151,156 com/mopub/mobileads/CustomEventInterstitialAdapter.java, line(s) 50,55,66,77,88,99 com/mopub/mobileads/HtmlBanner.java, line(s) 42,75,47 com/mopub/mobileads/HtmlWebViewClient.java, line(s) 78,82 com/mopub/mobileads/MoPubActivity.java, line(s) 32,90 com/mopub/mobileads/MoPubConversionTracker.java, line(s) 37 com/mopub/mobileads/MoPubInterstitial.java, line(s) 56,79,84,109,114,122,135,151,164,362,368,374 com/mopub/mobileads/MoPubView.java, line(s) 82,132,139,162,187,309,329,110,146,150 com/mopub/mobileads/MraidActivity.java, line(s) 81,113,99 com/mopub/mobileads/MraidVideoPlayerActivity.java, line(s) 139 com/mopub/mobileads/ResponseBodyInterstitial.java, line(s) 34,44 com/mopub/mobileads/VastCompanionAdConfig.java, line(s) 95 com/mopub/mobileads/VastIconConfig.java, line(s) 96 com/mopub/mobileads/VastIconXmlManager.java, line(s) 43,53 com/mopub/mobileads/VastLinearXmlManager.java, line(s) 69,99 com/mopub/mobileads/VastMacroHelper.java, line(s) 66 com/mopub/mobileads/VastManager.java, line(s) 42,76 com/mopub/mobileads/VastVideoBlurLastVideoFrameTask.java, line(s) 43,60 com/mopub/mobileads/VastVideoCloseButtonWidget.java, line(s) 86,92 com/mopub/mobileads/VastVideoConfig.java, line(s) 157,402,404,488,496 com/mopub/mobileads/VastVideoCtaButtonWidget.java, line(s) 89,99,103 com/mopub/mobileads/VastVideoGradientStripWidget.java, line(s) 62,72,76 com/mopub/mobileads/VastVideoInterstitial.java, line(s) 33,40 com/mopub/mobileads/VastVideoView.java, line(s) 31 com/mopub/mobileads/VastXmlManagerAggregator.java, line(s) 78,162,226 com/mopub/mobileads/VideoDownloader.java, line(s) 32,84,111,120,139,181 com/mopub/mobileads/VideoViewabilityTrackerXmlManager.java, line(s) 29,36,55 com/mopub/mobileads/ViewGestureDetector.java, line(s) 43 com/mopub/mobileads/WebViewCacheService.java, line(s) 64 com/mopub/mobileads/resource/ProgressBarDrawable.java, line(s) 59 com/mopub/mobileads/util/WebViews.java, line(s) 22,29,36,43 com/mopub/mraid/MraidBanner.java, line(s) 111,82 com/mopub/mraid/MraidBridge.java, line(s) 93,183,192,201,286,294,203,298 com/mopub/mraid/MraidController.java, line(s) 294,527 com/mopub/mraid/MraidNativeCommandHandler.java, line(s) 69,72,75,79,85,289,295 com/mopub/nativeads/AdapterHelper.java, line(s) 34 com/mopub/nativeads/BaseNativeAd.java, line(s) 53,67 com/mopub/nativeads/MoPubCustomEventNative.java, line(s) 34,41,48,186,191 com/mopub/nativeads/MoPubNative.java, line(s) 128,174,211,165 com/mopub/nativeads/MoPubRecyclerAdapter.java, line(s) 183,188,213,248 com/mopub/nativeads/MoPubStreamAdPlacer.java, line(s) 126,111 com/mopub/nativeads/NativeAdViewHelper.java, line(s) 26 com/mopub/nativeads/NativeImageHelper.java, line(s) 37,64,71 com/mopub/nativeads/NativeRendererHelper.java, line(s) 16,21,85,67 com/mopub/nativeads/StaticNativeAd.java, line(s) 102,124,132,140 com/mopub/nativeads/b.java, line(s) 15,29,33 com/mopub/nativeads/e.java, line(s) 65 com/mopub/nativeads/g.java, line(s) 69,85,40 com/mopub/nativeads/i.java, line(s) 36 com/mopub/nativeads/k.java, line(s) 78,83 com/mopub/network/AdRequest.java, line(s) 231 com/mopub/network/CustomSSLSocketFactory.java, line(s) 133 com/mopub/network/RequestManager.java, line(s) 52 com/mopub/network/ScribeRequestManager.java, line(s) 21,39 com/mopub/network/TrackingRequest.java, line(s) 68,76 com/mopub/volley/CacheDispatcher.java, line(s) 30 com/mopub/volley/NetworkDispatcher.java, line(s) 68 com/mopub/volley/Request.java, line(s) 140 com/mopub/volley/RequestQueue.java, line(s) 122,143 com/mopub/volley/VolleyLog.java, line(s) 26,98,102,30,34,111,11,16,21,38,42 com/mopub/volley/toolbox/BasicNetwork.java, line(s) 134,92,180,189 com/mopub/volley/toolbox/DiskBasedCache.java, line(s) 49,81,192,197,210,242,353,117,227,253 com/mopub/volley/toolbox/ImageRequest.java, line(s) 57 com/mopub/volley/toolbox/JsonRequest.java, line(s) 56 com/nostra13/universalimageloader/a/a/a/a/a.java, line(s) 103 me/xiaopan/sketch/c.java, line(s) 74,95,158,175,36,49,19,116,133 me/xiaopan/sketch/cache/d.java, line(s) 207
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/jb/ga0/commerce/util/retrofit/RetrofitRequest.java, line(s) 190,190 com/jb/ga0/commerce/util/retrofit/test/Test.java, line(s) 226,222
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (newstoredata.goforandroid.com) 通信。
{'ip': '8.210.132.106', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api.douban.com) 通信。
{'ip': '8.210.132.106', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (newstoredis.goforandroid.com) 通信。
{'ip': '47.242.94.137', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (goupdate.3g.cn) 通信。
{'ip': '139.9.105.102', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '广州', 'latitude': '23.127361', 'longitude': '113.264572'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (gokeyboardmarket.goforandroid.com) 通信。
{'ip': '8.210.59.142', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (adviap.goforandroid.com) 通信。
{'ip': '47.242.91.30', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (protect.ppmobiles.com) 通信。
{'ip': '8.210.87.119', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}