安全分析报告:
安全分数
安全分数 36/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
14
用户/设备跟踪器
调研结果
高危
11
中危
18
信息
1
安全
2
关注
5
高危 应用程序存在Janus漏洞
应用程序使用了v1签名方案进行签名,如果只使用v1签名方案,那么它就容易受到安卓5.0-8.0上的Janus漏洞的攻击。在安卓5.0-7.0上运行的使用了v1签名方案的应用程序,以及同时使用了v2/v3签名方案的应用程序也同样存在漏洞。
高危 Activity (net.cleverbit.vkplugin.MyUnityActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (net.cleverbit.vkplugin.MyUnityActivity) 容易受到 Android Task Hijacking/StrandHogg 的攻击。
活动不应将启动模式属性设置为“singleTask”。 然后,其他应用程序可以将恶意活动放置在活动栈顶部,从而导致任务劫持/StrandHogg 1.0 漏洞。 这使应用程序成为网络钓鱼攻击的易受攻击目标。 可以通过将启动模式属性设置为“singleInstance”或设置空 taskAffinity (taskAffinity="") 属性来修复此漏洞。 您还可以将应用的目标 SDK 版本 (26) 更新到 28 或更高版本以在平台级别修复此问题。
高危 Activity (com.facebook.unity.FBUnityAppLinkActivity) is vulnerable to StrandHogg 2.0
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (26) 更新到 29 或更高版本以在平台级别修复此问题。
高危 Activity (com.facebook.unity.FBUnityDeepLinkingActivity) is vulnerable to StrandHogg 2.0
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (26) 更新到 29 或更高版本以在平台级别修复此问题。
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/amazon/device/ads/AdContainer.java, line(s) 107,7 com/amazon/device/ads/ViewManager.java, line(s) 225,231,9,10 com/appodeal/ads/networks/vpaid/VPAIDView.java, line(s) 267,23,24 com/chartboost/sdk/impl/bn.java, line(s) 58,8 com/chartboost/sdk/impl/bo.java, line(s) 66,6,7 com/chartboost/sdk/impl/w.java, line(s) 49,6,7 com/mopub/mobileads/BaseWebView.java, line(s) 34,9 com/mopub/mobileads/MraidActivity.java, line(s) 73,12 com/mopub/mraid/MraidBridge.java, line(s) 506,17,18 com/my/target/core/ui/views/chrome/BannerWebView.java, line(s) 41,8 com/startapp/android/publish/ads/splash/d.java, line(s) 43,5,6 com/startapp/android/publish/ads/splash/i.java, line(s) 151,9 com/startapp/android/publish/common/commonUtils/q.java, line(s) 350,23,24 com/tapjoy/TJAdUnit.java, line(s) 156,179,384,14 com/tapjoy/TJAdUnitJSBridge.java, line(s) 348,29 com/tapjoy/mraid/view/MraidView.java, line(s) 688,772,1517,32,33 com/unity3d/ads/webview/WebViewApp.java, line(s) 245,9,262,268,274 com/unity3d/ads2/webview/WebViewApp.java, line(s) 245,9,262,268,274 com/yandex/mobile/ads/y.java, line(s) 81,18 org/nexage/sourcekit/mraid/MRAIDVideoAddendumView.java, line(s) 409,849,890,1683,37,38 org/nexage/sourcekit/mraid/MRAIDView.java, line(s) 687,726,1449,1569,36,37 org/nexage/sourcekit/vast/activity/VASTActivity.java, line(s) 407,31,32 org/nexage/sourcekit/vast/activity/VPAIDActivity.java, line(s) 315,24,25
高危 WebView域控制不严格漏洞
WebView域控制不严格漏洞 Files: com/adcolony/sdk/aw.java, line(s) 154,145 com/chartboost/sdk/impl/bn.java, line(s) 25,23 com/startapp/android/publish/ads/splash/d.java, line(s) 29,28,29 com/unity3d/ads/webview/WebView.java, line(s) 21,19 com/unity3d/ads2/webview/WebView.java, line(s) 21,19 com/yandex/mobile/ads/ah.java, line(s) 24,18
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/appodeal/ads/utils/v.java, line(s) 116 com/ironsource/mediationsdk/utils/IronSourceAES.java, line(s) 33,60
高危 已启用远程WebView调试
已启用远程WebView调试 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/applovin/impl/adview/ac.java, line(s) 14,3 com/appodeal/ads/networks/vpaid/VPAIDView.java, line(s) 130,23,24 com/chartboost/sdk/impl/bo.java, line(s) 64,6,7 com/inmobi/rendering/RenderView.java, line(s) 772,31,32 com/tapjoy/TapjoyLog.java, line(s) 65,8 com/vungle/publisher/ms.java, line(s) 105,9
高危 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: com/mopub/network/CustomSSLSocketFactory.java, line(s) 14,15,16,17,3
高危 应用程序包含隐私跟踪程序
此应用程序有多个14隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 应用程序数据存在被泄露的风险
未设置[android:allowBackup]标志 这个标志 [android:allowBackup]应该设置为false。默认情况下它被设置为true,允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Activity (com.facebook.unity.FBUnityAppLinkActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.facebook.unity.FBUnityDeepLinkingActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.google.android.gms.analytics.CampaignTrackingReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.appodeal.ads.AppodealPackageAddedReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.inmobi.commons.core.utilities.uid.ImIdShareBroadCastReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.yandex.metrica.MetricaService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.yandex.metrica.MetricaEventHandler) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/amazon/device/ads/AdActivity.java, line(s) 11 com/amazon/device/ads/AdvertisingIdParameter.java, line(s) 6 com/amazon/device/ads/AppEventRegistrationHandler.java, line(s) 18,19 com/amazon/device/ads/Assets.java, line(s) 19 com/amazon/device/ads/DirectedIdRetriever.java, line(s) 4 com/amazon/device/ads/InterstitialAd.java, line(s) 17 com/amazon/device/ads/UserIdParameter.java, line(s) 4 com/amazon/device/ads/ViewabilityObserver.java, line(s) 12,15 com/amazon/device/ads/WebRequest.java, line(s) 23,13 com/amazon/mas/kiwi/util/KiwiVersionEncrypter.java, line(s) 11 com/applovin/impl/sdk/bj.java, line(s) 68 com/ironsource/adapters/supersonicads/DemandSourceConfig.java, line(s) 45 com/ironsource/adapters/supersonicads/SupersonicConfig.java, line(s) 46 com/ironsource/environment/DeviceStatus.java, line(s) 41 com/ironsource/mediationsdk/config/AbstractAdapterConfig.java, line(s) 19,18 com/ironsource/mediationsdk/logger/LogsSender.java, line(s) 15,14 com/ironsource/mediationsdk/sdk/GeneralProperties.java, line(s) 7 com/ironsource/mediationsdk/server/ServerURL.java, line(s) 16,24 com/ironsource/mediationsdk/utils/IronSourceConstants.java, line(s) 11,15 com/ironsource/mediationsdk/utils/IronSourceUtils.java, line(s) 32,34,24,36,38 com/ironsource/sdk/utils/Constants.java, line(s) 37,222,20 com/mopub/common/AdUrlGenerator.java, line(s) 12,13,14,11,15,21,18,19,20,22,23,16,26,24,17,25,27 com/mopub/common/BaseUrlGenerator.java, line(s) 14,15 com/mopub/common/Constants.java, line(s) 19,20 com/mopub/common/DataKeys.java, line(s) 8,10,9,6,16,11,13,5,20,22,21,23,24,28,29,30 com/mopub/common/GpsHelper.java, line(s) 13,15 com/mopub/common/MoPubBrowser.java, line(s) 27 com/mopub/common/event/EventDetails.java, line(s) 11,12,13,14,15,16,17,18,19,20,21,22,23 com/mopub/mobileads/BaseVideoPlayerActivity.java, line(s) 17 com/mopub/mobileads/MoPubRewardedVideoManager.java, line(s) 46,47,45 com/mopub/mobileads/RewardedVideoCompletionRequestHandler.java, line(s) 23,29,27,28,22 com/mopub/nativeads/PositioningRequest.java, line(s) 19,20,22,23,24 com/my/target/core/utils/h.java, line(s) 161 com/tapjoy/TapjoyConstants.java, line(s) 51,54 com/tapjoy/mraid/view/MraidView.java, line(s) 60 com/vk/sdk/VKAccessToken.java, line(s) 16 com/vk/sdk/VKSdk.java, line(s) 23 com/vk/sdk/api/VKApiConst.java, line(s) 13 com/vungle/publisher/VungleAdActivity.java, line(s) 17,19,18 rx/internal/schedulers/NewThreadWorker.java, line(s) 27,36 rx/plugins/RxJavaPlugins.java, line(s) 114,128
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/adcolony/sdk/ao.java, line(s) 151,157,158 com/applovin/impl/sdk/al.java, line(s) 164 com/appodeal/ads/utils/a/d.java, line(s) 28,58 com/appodeal/ads/utils/g.java, line(s) 60,70,94 com/appodeal/ads/utils/h.java, line(s) 58,182,186 com/appodeal/ads/utils/l.java, line(s) 60 com/appodeal/ads/utils/m.java, line(s) 69 com/chartboost/sdk/impl/g.java, line(s) 36,40 com/inmobi/rendering/mraid/b.java, line(s) 69 com/ironsource/environment/DeviceStatus.java, line(s) 88,221 com/ironsource/mediationsdk/utils/GeneralPropertiesWorker.java, line(s) 359,381 com/ironsource/sdk/utils/SDKUtils.java, line(s) 496 com/mopub/mraid/MraidNativeCommandHandler.java, line(s) 102,253 com/startapp/android/publish/common/commonUtils/n.java, line(s) 44 com/tapjoy/TapjoyCache.java, line(s) 49,50,51 com/tapjoy/internal/w.java, line(s) 13 com/tapjoy/mraid/controller/Assets.java, line(s) 47,47,52 com/unity3d/ads/cache/CacheDirectory.java, line(s) 27 com/unity3d/ads2/cache/CacheDirectory.java, line(s) 27 com/vungle/publisher/env/AndroidDevice.java, line(s) 236 com/vungle/publisher/inject/a.java, line(s) 81 com/yandex/metrica/impl/am.java, line(s) 92 com/yandex/mobile/ads/g/d.java, line(s) 45 org/nexage/sourcekit/mraid/nativefeature/MRAIDNativeFeatureProvider.java, line(s) 57,58 org/nexage/sourcekit/vast/VASTPlayer.java, line(s) 167
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/adcolony/sdk/aw.java, line(s) 209,146 com/inmobi/rendering/RenderView.java, line(s) 794,789 com/ironsource/sdk/controller/IronSourceWebView.java, line(s) 196,299 com/startapp/android/publish/ads/a/c.java, line(s) 116,103 com/startapp/android/publish/ads/banner/bannerstandard/BannerStandard.java, line(s) 262,197 com/startapp/android/publish/ads/splash/d.java, line(s) 32,28 com/startapp/android/publish/adsCommon/adinformation/b.java, line(s) 149,145 com/tapjoy/TJAdUnitJSBridge.java, line(s) 103,343 com/unity3d/ads/webview/WebView.java, line(s) 71,47 com/unity3d/ads2/webview/WebView.java, line(s) 71,47 com/yandex/mobile/ads/y.java, line(s) 57,58,113 org/nexage/sourcekit/vast/activity/VPAIDActivity.java, line(s) 216,212
中危 IP地址泄露
IP地址泄露 Files: com/amazon/device/ads/Version.java, line(s) 4 com/appodeal/ads/native_ad/c.java, line(s) 82 com/ironsource/adapters/supersonicads/SupersonicAdsAdapter.java, line(s) 51,98 com/ironsource/mediationsdk/utils/IronSourceUtils.java, line(s) 35
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/appodeal/ads/networks/b.java, line(s) 14 com/appodeal/ads/utils/l.java, line(s) 88 com/appodeal/ads/utils/m.java, line(s) 124 com/ironsource/mediationsdk/utils/IronSourceUtils.java, line(s) 60 com/ironsource/sdk/utils/SDKUtils.java, line(s) 237 com/my/target/core/utils/f.java, line(s) 8 com/startapp/android/publish/ads/video/d.java, line(s) 35 com/tapjoy/mraid/controller/Assets.java, line(s) 181 com/vk/sdk/util/VKUtil.java, line(s) 70 com/yandex/metrica/impl/c.java, line(s) 205
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/amazon/android/c/a.java, line(s) 19 com/amazon/android/f/c.java, line(s) 11 com/amazon/android/framework/prompt/Prompt.java, line(s) 8 com/applovin/impl/a/n.java, line(s) 17 com/appodeal/ads/f/g.java, line(s) 27 com/inmobi/ads/InMobiInterstitial.java, line(s) 22 com/inmobi/ads/b.java, line(s) 13 com/inmobi/commons/core/d/c.java, line(s) 20 com/inmobi/commons/core/utilities/uid/d.java, line(s) 8 com/inmobi/rendering/a/a.java, line(s) 7 com/mopub/common/event/EventSampler.java, line(s) 8 com/startapp/android/publish/ads/banner/Banner.java, line(s) 27 com/startapp/android/publish/ads/video/a/b.java, line(s) 8 com/startapp/android/publish/cache/a.java, line(s) 18 com/startapp/android/publish/cache/g.java, line(s) 19 com/vk/sdk/VKObject.java, line(s) 4 com/vk/sdk/api/httpClient/VKMultipartEntity.java, line(s) 10 com/yandex/metrica/impl/ob/dm.java, line(s) 3 com/yandex/mobile/ads/video/b/f.java, line(s) 15
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/inmobi/commons/core/c/b.java, line(s) 5,132 com/ironsource/eventsmodule/DataBaseEventsStorage.java, line(s) 6,7,147 com/tapjoy/internal/fk.java, line(s) 6,57 com/tapjoy/internal/i.java, line(s) 5,52 com/vungle/publisher/cl.java, line(s) 7,8,84 com/yandex/metrica/impl/ob/bm.java, line(s) 6,162 com/yandex/metrica/impl/ob/bn.java, line(s) 7,8,92 com/yandex/metrica/impl/ob/br.java, line(s) 6,77
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/adcolony/sdk/au.java, line(s) 264 com/adcolony/sdk/ba.java, line(s) 31 com/amazon/android/c/b.java, line(s) 141 com/amazon/android/l/a.java, line(s) 19 com/amazon/android/l/b.java, line(s) 62 com/amazon/device/ads/StringUtils.java, line(s) 80 com/chartboost/sdk/Libraries/b.java, line(s) 17 com/inmobi/commons/core/utilities/a/b.java, line(s) 72 com/ironsource/sdk/utils/SDKUtils.java, line(s) 162 com/mopub/common/util/Utils.java, line(s) 30 com/my/target/core/utils/h.java, line(s) 167 com/tapjoy/internal/cm.java, line(s) 9
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/vk/sdk/api/photo/VKUploadImage.java, line(s) 29
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 nYRg/7e7uvh0eHo7wwsrvE5zP53cQPIr6PMcV+T41NVUZvrog6MTPeDz+BoXn1yI0MzMjLS8v09bW iZEDYF5LpvyxpOX9+x3+qDBXhdByZOUFatBA3JgW7sY= 322a737a-a0ca-44e0-bc85-649b1c7c1db6 4e610cd2-753f-4bfc-9b05-772ce8905c5e 026ae9c9824b3e483fa6c71fa88f57ae27816141 nbWFnZVJlYWR5ccllPAAAA2NJREFUeNqMVF1Ik1EYPm7TpsIca84pGs6VrboYaeRPpFgXKUzBH4S8 nzzOMcSXw5OSESqUS1ft5/C3AAL39YeI2ufApAAAAAElFTkSuQmCC 48761EEF50EE53AFC4CC9C5F10E6BDE7F8F5B82F njckH6fkL0/f3NwMPHz8jKxsbAw0AQIABAGYHPKslk98oAAAAAElFTkSuQmCC B3EEABB8EE11C2BE770B684D95219ECB ndBAdSC2HG7SVlJRoT7ssaXt7e+3k5KSLiIiQJgRFMBgUmpzIqE97enq+lJaWhrbciYwRKE+NW32G 7d962ba4-a392-449a-a02d-6c5be5613928 nbW3U1dWlxr6rp6dnJJVKldLpdBEx8kuJYrVeNyAcwE0QBGpubqb29nbq7u7WDgwMjABs39/fz+Ry nOV4rVoXx9a0QbjKZjJRKJWm1WjIYDIRRMKJeT/ECQzQazZTLZZ4Vb0D5Tsh1mFqtJp1ORyaTSejr n6irNUuVymeHQARbA5XA4vDirbAYCBQ4NYAIuarXacDQafbK0tJRqNBr32TkIBBxKwAgsKBQKTzgc C10F7968CFE2C76AC6F0650C877806D4514DE58FC239592D2385BCE5609A84B2A0FBDAF29B05505EAD1FDFEF3D7209ACBF34B5D0A806DF18147EA9C0337D6B5B 14abf3db44b7d9fb982de4d880edafdd74f3bbb1 ny3QBsSyPMqbcUFX1UrPRqJimyUAOgw2F9GzhOsLQFXNHiBmMRCeXg8FgfG939wtmtLnszMwuJ4gR IQBnNBEiFuhj+8x6X8XLgh01V9Ic5/V3IRQLNFFc7v4= npBw3LkqubDqdvs1xQNqt1iHucygGshBEh0LQQREBY2fHx8F2HLfkcl1OJKaut1vtCiEGy6M9V/Yg n67MixouMFLFY7AeOnCuoTsMYkV6vJ41GwxugR1cnNzY2POvr66/qhlzPChlRS0tLHuuv6F74XpCq C38FB23A402222A0C17D34A92F971D1F nCQ6HY8Lr9Tr8fv9ji8Xy6PDw8CKTyUh4LoNzUBkg9l/I4OCg2ePxkNPpfOB2u0cbGhoeQuJZsVjk 20799a27-fa80-4b36-b2db-0f8141f24180 478cb909-6ad1-4e12-84cc-b3629a789f93 YW5kcm9pZC5pbnRlbnQuY2F0ZWdvcnkuTEFVTkNIRVI= OB84k4abNNzWpMVBdhI+TSgQmCqTKdPPQrwq6j4YdMU= iVBORw0KGgoAAAANSUhEUgAAAGAAAABgBAMAAAAQtmoLAAAAGFBMVEUAAAAzMzMzMzMzMzMzMzMzMzMzMzMzMzOW6p+xAAAACHRSTlMAmTkdj2BzVg1F16EAAABtSURBVHhe7dexCcAwDAVRow0+RHatDbJDFsj+02SAQMIVqvyvFw9jDPL4yzkXNwQqISAxoqSEACNKkhYEdEHgODcDDBgw8N18AXAgBIVqHwg1HJoRE18cfz17ESZMmFh8DWVE8lUaVdnwHXDOPfezMoezhMEMAAAAAElFTkSuQmCC nWbHLrMTbYBVIb2/vhMvlMttsNurs7CSj0Si32+0W7D0BRMthOKuAS5cw6brEvyCQQk1NTdTY2Eht nbWFnZVJlYWR5ccllPAAAAq5JREFUeNqUlN9LmmEUx4++/ihKy6yZGEMjlExdEjgqQmm78ioGu41g nUADSo43SMCLKQimS0GKDTqfLys7OvlldXZ2Vnp4uy8nJuZGWlmacnp52ejyeANZ4AB/AQ4kigSQg niooKjZjIsVAkJSXdIw1IFyqvt7d3pLy8PCFksXJgYIAPDg5aGxsbs8OzCY2E+vr692tra4LIFovl nB29AZrS2tibX6/XvqVTqdqFQuPUNBcuDC8+09ndxq7wR+yRD6Q+o28IDHMDuCmyr+UOM2+XWJhKN 67bb016b-be40-4c08-a190-96a3f3b503d3 8ace5ca5da6b9adb3c0f055aad4a98c2aedf4bd7 E91093227F02CE854C3214749DC7FB3459E0E43E80CAE27F01AA0EA92894C9E1 nXpnVan0ZiUSSoiimiCgBP4UXfD4fozpsbW2NhP7+/vdDQ0MvFLBkMnmBfQEuHhwclOHMbDbXhOAM 3f2ae9c1894282b5e0222f0d06bbf457191f816f LvRiGEjRqfzurezaWuj8Wie2gyHMrW5Q06LspMnox7A= nkmw287xcKj2eKczZqqZBs97AthKg2N5B48zjvLOnCzJO6LWrV95g330bG6/XtPS0zeo+aLeBoH3n 7bf3a1e7bbd31e612eda3310c2cdb8075c43c6b5 nmbKhEpter78GGy+gYgUklEgkiOdhs9lIo9H8l+CUCDcJaHjsdDpf+nw+3cgGvgnkgyDPU2xvb6+L n+3w+4RkIBPhRHB4e8u3tbd7f38+rqqpM2CcJ1YhKu4Vsvq2urnKIzN1uN3c4HHxqaso1Pj7+Y3d3 nVyAicqfTyaHhenNzc1Eo0VF5F2traz+srKwIRFtbW3xoaMjW1tZ2X9Q12WazcZfLxefn53lXV9fb nIVgcHx9/TSaTMfAxkLsx2ywge40J8zV8bP8VYACAQuluULZPjQAAAABJRU5ErkJggg== 6c5f504e-8928-47b5-bfb5-73af8d8bf4b4 nsLoIMVCpRERCAgfSZXpR2ZVJCEIgaIQm+MdCIkXRTTTnQG0qorCFm21zp+f9+IQ5NHvh4eP7vnOe nOPakmwovMTMz81JZWZm+oKDAkJiYGENk3o2NjSVYgsXFxbHc3NxCMXX5KYRkFRU2XzEajQZUxSQS nCdvb2/tJZAfLy8uDyI4pFApmMpkKNRpNJr7rxEaWiaS0NhrQAuk1NTVPoDWDiRmS2RweHrYK9aO0 f379b01b219fb72670923cc96dc29bbe34213365 n877Ped5Xyv4dEYAMSK2rq/tkt9tlXq83Cu9BwC8+zyQ4B5wHLgAG4M7IyAgfHR31FhcXv8F7EXAZ nLdoEA21azN6NzG9oIGE2bdwERYggrdqI2SLb5G5o0VwYRZGZ0a/zig5WNo4PHF4+5DnvOed9Htnq E72409364B865B757E1D6B8DB73011BBB1D20C1A9F931ADD3C4C09E2794CE102F8AA7F2D50EB88F9880A576E6C7B0E95712CAE9416F7BACB798564627846E93B nTMLGs2AwGIeSAUEoFCKLxUJqtZpEUfyTaJiDapiDU6lUBmKx2CM03YAKiRNAESFg0ul0BJunvWzM com/Vo9wbFH89BbDbWFhUezQZOGPKmfkJSAtIbVWk3QxPbvJwcR8I79EVuI0aB41a A1ABC1296E644B3A25179FCD3E277C8D36039BEE94478E2F5104FA4244237F54 nd15eXmrYqbKmpiZzuNAnRXJ3d7eVStjc3OQo7ZXos7OC5ImjZAA1EE0nSbRarUYulzNoxeCfb/gW 01528cc0-dd34-494d-9218-24af1317e1ee YW5kcm9pZC5pbnRlbnQuYWN0aW9uLk1BSU4= c4d6345aac3a40b58c75761ab14a9ce8 dy/Myn0WRtYGKBNP8ubn9boJWJi+WWmLzp0V+W9pqfM= e4250327-8d3c-4d35-b9e8-3c1720a64b91 nu7Ftt+5mBF0Go8sIBvsTtggqGgODboK66aIwNi0lJ7p+2TT89b7Pvo/LaKucHTj4+LzP+bzne855 8f1d08a2d6496191a5ebae8f0590f513e2619489 nhgTMAXauAs13gXsgmOMEUEQul4sMBgMx9q8RNnxOPWDlBHa7/TpufQobbn47J0GoZDKZCApJEISJ n1p961QpmjJWOj48/rKysvBsfHz+bm5tji4uLBBBls1nCzaeamUD3F1Tf3dHR8RoFPQ0GgywUCtHe nCnnR4eEhYdd62Wz2MxRtYaYMWI9LyE8YjcZUIl789brdLmFVuLXOxsbGe6vV+g7CglDokSSJqtXq nFzsSJB6L6ZnMdHFtZeVFbrbgxBMa/Pi+BaeCeL1eZ3529tWT8vr9iwsLdiKVhka9BqZBuvtDIRJ2 AZQG1XXPKFo8LYu/gTPgz65IOcmcwYFb3yREhyWefNI= nbWFnZVJlYWR5ccllPAAAAqNJREFUeNqUlEtrE1EUx8+8EjNT27zTaMw0k6RJGpu+VqIi4k7rQtyK nPDs7K3Ldm5ubhP9UKBS4vFuzlqtUqnPo+7i0tGTFpeMfqALXjSEijHdF+13BV/MzNjamWVhYyM7P 8b2824c2cb184ce0ac78b82dba46b78a nr98Hoij993E5jgPoAvSjI1A8ngPT0B+JMGIwV263G2RZhulU8lNle/vdyBAWc4XCdijgv7deKr1n
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/adcolony/sdk/AdColonyAppOptions.java, line(s) 135,153 com/adcolony/sdk/ag.java, line(s) 51,63 com/adcolony/sdk/ai.java, line(s) 291,280,298,308,449 com/adcolony/sdk/ak.java, line(s) 45 com/adcolony/sdk/aq.java, line(s) 28,31,32,33,44 com/adcolony/sdk/ar.java, line(s) 22,23,24,29,30,31,32 com/adcolony/sdk/h.java, line(s) 236 com/adcolony/sdk/q.java, line(s) 32 com/adcolony/sdk/x.java, line(s) 34,40,36,74,38 com/amazon/android/framework/util/KiwiLogger.java, line(s) 48,54,30,36,42 com/amazon/device/ads/LogcatLogger.java, line(s) 10,15,20,25,30 com/amazon/mas/kiwi/util/KiwiVersionEncrypter.java, line(s) 110,114 com/applovin/adview/AppLovinAdView.java, line(s) 88 com/applovin/adview/AppLovinIncentivizedInterstitial.java, line(s) 54 com/applovin/impl/adview/AdViewControllerImpl.java, line(s) 151,154,157,160,163,337,372,463 com/applovin/impl/adview/az.java, line(s) 705,708 com/applovin/impl/sdk/AppLovinSdkImpl.java, line(s) 62,285,289,292,310,58 com/applovin/impl/sdk/q.java, line(s) 29,44,68,54,82 com/applovin/sdk/AppLovinSdk.java, line(s) 49,73 com/applovin/sdk/AppLovinSdkUtils.java, line(s) 62 com/appodeal/ads/Appodeal.java, line(s) 856 com/appodeal/ads/a/v.java, line(s) 72,74 com/appodeal/ads/b/y.java, line(s) 61,63 com/appodeal/ads/c/q.java, line(s) 64,66 com/appodeal/ads/native_ad/l.java, line(s) 127,129 com/appodeal/ads/networks/vpaid/c.java, line(s) 41,29,47,35 com/appodeal/ads/p.java, line(s) 49,70,93,116,168,195,224 com/appodeal/ads/utils/Log.java, line(s) 73,78,88,90 com/appodeal/ads/utils/c/b.java, line(s) 80,93 com/appodeal/ads/utils/h.java, line(s) 108,109,112 com/appodeal/ads/utils/s.java, line(s) 338,340 com/appodeal/unity/AppodealUnityUtils.java, line(s) 35,31,33 com/chartboost/sdk/Libraries/CBLogging.java, line(s) 20,26,32,38,68,44,50,56,62 com/chartboost/sdk/impl/bm.java, line(s) 51,183,187,203,200 com/chartboost/sdk/impl/bp.java, line(s) 51,62,106,157 com/inmobi/commons/core/utilities/Logger.java, line(s) 22,29,45,48,58,61,19,42 com/integralads/avid/library/inmobi/f/a.java, line(s) 9,15 com/ironsource/mediationsdk/integration/IntegrationHelper.java, line(s) 117,174,177,298,306,88,137,204,231,256,274,296,304,93,115,128 com/ironsource/mediationsdk/logger/ConsoleLogger.java, line(s) 31,25,22,28 com/ironsource/sdk/controller/IronSourceWebView.java, line(s) 752,894,1003,1047,1119,1143,1211,1235,1691,1693,1695,1715,2000,2007,2733,2737,2743,2748,2756,2759,2765,2774,2592 com/ironsource/sdk/utils/Logger.java, line(s) 56,62,32,38,20,26,68,74,44,50 com/moat/analytics/mobile/inm/ae.java, line(s) 23,96 com/moat/analytics/mobile/inm/at.java, line(s) 27 com/moat/analytics/mobile/inm/bd.java, line(s) 34,156,173,177 com/moat/analytics/mobile/inm/be.java, line(s) 13,32,47,20,40 com/moat/analytics/mobile/inm/bh.java, line(s) 30 com/moat/analytics/mobile/inm/c.java, line(s) 18 com/moat/analytics/mobile/inm/e.java, line(s) 28,42,52,66,76 com/moat/analytics/mobile/inm/f.java, line(s) 74,135 com/moat/analytics/mobile/inm/n.java, line(s) 34,53,76,90,98,106,40,126 com/moat/analytics/mobile/inm/p.java, line(s) 22,38 com/moat/analytics/mobile/inm/w.java, line(s) 30,25 com/moat/analytics/mobile/inm/x.java, line(s) 32,27,38 com/moat/analytics/mobile/inm/y.java, line(s) 31,26 com/moat/analytics/mobile/inm/z.java, line(s) 20 com/moat/analytics/mobile/tjy/af.java, line(s) 23,96 com/moat/analytics/mobile/tjy/au.java, line(s) 27 com/moat/analytics/mobile/tjy/bi.java, line(s) 34,157,174,178 com/moat/analytics/mobile/tjy/bj.java, line(s) 13,32,43,20,41 com/moat/analytics/mobile/tjy/bm.java, line(s) 33 com/moat/analytics/mobile/tjy/c.java, line(s) 18 com/moat/analytics/mobile/tjy/e.java, line(s) 28,42,52,66,76 com/moat/analytics/mobile/tjy/f.java, line(s) 74,135 com/moat/analytics/mobile/tjy/n.java, line(s) 34,52,70,84,92,100,40,120 com/moat/analytics/mobile/tjy/p.java, line(s) 22,38 com/moat/analytics/mobile/tjy/w.java, line(s) 30,25 com/moat/analytics/mobile/tjy/x.java, line(s) 32,27,38 com/moat/analytics/mobile/tjy/y.java, line(s) 31,26 com/moat/analytics/mobile/tjy/z.java, line(s) 20 com/moat/analytics/mobile/vng/m.java, line(s) 8 com/moat/analytics/mobile/vng/p.java, line(s) 25 com/mopub/common/BrowserWebViewClient.java, line(s) 38 com/mopub/common/CacheService.java, line(s) 151,205,230 com/mopub/common/ClientMetadata.java, line(s) 145 com/mopub/common/DiskLruCache.java, line(s) 436 com/mopub/common/DoubleTimeTracker.java, line(s) 56,66 com/mopub/common/GpsHelper.java, line(s) 47,88,104 com/mopub/common/LocationService.java, line(s) 125,128,131 com/mopub/common/MoPub.java, line(s) 84,98,116,205,218,236,238,78,81,94,96,112,114,177,201,203,214,216 com/mopub/common/MoPubHttpUrlConnection.java, line(s) 27,53 com/mopub/common/Preconditions.java, line(s) 89,113,137,161,170 com/mopub/common/UrlAction.java, line(s) 48,209 com/mopub/common/UrlHandler.java, line(s) 134,179 com/mopub/common/event/Event.java, line(s) 35 com/mopub/common/event/EventDispatcher.java, line(s) 16 com/mopub/common/event/EventSerializer.java, line(s) 23 com/mopub/common/event/LogCatEventRecorder.java, line(s) 11 com/mopub/common/event/ScribeEventRecorder.java, line(s) 79 com/mopub/common/util/DeviceUtils.java, line(s) 73,148,201,103 com/mopub/common/util/Intents.java, line(s) 179,96,171 com/mopub/common/util/Json.java, line(s) 21,27 com/mopub/common/util/ManifestUtils.java, line(s) 56,170,180 com/mopub/common/util/Views.java, line(s) 27 com/mopub/mobileads/AdViewController.java, line(s) 150,154,172,219,329,343,352,404,190,357,337 com/mopub/mobileads/BaseHtmlWebView.java, line(s) 58 com/mopub/mobileads/BaseVideoPlayerActivity.java, line(s) 50,58,66 com/mopub/mobileads/BaseVideoViewController.java, line(s) 97,50 com/mopub/mobileads/CustomEventBannerAdapter.java, line(s) 38,43,56,78,101 com/mopub/mobileads/CustomEventInterstitialAdapter.java, line(s) 50,55,66,87,110,191 com/mopub/mobileads/CustomEventRewardedAd.java, line(s) 31 com/mopub/mobileads/HtmlBanner.java, line(s) 33 com/mopub/mobileads/HtmlWebViewClient.java, line(s) 43,49 com/mopub/mobileads/MoPubActivity.java, line(s) 101 com/mopub/mobileads/MoPubConversionTracker.java, line(s) 52 com/mopub/mobileads/MoPubInterstitial.java, line(s) 95,102,109,125,170,175,200,205,217,226,242,255 com/mopub/mobileads/MoPubRewardedAd.java, line(s) 41,140,148,152,156 com/mopub/mobileads/MoPubRewardedPlayable.java, line(s) 28,62,64 com/mopub/mobileads/MoPubRewardedVideo.java, line(s) 32,66,68 com/mopub/mobileads/MoPubRewardedVideoManager.java, line(s) 283,287,313,318,386,393,400,621,623,267,323,351,378,404 com/mopub/mobileads/MoPubView.java, line(s) 116,139,217,257,272,279,372,62,67,76,281,288 com/mopub/mobileads/MraidActivity.java, line(s) 80,107,88 com/mopub/mobileads/MraidVideoPlayerActivity.java, line(s) 163 com/mopub/mobileads/ResponseBodyInterstitial.java, line(s) 34,43 com/mopub/mobileads/RewardedAdData.java, line(s) 64,70,81,203,207,233,238 com/mopub/mobileads/RewardedMraidActivity.java, line(s) 49,84,58,63 com/mopub/mobileads/RewardedVideoCompletionRequestHandler.java, line(s) 97 com/mopub/mobileads/VastCompanionAdConfig.java, line(s) 110 com/mopub/mobileads/VastIconConfig.java, line(s) 113 com/mopub/mobileads/VastIconXmlManager.java, line(s) 68,84 com/mopub/mobileads/VastLinearXmlManager.java, line(s) 113,176 com/mopub/mobileads/VastMacroHelper.java, line(s) 67 com/mopub/mobileads/VastManager.java, line(s) 105,123 com/mopub/mobileads/VastVideoBlurLastVideoFrameTask.java, line(s) 53,66 com/mopub/mobileads/VastVideoCloseButtonWidget.java, line(s) 109,118 com/mopub/mobileads/VastVideoConfig.java, line(s) 186,188,300,406,416 com/mopub/mobileads/VastVideoCtaButtonWidget.java, line(s) 67,77,81 com/mopub/mobileads/VastVideoGradientStripWidget.java, line(s) 54,64,68 com/mopub/mobileads/VastVideoInterstitial.java, line(s) 34 com/mopub/mobileads/VastVideoView.java, line(s) 51 com/mopub/mobileads/VastXmlManagerAggregator.java, line(s) 107,235,303 com/mopub/mobileads/VideoDownloader.java, line(s) 50,77,86,105,132,158 com/mopub/mobileads/VideoViewabilityTrackerXmlManager.java, line(s) 31,56,63 com/mopub/mobileads/ViewGestureDetector.java, line(s) 58 com/mopub/mobileads/resource/ProgressBarDrawable.java, line(s) 82 com/mopub/mobileads/util/WebViews.java, line(s) 23,30,37,44 com/mopub/mraid/MraidBanner.java, line(s) 77 com/mopub/mraid/MraidBridge.java, line(s) 131,377,385,397,503,512,399,389 com/mopub/mraid/MraidController.java, line(s) 450 com/mopub/mraid/MraidNativeCommandHandler.java, line(s) 396,415,418,421,431,437,467 com/mopub/nativeads/AdapterHelper.java, line(s) 69 com/mopub/nativeads/BaseNativeAd.java, line(s) 45,65 com/mopub/nativeads/CustomEventNativeAdapter.java, line(s) 19,33,37 com/mopub/nativeads/MoPubCustomEventNative.java, line(s) 129,136 com/mopub/nativeads/MoPubNative.java, line(s) 106,154,188,119 com/mopub/nativeads/MoPubRecyclerAdapter.java, line(s) 259,302,307,311 com/mopub/nativeads/MoPubStreamAdPlacer.java, line(s) 298,288 com/mopub/nativeads/NativeAdViewHelper.java, line(s) 47 com/mopub/nativeads/NativeImageHelper.java, line(s) 31,38,56 com/mopub/nativeads/NativeRendererHelper.java, line(s) 58,63,89,71 com/mopub/nativeads/PlacementData.java, line(s) 232 com/mopub/nativeads/ServerPositioningSource.java, line(s) 77,94,58 com/mopub/nativeads/StaticNativeAd.java, line(s) 184 com/mopub/nativeads/StaticNativeViewHolder.java, line(s) 53 com/mopub/nativeads/VisibilityTracker.java, line(s) 146,151 com/mopub/network/AdRequest.java, line(s) 106 com/mopub/network/CustomSSLSocketFactory.java, line(s) 64 com/mopub/network/RequestManager.java, line(s) 76 com/mopub/network/ScribeRequestManager.java, line(s) 30,39 com/mopub/network/TrackingRequest.java, line(s) 59,67 com/mopub/volley/CacheDispatcher.java, line(s) 30 com/mopub/volley/NetworkDispatcher.java, line(s) 72 com/mopub/volley/Request.java, line(s) 130,141,146 com/mopub/volley/RequestQueue.java, line(s) 69,114 com/mopub/volley/VolleyLog.java, line(s) 58,62,93,50,97,101,11,107,112,117,121 com/mopub/volley/toolbox/BasicNetwork.java, line(s) 124,171,99,108,129 com/mopub/volley/toolbox/DiskBasedCache.java, line(s) 92,162,286,318,431,436,449,404,147,173 com/mopub/volley/toolbox/ImageRequest.java, line(s) 98 com/mopub/volley/toolbox/JsonRequest.java, line(s) 38 com/my/target/core/b.java, line(s) 13,22,30 com/startapp/android/publish/ads/splash/c.java, line(s) 228 com/startapp/android/publish/ads/video/d.java, line(s) 37,61 com/startapp/android/publish/ads/video/h.java, line(s) 82 com/startapp/android/publish/adsCommon/j.java, line(s) 84 com/startapp/android/publish/common/b.java, line(s) 147,152,159,163,171,195 com/startapp/android/publish/common/commonUtils/j.java, line(s) 55,64,58,52,61 com/startapp/android/publish/common/commonUtils/q.java, line(s) 270,453 com/tapjoy/HmacSignature.java, line(s) 32,61 com/tapjoy/TJAdUnit.java, line(s) 153,192,332,367,371,383,387,491,723,752,763,789,800,181,536,596,138,170,435,448,465,515,576,586,606,296 com/tapjoy/TJAdUnitActivity.java, line(s) 44,50,68,167,173,185,205,216,229,236,249,132,263 com/tapjoy/TJAdUnitJSBridge.java, line(s) 115,124,135,207,275,280,301,486,524,606,652,737,792,810,831,864,882,886,895,902,920,944,958,961,974,988,1008,1028,99,1095,94,395,407,424,448,518,538,722,984,1004,1024 com/tapjoy/TJCloseButton.java, line(s) 59 com/tapjoy/TJCorePlacement.java, line(s) 132,164,474,484,587,608,719,723,405,417,421,517,703,706,144,174,235,336,340,345,384,394,507,526,557,569,251 com/tapjoy/TJCurrency.java, line(s) 46,63,108,111,114,118,141,150,154,177,183,187,100,145,181 com/tapjoy/TJEventOptimizer.java, line(s) 37,76,91,71,45 com/tapjoy/TJPlacement.java, line(s) 111,233,155,87,145,164,168 com/tapjoy/TJPlacementManager.java, line(s) 155,161,109,113 com/tapjoy/TJWebViewJSInterface.java, line(s) 30,34,57,81,119,126 com/tapjoy/TapjoyAdIdClient.java, line(s) 33 com/tapjoy/TapjoyAppSettings.java, line(s) 21,30,36,39,47,47,55,56,70,81,57 com/tapjoy/TapjoyCache.java, line(s) 56,74,80,92,103,128,154,159,184,187,259,260,261,262,305,315,353,58,77,88,113,121,124,145,171,359,400 com/tapjoy/TapjoyCacheMap.java, line(s) 41,66 com/tapjoy/TapjoyCachedAssetData.java, line(s) 101,113 com/tapjoy/TapjoyConnectCore.java, line(s) 257,275,288,306,356,377,400,674,678,681,953,1005,1014,1063,1086,1087,1107,1225,1241,1247,1252,1292,1299,1323,1347,1361,1484,1488,241,254,277,280,294,296,302,319,325,337,409,413,684,695,989,995,1001,1066,1092,1111,1149,1179,1187,1196,1205,1375,1382,1435,1509,286,352,373,446,656,657,659,661,662,663,766,1142,1229,1288,1307,1319,1365,1387,1408,1502,904,916,987,993,330,724,806,808 com/tapjoy/TapjoyGpsHelper.java, line(s) 20,22,23,28,30,35,36,39,42 com/tapjoy/TapjoyLog.java, line(s) 64 com/tapjoy/TapjoyURLConnection.java, line(s) 165,174,61,78,142,171,53,81,82,83,85,87,101,102,103,151,152,153,155,157 com/tapjoy/TapjoyUtil.java, line(s) 111,112,113,156,164,373,78 com/tapjoy/internal/dv.java, line(s) 70,119,124,144,431,106,114,49,65,92,422 com/tapjoy/internal/eo.java, line(s) 36,45 com/tapjoy/internal/ep.java, line(s) 38,55 com/tapjoy/internal/et.java, line(s) 45 com/tapjoy/internal/fc.java, line(s) 119,121 com/tapjoy/internal/il.java, line(s) 51 com/tapjoy/mediation/TJMediationSettings.java, line(s) 13,40,27,33 com/tapjoy/mraid/controller/Assets.java, line(s) 47,54,55,56,61,63,101 com/tapjoy/mraid/controller/Display.java, line(s) 77,83,89,99,140,146,174,192,200,205,44,46 com/tapjoy/mraid/controller/MraidLocation.java, line(s) 54,62,95,100 com/tapjoy/mraid/controller/MraidSensor.java, line(s) 57,63,69,74 com/tapjoy/mraid/controller/Network.java, line(s) 54,94 com/tapjoy/mraid/controller/Utility.java, line(s) 35,37,61,85,125 com/tapjoy/mraid/util/MraidPlayer.java, line(s) 57,106 com/tapjoy/mraid/view/Browser.java, line(s) 125,144 com/tapjoy/mraid/view/MraidView.java, line(s) 165,195,216,261,265,278,290,416,446,467,512,516,529,541,616,632,637,643,737,768,841,871,892,937,941,954,966,1205,1245,1283,1551,678,1509,320,321,330,337,571,572,581,588,996,997,1006,1013,1236,1514,1520 com/unity3d/ads/UnityAds.java, line(s) 68,78,83,91,116,177,187,203,99,101,110,168,219,221,71 com/unity3d/ads/adunit/AdUnitActivity.java, line(s) 47,91,105,119,134,163,279,330 com/unity3d/ads/api/AdUnit.java, line(s) 55,58,80,72,84,89,94,126,216 com/unity3d/ads/api/Cache.java, line(s) 96,110,39,115,126 com/unity3d/ads/api/DeviceInfo.java, line(s) 161,188,197,209 com/unity3d/ads/api/Intent.java, line(s) 82,99,117 com/unity3d/ads/api/Request.java, line(s) 33,45,63,75,92,104 com/unity3d/ads/api/Sdk.java, line(s) 15,22,59,41,53,47 com/unity3d/ads/api/VideoPlayer.java, line(s) 57,75,93,111,129,165 com/unity3d/ads/broadcast/BroadcastEventReceiver.java, line(s) 39 com/unity3d/ads/cache/CacheDirectory.java, line(s) 31,35,41,72,78,80,84,88,44 com/unity3d/ads/cache/CacheThread.java, line(s) 29 com/unity3d/ads/cache/CacheThreadHandler.java, line(s) 46,79,81,84,246,249,252,102,156,162,170,178,186,200,208,214,222,228,236 com/unity3d/ads/configuration/Configuration.java, line(s) 77 com/unity3d/ads/configuration/EnvironmentCheck.java, line(s) 22,42,24,29,32,35,45 com/unity3d/ads/configuration/InitializeThread.java, line(s) 79,142,223,238,311,395,407,427,153,159,285,318,321,350,381,431,194,230,264 com/unity3d/ads/connectivity/ConnectivityMonitor.java, line(s) 98,113,132 com/unity3d/ads/device/AdvertisingId.java, line(s) 156,48 com/unity3d/ads/device/Device.java, line(s) 72,154,286,290,299,309,336 com/unity3d/ads/device/Storage.java, line(s) 51,182,34,45,64,70,114,132,204,229,238 com/unity3d/ads/log/DeviceLog.java, line(s) 156,195,202 com/unity3d/ads/metadata/InAppPurchaseMetaData.java, line(s) 66,89,98 com/unity3d/ads/metadata/MetaData.java, line(s) 61 com/unity3d/ads/misc/Utilities.java, line(s) 123,42,77,86,93,107,149,171,178,182 com/unity3d/ads/misc/ViewUtilities.java, line(s) 15,30 com/unity3d/ads/properties/ClientProperties.java, line(s) 74,94,116,121 com/unity3d/ads/request/WebRequest.java, line(s) 250,143,149,158 com/unity3d/ads/request/WebRequestHandler.java, line(s) 36,43,48,56,100 com/unity3d/ads/request/WebRequestResultReceiver.java, line(s) 27,43 com/unity3d/ads/request/WebRequestThread.java, line(s) 30,114,128 com/unity3d/ads/video/VideoPlayerView.java, line(s) 47,69,84,118,124,166,177,196 com/unity3d/ads/webview/WebView.java, line(s) 80,28,106,110 com/unity3d/ads/webview/WebViewApp.java, line(s) 88,94,114,143,264,269,305,107,136,179,218,234,242,248,277,280,283,298 com/unity3d/ads/webview/bridge/Invocation.java, line(s) 44 com/unity3d/ads/webview/bridge/NativeCallback.java, line(s) 39 com/unity3d/ads/webview/bridge/WebViewBridge.java, line(s) 105 com/unity3d/ads/webview/bridge/WebViewBridgeInterface.java, line(s) 10,25 com/unity3d/ads/webview/bridge/WebViewCallback.java, line(s) 48 com/unity3d/ads2/UnityAds.java, line(s) 68,78,83,91,116,177,187,203,99,101,110,168,219,221,71 com/unity3d/ads2/adunit/AdUnitActivity.java, line(s) 47,91,105,119,134,163,279,330 com/unity3d/ads2/api/AdUnit.java, line(s) 55,58,80,72,84,89,94,126,216 com/unity3d/ads2/api/Cache.java, line(s) 96,110,39,115,126 com/unity3d/ads2/api/DeviceInfo.java, line(s) 161,188,197,209 com/unity3d/ads2/api/Intent.java, line(s) 84,101,119 com/unity3d/ads2/api/Request.java, line(s) 33,45,63,75,92,104 com/unity3d/ads2/api/Sdk.java, line(s) 15,22,59,41,53,47 com/unity3d/ads2/api/VideoPlayer.java, line(s) 57,75,93,111,129,165 com/unity3d/ads2/broadcast/BroadcastEventReceiver.java, line(s) 39 com/unity3d/ads2/cache/CacheDirectory.java, line(s) 31,35,41,72,78,80,84,88,44 com/unity3d/ads2/cache/CacheThread.java, line(s) 29 com/unity3d/ads2/cache/CacheThreadHandler.java, line(s) 46,79,81,84,246,249,252,102,156,162,170,178,186,200,208,214,222,228,236 com/unity3d/ads2/configuration/Configuration.java, line(s) 77 com/unity3d/ads2/configuration/EnvironmentCheck.java, line(s) 22,42,24,29,32,35,45 com/unity3d/ads2/configuration/InitializeThread.java, line(s) 79,142,223,238,311,395,407,427,153,159,285,318,321,350,381,431,194,230,264 com/unity3d/ads2/connectivity/ConnectivityMonitor.java, line(s) 98,113,132 com/unity3d/ads2/device/AdvertisingId.java, line(s) 156,48 com/unity3d/ads2/device/Device.java, line(s) 72,154,286,290,299,309,336 com/unity3d/ads2/device/Storage.java, line(s) 51,182,34,45,64,70,114,132,204,229,238 com/unity3d/ads2/log/DeviceLog.java, line(s) 156,195,202 com/unity3d/ads2/metadata/InAppPurchaseMetaData.java, line(s) 66,89,98 com/unity3d/ads2/metadata/MetaData.java, line(s) 61 com/unity3d/ads2/misc/Utilities.java, line(s) 123,42,77,86,93,107,149,171,178,182 com/unity3d/ads2/misc/ViewUtilities.java, line(s) 15,30 com/unity3d/ads2/properties/ClientProperties.java, line(s) 74,94,116,121 com/unity3d/ads2/request/WebRequest.java, line(s) 250,143,149,158 com/unity3d/ads2/request/WebRequestHandler.java, line(s) 36,43,48,56,100 com/unity3d/ads2/request/WebRequestResultReceiver.java, line(s) 27,43 com/unity3d/ads2/request/WebRequestThread.java, line(s) 30,114,128 com/unity3d/ads2/video/VideoPlayerView.java, line(s) 47,69,84,118,124,166,177,196 com/unity3d/ads2/webview/WebView.java, line(s) 80,28,106,110 com/unity3d/ads2/webview/WebViewApp.java, line(s) 88,94,114,143,264,269,305,107,136,179,218,234,242,248,277,280,283,298 com/unity3d/ads2/webview/bridge/Invocation.java, line(s) 44 com/unity3d/ads2/webview/bridge/NativeCallback.java, line(s) 39 com/unity3d/ads2/webview/bridge/WebViewBridge.java, line(s) 104 com/unity3d/ads2/webview/bridge/WebViewBridgeInterface.java, line(s) 11,30 com/unity3d/ads2/webview/bridge/WebViewCallback.java, line(s) 48 com/vk/sdk/VKCaptchaDialog.java, line(s) 42,44,48 com/vk/sdk/VKOpenAuthActivity.java, line(s) 49,72,140,143 com/vk/sdk/VKSdk.java, line(s) 93,103 com/vk/sdk/api/photo/VKUploadPhotoBase.java, line(s) 47,57,86,91,94,100 com/vk/sdk/api/photo/VKUploadWallPhotoRequest.java, line(s) 36,49 com/vk/sdk/util/VKUtil.java, line(s) 131,126 com/vungle/publisher/log/Logger.java, line(s) 113,117 com/vungle/publisher/st.java, line(s) 134 com/yandex/metrica/impl/bo.java, line(s) 38 com/yandex/metrica/impl/ob/en.java, line(s) 101,109,140,144,149,159 com/yandex/metrica/impl/ob/eu.java, line(s) 37 com/yandex/metrica/impl/ob/fh.java, line(s) 50,64,75,101,110,113 com/yandex/mobile/ads/g/a/m.java, line(s) 23,27,31,8,13,18 com/yandex/mobile/ads/n/b/b.java, line(s) 27,15,21 de/greenrobot/event/BackgroundPoster.java, line(s) 41 de/greenrobot/event/EventBus.java, line(s) 359,437,439,442,210,240 de/greenrobot/event/SubscriberMethodFinder.java, line(s) 67 de/greenrobot/event/util/AsyncExecutor.java, line(s) 98 de/greenrobot/event/util/ErrorDialogConfig.java, line(s) 34 de/greenrobot/event/util/ErrorDialogManager.java, line(s) 185 de/greenrobot/event/util/ExceptionToResourceMapping.java, line(s) 27 net/cleverbit/vkplugin/ActivityCaptchaDialog.java, line(s) 41,46,69,76 net/cleverbit/vkplugin/MainActivity.java, line(s) 89,97,103,107,110,114,122,151,171,177,196,268,274,282,293,299,320,337,343,360,364 net/cleverbit/vkplugin/MyUnityActivity.java, line(s) 85,113,138,146,147,153,160,171,177,186,206,218,248,252,262,269,284,324,330,349,370,375,382,387,403,411,433,451,459,467,477,483,493,497,437 org/fmod/FMODAudioDevice.java, line(s) 71 org/fmod/a.java, line(s) 82 org/nexage/sourcekit/mraid/MRAIDInterstitial.java, line(s) 36,49,57,66,91 org/nexage/sourcekit/mraid/MRAIDVideoAddendumInterstitial.java, line(s) 104,113,123,131,139,147,155,164,172,180,190,198,211,226,234,242,250,258,266,278 org/nexage/sourcekit/mraid/MRAIDVideoAddendumView.java, line(s) 223,229,235,246,281,294,309,362,413,436,443,450,457,464,471,479,486,493,500,507,514,521,528,535,558,561,579,586,587,588,592,610,611,615,635,638,650,737,751,766,776,823,906,912,917,924,949,950,951,952,1014,1016,1036,1113,1118,1126,1137,1147,1151,1173,1194,1197,1215,1239,1250,1279,1302,1334,1390,1399,1404,1407,1414,1432,1442,1471,1474,1479,1482,1487,1532,1542,1561,1567,1598,1605,1611,1621,1666,1674,837,977,996,1043,1074,216,1145,1619 org/nexage/sourcekit/mraid/MRAIDView.java, line(s) 155,161,167,178,213,226,233,252,314,354,392,395,413,420,421,422,426,444,445,449,469,472,484,574,588,603,613,661,742,748,753,762,787,788,789,790,852,854,874,951,956,964,975,982,992,996,1018,1039,1042,1056,1076,1087,1119,1145,1176,1232,1241,1246,1249,1256,1274,1284,1313,1316,1321,1324,1329,1381,1391,1410,1416,1453,1477,1484,1492,1502,1547,1555,148,675,815,834,881,912,145,284,286,990,1500 org/nexage/sourcekit/mraid/internal/MRAIDLog.java, line(s) 31,37,43,49,59,65,70,76,82,88,94 org/nexage/sourcekit/mraid/internal/MRAIDNativeFeatureManager.java, line(s) 24,30,36,42,48 org/nexage/sourcekit/mraid/internal/MRAIDParser.java, line(s) 39,54,58 org/nexage/sourcekit/mraid/nativefeature/MRAIDNativeFeatureProvider.java, line(s) 80,85,87,145,176,51,60,64,73,83 org/nexage/sourcekit/util/DefaultMediaPicker.java, line(s) 53,82,87,92,97,102,105,35 org/nexage/sourcekit/util/HttpTools.java, line(s) 22,36,13,46 org/nexage/sourcekit/util/NetworkTools.java, line(s) 11,15,20,25,28 org/nexage/sourcekit/util/VASTLog.java, line(s) 30,36,42,52,57,63,69 org/nexage/sourcekit/util/XmlTools.java, line(s) 39,49,56,69,82,100,51,76,94,112,29 org/nexage/sourcekit/vast/VASTPlayer.java, line(s) 175,187,243,256,303,370,162,236,249,262,284,333,95,97,214,373 org/nexage/sourcekit/vast/activity/VASTActivity.java, line(s) 157,163,169,194,294,306,316,317,318,319,320,331,355,365,686,688,731,764,765,790,810,818,950,953,1003,1046,1110,1118,1161,1170,1213,1241,1316,1334,1344,1361,1366,1368,1371,1384,1395,1401,1417,1424,1430,1433,1451,1456,1467,1481,796,1060,1072,1230,1289,1293,1322,1324,1475,680,758,785,801,803,979,982,985,988,695,1047,1066,1087,296,995 org/nexage/sourcekit/vast/activity/VPAIDActivity.java, line(s) 116,127,138,149,164,222,264,327,337,364 org/nexage/sourcekit/vast/model/Extensions.java, line(s) 67,411,195,203,488 org/nexage/sourcekit/vast/model/VASTCompanion.java, line(s) 34,78 org/nexage/sourcekit/vast/model/VASTModel.java, line(s) 65,82,85,87,101,104,108,130,162,230,251,258,277,282,334,356,391,421,76,123,155,169,177,203,220,224,245,271,315,350,381,413,427,375 org/nexage/sourcekit/vast/processor/VASTModelPostValidator.java, line(s) 14,31,43,45,51,56,22,37,61,41 org/nexage/sourcekit/vast/processor/VASTProcessor.java, line(s) 30,34,43,45,49,70,72,96,109,37,51,57,83,89,134,100 rx/internal/util/IndexedRingBuffer.java, line(s) 33 rx/internal/util/RxRingBuffer.java, line(s) 32 rx/plugins/RxJavaHooks.java, line(s) 205
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/amazon/android/l/b.java, line(s) 35,33,32,32 com/appodeal/ads/utils/f.java, line(s) 59,58,57,57 com/inmobi/commons/core/a/a.java, line(s) 64,67 com/yandex/metrica/impl/ob/fc.java, line(s) 22,21,20,20 com/yandex/metrica/impl/ob/fg.java, line(s) 52,47,50,50
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/appodeal/ads/az.java, line(s) 758,758,758,758,758 com/chartboost/sdk/Libraries/CBUtility.java, line(s) 113,121,117,121,121,121,121 com/yandex/metrica/impl/am.java, line(s) 23
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (pagead2.googlesyndication.com) 通信。
{'ip': '180.163.150.38', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (i.l.inmobicdn.net) 通信。
{'ip': '152.199.39.108', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.googletagmanager.com) 通信。
{'ip': '180.163.150.41', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (googleads.g.doubleclick.net) 通信。
{'ip': '180.163.151.38', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (bid.adx.yumimobi.com) 通信。
{'ip': '39.105.226.150', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}