安全分析报告:
安全分数
安全分数 40/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
3
用户/设备跟踪器
调研结果
高危
10
中危
27
信息
2
安全
2
关注
33
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危 域配置不安全地配置为允许明文流量到达范围内的这些域。
Scope: cmpassport.com 10010.com
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/alipay/android/phone/mobilecommon/rpc/AESEncrypt.java, line(s) 23,52 com/alipay/multimedia/utils/AESUtils.java, line(s) 30 com/alipay/xmedia/common/biz/utils/AESUtils.java, line(s) 281 com/sdk/q/a.java, line(s) 43,69 md/c.java, line(s) 29,78 og/b.java, line(s) 118 z4/a.java, line(s) 132
高危 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: oa/a.java, line(s) 172,22 wb/c1.java, line(s) 7,8,4
高危 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
fl/a.java, line(s) 25
高危 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: hd/c.java, line(s) 122,136,129 xd/b.java, line(s) 43
高危 使用弱加密算法
使用弱加密算法 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: dk/a.java, line(s) 69,80 fk/b.java, line(s) 11,22 w9/a.java, line(s) 21,42
高危 该文件是World Readable。任何应用程序都可以读取文件
该文件是World Readable。任何应用程序都可以读取文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: wb/e1.java, line(s) 18
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: py/C0430g.java, line(s) 307,16,17
高危 应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文
应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode Files: com/sand/qzf/paytypesdk/spinkit/animation/a.java, line(s) 17 com/xiaobai/model/p.java, line(s) 1595,1608
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Activity (com.xunyin.yinyou.home.mine.payment.PaymentActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.xunyin.yinyou.misc.floatball.service.FloatBallService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity设置了TaskAffinity属性
(com.daqu.cchong.wxapi.WXEntryActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity (com.daqu.cchong.wxapi.WXEntryActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.daqu.cchong.wxapi.WXPayEntryActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.tencent.tauth.AuthActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.bytedance.applog.collector.Collector) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.alipay.sdk.app.PayResultActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.alipay.sdk.app.AlipayResultActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.sand.sandbao.spsdock.broadcast.SpsPayBroadcastReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (androidx.test.core.app.InstrumentationActivityInvoker$BootstrapActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (androidx.test.core.app.InstrumentationActivityInvoker$EmptyActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (androidx.test.core.app.InstrumentationActivityInvoker$EmptyFloatingActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: ae/b.java, line(s) 129 com/alipay/android/phone/mobilesdk/apm/storage/PackageStats.java, line(s) 53 com/alipay/mobile/logmonitor/util/stacktrace/AnrTracer.java, line(s) 38 com/alipay/mobile/logmonitor/util/stacktrace/StackTracer.java, line(s) 37 com/alipay/mobile/logmonitor/util/storage/StorageTracer.java, line(s) 39 com/alipay/mobile/monitor/util/FileUtils.java, line(s) 124,265,552 com/alipay/xmedia/apmutils/cache/CacheDirUtils.java, line(s) 166 com/alipay/xmedia/apmutils/cache/DirUtils.java, line(s) 20,19,22 com/alipay/xmedia/capture/biz/audio/debug/OutputPCM.java, line(s) 73 com/alipay/xmedia/common/biz/utils/SDUtils.java, line(s) 112,126 com/alipay/xmedia/common/biz/utils/XFileUtils.java, line(s) 374 com/mpaas/ocradapter/biz/LocalModelManager.java, line(s) 81 com/mpaas/ocradapter/biz/utils/FileUtils.java, line(s) 124,153 com/xiaobai/rtc2/b0.java, line(s) 163,185 com/xiaobai/rtc2/g0.java, line(s) 642 com/yalantis/ucrop/util/FileUtils.java, line(s) 235 d40/h.java, line(s) 74,76 h9/f.java, line(s) 50,21,212,213,251 ig/c.java, line(s) 22,22 io/agora/rtm/internal/AgoraSysUtils.java, line(s) 19 io/agora/utils2/internal/CommonUtility.java, line(s) 516,516 li/h.java, line(s) 439,439 nd/c.java, line(s) 420,617,618 od/c.java, line(s) 12,24,28 om/a.java, line(s) 23,39,66 py/C0170h.java, line(s) 25 r7/j.java, line(s) 256 r7/x.java, line(s) 568 sg/u.java, line(s) 16,28 tech/sud/logger/LogUtils.java, line(s) 166,171,430 ud/a.java, line(s) 87 wb/b1.java, line(s) 12,45,72 wb/d0.java, line(s) 229,237,227,229,235 wv/b.java, line(s) 133
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: bl/a.java, line(s) 163 com/alipay/android/phone/mobilecommon/multimedia/utils/MD5Utils.java, line(s) 33 com/alipay/mobile/android/verify/sdk/q.java, line(s) 92 com/alipay/xmedia/common/biz/utils/MD5Utils.java, line(s) 104 com/xiaobai/model/p.java, line(s) 760 dc/q.java, line(s) 88 fj/l.java, line(s) 462 fk/e.java, line(s) 9 fvv/l1.java, line(s) 41 gw/g.java, line(s) 16 id/m.java, line(s) 370 li/h.java, line(s) 295 ng/j.java, line(s) 27 og/b.java, line(s) 21 on/a.java, line(s) 14 on/d.java, line(s) 11 on/i.java, line(s) 54 pf/b.java, line(s) 12 py/C0480a.java, line(s) 136 py/C0505u.java, line(s) 229 q9/c.java, line(s) 75 q9/d.java, line(s) 38 r9/b.java, line(s) 91 sg/r.java, line(s) 63 sk/o.java, line(s) 8 wb/f.java, line(s) 90
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/jg/ids/i/i.java, line(s) 145 com/sand/qzf/paytypesdk/spinkit/animation/a.java, line(s) 38 fl/a.java, line(s) 21 jg/f.java, line(s) 113 ld/a.java, line(s) 83 md/b.java, line(s) 11 md/c.java, line(s) 28,77 pk/d.java, line(s) 22 py/C0505u.java, line(s) 244 r10/b.java, line(s) 686 sk/g.java, line(s) 55,80
中危 IP地址泄露
IP地址泄露 Files: aa/n.java, line(s) 35,35 be/b.java, line(s) 80,89,68,93 bj/b.java, line(s) 11 bk/e.java, line(s) 13 cb/a.java, line(s) 77 com/mpaas/ocr/model/bankcard/api/OCRBankCardModelParams.java, line(s) 29 com/mpaas/ocr/model/bankframe/api/OCRBankFrameModelParams.java, line(s) 26 com/mpaas/ocr/model/idcard/api/OCRIdCardGuoHuiModelParams.java, line(s) 30 com/mpaas/ocr/model/idcard/api/OCRIdCardRenXiangModelParams.java, line(s) 30 com/mpaas/ocr/model/idcardframe/api/OCRIdCardGuoHuiFrameModelParams.java, line(s) 26 com/mpaas/ocr/model/idcardframe/api/OCRIdCardRenXiangFrameModelParams.java, line(s) 26 da/o.java, line(s) 86 db/a.java, line(s) 138 dc/f.java, line(s) 56 dk/a.java, line(s) 90 hg/b.java, line(s) 12 hg/c.java, line(s) 69 kg/a.java, line(s) 1049,1050,1077 ng/d.java, line(s) 416 ng/i.java, line(s) 135 ng/k.java, line(s) 184,187,210 ng/l.java, line(s) 189 ng/n.java, line(s) 47 og/q.java, line(s) 55,55,55 pk/f.java, line(s) 7,7,7,7 sg/i.java, line(s) 22 ta/f.java, line(s) 16,17
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: b10/e.java, line(s) 13 b10/i.java, line(s) 8 com/alipay/mobile/monitor/util/MonitorUtils.java, line(s) 23 com/alipay/multimedia/adjuster/utils/AliCdnUtils.java, line(s) 12 com/alipay/xmedia/cache/biz/diskcache/naming/MultiDirFileGenerator.java, line(s) 11 com/alipay/xmedia/common/biz/utils/CommonUtils.java, line(s) 7 com/alipay/xmedia/common/biz/utils/ThreadUtils.java, line(s) 4 com/ant/phone/xmedia/api/utils/TrackEvents.java, line(s) 7 com/sdk/q/a.java, line(s) 4 fvv/g0.java, line(s) 10 gk/h.java, line(s) 4 hd/c.java, line(s) 9 id/m.java, line(s) 41 io/agora/rtc2/internal/AudioFocusManager.java, line(s) 14 io/agora/rtc2/internal/SimpleMediaPlayerSource.java, line(s) 29 io/agora/rtc2/internal/SurfaceEglRendererHelper.java, line(s) 28 l00/d0.java, line(s) 12 n5/h.java, line(s) 10 py/C0505u.java, line(s) 29 qa/d.java, line(s) 8 r10/b.java, line(s) 15 r7/c.java, line(s) 20 r7/x.java, line(s) 17 ry/c0.java, line(s) 6 ry/x.java, line(s) 9 sz/a.java, line(s) 3 sz/b.java, line(s) 3 sz/c.java, line(s) 3 sz/d.java, line(s) 4 sz/e.java, line(s) 4 tk/f.java, line(s) 14 tz/a.java, line(s) 4 wb/d0.java, line(s) 29 wb/i1.java, line(s) 5 wb/q1.java, line(s) 3 xl/g.java, line(s) 6 xl/l.java, line(s) 7 xl/p.java, line(s) 6 zc/b.java, line(s) 19
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: bi/d.java, line(s) 5,123 bi/e.java, line(s) 5,6,19 com/alipay/xmedia/cache/biz/diskcache/persistence/DatabaseHelper.java, line(s) 4,5,25 com/alipay/xmedia/cache/biz/diskcache/persistence/FileCachePersistence.java, line(s) 5,65 ea/a.java, line(s) 5,40 ea/b.java, line(s) 4,5,20 ig/e.java, line(s) 6,219 ig/f.java, line(s) 4,41 io/agora/utils2/SqliteWrapper.java, line(s) 3,4,61 of/b.java, line(s) 7,8,329,330,184 uk/b.java, line(s) 6,7,85 vg/a.java, line(s) 6,7,72 vv/c.java, line(s) 6,80 vv/i.java, line(s) 6,7,24 y2/b.java, line(s) 6,7,8,9,10,84 za/a.java, line(s) 6,22 za/b.java, line(s) 4,5,21 za/c.java, line(s) 6,87
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: ah/OrderEntity.java, line(s) 313 com/alipay/android/phone/mobilecommon/multimedia/file/data/APCacheRecord.java, line(s) 37 com/alipay/android/phone/mobilecommon/multimedia/file/data/APFileReq.java, line(s) 10 com/alipay/android/phone/mobilecommon/multimedia/graphics/APImageUploadOption.java, line(s) 111 com/alipay/android/phone/mobilecommon/multimedia/graphics/data/BaseReq.java, line(s) 11,106 com/alipay/android/phone/mobilecommon/multimedia/video/data/VideoPlayParams.java, line(s) 22 com/alipay/mobile/monitor/spider/impl/a.java, line(s) 18 com/alipay/xmedia/apmutils/ConfigConstants.java, line(s) 27,14 com/alipay/xmedia/apmutils/config/DirConf.java, line(s) 9 com/alipay/xmedia/apmutils/config/DynamicConfig.java, line(s) 16 com/alipay/xmedia/apmutils/config/Net.java, line(s) 39,95 com/alipay/xmedia/apmutils/utils/DjangoConstant.java, line(s) 35 com/alipay/xmedia/cache/api/disk/model/FileCacheModel.java, line(s) 9,15,21,56 com/alipay/xmedia/capture/biz/audio/config/CaptureConf.java, line(s) 9 com/alipay/xmedia/common/basicmodule/configloader/loader/ConfigSwitchManager.java, line(s) 150,52,93 com/alipay/xmedia/common/basicmodule/configloader/loader/ConfigSwitchPool.java, line(s) 43 com/alipay/xmedia/common/basicmodule/configloader/loader/been/ConfigRegisterParams.java, line(s) 48 com/alipay/xmedia/common/biz/cloud/device/DeviceConfig.java, line(s) 37 com/alipay/xmedia/common/biz/cloud/device/DeviceConfigParser.java, line(s) 188 com/alipay/xmedia/common/biz/utils/PathUtils.java, line(s) 17 com/ant/phone/falcon/ar/render/cloudconfig/DeviceConfig.java, line(s) 26 com/ant/phone/falcon/arplatform/FalconTaskExecutor.java, line(s) 8 com/ant/phone/xmedia/config/DeviceConfig.java, line(s) 19 com/pay/paytypelibrary/utils/OrderInfo.java, line(s) 314 com/pay/paytypelibrary/utils/PayUtil.java, line(s) 119 com/xiaobai/rtc2/AccountSafeBean.java, line(s) 142 com/xiaobai/rtc2/LoginResponse.java, line(s) 788 com/xiaobai/rtc2/OrderThirdParty.java, line(s) 467 com/xiaobai/rtc2/QiNiuToken.java, line(s) 112 com/xiaobai/rtc2/d0.java, line(s) 3019 com/xiaobai/rtc2/g1.java, line(s) 1913,286,4284 com/xunyin/yinyou/room/chat/PublicChatFragment.java, line(s) 39 e5/c.java, line(s) 96,142 f6/b.java, line(s) 83 fl/b.java, line(s) 69 h7/a.java, line(s) 9 hj/a.java, line(s) 15 hj/b1.java, line(s) 30 hj/c1.java, line(s) 39 hj/d1.java, line(s) 151 hj/d5.java, line(s) 107 hj/f0.java, line(s) 35 hj/f5.java, line(s) 118 hj/g0.java, line(s) 50 hj/h.java, line(s) 37 hj/h0.java, line(s) 128 hj/h3.java, line(s) 20 hj/j0.java, line(s) 97 hj/j2.java, line(s) 53 hj/l.java, line(s) 28 hj/m5.java, line(s) 152 hj/n1.java, line(s) 47 hj/o1.java, line(s) 22 hj/o5.java, line(s) 42 hj/p0.java, line(s) 20 hj/p1.java, line(s) 29 hj/q0.java, line(s) 27 hj/q4.java, line(s) 107 hj/r2.java, line(s) 71 hj/s0.java, line(s) 45,83 hj/s4.java, line(s) 42 hj/t0.java, line(s) 131 hj/v1.java, line(s) 49 hj/v3.java, line(s) 59 hj/w1.java, line(s) 143 hj/y4.java, line(s) 34 hj/z2.java, line(s) 48 ie/h.java, line(s) 63 ij/a.java, line(s) 19 io/agora/meta/MetaUserInfo.java, line(s) 40 k2/p1.java, line(s) 357 kj/b.java, line(s) 126,126 kj/i.java, line(s) 82 le/d.java, line(s) 15 le/p.java, line(s) 88 le/x.java, line(s) 19 n7/d.java, line(s) 37,35 n9/c.java, line(s) 97 nr/b.java, line(s) 56 oa/d.java, line(s) 77,80 og/v.java, line(s) 174,138,150,162,127,96,106,117 p000do/d.java, line(s) 107 py/AbstractC0474a.java, line(s) 55,107,159,211,263,315 r5/f.java, line(s) 818,631,615 rb/a.java, line(s) 43 t4/b.java, line(s) 813,723,815,730 ut/Account.java, line(s) 135 v3/b.java, line(s) 12 v4/j.java, line(s) 16 wb/k1.java, line(s) 17 y3/f.java, line(s) 81 z3/a.java, line(s) 72,86 z4/e.java, line(s) 60 zo/a.java, line(s) 44
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/xunyin/yinyou/eidolon/EidolonFloatView.java, line(s) 97,99 py/C0430g.java, line(s) 293,289 py/C0844r0.java, line(s) 1494,1485 st/e.java, line(s) 674,676 tp/z.java, line(s) 326,170,320
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: gz/q.java, line(s) 134,160 hz/k1.java, line(s) 592,618,622,648 py/a3.java, line(s) 128 r5/f.java, line(s) 610,740,747,766 t20/j.java, line(s) 33,49 w6/h.java, line(s) 120 w6/i.java, line(s) 109
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/chuanglan/shanyan_sdk/view/CTCCPrivacyProtocolActivity.java, line(s) 105,107 com/xunyin/yinyou/eidolon/EidolonFloatView.java, line(s) 102,99 st/e.java, line(s) 679,676
中危 应用程序包含隐私跟踪程序
此应用程序有多个3隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 百度统计的=> "BaiduMobAd_STAT_ID" : "a1639d5ec0" 凭证信息=> "WECHATAPPID" : "wx4e6ac090b02ea858" 凭证信息=> "setting.logging.encryption.pubkey" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpffOiYcozIfgIiaOPWsmfktv7Sl/9Af3mIgYz7vkTXoGq4iMN+t5BLV6KjddVEI/9oLtAYV8qx7FhFrUoi3smcYfX35ETPUiHi1gLizeXKVSRYhIm2kiDF5lGfDgcS7uJZvmKjbdYy/RphnH+WQvQyeEH+4rjYSkdhIRE2W52BwIDAQAB" 凭证信息=> "QQAPPID" : "102068679" MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgdQaZgBcrXGxxD6F1TVVXAzvbB3xpoyk2AFMNj4vOcDWZoH1b3Mx5aVcEd0BZPZR6Icb8yi8ecMUVChGCRe20O8EQWLh1aCwR8JazNL+koD3Tn6TIwVwjVEQWy9w6DeXxMtQuFBL/jAChJcU7aDwMsSD1jYpdET37aB4p8Lvn2QIDAQAB b3f3fbbf-ac1b-411f-a830-f135ea6f5683 3660b379dc9c1c5dc3afddaa88cbcbea 4a9e983eac4d8f05d6b59d73ce78c67a f4tBHbzFQWeBSUxw2laZ1gAAACMAAQED 75e0187f67281382100b9e81057e2df0 0386896a3155b50ca86f8e7a5d6f7af2 edb42aa528819abebcd153c7ebdf60bb b7743119f3b53930606d342105bf928d 50fdaa3ef5f81cd4bb984f2b804a56c5 300516c70821fb7794675788c84aaa9a 80958b631d811f10503d548b00aa9951 71ac99492bd01dadfd5391a900f57d37 4777223e5cc4eff8aff176a0bf9f03e3 61b94189c735ae384dd136ae4d8e0be2 8ae34dba26951ae65f9d0a0559debc10 f8f80d3871badf9508c7a2d6cfcb31f2 06f56df8843cc5a283c69841d5cc1663 aa8130e0-66fc-11e0-bad0-0002a5d5c51b 77b010df0bbc343f800353c3e617f168 8776b2061fa52bf88a19039e43b453c0 bb392ec0-8d4d-11e0-a896-0002a5d5c51b aHR0cHM6Ly9tb2JpbGVndy50ZXN0LmFsaXBheS5uZXQvbWd3Lmh0bQ== 279cb53cdc1e3e3f6ce9de2d6f29b378 50e2a5beb88d61152e76d4a69a0443a0 51dd783782dfdfba18eb29014ae3d6c3 npD6CFRNtN1DVvpw+H4tNkF5yB1TwAUlbNNhSuc7hi4YpttiZlSqEnl8UlX+9OWOi 4fde259279bec9d8d012ecc200e039bd bW9iaWxlZ3ctMS02NC50ZXN0LmFsaXBheS5uZXQ= 53e30b7d1de26629170dfe2ff82272b8 efe18913246663006e71b97c7f6b8f5d 11b476453a3491af55615b7bcd268a5d e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 1d12a87cbee567f5764efeea2bc240dc 0846ea8b62e145c1a25bbffd490f2901 0fd2883dc4033c0dfe50e3fd9a6770e5 0550fa93143b0bb01c512435af4b6e3c e6b1bdcb890370f2f2419fe06d0fdf7628ad0083d52da1ecfe991164711bbf9297e75353de96f1740695d07610567b1240549af9cbd87d06919ac31c859ad37ab6907c311b4756e1e208775989a4f691bff4bbbc58174d2a96b1d0d970a05114d7ee57dfc33b1bafaf6e0d820e838427018b6435f903df04ba7fd34d73f843df9434b164e0220baabb10c8978c3f4c6b7da79d8220a968356d15090dea07df9606f665cbec14d218dd3d691cce2866a58840971b6a57b76af88b1a65fdffd2c080281a6ab20be5879e0330eb7ff70871ce684e7174ada5dc3159c461375a0796b17ce7beca83cf34f65976d237aee993db48d34a4e344f4d8b7e99119168bdd7 abc1516a54e54c53bb8e6550a6a5e37b 378ee04c16891a9016931fdda9bedabd c06c8400-8e06-11e0-9cb6-0002a5d5c51b 3d6d0fcf047a04ea632945475510d514 6b7ea12a73971d8603ce14ceebd1b336 e7c82f6397e3231c8edd687c5a13e61b 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 WPrD10rJMqYYOcwOPVd0TFlEMH4CzLE8 b6cbad6cbd5ed0d209afc69ad3b7a617efaae9b3c47eabe0be42d924936fa78c8001b1fd74b079e5ff9690061dacfa4768e981a526b9ca77156ca36251cf2f906d105481374998a7e6e6e18f75ca98b8ed2eaf86ff402c874cca0a263053f22237858206867d210020daa38c48b20cc9dfd82b44a51aeb5db459b22794e2d649 MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIxHA9yAi16YbRRJqi+UB5jhbb 0c56cdc0aa00f25b2f83c01132aea779 726164c51f176201a4d60bbe22542ef9 bf55eb46d866f04e98c2da2e4984b015
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a0/c0.java, line(s) 45,54,68,77 a0/h5.java, line(s) 175,183,253,266,272,323,350,360,174,182,252,265,271,322,349,359,214,275,317,341 a0/q0.java, line(s) 75 a0/r.java, line(s) 95,199 a0/s6.java, line(s) 418,431,445 a0/t4.java, line(s) 73,76,123,165,207,221,225 a0/u6.java, line(s) 119 a1/u0.java, line(s) 459 a2/b.java, line(s) 56,71,79,87,226,236,365,401,407,424,451,63 a3/b.java, line(s) 87 ae/b.java, line(s) 51,62,120,150,161 af/d.java, line(s) 22,29,40,45,21,28,33,39,44,34 ar/a.java, line(s) 37,43,46,60 ar/b.java, line(s) 25,28,43 ar/c.java, line(s) 33,44,45,60,72,92,114,125 ar/d.java, line(s) 39 ar/e.java, line(s) 33,47 ar/f.java, line(s) 73 b2/d.java, line(s) 91 be/c.java, line(s) 77 bh/c.java, line(s) 141 bitter/jnibridge/JNIBridge.java, line(s) 76 bl/a.java, line(s) 59,67 br/f.java, line(s) 82,95,98 c0/a1.java, line(s) 44 c0/d.java, line(s) 391 c0/v0.java, line(s) 92,102 c1/i.java, line(s) 277 cf/j.java, line(s) 615,93,173,560 ch/a.java, line(s) 92 com/alipay/android/phone/mobilecommon/multimedia/utils/Base64Utils.java, line(s) 38 com/alipay/android/phone/mobilecommon/multimedia/widget/SightCameraView.java, line(s) 262,266 com/alipay/android/phone/mobilecommon/multimedia/widget/SightVideoPlayView.java, line(s) 344,363,83,89,92 com/alipay/android/phone/mobilecommon/multimedia/widget/VideoPlayView.java, line(s) 254,264 com/alipay/android/phone/mobilecommon/rpc/AESEncrypt.java, line(s) 47 com/alipay/android/phone/mobilesdk/apm/postlaunch/HomePageRenderWatcher.java, line(s) 44 com/alipay/android/phone/mobilesdk/apm/storage/UserEnvironment.java, line(s) 67,93,126 com/alipay/android/phone/mobilesdk/monitor/MonitorContextImpl.java, line(s) 77 com/alipay/mobile/android/verify/bridge/BridgeWebView.java, line(s) 34 com/alipay/mobile/android/verify/sdk/ServiceFactory.java, line(s) 37 com/alipay/mobile/android/verify/sdk/n.java, line(s) 246 com/alipay/mobile/logmonitor/analysis/ClassToBundleHandler.java, line(s) 95,108 com/alipay/mobile/logmonitor/analysis/power/PowerDegradeManager.java, line(s) 125 com/alipay/mobile/logmonitor/analysis/power/PowerUsageInfo.java, line(s) 83,91,122 com/alipay/mobile/logmonitor/util/upload/UploadConstants.java, line(s) 22 com/alipay/mobile/monitor/analysis/power/TrafficConsumeInfo.java, line(s) 206 com/alipay/mobile/monitor/api/MonitorFactory.java, line(s) 269 com/alipay/mobile/monitor/util/FileUtils.java, line(s) 134,151,247,271,308,453,554,571,588,666,669,478 com/alipay/mobile/monitor/util/MonitorUtils.java, line(s) 291,295,332 com/alipay/mobile/monitor/util/NetUtils.java, line(s) 34,55,68 com/alipay/multimedia/gles/EglCore.java, line(s) 39,54,116,142,189 com/alipay/multimedia/gles/EglCore10.java, line(s) 74,118,133,157,205 com/alipay/multimedia/gles/EglSurfaceBase.java, line(s) 75,92,233,241,250,273,318,330,73,116,124,130,137,230,311 com/alipay/multimedia/gles/EglSurfaceBase10.java, line(s) 98,118 com/alipay/multimedia/gles/GlFrameBuffer.java, line(s) 35 com/alipay/multimedia/gles/GlUtil.java, line(s) 128,129,130,139,152,162,163,178,181 com/alipay/multimedia/gles/Texture2dProgram.java, line(s) 140,372,449,511 com/alipay/multimedia/gles/YUVConverter.java, line(s) 165,183,192,331,84,255,260,278,288,292 com/alipay/multimedia/img/utils/ApngUtils.java, line(s) 69 com/alipay/multimedia/io/IOUtils.java, line(s) 44 com/alipay/multimedia/utils/AESUtils.java, line(s) 18,34,37,40,43,52 com/alipay/tianyan/mobilesdk/TianyanFactory.java, line(s) 42 com/alipay/xmedia/common/basicmodule/configloader/config/APMConfigBean.java, line(s) 48 com/alipay/xmedia/common/biz/log/Log.java, line(s) 30,17,75,39,48,57,66 com/alipay/xmedia/common/biz/log/Logger.java, line(s) 141,67,69,121,128,148 com/alipay/xmedia/common/biz/utils/AppUtils.java, line(s) 360 com/alipay/xmedia/task/schedule/TaskScheduler.java, line(s) 99 com/ant/multimedia/encode/AndroidEncoder.java, line(s) 44,61,40 com/ant/multimedia/encode/AndroidMuxer.java, line(s) 51,65,72,78,103,108,117,123,131,146,149,56,63,136 com/ant/multimedia/encode/BaseMicEncoder.java, line(s) 53 com/ant/multimedia/encode/MicrophoneEncoder.java, line(s) 158,93,139,154,196,200,211,45,46,61,63,66,84,109,111,124,126,204,72 com/ant/multimedia/encode/VideoEncoderCore.java, line(s) 42,44 com/ant/phone/falcon/util/DeviceHWInfo.java, line(s) 133,140,146,152,161 com/ant/phone/imu/math/MathUtils.java, line(s) 208 com/ant/phone/imu/sensor/DeviceSensorLooper.java, line(s) 71,67,69 com/bun/miitmdid/core/MdidSdkHelper.java, line(s) 61,67 com/bun/miitmdid/core/Utils.java, line(s) 79,82,40,46,51 com/daqu/cchong/wxapi/WXEntryActivity.java, line(s) 38,73 com/mpaas/ocr/widget/CameraView.java, line(s) 149,180,289,300,65,215,277 com/pay/paytypelibrary/utils/PayUtil.java, line(s) 126 com/sand/cashier/StartPay.java, line(s) 25,46 com/sand/qzf/paytypesdk/activity/SandWebActivity.java, line(s) 288 com/sand/qzf/paytypesdk/base/PayTypeSdk.java, line(s) 167,184 com/sand/sandbao/spsdock/broadcast/SpsPayBroadcastReceiver.java, line(s) 20,21,22,28 com/sdk/a/e.java, line(s) 102 com/sdk/i/a.java, line(s) 43,49 com/sdk/mobile/manager/login/cucc/UiOauthManager.java, line(s) 28,32,33,39,40,41,42 com/sdk/n/a.java, line(s) 12,26,40 com/xiaobai/initialization/DelayInitializer.java, line(s) 64 com/xiaobai/initialization/PreInitializer.java, line(s) 39 com/xiaobai/model/p.java, line(s) 361,838,839,1168,810 com/xiaobai/model/r0.java, line(s) 1646 com/xiaobai/rtc2/CinemaModel.java, line(s) 2251,2347,2370,2078,2291 com/xiaobai/rtc2/b0.java, line(s) 164,167 com/xunyin/yinyou/common/recycler/SafeLinearLayoutManager.java, line(s) 24 com/xunyin/yinyou/common/view/CircularProgress.java, line(s) 550,624,647 com/xunyin/yinyou/home/hall/item/MyBanner.java, line(s) 79 com/xunyin/yinyou/home/mine/viewmodel/MyMomentViewModel.java, line(s) 93 com/xunyin/yinyou/home/moment/interaction/InteractionViewModel.java, line(s) 212 com/xunyin/yinyou/home/moment/video/BaseVideoPlayerView.java, line(s) 331 com/xunyin/yinyou/home/moment/viewmodel/MyFollowMomentViewModel.java, line(s) 82 com/xunyin/yinyou/home/moment/viewmodel/NewsMomentViewModel.java, line(s) 121 com/xunyin/yinyou/home/moment/viewmodel/TopicMomentViewModel.java, line(s) 88 com/xunyin/yinyou/home/moment/viewmodel/TopicRecommendMomentViewModel.java, line(s) 88 com/xunyin/yinyou/misc/lifecycle/LifecycleBoundObserver.java, line(s) 98 com/xunyin/yinyou/room/detail/RoomDetailFragment.java, line(s) 389 com/xunyin/yinyou/room/entertainment/ChannelActivity.java, line(s) 820,1000 com/xunyin/yinyou/room/entertainment/RoomFragment.java, line(s) 1126,1412,1421,1920,1942 com/xunyin/yinyou/room/present/PresentPanelFragment.java, line(s) 1090 com/xunyin/yinyou/room/softKeyboard/InputFragment.java, line(s) 468 com/xunyin/yinyou/room/template/bottomBar/BottomBarFragment.java, line(s) 223,550,556,1019 com/xunyin/yinyou/user/UserDetailActivity.java, line(s) 535,540,945 com/xunyin/yinyou/user/invite/viewmodel/InviteViewModel.java, line(s) 417,421,437,441 com/xunyin/yinyou/user/viewmodel/UserMomentViewModel.java, line(s) 88 com/yalantis/ucrop/UCropActivity.java, line(s) 684 com/yalantis/ucrop/task/BitmapCropTask.java, line(s) 156,118 com/yalantis/ucrop/task/BitmapLoadTask.java, line(s) 40,95,98,106,144,147 com/yalantis/ucrop/util/BitmapLoadUtils.java, line(s) 224,72,93,189,191 com/yalantis/ucrop/util/EglUtils.java, line(s) 74 com/yalantis/ucrop/util/FileUtils.java, line(s) 243 com/yalantis/ucrop/util/ImageHeaderParser.java, line(s) 100,135,143,196,206,219,228,235,248,261,268,275,291,307,311,316,325,328,333,348,359,366,373,134,142,195,205,218,227,234,290,306,310,315,324,327,332 com/yalantis/ucrop/view/TransformImageView.java, line(s) 132,274,250,206 com/ycuwq/datepicker/date/DayPicker.java, line(s) 108 d0/s1.java, line(s) 101 d2/a.java, line(s) 176,181,188,192,208,239 d30/m.java, line(s) 18,44,45 d40/b.java, line(s) 51,65,91,105,109 d40/g.java, line(s) 471,470 d40/h.java, line(s) 25 dc/b.java, line(s) 21 dc/k.java, line(s) 33,51,58,63 dc/n.java, line(s) 22,34,94 de/c.java, line(s) 284 df/f.java, line(s) 81,144,145,82 df/r.java, line(s) 80,143,144,81 dn/r.java, line(s) 424,356,319,351,428,503,568 dn/w.java, line(s) 20 e0/c.java, line(s) 97 e0/d.java, line(s) 102 e0/i.java, line(s) 145,154,377 e40/i.java, line(s) 167,231,168,232 eh/a.java, line(s) 46 ew/a.java, line(s) 17,40,30,53,21,44,13,36,25,48 ex/b.java, line(s) 207 ff/b.java, line(s) 37 fh/g.java, line(s) 153,272 fl/l.java, line(s) 32,37,7,17,25 fn/a.java, line(s) 238,289,366,376,384,394 fvv/a3.java, line(s) 169,172,175 fvv/b1.java, line(s) 42 fvv/c1.java, line(s) 56 fvv/c3.java, line(s) 552,556,562,566,574,577 fvv/i.java, line(s) 48,177,184,161,172,188,197,200,522 fvv/k0.java, line(s) 51 fvv/l2.java, line(s) 37 fvv/n0.java, line(s) 87,92,98 fvv/o1.java, line(s) 60 fvv/v1.java, line(s) 103 g1/b.java, line(s) 100,140,157 g1/c.java, line(s) 138,158 g1/e.java, line(s) 153 ge/b.java, line(s) 587 gf/c.java, line(s) 60,59 gz/d.java, line(s) 14,19,24,29,34,39,44,49,54,59,64,69,74,79,84,89,94,99,104,136,142 h0/d2.java, line(s) 455,460 h0/l3.java, line(s) 165,168 h0/m3.java, line(s) 150 h0/n3.java, line(s) 48 h0/o2.java, line(s) 106 h0/o3.java, line(s) 85 h0/p2.java, line(s) 77,92 h0/p3.java, line(s) 60 h0/u2.java, line(s) 211,181 h00/b.java, line(s) 91 h10/g.java, line(s) 12,17 h3/k.java, line(s) 78,87,185 he/d.java, line(s) 194,275,193,274 he/f.java, line(s) 70,95,113,69,94,112,369,378 hf/a.java, line(s) 48,49 i0/c0.java, line(s) 57,70 i0/d.java, line(s) 216,225,242,252 i0/y.java, line(s) 52,61 i9/e.java, line(s) 20,24,28,46,86,72,77,91,64 io/agora/base/internal/video/EglRenderer.java, line(s) 222 io/agora/rtc2/internal/RtcEngineImpl.java, line(s) 3044,1055 io/agora/utils2/NetUtil.java, line(s) 18,29,39 io/agora/utils2/internal/CommonUtility.java, line(s) 457,891,1142,1222,1233,1260,1277,915 io/agora/utils2/internal/RtcSystemEventListener.java, line(s) 54 java2jni_do_not_delete_this/java2jni_do_not_delete_this_library_APSE_1J.java, line(s) 14 java2jni_do_not_delete_this/java2jni_do_not_delete_this_library_zkfv_1tj.java, line(s) 14 je/b.java, line(s) 49,48 je/j.java, line(s) 147,175,146,150,156,163,174,160,164 je/l.java, line(s) 50,49 jf/d.java, line(s) 16,11 jh/i.java, line(s) 214 jn/j.java, line(s) 258 jr/c.java, line(s) 212 jv/d.java, line(s) 340,664,673,1040 k/g.java, line(s) 184,236,296 k10/b.java, line(s) 52 k2/f0.java, line(s) 260 ke/c.java, line(s) 121,120 ke/e.java, line(s) 63,62 kf/i.java, line(s) 47 kn/c.java, line(s) 61 kx/d.java, line(s) 114 l1/a.java, line(s) 854,1516,1603,1709,1916,1919,2029,2216,2222,2228,2234,2365,2432,2470,2475,2481,2567,2940,2985,3148,3164,3261,3321,3371,3481,3534,3554,3567,3658,3665,636,2263,2272,2446,2498,2501,2633,2775,2785,3233,3255,3271,3279,3730,3835 l1/b.java, line(s) 123 le/h.java, line(s) 462,305,320,461,437 le/i.java, line(s) 48,49 le/k.java, line(s) 27,154 le/q.java, line(s) 233 le/z.java, line(s) 109,110 ln/e.java, line(s) 71,161,56,75,104,117,165,233,248,143,147 ls/d.java, line(s) 78 m00/d.java, line(s) 747 ma/e.java, line(s) 106 me/j.java, line(s) 190,254,191,255 me/k.java, line(s) 100,109,194,233,99,108,138,145,193,203,222,232,260,139,146,165,204,223 mf/b.java, line(s) 62,63 ml/b.java, line(s) 130,140 mq/a0.java, line(s) 590 mq/e0.java, line(s) 167 mt/e.java, line(s) 164,250,276 n2/c.java, line(s) 152,454,465 ne/e.java, line(s) 30,67,76,86,100,106,77,101,31,68,89,107 ne/l.java, line(s) 218,197 ny/a.java, line(s) 120 ny/c.java, line(s) 9 oe/a.java, line(s) 99,98 oe/b.java, line(s) 40,39 og/n.java, line(s) 29,47,35,23,41 ol/a.java, line(s) 33,71 om/c.java, line(s) 77,109,128,154,160,161,162,163,164 on/b.java, line(s) 277,491,704,225,230,235,249,326,345,353,364,382,440,446,451,462,497,576,281 on/d.java, line(s) 17 on/i.java, line(s) 61 op/a.java, line(s) 101 org/fmod/FMODAudioDevice.java, line(s) 73 org/fmod/a.java, line(s) 77 org/greenrobot/eventbus/util/ErrorDialogManager.java, line(s) 167 oy/b.java, line(s) 59,102,123 p/a.java, line(s) 130,134 p000do/a.java, line(s) 35,39 p000do/b.java, line(s) 22,31 p000do/p001do/p002do/j.java, line(s) 88 pe/a.java, line(s) 87,86 pf/i.java, line(s) 11,16,24,28,20 pt/C0305h.java, line(s) 987 px/d.java, line(s) 65 px/e.java, line(s) 94,111,126,132,150,172,236,248,292,306,315 px/f.java, line(s) 9 py/AbstractC0219b.java, line(s) 78 py/AbstractC0855v.java, line(s) 1751 py/C0143a.java, line(s) 177 py/C0178l.java, line(s) 55,59,63,86,90,94 py/C0184n0.java, line(s) 77,90,102,113,126 py/C0262j2.java, line(s) 1721,2410,2512,2121,2128,2130,2132,2357,2681,1720 py/C0278n0.java, line(s) 55,64 py/C0301e.java, line(s) 88,120,69,95,136 py/C0314w0.java, line(s) 196,269 py/C0412y0.java, line(s) 925 py/C0417a.java, line(s) 88,92,99,722,814,897 py/C0480a.java, line(s) 337,412,429,76,89,102,191,236,355,394,184,188,146 py/C0489e.java, line(s) 173,67,177,182,187 py/C0510e.java, line(s) 159,168,316,485,497,550,562,569,575,582 py/C0513b.java, line(s) 126,323,351,540 py/C0813h0.java, line(s) 290 py/C0854u1.java, line(s) 502,688,694,703,713 py/C0912i2.java, line(s) 749,305,740 py/C1031a.java, line(s) 74 py/C1113h.java, line(s) 270,275,280,286,291 py/C1134h.java, line(s) 107 py/a3.java, line(s) 201,204,209 py/b.java, line(s) 240,401,228 py/e4.java, line(s) 68,79 py/l4.java, line(s) 88,130,144,157,173,182,191 py/q5.java, line(s) 306,478,106,118,125,134,55,75,469 py/u2.java, line(s) 442 qe/c.java, line(s) 19,18 qe/d.java, line(s) 43,42 qe/f.java, line(s) 82,81 qe/s.java, line(s) 99,100 qe/t.java, line(s) 32,31 r/c.java, line(s) 186 r/h.java, line(s) 175,188,189,191,194,198,203,209,213,217,220 r30/g.java, line(s) 229 r30/m.java, line(s) 153 rm/a.java, line(s) 38,34,36,44 s/c.java, line(s) 132,144,36,42,47,54,57,63,75,80,85,156 s/d.java, line(s) 368 s/f.java, line(s) 104 s/h.java, line(s) 183,334,504 s/i.java, line(s) 313,315 s/j.java, line(s) 43,98 s/k.java, line(s) 134,139,358 s/m.java, line(s) 107 s/n.java, line(s) 123 s/o.java, line(s) 395,399,403 s/p.java, line(s) 1051 s/t.java, line(s) 131,133 s/u.java, line(s) 187,189,399 se/j.java, line(s) 81,82 sg/h.java, line(s) 32,39,47,57,67 sk/n.java, line(s) 167,169,152,154,162,164,172,174,157,159 ss/c.java, line(s) 411 ss/d.java, line(s) 96,116 ss/n.java, line(s) 174 ss/o.java, line(s) 133 ss/t.java, line(s) 146,182 t/a.java, line(s) 262,266,269 t/e.java, line(s) 304,759,938,949,1023 t/j.java, line(s) 59,171,175,178 t2/b.java, line(s) 98 t2/g.java, line(s) 58 te/c0.java, line(s) 41,42 te/f.java, line(s) 18,19 te/m0.java, line(s) 244,243,292,297,338,347,354,293,298,339,348,355,356,357,361 te/p.java, line(s) 163,184,188,193,202,205,210,232,239,383,393,406,415,423,162,183,187,192,201,204,209,231,238,382,392,405,414,422 te/q0.java, line(s) 193,192 te/w.java, line(s) 276,345,265,275,344,435,467,266,309,436 te/x.java, line(s) 24,30,25,31 tech/sud/logger/LogUtils.java, line(s) 124,302 tx/a.java, line(s) 29 uj/c.java, line(s) 46,51,56 um/a.java, line(s) 52,41,63,49,55,46 un/b.java, line(s) 309 uo/e.java, line(s) 239 uo/t0.java, line(s) 152 v3/c.java, line(s) 187,192,195,222,233,248,275,304 v30/c.java, line(s) 328 vn/b.java, line(s) 330,318 vt/b.java, line(s) 42,56,66 w/f.java, line(s) 441 w8/b.java, line(s) 23,28,57,62,72,9,38,47,52,67,77 w9/a.java, line(s) 34,53 w9/b.java, line(s) 32 wb/k.java, line(s) 84,119 wb/w.java, line(s) 33,51,58,63 wv/b.java, line(s) 71 x/e.java, line(s) 544 x00/e.java, line(s) 62,101,103 x2/i.java, line(s) 50,40,44 x9/c.java, line(s) 10,16,22,28,34,40,46,52,58,64 xe/a.java, line(s) 80,85,90,123,81,86,91,124 xe/d.java, line(s) 25,26 xe/j.java, line(s) 34,35 xnn/XNNBehavor.java, line(s) 52,59 xnn/XNNLoader.java, line(s) 22 xnn/XNNWrapper.java, line(s) 119,123,131,139,157,278,292,117,129,150,152,194,248,274,295,301 xnn/xdatadriven/database/DatabaseHelper.java, line(s) 58,69,56,67 xnn/xdatadriven/database/Recorder.java, line(s) 71 xs/u.java, line(s) 247 xt/c.java, line(s) 36 yy/n.java, line(s) 37 z2/c.java, line(s) 14,18,22 ze/e.java, line(s) 34,33,65,81,66,82 ze/f.java, line(s) 28,22 ze/l.java, line(s) 172,173,187 ze/n.java, line(s) 106,107 ze/o.java, line(s) 142,149,143,150 zn/c.java, line(s) 43,61,64,70 zq/k.java, line(s) 262 zv/c.java, line(s) 24
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: bt/u.java, line(s) 4,44,40 com/xunyin/yinyou/home/mine/MyTabFragment.java, line(s) 5,231,227 com/xunyin/yinyou/user/UserDetailActivity.java, line(s) 5,182,178 py/C0540p.java, line(s) 5,72,151,66,145 tp/k.java, line(s) 4,164,158
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/alipay/mobile/monitor/util/MonitorUtils.java, line(s) 28,28,28,28,342,343 gd/b.java, line(s) 31,31,31,31,31,31
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/xiaobai/rtc2/e1.java, line(s) 275,272 fj/j.java, line(s) 283,287,208,284,284 sb/d.java, line(s) 74,73,72,72 sb/g.java, line(s) 131,93,129,129 sg/k.java, line(s) 132,129,134 w00/f.java, line(s) 116,114,113 w00/g.java, line(s) 181,165,191,178,178,180 w00/l.java, line(s) 128,126,125,125 w00/m.java, line(s) 319,284,316,316 xm/f.java, line(s) 161,161
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (dev-fqs.sud.ltd) 通信。
{'ip': '58.222.38.254', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (fqs.sudden.ltd) 通信。
{'ip': '49.79.224.119', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '台州', 'latitude': '28.666668', 'longitude': '121.349998'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (pay.yinyou.live) 通信。
{'ip': '120.77.35.153', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '深圳', 'latitude': '22.545673', 'longitude': '114.068108'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (html-web.yinyou.live) 通信。
{'ip': '49.79.224.119', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '深圳', 'latitude': '22.545673', 'longitude': '114.068108'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (sysdk.cl2009.com) 通信。
{'ip': '49.79.224.119', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (cashapi.sandpay.com.cn) 通信。
{'ip': '203.107.86.172', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.yinyou.live) 通信。
{'ip': '120.77.35.153', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '深圳', 'latitude': '22.545673', 'longitude': '114.068108'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (ymi.yinyou.live) 通信。
{'ip': '120.25.215.227', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '深圳', 'latitude': '22.545673', 'longitude': '114.068108'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (wap.cmpassport.com) 通信。
{'ip': '112.33.111.233', 'country_short': 'CN', 'country_long': '中国', 'region': '安徽', 'city': '合肥', 'latitude': '31.863815', 'longitude': '117.280830'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (pay.lsmnq.com) 通信。
{'ip': '156.250.89.153', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (tfs.alipayobjects.com) 通信。
{'ip': '49.79.224.119', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '南通', 'latitude': '32.030296', 'longitude': '120.874779'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (sandcash.mixienet.com.cn) 通信。
{'ip': '203.107.86.172', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api.whdaqu.com) 通信。
{'ip': '120.78.166.21', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '深圳', 'latitude': '22.545673', 'longitude': '114.068108'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (fqs.sud.ltd) 通信。
{'ip': '58.222.36.81', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (sy.cl2009.com) 通信。
{'ip': '47.101.5.82', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (wx.tenpay.com) 通信。
{'ip': '101.226.137.106', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (mobilegw.alipaydev.com) 通信。
{'ip': '110.75.132.131', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (fat-fqs.sudden.ltd) 通信。
{'ip': '58.216.107.45', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '常州', 'latitude': '31.783331', 'longitude': '119.966667'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (test-ymapi.yinyou.live) 通信。
{'ip': '120.77.35.153', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '深圳', 'latitude': '22.545673', 'longitude': '114.068108'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (sdb.sandpay.com.cn) 通信。
{'ip': '203.107.86.172', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (mdn.alipayobjects.com) 通信。
{'ip': '61.160.227.120', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '常州', 'latitude': '31.783331', 'longitude': '119.966667'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (e.189.cn) 通信。
{'ip': '42.123.76.65', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (dev-fqs.sudden.ltd) 通信。
{'ip': '58.222.38.254', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (web.whdaqu.com) 通信。
{'ip': '120.78.166.21', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '深圳', 'latitude': '22.545673', 'longitude': '114.068108'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (web.zhijiat.com) 通信。
{'ip': '120.77.17.95', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '深圳', 'latitude': '22.545673', 'longitude': '114.068108'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (res.yinyou.live) 通信。
{'ip': '58.216.23.53', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '常州', 'latitude': '31.783331', 'longitude': '119.966667'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (gw.alipayobjects.com) 通信。
{'ip': '58.221.32.250', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '南通', 'latitude': '32.030296', 'longitude': '120.874779'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (test-api.yinyou.live) 通信。
{'ip': '120.77.35.153', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '深圳', 'latitude': '22.545673', 'longitude': '114.068108'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (sim-fqs.sudden.ltd) 通信。
{'ip': '61.160.209.103', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '常州', 'latitude': '31.783331', 'longitude': '119.966667'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (fat-fqs.sud.ltd) 通信。
{'ip': '58.216.4.209', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '常州', 'latitude': '31.783331', 'longitude': '119.966667'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (h5.m.taobao.com) 通信。
{'ip': '221.228.217.214', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '无锡', 'latitude': '31.569349', 'longitude': '120.288788'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (auth.wosms.cn) 通信。
{'ip': '124.64.196.27', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.qiniu.com) 通信。
{'ip': '58.215.157.227', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '无锡', 'latitude': '31.569349', 'longitude': '120.288788'}