安全分析报告:
安全分数
安全分数 41/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
25
用户/设备跟踪器
调研结果
高危
11
中危
33
信息
1
安全
2
关注
5
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危 域配置不安全地配置为允许明文流量到达范围内的这些域。
Scope: 127.0.0.1
高危 Activity (com.appsgeyser.multiTabApp.MainNavigationActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.appsgeyser.multiTabApp.VideoPlayerActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.google.android.play.core.missingsplits.PlayCoreMissingSplitsActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/applovin/impl/adview/b.java, line(s) 489,14 com/appnext/banners/g.java, line(s) 143,13,14 com/appnext/core/result/ResultPageActivity.java, line(s) 290,14,15 com/appnext/core/webview/AppnextWebView.java, line(s) 210,9,10 com/appsgeyser/sdk/push/MessageViewer.java, line(s) 57,16 com/criteo/publisher/CriteoInterstitialActivity.java, line(s) 85,8 com/criteo/publisher/l0/b.java, line(s) 34,3,4 com/explorestack/iab/mraid/k.java, line(s) 363,11,12 com/explorestack/iab/vast/activity/VastView.java, line(s) 735,27,28 com/mopub/common/privacy/ConsentDialogLayout.java, line(s) 233,11,12 com/mopub/mobileads/BaseWebView.java, line(s) 61,6 com/mopub/mobileads/MraidActivity.java, line(s) 80,10 com/mopub/mraid/MraidBridge.java, line(s) 185,14,15 com/my/target/fu.java, line(s) 55,9,10 com/startapp/android/publish/ads/splash/d.java, line(s) 41,5,6 com/startapp/android/publish/ads/splash/i.java, line(s) 184,9 com/startapp/android/publish/adsCommon/Utils/i.java, line(s) 273,21,22 com/tappx/a/c4.java, line(s) 261,14,15 com/tappx/a/l2.java, line(s) 133,12,13 com/tappx/a/l3.java, line(s) 91,8 com/truenet/android/b.java, line(s) 364,19,20 com/unity3d/services/core/webview/WebViewApp.java, line(s) 288,10,322,348,354,360
高危 已启用远程WebView调试
已启用远程WebView调试 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/amazon/device/ads/DTBAdView.java, line(s) 150,18 com/onesignal/WebViewManager.java, line(s) 301,10
高危 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
com/tappx/a/f.java, line(s) 45,48
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/appnext/base/b/h.java, line(s) 59,75,103
高危 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: com/mopub/network/CustomSSLSocketFactory.java, line(s) 11,12,13,14,3
高危 应用程序包含隐私跟踪程序
此应用程序有多个25隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 基本配置配置为信任系统证书。
Scope: *
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Broadcast Receiver (com.appsgeyser.sdk.datasdk.DataSdksReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.onesignal.GcmBroadcastReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Activity (com.appsgeyser.sdk.ui.AboutDialogActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Broadcast Receiver (com.onesignal.BootUpReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.onesignal.UpgradeReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Service (com.google.firebase.messaging.FirebaseMessagingService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.onesignal.NotificationOpenedActivityHMS) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Service (com.yandex.metrica.MetricaService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.yandex.metrica.MetricaEventHandler) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.appsgeyser.sdk.push.PushStarterReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Service (com.appnext.base.services.OperationJobService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (com.appnext.base.receivers.AppnextBootReciever) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.startapp.android.publish.common.metaData.BootCompleteListener) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (com.google.firebase.iid.FirebaseInstanceIdService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.google.android.play.core.assetpacks.AssetPackExtractionService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.appodeal.ads.AppodealPackageAddedReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 高优先级的Intent (999)
[android:priority] 通过设置一个比另一个Intent更高的优先级,应用程序有效地覆盖了其他请求。
中危 IP地址泄露
IP地址泄露 Files: com/appnext/ads/fullscreen/Video.java, line(s) 24,48 com/appnext/ads/fullscreen/b.java, line(s) 181 com/appnext/ads/interstitial/Interstitial.java, line(s) 33,64 com/appnext/ads/interstitial/InterstitialActivity.java, line(s) 550 com/appnext/banners/BannerAd.java, line(s) 10,28 com/appnext/banners/g.java, line(s) 180 com/appnext/core/d.java, line(s) 119,485 com/appnext/core/f.java, line(s) 57,770,855,857 com/appnext/core/i.java, line(s) 9 com/appodeal/ads/services/crash_hunter/b.java, line(s) 14 com/appodeal/ads/services/event_service/a.java, line(s) 74 com/mopub/mobileads/FacebookAdapterConfiguration.java, line(s) 18,29,67 com/mopub/mobileads/dfp/adapters/BuildConfig.java, line(s) 9 com/mopub/mobileads/facebookaudiencenetwork/BuildConfig.java, line(s) 13 com/startapp/android/a/a.java, line(s) 263 io/bidmachine/ads/networks/adcolony/AdColonyAdapter.java, line(s) 38 io/bidmachine/ads/networks/adcolony/BuildConfig.java, line(s) 5 io/bidmachine/ads/networks/amazon/BuildConfig.java, line(s) 5 io/bidmachine/ads/networks/criteo/BuildConfig.java, line(s) 5 io/bidmachine/ads/networks/criteo/CriteoAdapter.java, line(s) 35 io/bidmachine/ads/networks/mraid/MraidAdapter.java, line(s) 21 io/bidmachine/ads/networks/my_target/BuildConfig.java, line(s) 5 io/bidmachine/ads/networks/nast/NastAdapter.java, line(s) 11 io/bidmachine/ads/networks/pangle/BuildConfig.java, line(s) 5,4 io/bidmachine/ads/networks/vast/VastAdapter.java, line(s) 19
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/applovin/impl/a/i.java, line(s) 18 com/appnext/ads/c.java, line(s) 5 com/appnext/ads/fullscreen/FullscreenActivity.java, line(s) 29 com/appnext/ads/fullscreen/Video.java, line(s) 18 com/appnext/banners/j.java, line(s) 4 com/appnext/base/services/a/c.java, line(s) 11 com/appnext/core/d.java, line(s) 18 com/appnext/core/f.java, line(s) 44 com/appodeal/ads/a/h.java, line(s) 21 com/appsgeyser/sdk/ads/fastTrack/adapters/FastTrackAdmobAdapter.java, line(s) 33 com/appsgeyser/sdk/ads/fastTrack/adapters/FastTrackAppodealAdapter.java, line(s) 21 com/appsgeyser/sdk/ads/fastTrack/adapters/FastTrackFacebookAdapter.java, line(s) 23 com/appsgeyser/sdk/ads/fastTrack/adapters/FastTrackMopubAdapter.java, line(s) 32 com/explorestack/iab/utils/Utils.java, line(s) 35 com/startapp/android/publish/ads/banner/BannerBase.java, line(s) 21 com/startapp/android/publish/cache/a.java, line(s) 19 com/startapp/android/publish/cache/g.java, line(s) 15 com/tappx/a/m3.java, line(s) 7 com/unity3d/services/core/request/SDKMetrics.java, line(s) 9 com/yandex/metrica/impl/ob/dm.java, line(s) 3
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/appodeal/ads/aj.java, line(s) 349 com/appodeal/ads/bw.java, line(s) 957 com/appodeal/ads/utils/h.java, line(s) 40,43,46,49 com/appodeal/ads/utils/m.java, line(s) 55 com/appodeal/ads/utils/n.java, line(s) 64 com/appsgeyser/multiTabApp/utils/FileManager.java, line(s) 126,131 com/explorestack/iab/vast/VastRequest.java, line(s) 190 com/mopub/mraid/MraidNativeCommandHandler.java, line(s) 324 com/my/target/fa.java, line(s) 81,140 com/my/tracker/obfuscated/y.java, line(s) 241 com/pgl/sys/ces/a/a.java, line(s) 37 com/startapp/android/a/a.java, line(s) 215 com/startapp/android/publish/adsCommon/Utils/f.java, line(s) 47 com/tappx/a/k4.java, line(s) 85 com/tappx/a/r3.java, line(s) 150 com/unity3d/services/core/cache/CacheDirectory.java, line(s) 30 com/yandex/metrica/impl/am.java, line(s) 110 io/bidmachine/DeviceInfo.java, line(s) 283,306 io/bidmachine/core/Utils.java, line(s) 303,288
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/adcolony/sdk/u0.java, line(s) 595 com/adcolony/sdk/x0.java, line(s) 30 com/amazon/device/ads/DtbDeviceData.java, line(s) 247 com/applovin/impl/sdk/utils/StringUtils.java, line(s) 29 com/applovin/impl/sdk/utils/k.java, line(s) 149 com/mopub/common/util/Utils.java, line(s) 22 com/pgl/sys/ces/c.java, line(s) 11 com/unity3d/services/core/device/Device.java, line(s) 443
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/amazon/device/ads/DTBAdLoader.java, line(s) 6,7,9,8 com/applovin/impl/sdk/k.java, line(s) 705 com/applovin/mediation/ads/MaxAdView.java, line(s) 157 com/applovin/mediation/ads/MaxInterstitialAd.java, line(s) 67 com/applovin/mediation/ads/MaxRewardedAd.java, line(s) 93 com/applovin/mediation/ads/MaxRewardedInterstitialAd.java, line(s) 63 com/applovin/sdk/AppLovinSdk.java, line(s) 226 com/applovin/sdk/AppLovinWebViewActivity.java, line(s) 19 com/appnext/base/b/c.java, line(s) 8 com/appnext/sdk/adapters/admob/ads/AppnextAdMobCustomEvent.java, line(s) 18,19 com/appnext/sdk/adapters/admob/banners/AppnextAdMobBannerAdapter.java, line(s) 18,19 com/appnext/sdk/adapters/mopub/ads/AppnextMoPubCustomEvent.java, line(s) 18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42 com/appnext/sdk/adapters/mopub/banners/AppnextMoPubCustomEventBanner.java, line(s) 16 com/appnext/sdk/adapters/mopub/banners/Helper.java, line(s) 8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 com/appsgeyser/multiTabApp/pdfreader/PdfLoader.java, line(s) 47,86 com/mopub/common/AdUrlGenerator.java, line(s) 16,18,17,19,20,21,27,24,25,26,28,29,22,30,23,31,33,34,32 com/mopub/common/AdapterConfigurationManager.java, line(s) 22 com/mopub/common/AvidViewabilitySession.java, line(s) 17 com/mopub/common/BaseUrlGenerator.java, line(s) 17,26,18,19,20,27,21,24,14,25,28,29,30 com/mopub/common/Constants.java, line(s) 66,67 com/mopub/common/DataKeys.java, line(s) 4,12,14,13,8,22,15,37,17,18,7,28,30,29,31,32,36,38 com/mopub/common/GpsHelper.java, line(s) 13 com/mopub/common/MoPubAdvancedBidderData.java, line(s) 8 com/mopub/common/MoPubBrowser.java, line(s) 22 com/mopub/common/MoatViewabilitySession.java, line(s) 26,31,30 com/mopub/common/privacy/ConsentDialogRequest.java, line(s) 15 com/mopub/common/privacy/ConsentDialogUrlGenerator.java, line(s) 10 com/mopub/common/privacy/PersonalInfoData.java, line(s) 30,12,13,17,19,18,14,15,16,20,21,22,23,24,25,26,27,28,29,31,32,35,36 com/mopub/common/privacy/SyncUrlGenerator.java, line(s) 11,12,13,15,16 com/mopub/mobileads/BaseVideoPlayerActivity.java, line(s) 16 com/mopub/mobileads/ConversionUrlGenerator.java, line(s) 9,10 com/mopub/mobileads/FacebookAdapterConfiguration.java, line(s) 20,21 com/mopub/mobileads/FacebookBanner.java, line(s) 22 com/mopub/mobileads/FacebookInterstitial.java, line(s) 21 com/mopub/mobileads/GooglePlayServicesBanner.java, line(s) 14,15,16,17 com/mopub/mobileads/GooglePlayServicesInterstitial.java, line(s) 12,13 com/mopub/mobileads/MoPubRewardedVideoManager.java, line(s) 47,48,46 com/mopub/mobileads/RewardedVideoCompletionRequestHandler.java, line(s) 20,18,26,24,19,25,17 com/mopub/mobileads/StartAppCustomEventBanner.java, line(s) 16,17,18 com/mopub/mobileads/StartAppCustomEventInterstitial.java, line(s) 12 com/mopub/mobileads/StartAppCustomEventUtils.java, line(s) 18 com/mopub/mobileads/StartAppExtras.java, line(s) 4 com/mopub/mobileads/dfp/adapters/MoPubAdapter.java, line(s) 49 com/mopub/nativeads/FacebookNative.java, line(s) 26,27 com/mopub/nativeads/PositioningRequest.java, line(s) 19,20,22,23,24 com/onesignal/OSInAppMessagePrompt.java, line(s) 21 com/pgl/sys/a/b.java, line(s) 48 com/pgl/sys/ces/c/a.java, line(s) 24 com/pgl/sys/ces/c/b.java, line(s) 24 com/tappx/sdk/android/VideoAdActivity.java, line(s) 18 com/unity3d/ads/metadata/InAppPurchaseMetaData.java, line(s) 13 io/bidmachine/BidMachineFetcher.java, line(s) 21 io/bidmachine/ads/networks/AmazonConfig.java, line(s) 11 io/bidmachine/ads/networks/mraid/MraidAdapter.java, line(s) 18 io/bidmachine/ads/networks/nast/NastAdapter.java, line(s) 8 io/bidmachine/ads/networks/vast/VastAdapter.java, line(s) 16
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/appnext/core/f.java, line(s) 781 com/appsgeyser/sdk/hasher/Hasher.java, line(s) 9 com/my/target/ib.java, line(s) 61 com/my/tracker/obfuscated/k0.java, line(s) 8 com/startapp/android/publish/ads/video/d.java, line(s) 42 com/tappx/a/e3.java, line(s) 8 com/yandex/metrica/impl/c.java, line(s) 209 io/bidmachine/core/Utils.java, line(s) 293
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/adcolony/sdk/k.java, line(s) 5,148 com/adcolony/sdk/l.java, line(s) 6,292 com/adcolony/sdk/m.java, line(s) 6,43 com/appnext/base/a/b.java, line(s) 4,5,30 com/appodeal/ads/services/event_service/a/d.java, line(s) 4,5,30 com/appsgeyser/multiTabApp/storage/BookmarksManager.java, line(s) 6,7,30 com/appsgeyser/multiTabApp/storage/DatabaseOpenHelper.java, line(s) 4,5,18 com/my/tracker/obfuscated/h.java, line(s) 5,6,7,8,9,278 com/onesignal/OneSignalDbHelper.java, line(s) 5,6,7,8,9,149 com/onesignal/outcomes/OSOutcomeTableProvider.java, line(s) 3,4,11 com/yandex/metrica/impl/ob/bm.java, line(s) 6,162 com/yandex/metrica/impl/ob/bn.java, line(s) 7,8,101 com/yandex/metrica/impl/ob/br.java, line(s) 6,71
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/adcolony/sdk/w0.java, line(s) 942,933 com/appsgeyser/multiTabApp/controllers/WebContentController.java, line(s) 145,106,138 com/appsgeyser/sdk/push/MessageViewer.java, line(s) 61,59 com/startapp/android/publish/ads/splash/d.java, line(s) 27,26 com/unity3d/services/core/webview/WebView.java, line(s) 21,48
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/adcolony/sdk/w0.java, line(s) 947,949,933 com/amazon/device/ads/DTBAdView.java, line(s) 159,143 com/appnext/banners/g.java, line(s) 113,61 com/appnext/core/result/ResultPageActivity.java, line(s) 147,90 com/appnext/core/webview/AppnextWebView.java, line(s) 212,148,191 com/appsgeyser/multiTabApp/controllers/WebContentController.java, line(s) 133,135,106,138 com/onesignal/WebViewManager.java, line(s) 257,256 com/startapp/android/publish/ads/a/c.java, line(s) 131,119 com/startapp/android/publish/ads/banner/bannerstandard/BannerStandard.java, line(s) 285,227 com/startapp/android/publish/ads/splash/d.java, line(s) 30,26 com/startapp/android/publish/adsCommon/adinformation/b.java, line(s) 171,167 com/unity3d/services/ads/webplayer/WebPlayerView.java, line(s) 89,73 com/unity3d/services/core/webview/WebView.java, line(s) 72,48
中危 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/startapp/android/b/b.java, line(s) 5,5,5,7,5,7,5,5 com/startapp/android/b/c.java, line(s) 61,61,61,61,61
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/amazon/device/ads/DTBMetricsConfiguration.java, line(s) 63 com/amazon/device/ads/WebResourceService.java, line(s) 56
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "ca-app-pub-9832460487800528~7265399623" 凭证信息=> "onesignal_app_id" : "%ONE_SIGNAL_APP_ID%" "password" : "Password" "username" : "Name" nV2wKuaxWvG4njVuq6Knxs62xgY7meuoC3jUbrek684kU49NhBiemuT4dZGQuzmwiRSKfR1smHQjA fhrgFfJqgVZoVNjzyS7CzU1i9AA4GyPqlAJ20RCAJlg nDd2sIAh0NtfzUKSVizdHiSzqG7PZPK9duEqgwsPBHetvF9wqa2+o4ctPPcZj+3cxn86iqho2m4zL 7d962ba4-a392-449a-a02d-6c5be5613928 Rfk0iXqG1NksAriLhvTIFrKC3X10rpfR3hyZYQqfkTdNYvQAOBsj6pQCdtEQgCZY 1YOY5Rt0XsvTgffyYERBs4OZnMp++K/Jm0S7KmQTqYs nG6EIyezqCdl6iCVS9E+HuDF72184LRZ62hqpXUNEWrWdG73Q1lDNtlo/gcWpopsQyhU4+d4VpsOz nlS0ojIYjJWkNq2E4HCGdXz3MtTXW4nGVT4ZhGCRzeUbmY0vPZFHA63FR4XaWZGNdMuqqffhdDuTF nV8WWCnfZYotpmkQSSSLJ1Yev31tFXcC3abt+bwXtDdU4l0mEk4kU0XSmZHF5XTImg1EyucLSb6cs nWmhp2NyBmLvBfSfDME1UVUPVNDR94XiSZty+gmUYOharBZtl4Ti1RRSwiBJWqwXr4gmeu40SpeKB c682b8144a8dd52bc1ad63 b2f7f966-d8cc-11e4-bed1-df8f05be55ba 7+KAkb3Ej2KFLftBLdWrHXNw5SyHuZNhHCgeqkrxnXg AZQG1XXPKFo8LYu/gTPgz65IOcmcwYFb3yREhyWefNI= n33f+5xzBNE2TBwDTNDVd1wuKqubSyVQyEokMR4OhwcnJ8YGrvb2Xj7/88tDw8HB68fUCYNzvNgkP nbqPSLtNU7d9UOp4vKJx4t5fLoxNLO3yyJLG7NkB3cz2uTWq0JcWcSreTne1NPNzdyUuXrgELTq93 KGZ1bmN0aW9uKGMsZCl7dmFyIHI9YixlPWMoKTt3aGlsZSghIVtdKXt0cnl7dmFyIGY9cGFyc2VJbnQocigweDEyZCkpLzB4MSooLXBhcnNlSW50KHIoMHgxMmMpKS8weDIpKy1wYXJzZUludChyKDB4MTJhKSkvMHgzK3BhcnNlSW50KHIoMHgxM2MpKS8weDQqKHBhcnNlSW50KHIoMHgxNDcpKS8weDUpK3BhcnNlSW50KHIoMHgxMzYpKS8weDYrcGFyc2VJbnQocigweDEyOCkpLzB4NytwYXJzZUludChyKDB4MTNmKSkvMHg4Ky1wYXJzZUludChyKDB4MTJlKSkvMHg5O2lmKGY9PT1kKWJyZWFrO2Vsc2UgZVsncHVzaCddKGVbJ3NoaWZ0J10oKSk7fWNhdGNoKGcpe2VbJ3B1c2gnXShlWydzaGlmdCddKCkpO319fShhLDB4NWQ3NzcpLGZ1bmN0aW9uKCl7dmFyIHM9YixjPXdpbmRvd1snbmF0aXZlU3RvcmFnZSddPXt9LGQ9Y1tzKDB4MTQ1KV09eydSRUFEX0ZJTEVfU1VDQ0VTU19FVkVOVCc6cygweDEzYSksJ1JFQURfREVGQVVMVFNfU1VDQ0VTU19FVkVOVCc6cygweDEzYiksJ0VSUk9SX0VWRU5UJzpzKDB4MTM3KX0sZT17fTtjWydhZGRFdmVudExpc3RlbmVyJ109ZnVuY3Rpb24oaixrKXt2YXIgdD1zO2lmKCFqfHwha3x8IWYoaixkKSlyZXR1cm47dmFyIGw9ZVtqXT1lW2pdfHxbXTtmb3IodmFyIG09MHgwO208bFt0KDB4MTMzKV07bSsrKXt2YXIgbj1TdHJpbmcoayksbz1TdHJpbmcobFttXSk7aWYoaz09PWxbbV18fG49PT1vKXJldHVybjt9bFt0KDB4MTNkKV0oayk7fSxjWydyZW1vdmVFdmVudExpc3RlbmVyJ109ZnVuY3Rpb24oaixrKXt2YXIgdT1zO2lmKCFqfHwhZihqLGQpKXJldHVybjtpZihlW3UoMHgxMzApXShqKSl7aWYoayl7dmFyIGw9ZVtqXSxtPWxbdSgweDEzMyldO2Zvcih2YXIgbj0weDA7bjxtO24rKyl7dmFyIG89bFtuXSxwPVN0cmluZyhrKSxxPVN0cmluZyhvKTtpZihrPT09b3x8cD09PXEpe2xbJ3NwbGljZSddKG4sMHgxKTticmVhazt9fWxbdSgweDEzMyldPT09MHgwJiZkZWxldGUgZVtqXTt9ZWxzZSBkZWxldGUgZVtqXTt9fSxjW3MoMHgxNDEpXT1mdW5jdGlvbihpKXt2YXIgdj1zLGo9digweDEzNSkrZW5jb2RlVVJJQ29tcG9uZW50KGkpO2codigweDEzOCkraik7fSxjW3MoMHgxNDApXT1mdW5jdGlvbihpLGope3ZhciB3PXMsaz13KDB4MTM1KStlbmNvZGVVUklDb21wb25lbnQoaSkrJyZkYXRhPScrZW5jb2RlVVJJQ29tcG9uZW50KGopO2codygweDEyZikrayk7fSxjW3MoMHgxMzQpXT1mdW5jdGlvbihpKXt2YXIgeD1zLGo9eCgweDEzNSkrZW5jb2RlVVJJQ29tcG9uZW50KGkpO2coeCgweDE0Mykraik7fSxjW3MoMHgxNDQpXT1mdW5jdGlvbihpLGope3ZhciB5PXMsaz15KDB4MTM1KStlbmNvZGVVUklDb21wb25lbnQoaSkrJyZkYXRhPScrZW5jb2RlVVJJQ29tcG9uZW50KGopO2coeSgweDEyOSkrayk7fSxjW3MoMHgxMmIpXT1mdW5jdGlvbihpLGope3ZhciB6PXM7aChjW3ooMHgxNDUpXVt6KDB4MTMxKV0saSxqKTt9LGNbJ2ZpcmVSZWFkRGVmYXVsdHNTdWNjZXNzRXZlbnQnXT1mdW5jdGlvbihpLGope3ZhciBBPXM7aChjWydFVkVOVFMnXVtBKDB4MTNlKV0saSxqKTt9LGNbJ2ZpcmVFcnJvckV2ZW50J109ZnVuY3Rpb24oaSl7dmFyIEI9cztoKGNbQigweDE0NSldWydFUlJPUl9FVkVOVCddLGkpO307dmFyIGY9ZnVuY3Rpb24oaixrKXtmb3IodmFyIGwgaW4gayl7aWYoa1tsXT09PWopcmV0dXJuISFbXTt9cmV0dXJuIVtdO30sZz1mdW5jdGlvbihpKXt2YXIgQz1zO3dpbmRvd1tDKDB4MTQ5KV09QygweDE0MikraTt9LGg9ZnVuY3Rpb24oail7dmFyIEQ9cyxrPUFycmF5Wydwcm90b3R5cGUnXVtEKDB4MTQ2KV1bRCgweDE0OCldKGFyZ3VtZW50cyk7a1tEKDB4MTM5KV0oKTt2YXIgbD1lW2pdO2lmKGwpe3ZhciBtPWxbRCgweDE0NildKCksbj1tW0QoMHgxMzMpXTtmb3IodmFyIG89MHgwO288bjtvKyspe21bb11bRCgweDEzMildKG51bGwsayk7fX19O30oKSk7ZnVuY3Rpb24gYihjLGQpe3ZhciBlPWEoKTtyZXR1cm4gYj1mdW5jdGlvbihmLGcpe2Y9Zi0weDEyODt2YXIgaD1lW2ZdO3JldHVybiBoO30sYihjLGQpO31mdW5jdGlvbiBhKCl7dmFyIEU9WydzbGljZScsJzVubGtBS0onLCdjYWxsJywnbG9jYXRpb24nLCc0MDE0MjY5RFRYS1RVJywnd3JpdGVEZWZhdWx0cz8nLCc4ODE2NThvQVlkWnYnLCdmaXJlUmVhZEZpbGVTdWNjZXNzRXZlbnQnLCc0MjQ5MjhaTkxIUHAnLCcyWGZJbWpnJywnOTgyNjQ5N2NZYXFVQicsJ3dyaXRlRmlsZT8nLCdoYXNPd25Qcm9wZXJ0eScsJ1JFQURfRklMRV9TVUNDRVNTX0VWRU5UJywnYXBwbHknLCdsZW5ndGgnLCdyZWFkRGVmYXVsdHMnLCdwYXRoPScsJzE5NzQwOTBZem9kd1knLCdlcnJvcicsJ3JlYWRGaWxlPycsJ3NoaWZ0JywncmVhZEZpbGVTdWNjZXNzJywncmVhZERlZmF1bHRzU3VjY2VzcycsJzI3NDExODhSeW5pUGsnLCdwdXNoJywnUkVBRF9ERUZBVUxUU19TVUNDRVNTX0VWRU5UJywnNDg0NTY1Nk5na3NERicsJ3dyaXRlRmlsZScsJ3JlYWRGaWxlJywnbmF0aXZlc3RvcmFnZTovLycsJ3JlYWREZWZhdWx0cz8nLCd3cml0ZURlZmF1bHRzJywnRVZFTlRTJ107YT1mdW5jdGlvbigpe3JldHVybiBFO307cmV0dXJuIGEoKTt9 bb2cf0647ba654d7228dd3f9405bbc6a LvRiGEjRqfzurezaWuj8Wie2gyHMrW5Q06LspMnox7A= nMrL5AqG5OFdGJ3iz9zpXp4PMZXPoy3xgXzDMfCpNnc+7RIaq68RTGRTduGNlZQKqYaLpBvcwFRKd nPLlEhF2S6Kn28fknH6a7qZ5anxe7Td7QprA4vL2VHrwltEHVdKLxFFemwxQW6357eAxJkpCtFvZ0 IQBnNBEiFuhj+8x6X8XLgh01V9Ic5/V3IRQLNFFc7v4= 34e75064-5ba5-4fac-b092-dc10aa167be0 HSrCHRtOan6wp2kwOIGJC1RDtuSrF2mWVbio2aBcMHX9KF3iTJ1lLSzCKP1ZSo5yNolPNw1kCTtWpxELFF4ah1 20799a27-fa80-4b36-b2db-0f8141f24180 e4250327-8d3c-4d35-b9e8-3c1720a64b91 njDOrqAxG50jn8psixDAMcoUC44kUGfVOYcciCDTU+HA6yp8myUyWyeg8c8ucc63bhd/lxGopbRNg 422d7e65812d34458dfd0c5f14e8141470b6e2ae 7bf3a1e7bbd31e612eda3310c2cdb8075c43c6b5 OB84k4abNNzWpMVBdhI+TSgQmCqTKdPPQrwq6j4YdMU= Y29tLmFuZHJvaWQudmVuZGluZy5saWNlbnNpbmcuSUxpY2Vuc2luZ1NlcnZpY2U= n2z0/NQz36Y5aIpWhd+AmF4ZGuBYME05nyRcUFFVF1Q0UQ2c1fqyigFVcOMJol604bTY6vB52t7Vw 1HPYA2lkbaNURYCXsP4iRrPA2bcLu2GoZBfTi2x2iws lgaGjSo8VdlXgzQ7qLaLqzOElG/CkYie3dvHgxY0q1o 0SvrL3Mu6kpegPQCJvH2Z3Pn/6HNDFPvXWhwtIQHwo9OKbwcnbuQeVUXYNnm0mlw nYhrfhSu4HXZ2dLRsaMdht9HZVE9rfQ2KoqLpBlaLBVm2bOp8hWmaGIbBy2cv8Ob1IYK3lHsBfC4H nroSiSyOiwiZzoK2JZ488xEcP7MZqsSCKa3OcKyjMxhJMhaNMhqJMhCJMhqOEZmNksjlEUcS+zrQS sQBMFfIvnZat9SH496KzHfKib626NzkhHKkXIfYGxxc nkAwTMAzTNAxd1zRNy5mGmTVNIyuIYto0jHg8npjuu9R7/tLF9868+NJLI729vVkWSNHuR5seGBkb nJVVitUg01QVoq3TjWucUTu0WL1s8nhKbfhsX+4e5cH246BjOvvoamrZUFW10b4SSUrOdrc3s7SjW nXeU0TBPTMDExEQRhUwu1+4UP7b3WcvCBub34QcAfyViGP5KxDH8kYxn+H64VntjA5IdUAAAAAElF 4e610cd2-753f-4bfc-9b05-772ce8905c5e 67bb016b-be40-4c08-a190-96a3f3b503d3 YW5kcm9pZC5pbnRlbnQuY2F0ZWdvcnkuTEFVTkNIRVI= 3A757365722F72656C656173652D6B657973 nx7s7efbRg2xva7xrbRbu8vKNYRhMhWc5e22I09dvcHF0gpxe7CtkUSTgdFDtrSTgraLS42SLw45b GR8QbFbIwPD6k5hAnMxS6Za9cNsNHXXZzG7GWfNC nXTI8LgdN3kqqFhdlimEQTGYYGJ0uOXbDwm57LJEmUVBWzTwBRqdCXBseJzK38SpzNYRmYwyOT6Et nO7vY0dlcdj2bPrljmCb5gsL3fvILzt6cYH5ZNBEFaK9w89zHHuXRPT3470KoWQ4T6O2/yS9Pn+P0 YW5kcm9pZC5pbnRlbnQuYWN0aW9uLk1BSU4= nJgVV5fy1IX7+xjkuTIeKykXAIkl4bDLba/x86tBDNAV8yFbr0jt2m0xHQw176gKcm9BIKwqYIIoi nyQXdMFyHjhzp2pAME7g6Os7FGyNFyuqT27ext72FCrezZDLGZiKkMrl1NzVU06Sg6WglkCEKAjva mcDfyrZIyDh7srkDi3vhYS4jCqm7NCw5DOnMQ6j4pn8 ntiJLEhZRRNE1cqpGvKAQz+SYi6eIxOKEEklSK1a5sihQX+nhcPdWPrqzmx3tzZvOJ9bCPbmJNJ9I 7qjY7245E0dfSy30XptPQ/SJdTfZfiiWf+eZ42wqMQY ndSajcwxMzhS1vbW+dk1heTVsGIC721poqvZza22WVxXe6B8kHEuglqAiAYiCiEO2YhXFNfO13lCE neenfZCGzvDI4xsmLfZwbmWAqkSSvakVqyv76Wj73+CEe2dOD0257f8m4BV03mJmd49XzffzuvT6G dfKcWOaG8KPoMfm5zts08Qlu05+R8BIzO3YcOMbimy7M7b66oYD1J20myZSpOoOWRYcUsjDmTjtwSPWh2TgTXA nsdpuk2moCSAK5e8whKIxZhNptFWGboPHRa3bibWMUScIAg6blTpvMZHxVIZYCU4UNiAjlkyhqLcT nX3ziMHU+76bVuJLIEASBxmo/T+zZwbXJIDfnYhimSbyg8PbQKDarFUkU6W5rKq1SScLiKF82TGay nmmbv67/97fm3Xn217ycvvZRlYaTc9TT6gyHjFgzD0HK5XGjkxo1XRav11Nk337z0ysmT4y+++GIS nLLZ8hYKbSEKzUbM0u+Pir24N5Oaw+Lx+MoBG+cviQs VbMgRD4jVg4hNau0Ow7yWHX5dBZylyqDyPIjra0JMrA nta+Srx57hK89cYQddTWrviOLAk6LVPLCzGGXOdDdyd6tbUXP3xkZZzoWR9PWVfoAkCTJ1bm96+iG nVwcZnU+gGgs+SAB8Npmn9+3k8d09tNYF8Dgd2GTrmg01TXNhuqUy5BQF0zSRrVbcDntR5LkFwzAY 2F73797374656D2F6C69622F6C69627265666572656E63652D72696C2E736F wUWo9wuOBqc42QHm8/JVjGXXMTT2DoYHEa3wguYezUW0KEhBaolGwT3KPMo6Sz+d hxsTS1PgJe7SvMvbIVXAlWNuK93hkAa0eyf9OlSh3dE neJztm1lsXNd5x3/33pk7O8nRzHDfSYkUFa3WanmLo9hpUCR29rhNAzQBugBFkIegAYICzkPTAH1I hxsTS1PgJe7SvMvbIVXAleqYGWt1TgQOogRt9pTwP9Y nRI7t382Bnm0lh7RcvsBMJkdyFSJuYWwuxvVwFMPYWLqscDt55sh+PtLSeLsOTeOVG6OMhmcpFEoS com/Vo9wbFH89BbDbWFhUezQZOGPKmfkJSAtIbVWk3QxPbvJwcR8I79EVuI0aB41a nZ2xyKXTaJYndTXV8+vA+Htn3kZJ0thuTM1wYuMnwVIj5RJKsoqDpOnZZprkmwIHtnRzY3knAW7l6 nyzMOYHJHGBVEoWQft+5bNqtclAnqhk42V8Ask43p8BzzmRzqas7T7cTndmKTrat8WRp0XSeXL16c VVPuWC/9Kuu7F3i2uDo+EpXhKnuxQFx794EdWq4sqJx9G87i++pCpDIUbWEx83NA nBwCvx82XPvE4yVyOE30DRFIZDGBmLs5v3r3Ega4OWhtqShqdsmyr79m18+PAT0siQ9U0ro9N8fvz ZJVkXnYZGc0zgB3S4AsbuD81KHR8Nkg8UponZZuzRBk nCHOxJC6nHZfDfk9s2+y2Kr9vS7WqZafTU7nJybnJVf3HA/cZ+YLC5YFRfnr6HUajcyiajtUisbW2 v5lNHAiXCIZ1hAylTNDUIT+qLa9pGoGxoSFqUJi0Wwg nyVZryTbXJcPtdBTlE4qqMRtPlL2PcXMiSDqTW7Ws1bcFt638RA6goKrMLa6hbsEuW0tW3dYlw++t ngZKIKAeiKOKwydS4HEiLoy2RL3B+ZILXLvczE50v2Zbdbve6XO6Or33xK82wiXRcUVWGJoK88NoZ p8d3YH5MuCxwVpTkZb94TbytsEXMz1FDtMwkGzTtUPg UJIn9VFKpDDGLj92vFtsDu89edbIfDnf+1BS1Op+N3ibnXDClU6Qn4m9zcPUJndT w4andMWX7t5Jfk790BgWUrMNcOuo2+YQaoHGCbc1pcv+JGcCt9DRPjxTYUAbO5pE 8V2SkLfQtXT7yOPHxqrPlAg6jp+lx+rvQTk+I2vfHWM nmzm6tZW2qorbNgyD189dIliaMxUwcT32xJOPbkhGeHae/pkIk4nkQgMAr2zlqYO7aKuvQVrHWa5E nRqeVqK/24asqnwxBFO7YY9F1A13fOPGCDcgQRaGo46a5YLzck1N5RWEqmSKRL9xRZpNE6gNb8Fa4 nTqe3ra3tc48eOxZufPHF+ampqdytwrsiwzRNEukM/WPTvHV1iJcvXiZWUIs6JgJO2UqgsoJKtxOL nRRGLKCJqOlNzMbKKigFkFIVELoddEOhpbUQUN3aogiCISkFRLJIl+MLP/rO3pGlimibRWIKz14d4 n0T82xdv9N7g0PMZELLHqUh0W/lG31YLbakWWRCRRRNV1cqpGQlWXwuRKWASBao+brvpqDne1c7in WYP3IlFsQbao/nmzk+V5+EDTMrEq8ygXRWqwiT3aXVk 7qjY7245E0dfSy30XptPQ6Kjsb63PLX1qtOqZ64iM50 5eb5a37e-b458-11e3-ac11-000c2940e62c nHtfSs0gmx9BkkLlEasPvRUm0VdfUbN2wxhvTQUKxxNJvu2zlkZ3dVDgdm9YYLJKE3SYjigL6GtPA EecDzDUbtS5qsctGaW8eDzBBqoEJJw2EaiO9g7mmMkc nJKvVgt9bsWFWtx6mwrPMr9G4Bm8lfo+7bPHXZpXxVxWn8dl8gcy9GBl5pYBu3I7TFkmiwlV6krUa n0lnODI4QzxdQTZPpRJoXTpzkrz/3SeqrfXeE5ZWw2W3u2vqajqN793pK8hkjU2Eu3BhnMpVZemaX 3ZJsjFJl8424bBJ0FHBsPsvg6JPdFtnXjH4FLENWtoY nUSB5KpC0cNokTiMnTSPHtS3ZsizLsiSKWriI4k7ORnL27a59IEVxKC7DkWQ5Rv5vc8+93znnP+d8 n53ZRU1GxatlasNtkWqt9dC0bbQYwPBkkMh/f8HtRFC2VlZX+dckoKCpjczHmMlkAJEHA63Swr6dz nwDCpFflNT8DHc08c5pOPHLgrFa6sY0wmC+nvz199i99fvkZ4mdJtEQRcDjt76mt4rGcbR3Z1U1e9 EecDzDUbtS5qsctGaW8eD9qka7saamJrDJfaB/3470s ftLVnAFo4UVdmS7TEXHP3z1+tuYsCsVdhGwkH7sMMCI 6c5f504e-8928-47b5-bfb5-73af8d8bf4b4 npqOzxFLpVcsaAn58lZuLJMthkSTc9uJwX1BU8kppR7/WJcMwzKIzMKIgYLVayjj5sADTNJmJJYgt wB98799JR2eOU8JQBj+AirJiMR1odQqWWeVt5DvdwLDbO/6GMnE3dISVriMmbsHg iZEDYF5LpvyxpOX9+x3+qDBXhdByZOUFatBA3JgW7sY= MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENIBD8zVGWMJWVFPJ9aQkyZS+ahKDB9xbQZeXIb7keGfUEMdOaOxWd+nTa2HbkeHi0PNfdGHAyCE4mycvIPwStw== r+UiUzt9REOhqndIQXQTv4xLHJ5RqFQyDLMKVsbc2y8 8f1d08a2d6496191a5ebae8f0590f513e2619489 dy/Myn0WRtYGKBNP8ubn9boJWJi+WWmLzp0V+W9pqfM= 01528cc0-dd34-494d-9218-24af1317e1ee wA68d1p5v8MSlvKrjle67r38zreZaMrbDBiCU39LXJU XqPsOXkCkiOwfSDmQAngCTOElG/CkYie3dvHgxY0q1o vowRFCKLTs9aEktGgLPt1r38zreZaMrbDBiCU39LXJU 422de421e0f4e019426b9abfd780746bc40740eb n1VS5VETm42s20lfpodZXSi5ajLqAj+1tzUVRbSwcYTaR3FACEARBkmV5/WgSno8TyWSXpojTaqHL E7DpZ5iKZ4wFqPfA8T/0xoaEEF1mb1e+vYW2ILlIGMBhCfsQnXB9y+crvSN476OS+43wU0ucLzr4quLmL9S5+Q 026ae9c9824b3e483fa6c71fa88f57ae27816141 CJcKTQGQcFh0cXOvBHlbc1De0+8fG8Rx/CGjhGnsKs8
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/adcolony/sdk/AdColonyAppOptions.java, line(s) 296,304 com/adcolony/sdk/c0.java, line(s) 68,86,90,282,74,216,80 com/adcolony/sdk/f.java, line(s) 736 com/adcolony/sdk/n0.java, line(s) 67,156,79 com/amazon/device/ads/AdRegistration.java, line(s) 117,216,415,432,448,109,159,170,194,196,202,204 com/amazon/device/ads/DTBActivity.java, line(s) 51,24,27,65,89,94,31 com/amazon/device/ads/DTBAdMRAIDBannerController.java, line(s) 86 com/amazon/device/ads/DTBAdMRAIDController.java, line(s) 120,284,301,359,486,489,510,524,639,535 com/amazon/device/ads/DTBAdMRAIDExpandedController.java, line(s) 49 com/amazon/device/ads/DTBAdMRAIDInterstitialController.java, line(s) 43,61 com/amazon/device/ads/DTBAdRequest.java, line(s) 127,129,152,154,406,411,418,425,453,563,565,569,573,580,604,626,628,634,637,643,648,671,673,686,108,343,360,427,522,690,261,422,447,508,511,655,70,85,111,393,532 com/amazon/device/ads/DTBAdResponse.java, line(s) 161,184 com/amazon/device/ads/DTBAdUtil.java, line(s) 128,224,227,231,236,244,250,254,256,258,260,263,268,277,287,290,292,295,297,319,322 com/amazon/device/ads/DTBAdView.java, line(s) 301,315,322,572,594,600,605,618,227,242,570,587 com/amazon/device/ads/DTBAdViewSupportClient.java, line(s) 37,68,88,135,52,61,143 com/amazon/device/ads/DTBFetchFactory.java, line(s) 27,52,46 com/amazon/device/ads/DTBFetchManager.java, line(s) 144 com/amazon/device/ads/DTBMetricReport.java, line(s) 97,178 com/amazon/device/ads/DTBMetricsConfiguration.java, line(s) 49,72,76,88,101,112 com/amazon/device/ads/DTBMetricsProcessor.java, line(s) 100,105,110,113,118,115,117,120 com/amazon/device/ads/DTBTimeTrace.java, line(s) 51 com/amazon/device/ads/DtbAdRequestParamsBuilder.java, line(s) 91 com/amazon/device/ads/DtbAdvertisingInfo.java, line(s) 10,25,32,35,48,47 com/amazon/device/ads/DtbCommonUtils.java, line(s) 47,95,144,210,213,216,219,222,225,237,240,243,246,249,252,299,71,73,267 com/amazon/device/ads/DtbDebugProperties.java, line(s) 34,55,60,63,66,72,78,84,98,163 com/amazon/device/ads/DtbDeviceData.java, line(s) 46,51,66,82,178,180,222,225,261 com/amazon/device/ads/DtbDeviceRegistration.java, line(s) 32,42,47,60,85,125,162,179,181,185,305,52,105,107,172,197,66,69,96,120,145,148,169,204,215,256,259,294,298,315,322 com/amazon/device/ads/DtbFireOSServiceAdapter.java, line(s) 23,25,35,38 com/amazon/device/ads/DtbGeoLocation.java, line(s) 15,40,46,51,53,57,59,69,72 com/amazon/device/ads/DtbGooglePlayServices.java, line(s) 8,24 com/amazon/device/ads/DtbGooglePlayServicesAdapter.java, line(s) 41,44,47,22,25,30,35 com/amazon/device/ads/DtbHttpClient.java, line(s) 90,93,135,136,149,155,167,176,200 com/amazon/device/ads/DtbLog.java, line(s) 92,99,107,114,122,129,137,145,152,159,19,62,69,77,84 com/amazon/device/ads/DtbMetrics.java, line(s) 69,119,126,131,133,142,145,148,154,157,161 com/amazon/device/ads/DtbPackageNativeData.java, line(s) 32,48 com/amazon/device/ads/DtbThreadService.java, line(s) 22,30 com/amazon/device/ads/SDKUtilities.java, line(s) 133,156 com/amazon/device/ads/WebResourceService.java, line(s) 47 com/applovin/impl/adview/activity/b/f.java, line(s) 506 com/applovin/impl/sdk/r.java, line(s) 46,63,98,59,106,67,114,71,90 com/appodeal/ads/adapters/mraid/MraidNetwork.java, line(s) 49,51 com/appodeal/ads/adapters/vast/VASTNetwork.java, line(s) 53,55 com/appodeal/ads/bq.java, line(s) 60 com/appodeal/ads/cb.java, line(s) 134,144,149,157,336,342,374,397,404,442,461,468,473,482,486,593,596,603,647,654,668,675,693,728,743,746,756,764,768,771,783,788,804,807,815,820,825 com/appodeal/ads/e.java, line(s) 222,241 com/appodeal/ads/services/crash_hunter/a.java, line(s) 16,22 com/appodeal/ads/services/crash_hunter/internal/b.java, line(s) 135 com/appodeal/ads/services/event_service/b.java, line(s) 16,22 com/appodeal/ads/utils/Log.java, line(s) 51,59,103,105 com/appodeal/ads/utils/e.java, line(s) 13,20 com/appodeal/ads/utils/f.java, line(s) 13,20 com/appsgeyser/multiTabApp/DownloadsListActivity.java, line(s) 295 com/appsgeyser/multiTabApp/MainNavigationActivity.java, line(s) 167,673 com/appsgeyser/multiTabApp/browser/BrowserDownloadListener.java, line(s) 52,88,135 com/appsgeyser/multiTabApp/browser/BrowserWebChromeClient.java, line(s) 124 com/appsgeyser/multiTabApp/browser/BrowserWebViewClient.java, line(s) 75,48 com/appsgeyser/multiTabApp/browser/SimpleWebViewClient.java, line(s) 115 com/appsgeyser/multiTabApp/controllers/BottomMenuController.java, line(s) 292 com/appsgeyser/multiTabApp/controllers/TabsController.java, line(s) 57,58 com/appsgeyser/multiTabApp/controllers/WebContentController.java, line(s) 268 com/appsgeyser/multiTabApp/javascriptinterface/JavascriptInterface.java, line(s) 100,107,119 com/appsgeyser/multiTabApp/storage/BrowsingHistoryStorage.java, line(s) 81,90 com/appsgeyser/multiTabApp/storage/DatabaseOpenHelper.java, line(s) 24 com/appsgeyser/multiTabApp/ui/views/WebContent.java, line(s) 85 com/appsgeyser/multiTabApp/utils/PermissionController.java, line(s) 30 com/appsgeyser/sdk/Logger.java, line(s) 7,11 com/appsgeyser/sdk/PausedContentInfoActivity.java, line(s) 33 com/appsgeyser/sdk/ads/fastTrack/FastTrackAdsController.java, line(s) 98,101,104,107,110,172,177,204,207 com/appsgeyser/sdk/ads/fastTrack/adapters/FastTrackAdmobAdapter.java, line(s) 61,70,77,118,123,126,135,140,143,152,157,160,169,174,177,199,208,222,230,236,250,252,258,264,267,295,297,310,330,337,356,368,379,388,399,406,414,420,427,431,440,451,456,463,473,483,495,521,533,538,548,558,568,594,603,629,659,664,669,674,679,684,689,719 com/appsgeyser/sdk/ads/fastTrack/adapters/FastTrackAppodealAdapter.java, line(s) 54,59,66,71,78,83,95,102,109,115,120,126,131,137,149,160,167,172,185,194,203,208,219,225,230,236,238,247,251,258,269,279,289,302 com/appsgeyser/sdk/ads/fastTrack/adapters/FastTrackBaseAdapter.java, line(s) 82 com/appsgeyser/sdk/ads/fastTrack/adapters/FastTrackFacebookAdapter.java, line(s) 50,59,66,99,104,107,116,122,125,135,148,155,168,170,175,178,191,193,211,218,236,247,257,264,275,282,289,296,300,309,320,325,332,342,352,365 com/appsgeyser/sdk/ads/fastTrack/adapters/FastTrackMopubAdapter.java, line(s) 61,73,80,94,124,129,139,144,154,159,177,197,217,244,246,251,278,287,292,303,305,320,331,338,358,367,377,389,395,402,406,415,426,431,438,448,458,470,489,515,532,540,550,560,570,596,623 com/appsgeyser/sdk/datasdk/DataSdksReceiver.java, line(s) 24,34,36 com/appsgeyser/sdk/push/PushStarterReceiver.java, line(s) 26 com/appsgeyser/sdk/server/StatController.java, line(s) 52,57 com/appsgeyser/sdk/server/implementation/AppsgeyserServerClient.java, line(s) 192 com/appsgeyser/sdk/server/network/NetworkManager.java, line(s) 85,87 com/b/a/a/a/e/c.java, line(s) 11 com/criteo/publisher/logging/g.java, line(s) 51 com/explorestack/iab/bridge/JsBridgeHandler.java, line(s) 29 com/explorestack/iab/mraid/MraidInterstitial.java, line(s) 29,36,53,62,70,78,243 com/explorestack/iab/mraid/MraidLog.java, line(s) 21 com/explorestack/iab/mraid/MraidView.java, line(s) 219,227,235,243,249,255,261,270,431,493,495,716,854 com/explorestack/iab/mraid/c.java, line(s) 19,24,29,34,41 com/explorestack/iab/mraid/h.java, line(s) 117 com/explorestack/iab/mraid/j.java, line(s) 54,64,71,78,155,178,182,187,191,199,233 com/explorestack/iab/mraid/k.java, line(s) 65,75,86,104,143,283 com/explorestack/iab/utils/Logger.java, line(s) 48,60,54,66,72 com/explorestack/iab/utils/m.java, line(s) 55 com/explorestack/iab/vast/VastLog.java, line(s) 21 com/explorestack/iab/vast/VastRequest.java, line(s) 56,206,221,293,295,312,335,401,528,533,536 com/explorestack/iab/vast/activity/VastView.java, line(s) 429,455,461,467,473,496,513,526,540,552,562,569,577,613,643,650,657,682,711,795,842,851,992,1021,1163,1455,1479,1498,1527,1573,1856,1892,1948 com/explorestack/iab/vast/processor/a.java, line(s) 35,52 com/explorestack/iab/vast/processor/c.java, line(s) 421 com/explorestack/iab/vast/processor/url/a.java, line(s) 12,19 com/explorestack/iab/vast/tags/CompanionAdsCreativeTag.java, line(s) 23 com/explorestack/iab/vast/tags/LinearCreativeTag.java, line(s) 44 com/explorestack/iab/vast/tags/TrackingEventsTag.java, line(s) 26 com/explorestack/iab/vast/tags/VastXmlTag.java, line(s) 263 com/explorestack/iab/vast/view/a.java, line(s) 80 com/github/barteksc/pdfviewer/PDFView.java, line(s) 416 com/iab/omid/library/adcolony/d/c.java, line(s) 18,11 com/iab/omid/library/appodeal/d/c.java, line(s) 18,11 com/integralads/avid/library/mopub/utils/AvidLogs.java, line(s) 12,33,40,26,19 com/moat/analytics/mobile/mpub/n.java, line(s) 40 com/moat/analytics/mobile/mpub/p.java, line(s) 35 com/mopub/common/DiskLruCache.java, line(s) 109 com/mopub/common/MoPub.java, line(s) 110 com/mopub/common/SdkConfiguration.java, line(s) 75 com/mopub/common/logging/MoPubDefaultLogger.java, line(s) 14,16 com/mopub/common/logging/MoPubLog.java, line(s) 91 com/mopub/common/privacy/MoPubIdentifier.java, line(s) 135 com/mopub/mobileads/GooglePlayServicesBanner.java, line(s) 99,107,115 com/mopub/mobileads/GooglePlayServicesInterstitial.java, line(s) 42,64,72,80,88,96 com/mopub/mobileads/GooglePlayServicesRewardedVideo.java, line(s) 79 com/mopub/mobileads/MoPubActivity.java, line(s) 33 com/mopub/mobileads/MraidActivity.java, line(s) 90 com/mopub/mobileads/RewardedMraidActivity.java, line(s) 42 com/mopub/mobileads/dfp/adapters/DownloadDrawablesAsync.java, line(s) 44 com/mopub/mobileads/dfp/adapters/MoPubAdapter.java, line(s) 92,121,134,145,172,183,191,430,371,305 com/mopub/mobileads/dfp/adapters/MoPubNativeAppInstallAdMapper.java, line(s) 113 com/mopub/mraid/MraidController.java, line(s) 344 com/mopub/nativeads/GooglePlayServicesAdRenderer.java, line(s) 42,65,88,228 com/mopub/nativeads/GooglePlayServicesNative.java, line(s) 35,194,209 com/mopub/network/MultiAdResponse.java, line(s) 80 com/mopub/volley/CacheDispatcher.java, line(s) 173,180,49,155,37,132,147 com/mopub/volley/NetworkDispatcher.java, line(s) 45,62 com/mopub/volley/Request.java, line(s) 152,157 com/mopub/volley/VolleyLog.java, line(s) 27,101,104,31,35,114,11,17,22,39,43 com/mopub/volley/toolbox/BasicNetwork.java, line(s) 165,102,196,218,229 com/mopub/volley/toolbox/DiskBasedCache.java, line(s) 58,73,82,143,155,165,194,308,94,183,203 com/mopub/volley/toolbox/HttpHeaderParser.java, line(s) 103 com/mopub/volley/toolbox/ImageRequest.java, line(s) 98 com/mopub/volley/toolbox/JsonRequest.java, line(s) 75 com/my/target/ae.java, line(s) 13,22,30 com/my/target/iw.java, line(s) 107,174 com/my/tracker/obfuscated/e.java, line(s) 14,23,40,49,57 com/onesignal/AndroidSupportV4Compat.java, line(s) 20 com/onesignal/JobIntentService.java, line(s) 187,189,237 com/onesignal/OneSignal.java, line(s) 771,777,800,773,769,775 com/onesignal/shortcutbadger/ShortcutBadger.java, line(s) 62 com/pgl/sys/a/b.java, line(s) 33 com/pgl/sys/ces/b.java, line(s) 253 com/shockwave/pdfium/PdfiumCore.java, line(s) 141,145 com/startapp/a/a/e/d.java, line(s) 25 com/startapp/android/publish/ads/splash/c.java, line(s) 232 com/startapp/android/publish/ads/video/h.java, line(s) 67,94 com/startapp/android/publish/adsCommon/Utils/i.java, line(s) 190,390 com/startapp/android/publish/adsCommon/m.java, line(s) 105 com/startapp/common/a/g.java, line(s) 59,70,63,55,65 com/startapp/common/b.java, line(s) 148,153,160,164,180,190 com/tappx/a/a6.java, line(s) 20,16,24,12,29 com/tappx/sdk/adapters/AdmobBannerAdapter.java, line(s) 184,72,181 com/tappx/sdk/adapters/AdmobInterstitialAdapter.java, line(s) 61,67,166,169 com/tappx/sdk/android/MopubBannerAdapter.java, line(s) 106,69,75,116 com/tappx/sdk/android/MopubInterstitialAdapter.java, line(s) 90,64,70,102 com/truenet/android/TrueNetSDK.java, line(s) 80,316,351,459,256 com/truenet/android/a/a.java, line(s) 42,55 com/truenet/android/a/g.java, line(s) 50,63,127,148 com/truenet/android/a/i.java, line(s) 61 com/truenet/android/b.java, line(s) 140,392,407 com/unity3d/ads/UnityAds.java, line(s) 241,243 com/unity3d/ads/UnityAdsBaseOptions.java, line(s) 18 com/unity3d/ads/metadata/InAppPurchaseMetaData.java, line(s) 62,77,81 com/unity3d/ads/metadata/MetaData.java, line(s) 73,82 com/unity3d/services/UnityServices.java, line(s) 27,72,78,87,100,117,109,111,125,44 com/unity3d/services/ads/UnityAdsImplementation.java, line(s) 44,162 com/unity3d/services/ads/adunit/AdUnitActivity.java, line(s) 431,433,53,116,138,160,183,221,352,397,457,188 com/unity3d/services/ads/adunit/VideoPlayerHandler.java, line(s) 33,51 com/unity3d/services/ads/api/AdUnit.java, line(s) 78,81,84,87,110,424,430,482,486,491,495,101,114,119,124,156,246,338,354,383,390 com/unity3d/services/ads/api/VideoPlayer.java, line(s) 57,75,93,111,129,165 com/unity3d/services/ads/api/WebPlayer.java, line(s) 133 com/unity3d/services/ads/configuration/AdsModuleConfiguration.java, line(s) 55,66,74 com/unity3d/services/ads/gmascar/adapters/ScarAdapterFactory.java, line(s) 24 com/unity3d/services/ads/gmascar/bridges/AdapterStatusBridge.java, line(s) 25,34 com/unity3d/services/ads/gmascar/bridges/GenericBridge.java, line(s) 36,43,62,78,90,96,103,109 com/unity3d/services/ads/gmascar/bridges/InitializeListenerBridge.java, line(s) 25,48 com/unity3d/services/ads/gmascar/bridges/MobileAdsBridge.java, line(s) 23 com/unity3d/services/ads/gmascar/finder/GMAInitializer.java, line(s) 50 com/unity3d/services/ads/gmascar/finder/ScarVersionFinder.java, line(s) 33 com/unity3d/services/ads/video/VideoPlayerView.java, line(s) 47,79,94,137,143,196,207,234 com/unity3d/services/ads/webplayer/WebPlayerView.java, line(s) 64,165,202,206,299,311,322,334,353,415 com/unity3d/services/ar/ARUtils.java, line(s) 68,88,107 com/unity3d/services/ar/view/ARView.java, line(s) 195,273,99,115,238,325,330,338,355 com/unity3d/services/ar/view/GLSurfaceView.java, line(s) 269,283,455,1041,532,724 com/unity3d/services/ar/view/ShaderLoader.java, line(s) 16,28 com/unity3d/services/banners/BannerView.java, line(s) 109 com/unity3d/services/banners/UnityBanners.java, line(s) 140 com/unity3d/services/core/api/Cache.java, line(s) 180,194,46,116,133,160,199,209 com/unity3d/services/core/api/DeviceInfo.java, line(s) 230,253,271,324,331,361,533 com/unity3d/services/core/api/Intent.java, line(s) 88,106,130,166,180 com/unity3d/services/core/api/Request.java, line(s) 33,45,63,75,92,104 com/unity3d/services/core/api/Sdk.java, line(s) 15,39,84,96,66,78,72 com/unity3d/services/core/broadcast/BroadcastEventReceiver.java, line(s) 36 com/unity3d/services/core/cache/CacheDirectory.java, line(s) 41,45,52,90,94,100,103,112,114,34,55,117 com/unity3d/services/core/cache/CacheThread.java, line(s) 29 com/unity3d/services/core/cache/CacheThreadHandler.java, line(s) 47,147,150,154,627,630,634,260,335,347,368,392,413,437,458,482,503,527,548,572,593 com/unity3d/services/core/configuration/Configuration.java, line(s) 193 com/unity3d/services/core/configuration/EnvironmentCheck.java, line(s) 21,40,24,27,30,33,43 com/unity3d/services/core/configuration/InitializationNotificationCenter.java, line(s) 66 com/unity3d/services/core/configuration/InitializeThread.java, line(s) 124,137,163,311,326,407,511,523,543,41,50,380,415,418,458,497,547,610,704,274,318,354,682 com/unity3d/services/core/connectivity/ConnectivityMonitor.java, line(s) 113,130,157,102,149 com/unity3d/services/core/device/AdvertisingId.java, line(s) 177,49,59 com/unity3d/services/core/device/Device.java, line(s) 73,303,308,318,327,356,372,381,445,552,562,575,111 com/unity3d/services/core/device/OpenAdvertisingId.java, line(s) 168,57,64 com/unity3d/services/core/device/Storage.java, line(s) 36,40,70 com/unity3d/services/core/log/DeviceLog.java, line(s) 180,220,227 com/unity3d/services/core/misc/JsonStorage.java, line(s) 60,54,63,71,83,119,139,157,163 com/unity3d/services/core/misc/Utilities.java, line(s) 136,46,67,106,112,117,130 com/unity3d/services/core/misc/ViewUtilities.java, line(s) 18,27 com/unity3d/services/core/preferences/AndroidPreferences.java, line(s) 19,31,43,55,67 com/unity3d/services/core/properties/ClientProperties.java, line(s) 68,87,99,101 com/unity3d/services/core/properties/SdkProperties.java, line(s) 197,199 com/unity3d/services/core/request/SDKMetrics.java, line(s) 19,29,44,73,77,81,97,100,102 com/unity3d/services/core/request/WebRequest.java, line(s) 264,152,158,167 com/unity3d/services/core/request/WebRequestRunnable.java, line(s) 35,39,82 com/unity3d/services/core/request/WebRequestThread.java, line(s) 46,152,166 com/unity3d/services/core/sensorinfo/SensorInfoListener.java, line(s) 54 com/unity3d/services/core/webview/WebView.java, line(s) 81,29,107,111 com/unity3d/services/core/webview/WebViewApp.java, line(s) 131,137,158,187,350,355,391,150,180,223,264,279,286,291,335,363,366,369,384 com/unity3d/services/core/webview/bridge/Invocation.java, line(s) 49 com/unity3d/services/core/webview/bridge/NativeCallback.java, line(s) 40 com/unity3d/services/core/webview/bridge/WebViewBridge.java, line(s) 99 com/unity3d/services/core/webview/bridge/WebViewBridgeInterface.java, line(s) 11,27 com/unity3d/services/core/webview/bridge/WebViewCallback.java, line(s) 56 com/unity3d/services/monetization/UnityMonetization.java, line(s) 46 com/unity3d/services/monetization/core/utilities/JSONUtilities.java, line(s) 24,36,55 com/unity3d/services/monetization/placementcontent/core/PlacementContent.java, line(s) 51,64 com/unity3d/services/purchasing/core/TransactionDetailsUtilities.java, line(s) 27 com/unity3d/services/purchasing/core/TransactionErrorDetailsUtilities.java, line(s) 23 com/unity3d/services/purchasing/core/api/CustomPurchasing.java, line(s) 62 com/unity3d/services/store/StoreBilling.java, line(s) 60,24,27,31,35 com/yandex/metrica/impl/bo.java, line(s) 36 com/yandex/metrica/impl/ob/en.java, line(s) 103,112,148,153,158,168 com/yandex/metrica/impl/ob/eu.java, line(s) 38 com/yandex/metrica/impl/ob/fh.java, line(s) 52,64,76,105,114,117 io/bidmachine/Debugger.java, line(s) 31,59 io/bidmachine/ads/networks/mraid/MraidAdapter.java, line(s) 26 io/bidmachine/ads/networks/vast/VastAdapter.java, line(s) 24 io/bidmachine/core/Logger.java, line(s) 113,111,118 io/bidmachine/nativead/utils/NoSSLv3SocketFactory.java, line(s) 80,82 org/altbeacon/beacon/BeaconParser.java, line(s) 51 org/altbeacon/beacon/logging/InfoAndroidLogger.java, line(s) 27,32,12,17,22 org/altbeacon/beacon/logging/VerboseAndroidLogger.java, line(s) 8,28,33,13,18,23 org/altbeacon/beacon/logging/WarningAndroidLogger.java, line(s) 26,31,16,21 org/altbeacon/beacon/service/ScanState.java, line(s) 110 rx/plugins/RxJavaHooks.java, line(s) 147
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/appodeal/ads/DeviceData.java, line(s) 64 com/appodeal/ads/ai.java, line(s) 162 com/appodeal/ads/aj.java, line(s) 313,313,313,313,313 com/appodeal/ads/services/crash_hunter/internal/c.java, line(s) 78 com/my/target/fa.java, line(s) 489,491,491,491,491,491,491 com/my/tracker/obfuscated/y.java, line(s) 74,77,77,77,77,77,77 com/startapp/android/b/a.java, line(s) 33 com/startapp/android/b/c.java, line(s) 38,22,26,26,54,26,26,26,26 com/yandex/metrica/impl/am.java, line(s) 24 io/bidmachine/DeviceInfo.java, line(s) 104,92,92,92,92,92,85 io/bidmachine/DeviceParams.java, line(s) 122
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/yandex/metrica/impl/ob/fc.java, line(s) 23,22,21,21 com/yandex/metrica/impl/ob/fg.java, line(s) 46,42,44,44
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.linkedin.com) 通信。
{'ip': '180.163.151.38', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (pagead2.googlesyndication.com) 通信。
{'ip': '180.163.151.38', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (itunes.apple.com) 通信。
{'ip': '115.223.12.192', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '温州', 'latitude': '27.999420', 'longitude': '120.666817'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (config.unityads.unitychina.cn) 通信。
{'ip': '61.170.84.221', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (m.mradx.net) 通信。
{'ip': '103.70.1.86', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}