安全分析报告:
安全分数
安全分数 41/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
2
用户/设备跟踪器
调研结果
高危
7
中危
15
信息
1
安全
2
关注
13
高危 应用程序存在Janus漏洞
应用程序使用了v1签名方案进行签名,如果只使用v1签名方案,那么它就容易受到安卓5.0-8.0上的Janus漏洞的攻击。在安卓5.0-7.0上运行的使用了v1签名方案的应用程序,以及同时使用了v2/v3签名方案的应用程序也同样存在漏洞。
高危 WebView域控制不严格漏洞
WebView域控制不严格漏洞 Files: com/anythink/expressad/atsignalcommon/base/BaseWebView.java, line(s) 97,93 com/anythink/expressad/foundation/webview/BrowserView.java, line(s) 173,169 com/bar/shift/html/activity/FullGameActivity.java, line(s) 107,98 com/bar/shift/html/view/HtmlView.java, line(s) 17,15 com/kwad/components/ad/i/b.java, line(s) 96,96 com/kwad/components/ad/splashscreen/b/n.java, line(s) 61,61 com/kwad/components/core/page/c.java, line(s) 137,137
高危 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: b/b/a/k/a/c.java, line(s) 220,219 com/bar/shift/html/activity/FullGameActivity.java, line(s) 40,38
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/anythink/core/basead/ui/web/BaseWebView.java, line(s) 34,88,8 com/anythink/expressad/a/g.java, line(s) 250,15,16 com/anythink/expressad/advanced/js/NativeAdvancedExpandDialog.java, line(s) 83,14 com/anythink/expressad/atsignalcommon/base/BaseWebView.java, line(s) 45,12,13 com/anythink/expressad/mbbanner/a/a/b.java, line(s) 83,14 com/anythink/expressad/mbbanner/a/d/c.java, line(s) 253,956,14 com/anythink/expressad/splash/js/SplashExpandDialog.java, line(s) 84,14 com/anythink/expressad/video/bt/module/AnythinkBTWebView.java, line(s) 370,13 com/anythink/expressad/video/module/AnythinkAlertWebview.java, line(s) 90,6 com/anythink/expressad/video/module/AnythinkH5EndCardView.java, line(s) 695,17
高危 应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文
应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode Files: com/kwad/sdk/core/a/b.java, line(s) 22
高危 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: b/k/a/a/h/i.java, line(s) 11 com/anythink/core/common/k/p.java, line(s) 12 com/kwad/sdk/api/loader/u.java, line(s) 41,48 com/kwad/sdk/utils/az.java, line(s) 181
高危 Malicious domain found - da.anythinktech.com
{'ip': '47.115.0.205', 'country_short': 'CN', 'country_long': 'China', 'region': 'Guangdong', 'city': 'Shenzhen', 'latitude': '22.545540', 'longitude': '114.068298'}
中危 应用程序可以安装在有漏洞的已更新 Android 版本上
Android 5.0-5.0.2, [minSdk=21] 该应用程序可以安装在具有多个未修复漏洞的旧版本 Android 上。这些设备不会从 Google 接收合理的安全更新。支持 Android 版本 => 10、API 29 以接收合理的安全更新。
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 Broadcast Receiver (com.bar.shift.reward.service.MammonReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: b/b/a/m/c.java, line(s) 44,50,51 b/b/a/q/a/a.java, line(s) 50,54,55 b/f/a/b/d.java, line(s) 26 b/g/a/s0/h.java, line(s) 575,575 com/anythink/china/common/c/b.java, line(s) 23,35,46,59,61,93 com/anythink/core/common/b/m.java, line(s) 287,1134 com/anythink/core/common/k/j.java, line(s) 16,25,33,53,57,59 com/anythink/expressad/foundation/g/a.java, line(s) 205 com/anythink/expressad/foundation/h/q.java, line(s) 54,62,119,183,207 com/ksad/download/DownloadTask.java, line(s) 278 com/kuaishou/weapon/p0/bf.java, line(s) 103 com/kuaishou/weapon/p0/bk.java, line(s) 77,77,86,86 com/kuaishou/weapon/p0/bl.java, line(s) 47,48 com/kuaishou/weapon/p0/ci.java, line(s) 183 com/kwad/components/core/c/a.java, line(s) 45 com/kwad/sdk/api/core/fragment/FileProvider.java, line(s) 218 com/kwad/sdk/collector/b.java, line(s) 20 com/kwad/sdk/collector/j.java, line(s) 29 com/kwad/sdk/crash/kwai/a.java, line(s) 17 com/kwad/sdk/crash/utils/f.java, line(s) 204,204 com/kwad/sdk/utils/aj.java, line(s) 97 com/kwad/sdk/utils/au.java, line(s) 28,13 com/kwad/sdk/utils/bc.java, line(s) 671 com/kwad/sdk/utils/n.java, line(s) 52 com/qq/e/comm/GDTFileProvider.java, line(s) 148,146 com/yxcorp/kuaishou/addfp/android/b/b.java, line(s) 30
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: b/b/a/s/b.java, line(s) 50 b/k/a/a/g/a.java, line(s) 8 com/anythink/basead/d/h.java, line(s) 23 com/anythink/basead/ui/BaseAdView.java, line(s) 17 com/anythink/basead/ui/BaseScreenAdView.java, line(s) 29 com/anythink/china/api/ATChinaSDKHandler.java, line(s) 11 com/anythink/china/common/d.java, line(s) 9 com/anythink/core/common/b/m.java, line(s) 53 com/anythink/core/common/f.java, line(s) 28 com/anythink/core/common/k/g.java, line(s) 19 com/anythink/expressad/advanced/d/d.java, line(s) 5 com/anythink/expressad/mbbanner/a/c/e.java, line(s) 5 com/anythink/expressad/splash/d/d.java, line(s) 6 com/anythink/expressad/video/bt/module/AnythinkBTContainer.java, line(s) 37 com/anythink/expressad/videocommon/e/d.java, line(s) 10 com/efs/sdk/base/core/a/c.java, line(s) 11 com/efs/sdk/base/core/config/a/c.java, line(s) 18 com/efs/sdk/base/core/util/b.java, line(s) 11 com/efs/sdk/base/newsharedpreferences/SharedPreferencesNewImpl.java, line(s) 26 com/efs/sdk/launch/LaunchConfigManager.java, line(s) 10 com/efs/sdk/pa/config/ConfigManager.java, line(s) 9 com/kuaishou/weapon/p0/cz.java, line(s) 6 com/kuaishou/weapon/p0/r.java, line(s) 24 com/kwad/sdk/b.java, line(s) 6 com/kwad/sdk/core/download/a.java, line(s) 38 com/kwad/sdk/core/g/d.java, line(s) 11 com/kwad/sdk/core/network/a/d.java, line(s) 12 com/kwad/sdk/core/network/idc/a.java, line(s) 17 com/kwad/sdk/core/report/o.java, line(s) 19 com/kwad/sdk/core/response/a/b.java, line(s) 14 com/kwad/sdk/crash/online/monitor/block/e.java, line(s) 3 com/kwad/sdk/ip/direct/a.java, line(s) 17 com/kwad/sdk/utils/bc.java, line(s) 44 com/uc/crashsdk/e.java, line(s) 55
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: b/f/a/b/e/c.java, line(s) 12,19 b/f/a/b/e/d.java, line(s) 61 b/g/a/s0/h.java, line(s) 290 b/i/f.java, line(s) 285 b/k/a/a/h/f.java, line(s) 10 com/anythink/core/common/k/f.java, line(s) 13,31,49 com/anythink/expressad/foundation/h/k.java, line(s) 17 com/anythink/expressad/foundation/h/o.java, line(s) 18,37,99 com/efs/sdk/base/core/util/c/b.java, line(s) 30 com/kuaishou/weapon/p0/f.java, line(s) 23,64,89,114 com/kwad/sdk/api/loader/t.java, line(s) 26 com/kwad/sdk/core/diskcache/a/c.java, line(s) 11 com/kwad/sdk/core/imageloader/cache/disc/naming/Md5FileNameGenerator.java, line(s) 13 com/kwad/sdk/utils/a.java, line(s) 43 com/kwad/sdk/utils/ac.java, line(s) 17,72 com/kwai/filedownloader/e/f.java, line(s) 242 com/kwai/sodler/lib/d/b.java, line(s) 20 com/qq/e/comm/managers/plugin/b.java, line(s) 76 com/qq/e/comm/managers/plugin/c.java, line(s) 82 com/uc/crashsdk/a/g.java, line(s) 235
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/bar/shift/html/activity/FullGameActivity.java, line(s) 132,99
中危 IP地址泄露
IP地址泄露 Files: com/anythink/expressad/advanced/view/a.java, line(s) 49 com/anythink/expressad/foundation/g/f/g/b.java, line(s) 49,58,116,125,166,175,38,61,105,128,153,180 com/anythink/network/gdt/BuildConfig.java, line(s) 9 com/anythink/network/kuaishou/BuildConfig.java, line(s) 9 com/kwad/components/core/offline/init/kwai/d.java, line(s) 115 com/kwad/components/offline/adLive/a.java, line(s) 88 com/kwad/components/offline/tk/a/a.java, line(s) 100 com/kwad/components/offline/tk/b.java, line(s) 120 com/kwad/sdk/core/videocache/f.java, line(s) 91,95,187 com/uc/crashsdk/a/d.java, line(s) 64 com/uc/crashsdk/a/h.java, line(s) 145 com/uc/crashsdk/e.java, line(s) 1704
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: b/c/a/n/e.java, line(s) 84 b/c/a/n/k/c.java, line(s) 39 b/c/a/n/k/n.java, line(s) 94 b/c/a/n/k/u.java, line(s) 74 com/anythink/core/api/ATAdConst.java, line(s) 91 com/anythink/expressad/foundation/d/r.java, line(s) 479,501,519,551,578,594,628,709,335 com/anythink/nativead/unitgroup/api/CustomNativeAd.java, line(s) 14 com/efs/sdk/base/Constants.java, line(s) 14 com/efs/sdk/pa/a/c.java, line(s) 109,88 com/kwad/sdk/api/core/RequestParamsUtils.java, line(s) 5 com/kwad/sdk/core/network/d.java, line(s) 11 com/qq/e/comm/constants/Constants.java, line(s) 7 com/qq/e/comm/managers/setting/GlobalSetting.java, line(s) 12 com/qq/e/comm/pi/ACTD.java, line(s) 7,8
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: b/g/a/j0/d.java, line(s) 5,111 b/g/a/j0/e.java, line(s) 5,6,18 com/anythink/basead/b/b.java, line(s) 4,5,45 com/anythink/core/common/c/c.java, line(s) 4,33 com/anythink/expressad/foundation/c/c.java, line(s) 4,26 com/kuaishou/weapon/p0/t.java, line(s) 6,7,52 com/kwad/components/core/b/a.java, line(s) 5,6,7,116 com/kwad/sdk/core/report/c.java, line(s) 4,5,18 com/kwad/sdk/core/report/d.java, line(s) 5,90 com/kwad/sdk/core/videocache/c/a.java, line(s) 6,7,72 com/kwai/filedownloader/a/d.java, line(s) 5,6,7,153 com/kwai/filedownloader/a/e.java, line(s) 4,5,13 com/tramini/plugin/a/b.java, line(s) 8,9,258
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: XI/K0/XI/XI.java, line(s) 75 c/a/a/a/a/a.java, line(s) 164 com/anythink/china/a/a/g.java, line(s) 71 com/kwad/sdk/core/f/kwai/f.java, line(s) 41 com/kwad/sdk/utils/ac.java, line(s) 60
中危 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/kuaishou/weapon/p0/an.java, line(s) 157 com/kwad/sdk/utils/n.java, line(s) 134,152,209,134
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/kwai/sodler/lib/c.java, line(s) 155
中危 应用程序包含隐私跟踪程序
此应用程序有多个2隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "anythink_myoffer_feedback_violation_of_laws" : "违规违法" "dyStrategy.privateAddress" : "privateAddress" "anythink_myoffer_feedback_violation_of_laws" : "Illegal" 55ecca97822a39bc4b276d645ad35c09 e43929c76e20f091def8fe0579d16adc ZGUucm9idi5hbmRyb2lkLnhwb3NlZC5pbnN0YWxsZXI= 644a9dacce49b4c3226f5129267c0dad f118f1f9431de3a626df48d7302911 aW8udmlydHVhbGFwcC5zYW5kdnhwb3NlZDMy Y29tLnRlbmNlbnQubWF0cml4Lk1hdHJpeA== 2711ba35c7345099edcc3f4526e0b59d 4a5bc9a30d53edd85d5dcc58905afb0d d278819f65940c10a8b7313bf606bfff MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKta2b5Vw5YkWHCAj4rJCwS227 b60d5c17b0cc4aa03e8180bc5cedaf3d Y2F0IC9wcm9jL3N5cy9rZXJuZWwvcmFuZG9tL2Jvb3RfaWQ= 40eb0d1d346cab7ced4d02a3065b7a94 40f3b3b81340519f51bfc19cb9ea2284 9798330679c11734503264cdfb118e76 Y29tLnRlbmNlbnQubWF0cml4LnBsdWdpbi5QbHVnaW5MaXN0ZW5lcg== ebb56fa9c5701350497e281c2446660f 69828b232bd1c06552a81870a5d5e465 dG9wLm5pdW5haWp1bi5ibGFja2JveGEzMg== db892c7b72a9636667bfc8ea7e9df0bc 31f065607e6da6b741330d1df0b35460 76308532f64b68fd5a930c42cceec22b Y2F0IC9zeXMvZGV2aWNlcy9zb2MwL3NlcmlhbF9udW1iZXI= WebKitFormBoundaryP0Rfzlf32iRoMhmb r/35FZ29e4I6pS2B8zSq2RgBpXUuMg7oZF1Qt3x0iyg8PeyblyNeCRB6gIMehFThe ZE1XbmhiZXlLcjBKSXZMTk94M0JGa0V1bWw5Mlk1ZmpTcUdUN1I4cFpWY2lQSEFzdEM0VVhhNlFEdzFnb3orLw== f5d9ed20ecd348d291dc742508036c00 005c29f4f5c26b21923dce9b72a0fc8d 71a9baa45905a6f0e527e5a2e06e8808 dWsuZGlnaXRhbHNxdWlkLm5ldHNwb29mZXI= Y29tLnhpYW9taS5tYXJrZXQuRE1fUEFHRV9PUEVORUQ= Y29tLnVuaXF1ZS5tb2JpbGVmYWtlcg== Y29tLnRlbmNlbnQubWF0cml4LnRyYWNlLmNvcmUuTG9vcGVyTW9uaXRvcg== c66bf3f78bd997bbd5b6e5038a23dff6 6ca7958ee0b0192a7c52c16faffaa8ba e0f9628529f23e1928c8d3f61634c8f2 cbed106d3241121e1ccb6a8bc152d53e b48f51dc240ddd4ffb5d8c75a5c5c820 8674972563d49769d5d9a64744ac5749 b9c0eff152a62bd5062844255107f3e0 9f22c0987957bb7abb016726b088ad78 b8ae143a7f66bd1fa8acac1f65402c0c YW5kcm9pZC5hcHAuQWN0aXZpdHlUYXNrTWFuYWdlcg== f12536c198aee4d8198aad2300827430 Y1dRJlUS0ggA8rDIzmTuSb18fETpsUSliIb8eUc8Cs7Tg08T72W0GoR0htlL8mwiuorXs9F6RhwIlueUNq7egw== B92825C2BD5D6D6D1E7F39EECD17843B7D9016F611136B75441BC6F4D3F00F05 aW8udmlydHVhbGFwcC5zYW5kdnhwb3NlZDY0 03f870871950c148387b251894ed3e88 eff11bebb8a3c872fa30b0484b460d12 Y29tLnhpYW9taS5tYXJrZXQuRElSRUNUX01BSUxfU1RBVFVT 601b51116a2a470e8fa2847b 8f2f54c08600aa25915617fa1371441b SUFjdGl2aXR5VGFza01hbmFnZXJTaW5nbGV0b24= YW5kcm9pZC5hcHAuQWN0aXZpdHlNYW5hZ2VyTmF0aXZl 2c6f402c6a565d2e6912b0013fa59380 d2c9607f3ddbbefe6914f1e94e8c53ff 09a2c11101651aa5e866979ad43f3df0 310fad205107df839a5026968c232766 f118f1e84f0bf5ba3bd1579c6d35 Y29tLm1ldGFzcGxvaXQuc3RhZ2U= dcd68cd059cb06a9596ba6839c2e8858 e3fdbf82716c2cb9b666a3880ab94003 OTUzc3E1N0w5NTIzMW80OUQxMGo3R1dFa0ZiandHT0w= ec3e4937f3c114dd36ed0cbd10585d22 7cb16c2840085bbdf4be628e6604bac1 Y29tLnhpYW9taS5tYXJrZXQuRE1fUEFHRV9DTE9TRUQ= Y29udGVudDovL2NvbS54aWFvbWkubWFya2V0LnByb3ZpZGVyLkRpcmVjdE1haWxQcm92aWRlcg== Y1dRJlUS0ggA8rDIzmTuSdNPHbegnkXofklx4RRLaYJoK5uDjDZ2N7h9QqyTv9Qg b496f2beb340c9b0065ce3f825109f1c
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: b/b/a/s/d.java, line(s) 9,15,27,21,33 b/c/a/m/d.java, line(s) 87,118,86,117 b/c/a/m/f.java, line(s) 536,553,568,534,551,566,723,732 b/c/a/n/j/b.java, line(s) 47,46 b/c/a/n/j/j.java, line(s) 50,146,49,145,149,154,161,158,162 b/c/a/n/j/l.java, line(s) 48,47 b/c/a/n/j/o/c.java, line(s) 108,107 b/c/a/n/j/o/e.java, line(s) 77,76 b/c/a/n/k/a0/a.java, line(s) 86,85 b/c/a/n/k/g.java, line(s) 52,53 b/c/a/n/k/i.java, line(s) 28,188 b/c/a/n/k/w.java, line(s) 33,34 b/c/a/n/k/x/j.java, line(s) 108,146,109,147 b/c/a/n/k/x/k.java, line(s) 129,172,183,195,90,128,138,161,171,182,194,217,224,96,139,218,225,162 b/c/a/n/k/y/e.java, line(s) 58,64,93,103,116,127,59,94,65,104,117,128 b/c/a/n/k/y/l.java, line(s) 165,149 b/c/a/n/k/z/a.java, line(s) 91,88 b/c/a/n/k/z/b.java, line(s) 40,39 b/c/a/n/l/c.java, line(s) 18,17 b/c/a/n/l/d.java, line(s) 42,41 b/c/a/n/l/f.java, line(s) 100,99 b/c/a/n/l/s.java, line(s) 98,99 b/c/a/n/l/t.java, line(s) 37,36 b/c/a/n/m/c/b0.java, line(s) 124,123 b/c/a/n/m/c/e.java, line(s) 68,67,84,85 b/c/a/n/m/c/m.java, line(s) 190,197,277,287,299,311,329,333,338,347,350,355,366,373,189,196,276,286,298,310,328,332,337,346,349,354,365,372 b/c/a/n/m/c/n.java, line(s) 82,105,278,81,104,184,224,240,277,185,225,354 b/c/a/n/m/c/o.java, line(s) 43,48,44,49 b/c/a/n/m/c/s.java, line(s) 41,42 b/c/a/n/m/c/y.java, line(s) 288,110,115,159,168,175,287,111,116,160,169,176,177,178,182 b/c/a/n/m/g/a.java, line(s) 73,78,83,92,74,79,84,93 b/c/a/n/m/g/d.java, line(s) 24,25 b/c/a/n/m/g/j.java, line(s) 38,39 b/c/a/o/e.java, line(s) 32,31,54,73,55,74 b/c/a/o/f.java, line(s) 17,16 b/c/a/o/k.java, line(s) 154,155 b/c/a/o/l.java, line(s) 249,250,258 b/c/a/o/n.java, line(s) 106,107 b/c/a/o/o.java, line(s) 146,147 b/c/a/p/e.java, line(s) 50,57,68,73,49,56,61,67,72,62 b/c/a/r/k/f.java, line(s) 70,111,112,71 b/c/a/r/k/r.java, line(s) 69,110,111,70 b/c/a/s/a.java, line(s) 22 b/c/a/t/c.java, line(s) 46,45 b/c/a/t/n/a.java, line(s) 54,55 b/e/a/b/b/h.java, line(s) 65 b/e/a/b/r/d.java, line(s) 25,35 b/e/a/b/u/d.java, line(s) 149,181 b/f/a/b/c.java, line(s) 25,32,16,27,23,29 c/a/b/b/a/b.java, line(s) 25,45 c/a/b/c/a/b.java, line(s) 44 c/a/b/c/a/c.java, line(s) 158,58,170,178 c/a/b/c/a/d.java, line(s) 24 com/anythink/banner/api/ATBannerView.java, line(s) 311,325,332,464 com/anythink/basead/a/c.java, line(s) 522 com/anythink/basead/d/h.java, line(s) 336,339 com/anythink/basead/ui/BaseAdActivity.java, line(s) 83,92,144,373 com/anythink/basead/ui/MediaAdView.java, line(s) 130 com/anythink/basead/ui/SinglePictureSplashAdView.java, line(s) 88,93 com/anythink/china/api/ATChinaSDKHandler.java, line(s) 54 com/anythink/china/common/a.java, line(s) 242,276,281,91,211,502,547,675,687,742,752,764,777,788,806,833,840,847,859 com/anythink/china/common/a/a.java, line(s) 637,640 com/anythink/china/common/d.java, line(s) 29 com/anythink/core/activity/component/PrivacyPolicyView.java, line(s) 56,71,99,108,114 com/anythink/core/api/ATSDK.java, line(s) 149,151,214 com/anythink/core/b/a.java, line(s) 116 com/anythink/core/b/d.java, line(s) 109 com/anythink/core/b/h.java, line(s) 70 com/anythink/core/basead/ui/web/a.java, line(s) 82 com/anythink/core/c/e.java, line(s) 104,313 com/anythink/core/common/b/b.java, line(s) 61,112 com/anythink/core/common/b/m.java, line(s) 588,593,596,783,827,860,902,953,994,1090,1279,1300,1312,1432,1475,1524,1613,124,125,129,133,250,491,494,796,798,810,812,825,829,835,858,900,951,992,1088,1305,1310,1356,1364,1365,1369,1376,1377,1378,1381,1385,1386,1387,1388,1389,1392,1394,1403,1404,1405,1430 com/anythink/core/common/e/a/b.java, line(s) 28 com/anythink/core/common/f.java, line(s) 108,252,129,141,167 com/anythink/core/common/h/d.java, line(s) 97,103 com/anythink/core/common/k/e.java, line(s) 22,52,40,70,28,58,16,46,34,64,78 com/anythink/core/common/k/g.java, line(s) 34,37,46,49,58,61,331 com/anythink/core/common/k/i.java, line(s) 14,25 com/anythink/core/common/k/n.java, line(s) 107,113,127 com/anythink/core/common/m.java, line(s) 157,162,169,173,189,199 com/anythink/expressad/a/h.java, line(s) 335 com/anythink/expressad/atsignalcommon/base/BaseWebView.java, line(s) 201 com/anythink/expressad/foundation/g/a/b.java, line(s) 18 com/anythink/expressad/foundation/g/c/d.java, line(s) 59 com/anythink/expressad/foundation/h/k.java, line(s) 19 com/anythink/expressad/foundation/h/n.java, line(s) 36,71,78,92,43,57,50,64,85,99,106 com/anythink/expressad/video/bt/module/ATTempContainer.java, line(s) 536,1672 com/anythink/expressad/video/dynview/endcard/cloudview/TagCloudView.java, line(s) 319 com/anythink/expressad/video/module/AnythinkBaseView.java, line(s) 144,156 com/anythink/expressad/widget/FeedbackRadioGroup.java, line(s) 61 com/anythink/interstitial/a/a.java, line(s) 57 com/anythink/interstitial/a/b.java, line(s) 77,151,154,158 com/anythink/interstitial/api/ATInterstitial.java, line(s) 200,205,216 com/anythink/nativead/api/ATNative.java, line(s) 83 com/anythink/nativead/api/ATNativeImageView.java, line(s) 40,48 com/anythink/nativead/api/NativeAd.java, line(s) 356,425,428,436,440,444,450,457,554,559,564,613,463 com/anythink/network/gdt/GDTATBiddingNotice.java, line(s) 66 com/anythink/network/gdt/GDTATInitManager.java, line(s) 127 com/anythink/network/gdt/GDTATInterstitialAdapter.java, line(s) 273 com/anythink/network/gdt/GDTATNativeAd.java, line(s) 50,315 com/anythink/network/gdt/GDTATSplashAdapter.java, line(s) 235 com/anythink/network/ks/KSATBiddingNotice.java, line(s) 41,99,104,114,124,134,144,154,164 com/anythink/network/ks/KSATInitManager.java, line(s) 68,119,120 com/anythink/network/ks/KSATNativeAd.java, line(s) 125 com/anythink/network/ks/KSATSplashAdapter.java, line(s) 204,260 com/anythink/network/ks/KSATSplashEyeAd.java, line(s) 78 com/anythink/rewardvideo/a/d.java, line(s) 71,77,161,165,174 com/anythink/rewardvideo/api/ATRewardVideoAd.java, line(s) 274,284,295 com/anythink/splashad/a/c.java, line(s) 237,301,328,363,386 com/anythink/splashad/api/ATSplashAd.java, line(s) 151,254,258,261,85 com/anythink/splashad/api/ATSplashSkipInfo.java, line(s) 19,24,27 com/bumptech/glide/Glide.java, line(s) 361,370,342,154,341,360,367,155 com/bumptech/glide/load/engine/DecodeJob.java, line(s) 233,247,620 com/bumptech/glide/load/engine/GlideException.java, line(s) 137 com/bumptech/glide/request/SingleRequest.java, line(s) 136,65,281,103 com/efs/sdk/base/core/util/d.java, line(s) 15,17,8,25,27 com/efs/sdk/base/newsharedpreferences/SharedPreferencesNewImpl.java, line(s) 876 com/efs/sdk/base/newsharedpreferences/SharedPreferencesUtils.java, line(s) 44 com/efs/sdk/launch/LaunchConfigManager.java, line(s) 73,77,89,92 com/efs/sdk/launch/LaunchManager.java, line(s) 38,49,53,85,97,110,117,128,141,148,159,172,183 com/efs/sdk/launch/b.java, line(s) 403,476,50,57,65,73,80,87,91,95,103,120,153,200,204,216,229,265,277,332,350,355,387,425,435,458 com/efs/sdk/pa/PAFactory.java, line(s) 83,86 com/efs/sdk/pa/a/a.java, line(s) 144 com/efs/sdk/pa/a/c.java, line(s) 88,109 com/efs/sdk/pa/a/f.java, line(s) 118 com/efs/sdk/pa/c.java, line(s) 36 com/efs/sdk/pa/config/ConfigManager.java, line(s) 52,55,59,61 com/kuaishou/weapon/p0/b.java, line(s) 41 com/kuaishou/weapon/p0/e.java, line(s) 43,81,48,84,40,79 com/kwad/components/ad/reward/presenter/a/b.java, line(s) 88,94 com/kwad/components/offline/adLive/a.java, line(s) 54,60,77 com/kwad/components/offline/adLive/kwai/a.java, line(s) 96,100 com/kwad/sdk/KsAdSDKImpl.java, line(s) 514,522,510,533 com/kwad/sdk/api/KsAdSDK.java, line(s) 219,103 com/kwad/sdk/api/loader/DynamicInstallReceiver.java, line(s) 23,30,38,44,49 com/kwad/sdk/api/loader/Wrapper.java, line(s) 119 com/kwad/sdk/api/loader/d.java, line(s) 35,41,56 com/kwad/sdk/api/proxy/KSLifecycleObserve.java, line(s) 49,61 com/kwad/sdk/core/e/a.java, line(s) 8,15,22,36,42,48,55 com/kwad/sdk/core/network/d.java, line(s) 38 com/kwad/sdk/glide/framesequence/FrameSequenceDrawable.java, line(s) 113 com/kwad/sdk/oaid/OADIDSDKHelper.java, line(s) 37,61,63,83,89 com/kwad/sdk/oaid/OADIDSDKHelper25.java, line(s) 37,62,64,87 com/kwad/sdk/utils/n.java, line(s) 153,210,214 com/kwad/sdk/widget/RatioFrameLayout.java, line(s) 34 com/kwai/sodler/lib/a.java, line(s) 6,10,14,18 com/kwai/sodler/lib/e.java, line(s) 59,65 com/kwai/sodler/lib/kwai/b/a.java, line(s) 165 com/kwai/sodler/lib/kwai/kwai/b.java, line(s) 25,48 com/netease/nis/sdkwrapper/Utils.java, line(s) 102 com/qq/e/comm/util/GDTLogger.java, line(s) 11,16,18,26,31,33 com/uc/crashsdk/a/a.java, line(s) 8,30,51,53,36,44,14,22 com/uc/crashsdk/b.java, line(s) 660
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/kwad/sdk/api/core/TLSConnectionUtils.java, line(s) 31,20,29,29 com/kwad/sdk/core/network/q.java, line(s) 31,20,29,29
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/anythink/china/b/b.java, line(s) 39,20,20,20,20,20 com/kuaishou/weapon/p0/ai.java, line(s) 149 com/kwad/sdk/utils/n.java, line(s) 86 com/uc/crashsdk/a/g.java, line(s) 146
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (da.anythinktech.com) 通信。
{'ip': '47.115.0.205', 'country_short': 'CN', 'country_long': 'China', 'region': 'Guangdong', 'city': 'Shenzhen', 'latitude': '22.545540', 'longitude': '114.068298'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (tk.anythinktech.com) 通信。
{'ip': '112.74.188.11', 'country_short': 'CN', 'country_long': 'China', 'region': 'Guangdong', 'city': 'Shenzhen', 'latitude': '22.545540', 'longitude': '114.068298'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (www.toponad.com) 通信。
{'ip': '42.192.176.82', 'country_short': 'CN', 'country_long': 'China', 'region': 'Beijing', 'city': 'Beijing', 'latitude': '39.907501', 'longitude': '116.397232'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (qq.ahaozhuan.com) 通信。
{'ip': '47.107.40.90', 'country_short': 'CN', 'country_long': 'China', 'region': 'Guangdong', 'city': 'Shenzhen', 'latitude': '22.545540', 'longitude': '114.068298'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (pitk.birdgesdk.com) 通信。
{'ip': '39.108.103.199', 'country_short': 'CN', 'country_long': 'China', 'region': 'Guangdong', 'city': 'Shenzhen', 'latitude': '22.545540', 'longitude': '114.068298'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (adx.anythinktech.com) 通信。
{'ip': '39.105.168.45', 'country_short': 'CN', 'country_long': 'China', 'region': 'Beijing', 'city': 'Beijing', 'latitude': '39.907501', 'longitude': '116.397232'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (cdn-adn-https.rayjump.com) 通信。
{'ip': '49.71.77.86', 'country_short': 'CN', 'country_long': 'China', 'region': 'Jiangsu', 'city': 'Yangzhou', 'latitude': '32.397221', 'longitude': '119.435829'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (api.anythinktech.com) 通信。
{'ip': '47.112.152.30', 'country_short': 'CN', 'country_long': 'China', 'region': 'Guangdong', 'city': 'Shenzhen', 'latitude': '22.545540', 'longitude': '114.068298'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (mores.toponad.com) 通信。
{'ip': '49.71.77.86', 'country_short': 'CN', 'country_long': 'China', 'region': 'Jiangsu', 'city': 'Yangzhou', 'latitude': '32.397221', 'longitude': '119.435829'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (apps.samsung.com) 通信。
{'ip': '49.79.233.19', 'country_short': 'CN', 'country_long': 'China', 'region': 'Jiangsu', 'city': 'Nantong', 'latitude': '32.030281', 'longitude': '120.874718'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (open.e.kuaishou.com) 通信。
{'ip': '58.215.85.78', 'country_short': 'CN', 'country_long': 'China', 'region': 'Jiangsu', 'city': 'Wuxi', 'latitude': '31.568871', 'longitude': '120.288567'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (static.yximgs.com) 通信。
{'ip': '58.222.37.130', 'country_short': 'CN', 'country_long': 'China', 'region': 'Jiangsu', 'city': 'Taizhou', 'latitude': '32.493328', 'longitude': '119.910629'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (aa.birdgesdk.com) 通信。
{'ip': '120.78.94.142', 'country_short': 'CN', 'country_long': 'China', 'region': 'Guangdong', 'city': 'Shenzhen', 'latitude': '22.545540', 'longitude': '114.068298'}