安全分析报告:
安全分数
安全分数 27/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
1
用户/设备跟踪器
调研结果
高危
23
中危
19
信息
3
安全
2
关注
11
高危 Activity (com.tencent.mm.ui.PasswordSettingActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.HomeActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.RegisterLoginActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.VideoListActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.MyUpdateActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.TagsVideoActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.VideoContentActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.ChatDetailActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.VideoChoiceActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.im.ChatActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.SelCoverTimeActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.workmanage.WorkManagerActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.VideoDetailPlayerActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.LoginActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.TagDetailListActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.SeeMorePlayerActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.alipay.sdk.app.PayResultActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.alipay.sdk.app.AlipayResultActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 WebView域控制不严格漏洞
WebView域控制不严格漏洞 Files: com/tencent/mm/ui/H5Activity.java, line(s) 183,175,176,177,178,179,180,181,182,183,186,187 com/tencent/mm/ui/WebViewActivity.java, line(s) 176,168,169,170,171,172,173,174,175,176,178,179 com/tencent/mm/ui/game/WebActivity.java, line(s) 320,314
高危 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
jaygoo/library/m3u8downloader/p/a.java, line(s) 20,34
高危 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: com/tencent/mm/ui/game/WebActivity.java, line(s) 54,52
高危 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: c/a/b/j/c.java, line(s) 86,104,93
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: c/a/c/a/a/a/a/c.java, line(s) 30,79
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Broadcast Receiver (com.tencent.mm.im.websocket.NotificationReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.tencent.mm.im.websocket.JWebSocketClientService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.tencent.mm.ui.H5Activity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.tencent.mm.ui.WebViewActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.alipay.sdk.app.PayResultActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.alipay.sdk.app.AlipayResultActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 高优先级的Intent (2147483647)
[android:priority] 通过设置一个比另一个Intent更高的优先级,应用程序有效地覆盖了其他请求。
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: c/e/a/b/d/c.java, line(s) 4,5,26 c/e/a/e/h.java, line(s) 5,6,29 com/danikula/videocache/v/a.java, line(s) 6,7,86 com/lzy/okgo/db/DBHelper.java, line(s) 4,5,32 com/lzy/okgo/db/DBUtils.java, line(s) 4,16 org/greenrobot/greendao/j/f.java, line(s) 5,62
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: c/a/c/a/a/b/b.java, line(s) 518,803,804 c/a/c/a/a/c/c.java, line(s) 12,24,28 c/b/a/a/i/d.java, line(s) 142,170 c/c/a/c.java, line(s) 54 c/e/c/a/d/b.java, line(s) 60 com/canking/minipay/d.java, line(s) 145 com/danikula/videocache/s.java, line(s) 17,34 com/fynnjason/utils/q.java, line(s) 82 com/github/mikephil/charting/charts/Chart.java, line(s) 302,349 com/jiajunhui/xapp/medialoader/g/e.java, line(s) 50 com/lxj/xpopup/e/c.java, line(s) 167 com/lzy/okgo/convert/FileConvert.java, line(s) 48,56 com/lzy/okserver/OkDownload.java, line(s) 130 com/sunfusheng/GlideAppMoudle.java, line(s) 68,69 com/tencent/mm/c.java, line(s) 55,53 com/tencent/mm/camera/stmobileapi/d.java, line(s) 178 com/tencent/mm/camera/stmobileapi/e.java, line(s) 93 com/tencent/mm/camera/utils/a.java, line(s) 13 com/tencent/mm/im/d/a.java, line(s) 30 com/tencent/mm/im/d/b.java, line(s) 16 com/tencent/mm/l/d.java, line(s) 33,34 com/tencent/mm/ui/LaunchActivity.java, line(s) 702,712 com/tencent/mm/ui/game/WebActivity.java, line(s) 241 com/tencent/mm/uitls/a0.java, line(s) 22,24 com/tencent/mm/uitls/d1.java, line(s) 28,49 com/tencent/mm/uitls/i.java, line(s) 71,80 com/tencent/mm/uitls/j0.java, line(s) 83,86,88,30,46,90 com/tencent/mm/uitls/l1.java, line(s) 74,75 com/tencent/mm/uitls/u1.java, line(s) 152 com/tencent/mm/uitls/y0.java, line(s) 78 com/tencent/mm/uitls/z.java, line(s) 19 com/vector/update_app/c.java, line(s) 200,210 com/watermark/androidwm/utils/a.java, line(s) 67 com/yalantis/ucrop/f/e.java, line(s) 123 jaygoo/library/m3u8downloader/f.java, line(s) 35 sj/keyboard/b.java, line(s) 14
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: c/e/a/b/e/b.java, line(s) 365 c/e/c/a/b/c.java, line(s) 43,102 c/e/c/a/d/a.java, line(s) 17 c/e/c/a/f/b/c.java, line(s) 74 com/danikula/videocache/p.java, line(s) 46 com/fynnjason/utils/d.java, line(s) 21 com/szcx/lib/encrypt/b.java, line(s) 13 com/szcx/lib/encrypt/e/a.java, line(s) 9 com/szcx/lib/encrypt/e/b.java, line(s) 21 com/szcx/lib/encrypt/e/c.java, line(s) 24 com/tencent/mm/uitls/l1.java, line(s) 133 com/tencent/mm/uitls/q1.java, line(s) 60 com/vector/update_app/f/d.java, line(s) 44 jaygoo/library/m3u8downloader/p/c.java, line(s) 9
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: c/a/b/d/b.java, line(s) 20 c/a/b/j/c.java, line(s) 8 c/e/a/b/e/b.java, line(s) 22 c/e/a/e/b.java, line(s) 8 com/lahm/library/j.java, line(s) 25 com/sackcentury/shinebuttonlib/ShineView.java, line(s) 16 com/scwang/smartrefresh/header/FunGameBattleCityHeader.java, line(s) 16 com/scwang/smartrefresh/header/TaurusHeader.java, line(s) 27 com/scwang/smartrefresh/header/b/a.java, line(s) 8 com/tencent/mm/e/f/b.java, line(s) 6 com/tencent/mm/uitls/q1.java, line(s) 12 com/tencent/mm/view/LikeView.java, line(s) 19 com/tencent/mm/view/LoveView.java, line(s) 16 com/tencent/mm/view/MusicalNoteLayout.java, line(s) 28 com/tencent/mm/view/ShortVideoPlayer.java, line(s) 21 com/tencent/qmsp/sdk/f/c.java, line(s) 6 com/vector/update_app/f/b.java, line(s) 6 f/b/n/b.java, line(s) 22 org/greenrobot/greendao/n/f.java, line(s) 7 q/rorbin/badgeview/b.java, line(s) 12
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/sun/jna/Native.java, line(s) 1043 com/tencent/mm/ui/RecordActivity.java, line(s) 629 org/junit/e/j.java, line(s) 17,73 org/nanohttpd/protocols/http/g/a.java, line(s) 16
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: c/a/c/a/a/a/a/b.java, line(s) 11 c/a/c/a/a/a/a/c.java, line(s) 29,78 c/a/c/a/a/a/b.java, line(s) 83 c/e/c/a/f/f/e.java, line(s) 108 com/tencent/mm/ui/LaunchActivity.java, line(s) 586 f/b/n/b.java, line(s) 180
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/lzy/okgo/cache/CacheEntity.java, line(s) 13,85 com/lzy/okgo/exception/CacheException.java, line(s) 15,11 com/tencent/mm/bean/AppStartBean.java, line(s) 114
中危 IP地址泄露
IP地址泄露 Files: com/danikula/videocache/i.java, line(s) 21 com/lahm/library/f.java, line(s) 96 com/lahm/library/i.java, line(s) 118 com/lahm/library/j.java, line(s) 47,200 org/nanohttpd/protocols/http/b.java, line(s) 610
中危 应用程序包含隐私跟踪程序
此应用程序有多个1隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "library_roundedimageview_authorWebsite" : "https://github.com/vinc3m1" ca3a2848d4e4417eb6ebfbffdc1f3212 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 c36e048e284c459686133e66a79e2eba f6221d5fb903924aa6bc0b9653415e4316318839 f30dd5f2f09c405c98e7eb6c06c89928 0000016742C00BDA259000000168CE0F13200000016588840DCE7118A0002FBF1C31C3275D78 04c9fb02a8c30ae84aa2f943e873af2d 75bc6c5227314e63bbfd5d9f0c5c28e4 63F06F99D823D33AAB89A0A93DECFEE0 9A04F079-9840-4286-AB92-E65BE0885F95 1aec3637270f465faae52713a7c191c8 6BBBBAAD-3430-406E-A937-F47917E51112 b6cbad6cbd5ed0d209afc69ad3b7a617efaae9b3c47eabe0be42d924936fa78c8001b1fd74b079e5ff9690061dacfa4768e981a526b9ca77156ca36251cf2f906d105481374998a7e6e6e18f75ca98b8ed2eaf86ff402c874cca0a263053f22237858206867d210020daa38c48b20cc9dfd82b44a51aeb5db459b22794e2d649 MjISMmVRV3NjVF1FSFBcUHkAc0NLB3dKe0YEWUZTS1RwcWh3IS0hHz8XCyMREQ== DQ0dDWk4aT5rOzs4OD00Pms/OjoyCjAhITEJKjIl ac655948c705413b8a63a7aaefd4cde9 e096db7c006958f226bc469c27237b65 A2B55680-6F43-11E0-9A3F-0002A5D5C51B e4c8836bfe154d76a808da38d0733304 BwcnBzRjN2U/MmZhYjRmND4xPjI+NWQwZWU0YmI2MWQ3YjAzKw8cEywsIS4BIg== 81d7beac44a86f4337f534ec93328370 9d451a2da3cf42b0a049ba3e249222bc e392fd6aa2abf5633a4f06bc82b85535 57baaaeaad4e4fda8bdaceafdb9d45c2
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: c/b/a/a/h/p.java, line(s) 112 c/b/a/a/i/d.java, line(s) 34,53,66,93,119,133,164,175,186 c/b/a/a/i/k.java, line(s) 93,182,197 c/b/c/a/a/b.java, line(s) 254,115,309 c/e/a/b/e/c.java, line(s) 27,33,39,70,55,114,134 c/e/b/a/a/a.java, line(s) 11,13,18,20,25,27,71,32,34,39,41 c/e/c/a/f/b/a.java, line(s) 40,58 c/e/c/a/f/b/b.java, line(s) 21,30,24 cn/bingoogolapple/qrcode/core/a.java, line(s) 47,57 com/alexvasilkov/gestures/e/c.java, line(s) 73,89,110,173,187,278,330,351,404,489,507,514,521,533,541,549,557 com/alexvasilkov/gestures/f/d.java, line(s) 46,33,35 com/alexvasilkov/gestures/g/c.java, line(s) 48,63,112,142 com/alexvasilkov/gestures/g/e.java, line(s) 63,72,90,117,147,177,206 com/coremedia/iso/boxes/sampleentry/AudioSampleEntry.java, line(s) 187 com/danikula/videocache/h.java, line(s) 37,43,53,64,75 com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java, line(s) 642,210,214,390,394,462,793,802,831,836,1788,2001,2340 com/davemorrissey/labs/subscaleview/decoder/SkiaPooledImageRegionDecoder.java, line(s) 121 com/dhh/websocket/d.java, line(s) 68,165,203,234,215 com/fynnjason/utils/j.java, line(s) 11 com/fynnjason/utils/q.java, line(s) 110,198,200 com/github/mikephil/charting/charts/BarChart.java, line(s) 130 com/github/mikephil/charting/charts/BarLineChartBase.java, line(s) 192,340,486,206,300,306,729,819,823 com/github/mikephil/charting/charts/Chart.java, line(s) 716,868,208,257,621,626,667 com/github/mikephil/charting/charts/CombinedChart.java, line(s) 137 com/github/mikephil/charting/charts/HorizontalBarChart.java, line(s) 192,166,170 com/github/mikephil/charting/charts/PieRadarChartBase.java, line(s) 344 com/github/mikephil/charting/components/a.java, line(s) 221 com/github/mikephil/charting/data/LineDataSet.java, line(s) 150,158 com/github/mikephil/charting/data/PieEntry.java, line(s) 18,26 com/github/mikephil/charting/data/k.java, line(s) 192 com/github/mikephil/charting/data/l.java, line(s) 44,51,58 com/github/mikephil/charting/listener/a.java, line(s) 258 com/itheima/roundedimageview/RoundedImageView.java, line(s) 140,158 com/itheima/roundedimageview/b.java, line(s) 234 com/jiajunhui/xapp/medialoader/b.java, line(s) 68,88,98,141 com/jiajunhui/xapp/medialoader/bean/a.java, line(s) 61,95 com/kk/taurus/playerbase/d/a.java, line(s) 19 com/kk/taurus/playerbase/f/b.java, line(s) 11,17,23 com/lahm/library/j.java, line(s) 58,69 com/lxj/xpermission/XPermission.java, line(s) 142 com/lzy/okgo/utils/OkLogger.java, line(s) 42,53,59,65,71 com/lzy/widget/tab/TabTitleIndicator.java, line(s) 108,165,293,347,349,359,368,383,396,488,531 com/makeramen/roundedimageview/RoundedDrawable.java, line(s) 147 com/makeramen/roundedimageview/RoundedImageView.java, line(s) 136,154 com/mcxtzhang/indexlib/suspension/SuspensionDecoration.java, line(s) 107 com/nineoldandroids/animation/PropertyValuesHolder.java, line(s) 63,91,159,161,198,200,265,283,285,379,381,473,475 com/sackcentury/shinebuttonlib/PorterImageView.java, line(s) 111 com/sackcentury/shinebuttonlib/ShineButton.java, line(s) 252,356 com/scwang/smartrefresh/header/waveswipe/WaveView.java, line(s) 172 com/scwang/smartrefresh/layout/SmartRefreshLayout.java, line(s) 1370 com/scwang/smartrefresh/layout/internal/pathview/a.java, line(s) 765,770 com/sun/jna/Native.java, line(s) 111,440,487,1240,1243,1305,1308,452,457,465,480,485,494,507,511,533,539,571,574,575,995,1018,1029 com/sun/jna/Structure.java, line(s) 323,1229 com/sun/jna/r.java, line(s) 400,408,419,425,428,439,450,458,463,470,475,483,488,523 com/sunfusheng/widget/NineImageView.java, line(s) 177 com/szcx/lib/encrypt/c.java, line(s) 118 com/szcx/lib/encrypt/d.java, line(s) 10 com/tbruyelle/rxpermissions/RxPermissionsFragment.java, line(s) 39,49 com/tencent/mm/TrafficStats/TrafficBean.java, line(s) 115,131,205,220,82,109,126,144,148,162,108,121,143,157,199,211,232,244 com/tencent/mm/adapter/GridImageAdapter.java, line(s) 146,147,149,152 com/tencent/mm/adapter/UploadAdapter.java, line(s) 310,314,325 com/tencent/mm/adapter/community/GridImageNoAddAdapter.java, line(s) 129,130,132,135 com/tencent/mm/base/i.java, line(s) 19 com/tencent/mm/bean/hot/HotBean.java, line(s) 58,63 com/tencent/mm/camera/stmobileapi/d.java, line(s) 94,101,108,118,133,142,152,157,170,62,89 com/tencent/mm/camera/stmobileapi/e.java, line(s) 133,147,166,171,184,216,230,40,63,89,110,117,124,156,193,200,207 com/tencent/mm/camera/utils/b.java, line(s) 109,114,123,34,140 com/tencent/mm/camera/utils/c.java, line(s) 49,55,66 com/tencent/mm/camera/widget/MagicImageView.java, line(s) 41 com/tencent/mm/database/a.java, line(s) 20,37 com/tencent/mm/database/d.java, line(s) 31 com/tencent/mm/e/c/a/a.java, line(s) 106,115,202,57,50,93 com/tencent/mm/e/c/a/b.java, line(s) 90,114 com/tencent/mm/e/c/b/a.java, line(s) 161,53,45 com/tencent/mm/e/c/b/b.java, line(s) 133,138,143,264,285,85,219,288 com/tencent/mm/e/c/b/c.java, line(s) 66,74,97 com/tencent/mm/e/d/a/e/n.java, line(s) 78,96 com/tencent/mm/e/f/b.java, line(s) 28 com/tencent/mm/g/c.java, line(s) 18,29,40,51,62,73,83 com/tencent/mm/im/ChatActivity.java, line(s) 109,118,296,330 com/tencent/mm/im/websocket/NotificationReceiver.java, line(s) 17,19,28 com/tencent/mm/im/websocket/WebSocketImReceiver.java, line(s) 11 com/tencent/mm/im/websocket/a.java, line(s) 15,20,25,30 com/tencent/mm/l/a.java, line(s) 20,31 com/tencent/mm/l/d.java, line(s) 50,55,60,65,180 com/tencent/mm/l/i.java, line(s) 86,132 com/tencent/mm/location/AlxLocationService.java, line(s) 39,45,64,70,89,95,128,131,133,135,155,162,172,178,187,207,216,219,222,229,232,240,242,255,261 com/tencent/mm/network/d.java, line(s) 1870,1932,2001,2234,3061 com/tencent/mm/o/a.java, line(s) 13,19,24,29,34 com/tencent/mm/ui/ChangeCodeActivity.java, line(s) 64 com/tencent/mm/ui/ChatDetailActivity.java, line(s) 59 com/tencent/mm/ui/ContentEditActivity.java, line(s) 151 com/tencent/mm/ui/CunstomDetailActivity.java, line(s) 48,54,102 com/tencent/mm/ui/H5Activity.java, line(s) 48 com/tencent/mm/ui/ImagesActivity.java, line(s) 97 com/tencent/mm/ui/LaunchActivity.java, line(s) 758 com/tencent/mm/ui/MyAccountActivity.java, line(s) 54,60 com/tencent/mm/ui/OrderUploadImgActivity.java, line(s) 49 com/tencent/mm/ui/ScanQrCodeActivity.java, line(s) 160 com/tencent/mm/ui/VideoChoiceActivity.java, line(s) 61 com/tencent/mm/ui/VideoListActivity.java, line(s) 209,217,224 com/tencent/mm/ui/WebViewActivity.java, line(s) 195 com/tencent/mm/ui/game/WebActivity.java, line(s) 66,72,77,93,173,181,188,198,204,210 com/tencent/mm/ui/game/f/c.java, line(s) 122,41,59,77,95,118,181,235 com/tencent/mm/ui/game/f/e/a.java, line(s) 36,42,45,64,67 com/tencent/mm/ui/game/f/e/b.java, line(s) 39,42 com/tencent/mm/ui/game/f/e/c.java, line(s) 35,53,56,69,70,83,95,107,127 com/tencent/mm/ui/game/f/e/d.java, line(s) 28,47,50 com/tencent/mm/ui/game/f/e/e.java, line(s) 53,71,76,81,93 com/tencent/mm/ui/game/f/g/c.java, line(s) 63,75,87,99,124,136,148,160,172,184,196,208,220,232 com/tencent/mm/ui/gif/CreateGifActivity.java, line(s) 141 com/tencent/mm/ui/home/ShareFragment.java, line(s) 214 com/tencent/mm/uitls/a0.java, line(s) 155 com/tencent/mm/uitls/e.java, line(s) 71,157 com/tencent/mm/uitls/m1.java, line(s) 34 com/tencent/mm/uitls/o.java, line(s) 90,104,125,487,122 com/tencent/mm/uitls/q0.java, line(s) 18,13 com/tencent/mm/uitls/s.java, line(s) 9,40,46,49,57,60,63 com/tencent/mm/uitls/y1/b.java, line(s) 74,79,83,88,95,137,159,210 com/tencent/mm/uitls/y1/c.java, line(s) 30,59,82,87,91,110,124,137 com/tencent/mm/uitls/y1/d.java, line(s) 22,61,73,86 com/tencent/mm/uitls/y1/e.java, line(s) 61 com/tencent/mm/uitls/y1/f.java, line(s) 47,55 com/tencent/mm/uitls/y1/h.java, line(s) 20,24,37 com/tencent/mm/uitls/y1/i.java, line(s) 23,116 com/tencent/mm/videoplayer/ContentVideoPlayer.java, line(s) 583,1140,1294,1340,1591 com/tencent/mm/videoplayer/NormalVideoPlayer.java, line(s) 299,717 com/tencent/mm/view/BubbleImageView.java, line(s) 104,105,106,107 com/tencent/mm/view/ChoiceCover.java, line(s) 108 com/tencent/mm/view/JudgeNestedScrollView.java, line(s) 41 com/tencent/mm/view/VerticalViewPager.java, line(s) 1354,2076,2082,2094 com/tencent/mm/view/update/OkGoUpdateHttpUtil.java, line(s) 37 com/tencent/qmsp/sdk/base/e.java, line(s) 13,23,29 com/tencent/qmsp/sdk/f/g.java, line(s) 13,23,29,35 com/tencent/qmsp/sdk/g/e/d.java, line(s) 20 com/transitionseverywhere/p.java, line(s) 128,559,564 com/transitionseverywhere/utils/j.java, line(s) 40,137,149 com/vector/update_app/c.java, line(s) 368 com/vincent/videocompressor/VideoController.java, line(s) 76,459,467,470,474,475,476,527,540,566,586,595,600,604,605,606,616,622,623,624,846,866,870,871,872,890,910,914,915,916,929,949,953,954,955,978,998,1002,1003,1004,1017,1037,1041,1042,1043,1119,1139,1143,1144,1145,1161,1221,1241,1245,1246,1247,1284,1287,1318,1338,1342,1343,1344,1372,1392,1396,1397,1398,1416,1421,1441,1445,1446,1447,1461,1502,1518,1538,1542,1543,1544,1567,1571,1622,1629,1649,1653,1654,1655,1670,1720,1896,1901,1905,1906,1907,1923,1937,1942,1946,1947,1948,1959,1971,1974,2039,2044,2045,2046 com/wang/avi/AVLoadingIndicatorView.java, line(s) 333 com/yalantis/ucrop/PictureMultiCuttingActivity.java, line(s) 722 com/yalantis/ucrop/UCropActivity.java, line(s) 584 com/yalantis/ucrop/e/a.java, line(s) 101 com/yalantis/ucrop/e/b.java, line(s) 56,97,132,143,150,180 com/yalantis/ucrop/f/a.java, line(s) 63,111,121 com/yalantis/ucrop/f/c.java, line(s) 79 com/yalantis/ucrop/f/e.java, line(s) 94 com/yalantis/ucrop/f/f.java, line(s) 146,181,191,203,217,233,237,242,251,254,259,270,278,287,294,180,190,202,216,232,236,241,250,253,258,269,277,286,293 com/yalantis/ucrop/view/TransformImageView.java, line(s) 144,186,58,229 com/yhao/floatwindow/i.java, line(s) 13,17 com/youngfeng/snake/d/h.java, line(s) 16,23 d/a/a/a/a.java, line(s) 26,32,39,45,76,83,89,100,106,113,119 e/b/a.java, line(s) 267 e/b/c.java, line(s) 12 e/c/b.java, line(s) 29,105,126 f/c/a/d.java, line(s) 16,19,25 fr/tvbarthel/lib/blurdialogfragment/a.java, line(s) 217,218,219,220,233 fr/tvbarthel/lib/blurdialogfragment/d.java, line(s) 41 g/a/b.java, line(s) 224,242 jaygoo/library/m3u8downloader/p/b.java, line(s) 12,18 jaygoo/library/m3u8downloader/p/e.java, line(s) 23 me/jessyan/autosize/AutoSize.java, line(s) 136 me/jessyan/autosize/AutoSizeConfig.java, line(s) 322,335,348,244 me/jessyan/autosize/DefaultAutoAdaptStrategy.java, line(s) 21,31,34,15,28 me/jessyan/autosize/utils/AutoSizeLog.java, line(s) 15,21,35 org/greenrobot/eventbus/b.java, line(s) 43 org/greenrobot/eventbus/c.java, line(s) 199,145,147,154,468 org/greenrobot/eventbus/util/ErrorDialogManager.java, line(s) 183 org/greenrobot/eventbus/util/a.java, line(s) 39 org/greenrobot/eventbus/util/b.java, line(s) 49 org/greenrobot/eventbus/util/d.java, line(s) 31 org/greenrobot/greendao/d.java, line(s) 22,26,34,42,46,50,58,62,30,66,70,74 org/joda/time/tz/a.java, line(s) 400,401,426 org/joda/time/tz/f.java, line(s) 59,290,291,292,293,294,318,329,335,351,432,451,464,476,479,484,551 pub/devrel/easypermissions/EasyPermissions.java, line(s) 134,136,37 pub/devrel/easypermissions/e/a.java, line(s) 39 pub/devrel/easypermissions/e/c.java, line(s) 21 rx/internal/util/e.java, line(s) 70 rx/internal/util/j.java, line(s) 26 rx/s/c.java, line(s) 289
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: c/e/a/g/g.java, line(s) 4,36 com/tencent/mm/adapter/PayFriendAdapter.java, line(s) 4,28 com/tencent/mm/adapter/RechargeListAdapter.java, line(s) 4,28 com/tencent/mm/ui/ShareActivity.java, line(s) 5,144 com/tencent/mm/ui/WebViewActivity.java, line(s) 5,144 com/tencent/mm/ui/dialog/ComicSharePopup.java, line(s) 4,33 com/tencent/mm/ui/dialog/ShareButtomDialog.java, line(s) 4,83 com/tencent/mm/ui/dialog/ShareFanGroupDialog.java, line(s) 4,61 com/tencent/mm/ui/dialog/ShareSeeMoreDialog.java, line(s) 4,67 com/tencent/mm/ui/dialog/VideoShareHPopup.java, line(s) 4,33 com/tencent/mm/ui/dialog/VideoSharePopup.java, line(s) 4,33 com/tencent/mm/ui/home/ShareFragment.java, line(s) 4,81 com/tencent/mm/uitls/l.java, line(s) 4,38
信息 此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密
此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密 Files: org/greenrobot/greendao/j/b.java, line(s) 22,6,18
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: c/a/b/i/b.java, line(s) 25,25,25,25,25,25 c/e/a/b/e/d.java, line(s) 46,35 com/lahm/library/i.java, line(s) 50,50,50,50,50
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/lzy/okgo/https/HttpsUtils.java, line(s) 126,75,124,124 org/nanohttpd/protocols/http/NanoHTTPD.java, line(s) 170,148,167,167
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api.t.sina.com.cn) 通信。
{'ip': '58.221.32.108', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (mov.bn.netease.com) 通信。
{'ip': '58.221.32.108', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '南通', 'latitude': '32.030296', 'longitude': '120.874779'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.paypal.com) 通信。
{'ip': '192.229.232.89', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (apapi4.50apiapi.com) 通信。
{'ip': '61.160.148.90', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (open-image.nosdn.127.net) 通信。
{'ip': '222.186.18.243', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '镇江', 'latitude': '32.209366', 'longitude': '119.434372'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (apapi3.50aapi.com) 通信。
{'ip': '61.160.148.90', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (apapi1.50abpi.com) 通信。
{'ip': '61.160.148.90', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (h5.m.taobao.com) 通信。
{'ip': '222.186.18.190', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '镇江', 'latitude': '32.209366', 'longitude': '119.434372'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.linkedin.com) 通信。
{'ip': '52.131.37.152', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (mobilegw.alipaydev.com) 通信。
{'ip': '110.75.132.131', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api.tbrapi.org) 通信。
{'ip': '61.160.148.90', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}