安全分析报告:
安全分数
安全分数 41/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
4
用户/设备跟踪器
调研结果
高危
9
中危
36
信息
4
安全
1
关注
23
高危 应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文
应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode Files: c/a0/n/r.java, line(s) 24,127 c/a0/n/s.java, line(s) 287,349 com/zsyj/pandasdk/util/a.java, line(s) 14 com/zsyj/pandasdk/util/n0.java, line(s) 145,259 com/zsyj/sharesdk/m/j.java, line(s) 200,234
高危 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: c/b/g/b/c.java, line(s) 89,87 com/carozhu/fastdev/widget/webview/CommWebView.java, line(s) 84,82 com/dhcw/sdk/bl/c.java, line(s) 92,91 com/szy/gamemorphvox/ui/common/a.java, line(s) 182,181 com/vivo/ic/webview/HtmlWebViewClient.java, line(s) 130,149,248 com/vivo/mobilead/web/b.java, line(s) 248,267,146 com/wgs/sdk/activity/RewardVideoAdActivity.java, line(s) 99,98 com/wgs/sdk/third/report/screen/ScreenActivityOne.java, line(s) 82,81 com/wgs/sdk/third/report/screen/ScreenActivityTwo.java, line(s) 126,125 com/wgs/sdk/third/report/screen/ScreenWebActivity.java, line(s) 81,80
高危 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: c/s/a/a/c.java, line(s) 70,54 com/carozhu/fastdev/helper/n.java, line(s) 15,11 com/zsyj/pandasdk/util/j0.java, line(s) 17
高危 WebView域控制不严格漏洞
WebView域控制不严格漏洞 Files: com/carozhu/fastdev/widget/webview/CommWebView.java, line(s) 236,233,254 com/vivo/ic/webview/CommonWebView.java, line(s) 241,232
高危 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/kuaishou/tachikoma/api/BuildConfig.java, line(s) 3,8 com/tachikoma/core/BuildConfig.java, line(s) 3,8
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: c/b/d/a/a/a/a/c.java, line(s) 28,57 c/s/a/b/a/a.java, line(s) 38,49 com/vivo/mobilead/util/g.java, line(s) 50
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/dhcw/sdk/l/k.java, line(s) 682,20
高危 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
com/dhcw/sdk/ac/a.java, line(s) 20,32
com/dhcw/sdk/bh/a.java, line(s) 24,48
高危 使用弱加密算法
使用弱加密算法 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: c/b/g/e/b.java, line(s) 19
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Activity (com.szy.gamemorphvox.ui.adjustvoice.SoundEffectActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.szy.gamemorphvox.ui.common.WebActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.szy.gamemorphvox.ui.activity.VoiceListActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.szy.gamemorphvox.MainActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.szy.gamemorphvox.wxapi.WXEntryActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.szy.gamemorphvox.wxapi.WXPayEntryActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.szy.gamemorphvox.ui.common.CurrencyWebActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.tencent.tauth.AuthActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.szy.gamemorphvox.ui.custom.CustomSoundEffectActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.szy.gamemorphvox.ui.activity.AliBindAccountToCashOutActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.szy.gamemorphvox.ui.activity.CashOutRecordActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.szy.gamemorphvox.ui.permission.PermissionManagerActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.szy.gamemorphvox.ui.activity.CourseActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.szy.gamemorphvox.ui.vip.VipActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.zsyj.services.ADSDKPushReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Activity设置了TaskAffinity属性
(com.wgs.sdk.third.report.screen.ScreenActivityOne) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity (com.wgs.sdk.third.report.screen.ScreenActivityOne) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity设置了TaskAffinity属性
(com.wgs.sdk.third.report.screen.ScreenActivityTwo) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity (com.wgs.sdk.third.report.screen.ScreenActivityTwo) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.zsyj.sharesdk.QQLoginActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.zsyj.sharesdk.QQShareActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.kwad.sdk.api.proxy.app.BaseFragmentActivity$RequestInstallPermissionActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Broadcast Receiver (com.anythink.china.common.NotificationBroadcaseReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: c/b/g/d/c.java, line(s) 15 c/g/a/m/n.java, line(s) 3 c/g/a/m/q.java, line(s) 23 c/s/a/b/a/g.java, line(s) 3 c/s/a/d/d.java, line(s) 9 c/s/a/d/f.java, line(s) 3 com/dhcw/sdk/aa/b.java, line(s) 6 com/hjq/permissions/j.java, line(s) 19 com/lsjwzh/widget/recyclerviewpager/FragmentStatePagerAdapter.java, line(s) 15 com/szy/gamemorphvox/ui/adjustvoice/SoundEffectActivity.java, line(s) 81 com/vivo/ad/exoplayer2/j/a/h.java, line(s) 19 com/vivo/mobilead/unified/base/a.java, line(s) 19 com/vivo/mobilead/util/PositionHelper.java, line(s) 10 com/vivo/mobilead/util/UnionWorker.java, line(s) 13 org/greenrobot/greendao/test/DbTest.java, line(s) 7 q/rorbin/badgeview/b.java, line(s) 12
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: c/a0/e.java, line(s) 20,21,23,82 c/a0/m/e/b.java, line(s) 22 c/a0/n/e.java, line(s) 23,27,28,30,47 c/a0/n/g.java, line(s) 172,218,219,221 c/a0/n/s.java, line(s) 241,242 c/b/c/h/a.java, line(s) 82 c/b/d/a/a/b/b.java, line(s) 100,306,307 c/b/d/a/a/d/b.java, line(s) 12,23,27 c/g/a/e/a.java, line(s) 10,42 c/g/a/m/i.java, line(s) 100,215,217 c/p/a/c.java, line(s) 77 c/s/a/b/a/j.java, line(s) 47 c/s/a/c/a/c.java, line(s) 81,126 com/carozhu/fastdev/helper/d.java, line(s) 58,54,61 com/dhcw/sdk/bk/c.java, line(s) 46,47 com/dhcw/sdk/bl/c.java, line(s) 179 com/dhcw/sdk/bm/c.java, line(s) 46,47 com/dhcw/sdk/bm/k.java, line(s) 10,19 com/dhcw/sdk/k/j.java, line(s) 557 com/dhcw/sdk/l/k.java, line(s) 300 com/github/gzuliyujiang/oaid/b.java, line(s) 212,213 com/ss/android/downloadlib/addownload/g.java, line(s) 210 com/ss/android/downloadlib/addownload/j.java, line(s) 195,197 com/ss/android/downloadlib/g/l.java, line(s) 143,190,455 com/szy/gamemorphvox/c.java, line(s) 135 com/szy/gamemorphvox/o/d.java, line(s) 111,110 com/szy/gamemorphvox/tools/a.java, line(s) 18 com/szy/gamemorphvox/tools/d.java, line(s) 125 com/szy/gamemorphvox/tools/e/c.java, line(s) 152 com/szy/gamemorphvox/ui/adjustvoice/SoundEffectActivity.java, line(s) 1172 com/tencent/a/a/a/a/b.java, line(s) 21,23,35,44 com/vivo/ad/exoplayer2/extend/b.java, line(s) 36 com/vivo/ic/minidownload/MiniDownloader.java, line(s) 16 com/vivo/ic/webview/HtmlWebChromeClient.java, line(s) 92 com/vivo/mobilead/util/l.java, line(s) 150 com/wgs/sdk/third/report/screen/ScreenActivityOne.java, line(s) 141 com/wgs/sdk/third/report/screen/ScreenActivityTwo.java, line(s) 601 com/wgs/sdk/third/report/screen/ScreenWebActivity.java, line(s) 128 com/yalantis/ucrop/g/e.java, line(s) 51 com/zsyj/pandasdk/util/p.java, line(s) 216 com/zsyj/pandasdk/util/s.java, line(s) 25,78,94,22,90,137,138,140 com/zsyj/pandasdk/util/s0.java, line(s) 61 com/zsyj/pandasdk/util/t.java, line(s) 34,38,39,41,58,488 com/zsyj/sharesdk/l/a.java, line(s) 45,46,48 com/zsyj/sharesdk/m/c.java, line(s) 29,33,34,36,53,376 i/a/a/c.java, line(s) 328
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: c/a0/n/k.java, line(s) 590 c/g/a/m/q.java, line(s) 109 c/o/a/o0/h.java, line(s) 131 c/q/a/d/f.java, line(s) 201 com/dhcw/sdk/aa/d.java, line(s) 42 com/dhcw/sdk/bh/c.java, line(s) 42 com/kwai/filedownloader/e/f.java, line(s) 293 com/kwai/sodler/lib/b/b.java, line(s) 41 com/sun/mail/smtp/a.java, line(s) 70 com/vivo/mobilead/marterial/MaterialHelper.java, line(s) 59 com/vivo/mobilead/net/h.java, line(s) 12 com/vivo/mobilead/util/MD5Util.java, line(s) 20 com/vivo/mobilead/util/g.java, line(s) 31 com/zsyj/pandasdk/util/b.java, line(s) 15 com/zsyj/pandasdk/util/c0.java, line(s) 12 com/zsyj/pandasdk/util/i0.java, line(s) 517 com/zsyj/pandasdk/util/n0.java, line(s) 224 com/zsyj/pandasdk/util/t.java, line(s) 545 com/zsyj/sharesdk/m/e.java, line(s) 35 com/zsyj/sharesdk/m/g.java, line(s) 583 com/zsyj/sharesdk/m/j.java, line(s) 81
中危 IP地址泄露
IP地址泄露 Files: c/a0/n/j.java, line(s) 15,16 c/a0/n/k.java, line(s) 309 c/g/a/a.java, line(s) 14 c/g/b/b.java, line(s) 12 com/kwad/tachikoma/config/a.java, line(s) 12 com/kwai/filedownloader/e/f.java, line(s) 288 com/vivo/mobilead/net/m.java, line(s) 122 com/vivo/mobilead/util/DeviceInfo.java, line(s) 154 com/zsyj/pandasdk/util/e0.java, line(s) 18,75,19,78 com/zsyj/pandasdk/util/i0.java, line(s) 446 com/zsyj/sharesdk/m/f.java, line(s) 18,75,19,78 com/zsyj/sharesdk/m/g.java, line(s) 257
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: c/b/g/i/a.java, line(s) 5,6,67 c/d/b/c.java, line(s) 6,7,171 c/k/a/a/a/b.java, line(s) 5,48 c/o/a/j0/d.java, line(s) 5,112 c/o/a/j0/e.java, line(s) 4,5,18 com/kwai/filedownloader/a/d.java, line(s) 5,6,7,155 com/kwai/filedownloader/a/e.java, line(s) 4,5,14 com/ss/android/downloadlib/d/b.java, line(s) 4,5,17 com/szy/gamemorphvox/db/HistoryKeywordDao.java, line(s) 4,24 com/szy/gamemorphvox/db/LocalVoiceWorkDao.java, line(s) 4,41 com/szy/gamemorphvox/db/ScriptRecordInfoDao.java, line(s) 4,31 com/vivo/mobilead/a/a.java, line(s) 4,5,17 com/zsyj/sharesdk/l/d/a.java, line(s) 4,5,18 org/greenrobot/greendao/AbstractDao.java, line(s) 6,7,373 org/greenrobot/greendao/DbUtils.java, line(s) 6,37 org/greenrobot/greendao/database/StandardDatabase.java, line(s) 5,64
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: c/d/f/e/b/a.java, line(s) 12 com/dhcw/sdk/ah/j.java, line(s) 59 com/dhcw/sdk/ak/d.java, line(s) 35 com/dhcw/sdk/ak/p.java, line(s) 92 com/dhcw/sdk/ak/x.java, line(s) 66 com/tachikoma/core/bridge/MemoryManager.java, line(s) 22 com/tachikoma/core/component/input/InputType.java, line(s) 11 com/vivo/ic/CookieHelper.java, line(s) 33 com/vivo/ic/webview/CommonJsBridge.java, line(s) 26 com/vivo/mobilead/model/Constants.java, line(s) 27 com/zsyj/pandasdk/net/bean/ADSDKUserLoginInfo.java, line(s) 350
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: XI/K0/XI/XI.java, line(s) 78 c/b/d/a/a/a/a/b.java, line(s) 11 c/b/d/a/a/a/a/c.java, line(s) 39 c/b/d/a/a/a/b.java, line(s) 74 c/d/c/a/a/g.java, line(s) 80 c/s/a/d/d.java, line(s) 306 com/github/gzuliyujiang/oaid/h/k.java, line(s) 78 com/jg/ids/e/d.java, line(s) 82
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/carozhu/fastdev/widget/webview/CommWebView.java, line(s) 252,323,243 com/szy/gamemorphvox/ui/common/WebActivity.java, line(s) 285,279 com/szy/gamemorphvox/ui/common/a.java, line(s) 332,314 com/szy/gamemorphvox/ui/fragment/SzyGameFragment.java, line(s) 254,245 com/wgs/sdk/third/report/screen/ScreenActivityOne.java, line(s) 152,138 com/wgs/sdk/third/report/screen/ScreenActivityTwo.java, line(s) 614,598
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/kwad/v8/NodeJS.java, line(s) 75 com/kwai/sodler/lib/c.java, line(s) 163
中危 应用程序包含隐私跟踪程序
此应用程序有多个4隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 友盟统计的=> "UMENG_APPKEY" : "5eb4bc03167edd68b50000d8" 腾讯云 信鸽推送SDK的=> "com.tencent.rdm.uuid" : "d7a3eee7-22cc-45a2-b8e1-6b4b750304eb" 友盟统计的=> "UMENG_CHANNEL" : "bsq_014" "anythink_myoffer_feedback_violation_of_laws" : "Illegal" mHwLcKi4VdCaotVurSD4YwwGknoHsPfZ MYfLBmRgKecqe2610B7+jt2rVdTeFDsR1IqqW92w6FM= 2BMqOVHM8X6Qiphp2ckuQfZd5oqXcQSpUwEC8GnzKSv2XA7QfOG4kdVwxu9WNAUas0fky1Cq 150100434a4e42345207c969b41a4300 16cf243386ff255db9e9239ba05f3279 d6fc3a4a06adbde89223b 6e2c7e24b7c7eae9fc94882c9f31befa00594872 efedc24fecde188aaa9161 2F0YPlU6Hh38scNSTeTaOW1j8vMxdGB6bWg1fZNIq3T7t 99e23fb052699749627a10fed365b9d1 XwYp8WL8bm6S4wu6yEYmLGy4RRRdJDIhxCBdk3CiNZTwGoj1bScVZEeVp9vBiiIsgwDtqZHP8QLoFM6o6MRYjW8QqyrZBI654mqoUk5SOLDyzordzOU5QhYguEJh54q3K1KqMEXpdEQJJjs1Urqjm2s4jgPfCZ4hMuIjAMRrEQluA7FeoqWMJOwghcLcPVleQ8PLzAcaKidybmwhvNAxIyKRpbZlcDjNCcUvsJYvyzEA9VUIaHkIAJ62lpA3EE3H b6cbad6cbd5ed0d209afc69ad3b7a617efaae9b3c47eabe0be42d924936fa78c8001b1fd74b079e5ff9690061dacfa4768e981a526b9ca77156ca36251cf2f906d105481374998a7e6e6e18f75ca98b8ed2eaf86ff402c874cca0a263053f22237858206867d210020daa38c48b20cc9dfd82b44a51aeb5db459b22794e2d649 059131a10ce74355b7194b44e182ec9c e58d1bf9f73546cb815fbc12adeca738 e44046539bb5b584279553ca6eacca937c8e16cf b7ce714d1d284ab786b270a7c04da108 2bee6d61b6fb4e3c9df48b3ec27a7f8b 0000016742C00BDA259000000168CE0F13200000016588840DCE7118A0002FBF1C31C3275D78 51cfd3be575361381642b2c76afe7b17 af5abcfa13f146c3937bfe53ec27bc42 21c8b5470a64adbb25bc84316cbc449361d86839 9cfafdb73fdb4c8e9342eb516c79637f 2Fyr0luWfhhKDPGtYpuk4xBZrHvsbVvgjHGwqY6zIQFFGy6lNVfTvKV 6X8Y4XdM2Vhvn0KfzcEatGnWaNU= 4cdd37d5f6074bd9a2f6a0cdf6a2f2f1 523af537946b79c4f8369ed39ba78605 6594493629af45e79b7d9c263460ab77 5eb4bc03167edd68b50000d8 ab1ba86743e4316baed82180958c92af TCyQK79QVYlci6Rlm4sPmxszSWUnLb 2BP0yAVt1ZRSyy5AsSfeNGwoa6AmPkwxjpni6quiOuuID1wZbrrj2PvG9 30820268308201d102044a9c4610300d06092a864886f70d0101040500307a310b3009060355040613025553310b3009060355040813024341311230100603550407130950616c6f20416c746f31183016060355040a130f46616365626f6f6b204d6f62696c653111300f060355040b130846616365626f6f6b311d301b0603550403131446616365626f6f6b20436f72706f726174696f6e3020170d3039303833313231353231365a180f32303530303932353231353231365a307a310b3009060355040613025553310b3009060355040813024341311230100603550407130950616c6f20416c746f31183016060355040a130f46616365626f6f6b204d6f62696c653111300f060355040b130846616365626f6f6b311d301b0603550403131446616365626f6f6b20436f72706f726174696f6e30819f300d06092a864886f70d010101050003818d0030818902818100c207d51df8eb8c97d93ba0c8c1002c928fab00dc1b42fca5e66e99cc3023ed2d214d822bc59e8e35ddcf5f44c7ae8ade50d7e0c434f500e6c131f4a2834f987fc46406115de2018ebbb0d5a3c261bd97581ccfef76afc7135a6d59e8855ecd7eacc8f8737e794c60a761c536b72b11fac8e603f5da1a2d54aa103b8a13c0dbc10203010001300d06092a864886f70d0101040500038181005ee9be8bcbb250648d3b741290a82a1c9dc2e76a0af2f2228f1d9f9c4007529c446a70175c5a900d5141812866db46be6559e2141616483998211f4a673149fb2232a10d247663b26a9031e15f84bc1c74d141ff98a02d76f85b2c8ab2571b6469b232d8e768a7f7ca04f7abe4a775615916c07940656b58717457b42bd928a2 2F0buRl2GGnQF4QJwyuINtTLWSIjNI9TsfuvNQTxiq
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: b/a/a.java, line(s) 11,27,23,39,15,31,43,47,19,35 c/a/a/a/e/b.java, line(s) 161,150,159 c/a/a/a/g/a.java, line(s) 87,96,106,109 c/a/a/a/g/c.java, line(s) 48,83,70,59,37 c/a0/k.java, line(s) 27 c/a0/l/a.java, line(s) 199 c/a0/l/b.java, line(s) 309 c/a0/l/c.java, line(s) 15 c/a0/l/d.java, line(s) 75,62 c/a0/l/i.java, line(s) 79 c/a0/n/i.java, line(s) 14,38,20,26,32 c/a0/n/k.java, line(s) 298,301 c/c/d/c.java, line(s) 458 c/d/b/a/c.java, line(s) 378 c/d/b/g.java, line(s) 637,641 c/d/d/b/f.java, line(s) 143 c/d/d/c/e.java, line(s) 240 c/d/e/d/a.java, line(s) 287,338,343 c/d/g/d/a.java, line(s) 291,350,360 c/d/i/c/c.java, line(s) 83,268 c/d/i/d/a.java, line(s) 282,369,373,376 c/d/i/d/f.java, line(s) 22,27,30 c/f/a/g/b.java, line(s) 153 c/g/a/k/a.java, line(s) 35,38,42,45,48,141 c/g/a/l/a.java, line(s) 53,192 c/g/a/m/a.java, line(s) 136,140,143,146,147 c/g/a/m/b.java, line(s) 164,218,293,353,475,721 c/g/a/m/e.java, line(s) 24,123 c/g/a/m/i.java, line(s) 80,162,172,182,68 c/g/a/m/l.java, line(s) 187,195,199,206,88 c/g/a/m/q.java, line(s) 134,564,122,125,158,159,445,447,556,558 c/g/a/m/r.java, line(s) 122,126 c/g/b/j/a.java, line(s) 129,205,69,141,229,81,153,93,165,105,117,177,189,217,241 c/k/a/a/a/b.java, line(s) 188,134,173 c/l/a/a/b/h.java, line(s) 127 c/l/a/a/k/d.java, line(s) 158,196 c/l/a/a/l/b.java, line(s) 77 c/l/a/a/n/j.java, line(s) 937 c/l/a/a/q/l.java, line(s) 589,592 c/l/a/a/q/w/l.java, line(s) 595,598 c/l/d/a/b/a/b.java, line(s) 69 c/n/c.java, line(s) 48 c/q/a/a/a.java, line(s) 62,69,74,79 c/s/a/a/a.java, line(s) 33,43,68,84 c/s/a/a/b.java, line(s) 73,133,142,155,77,80,151 c/s/a/a/c.java, line(s) 49,67,84,24,43,61 c/s/a/b/a/f.java, line(s) 102,21,86,90,110,113,116 c/s/a/b/a/j.java, line(s) 25,28 c/s/a/b/a/k.java, line(s) 13 c/t/b/c.java, line(s) 49,24 c/z/a/a/h/c.java, line(s) 10 com/anythink/banner/api/ATBannerView.java, line(s) 93,432,488,495,583,558 com/app/hubert/guide/core/b.java, line(s) 253 com/carozhu/fastdev/base/i.java, line(s) 46,50,54,58,63,132,141,167,170,175 com/carozhu/fastdev/base/j.java, line(s) 238 com/carozhu/fastdev/base/l.java, line(s) 141,41,104,121,208,217 com/carozhu/fastdev/base/m.java, line(s) 141,42,157,174,189,201 com/carozhu/fastdev/comm/CommWebActivity.java, line(s) 109,124,117 com/carozhu/fastdev/comm/b.java, line(s) 44 com/carozhu/fastdev/helper/c.java, line(s) 145,158,87 com/carozhu/fastdev/helper/d.java, line(s) 45,47,64,70,73,85 com/carozhu/fastdev/helper/i.java, line(s) 93 com/carozhu/fastdev/helper/k.java, line(s) 15 com/carozhu/fastdev/helper/o.java, line(s) 16,22,25 com/carozhu/fastdev/helper/p.java, line(s) 699,701 com/carozhu/fastdev/widget/PasswordEditText.java, line(s) 136 com/carozhu/fastdev/widget/progress/LabProgressLayout.java, line(s) 43 com/contrarywind/view/WheelView.java, line(s) 239 com/dhcw/base/utils/AppUtil.java, line(s) 19 com/dhcw/sdk/ae/c.java, line(s) 276,285,229,153,228,275,282,154 com/dhcw/sdk/af/a.java, line(s) 513 com/dhcw/sdk/ag/a.java, line(s) 153,152 com/dhcw/sdk/ai/b.java, line(s) 31,30 com/dhcw/sdk/ai/j.java, line(s) 61,172,60,64,70,77,171,74,78 com/dhcw/sdk/ai/l.java, line(s) 31,30 com/dhcw/sdk/aj/c.java, line(s) 110,109 com/dhcw/sdk/aj/e.java, line(s) 76,75 com/dhcw/sdk/ak/h.java, line(s) 343,266,342,540,600 com/dhcw/sdk/ak/i.java, line(s) 61,62 com/dhcw/sdk/ak/k.java, line(s) 28,223 com/dhcw/sdk/ak/q.java, line(s) 197 com/dhcw/sdk/ak/z.java, line(s) 34,35 com/dhcw/sdk/al/j.java, line(s) 116,222,117,223 com/dhcw/sdk/al/k.java, line(s) 93,205,246,270,92,102,181,188,204,219,245,259,269,103,110,182,189,260 com/dhcw/sdk/am/e.java, line(s) 57,67,80,92,98,130,58,93,70,81,99,131 com/dhcw/sdk/am/l.java, line(s) 91,75 com/dhcw/sdk/an/a.java, line(s) 82,79 com/dhcw/sdk/an/b.java, line(s) 39,38 com/dhcw/sdk/ao/a.java, line(s) 96,95 com/dhcw/sdk/ap/c.java, line(s) 19,18 com/dhcw/sdk/ap/d.java, line(s) 49,48 com/dhcw/sdk/ap/f.java, line(s) 119,118 com/dhcw/sdk/ap/s.java, line(s) 101,104 com/dhcw/sdk/ap/t.java, line(s) 38,37 com/dhcw/sdk/as/aa.java, line(s) 234,103,112,119,151,156,231,104,113,120,121,122,126,152,157 com/dhcw/sdk/as/ad.java, line(s) 129,126 com/dhcw/sdk/as/m.java, line(s) 201,211,223,291,298,314,322,352,370,374,379,388,391,396,200,210,222,290,297,313,321,351,369,373,378,387,390,395 com/dhcw/sdk/as/o.java, line(s) 206,317,160,176,205,285,316,161,286,345 com/dhcw/sdk/as/p.java, line(s) 45,51,46,52 com/dhcw/sdk/as/t.java, line(s) 45,46 com/dhcw/sdk/aw/a.java, line(s) 109,114,119,128,110,115,120,129 com/dhcw/sdk/aw/d.java, line(s) 26,27 com/dhcw/sdk/aw/j.java, line(s) 56,59 com/dhcw/sdk/ay/e.java, line(s) 24,31,42,47,23,30,35,41,46,36 com/dhcw/sdk/ba/j.java, line(s) 418,71,514,457 com/dhcw/sdk/bb/f.java, line(s) 62,173,174,63 com/dhcw/sdk/bb/r.java, line(s) 60,171,172,61 com/dhcw/sdk/bd/a.java, line(s) 44 com/dhcw/sdk/be/a.java, line(s) 39,40 com/dhcw/sdk/bk/c.java, line(s) 25,32,69,39 com/dhcw/sdk/bm/c.java, line(s) 25,32,69,39 com/dhcw/sdk/bm/m.java, line(s) 34,59,73,20,66,41,27 com/dhcw/sdk/g/k.java, line(s) 13 com/dhcw/sdk/k/j.java, line(s) 271 com/flyco/tablayout/d/d.java, line(s) 71 com/github/gzuliyujiang/oaid/e.java, line(s) 21 com/kuaishou/tachikoma/api/TKContext.java, line(s) 82,158 com/kwad/tachikoma/config/b.java, line(s) 262 com/kwad/v8/debug/V8DebugServer.java, line(s) 300,249,344,391,405,426 com/kwai/library/widget/refresh/KwaiRefreshView.java, line(s) 142 com/kwai/library/widget/refresh/RefreshLayout.java, line(s) 262,319,327,470,479,488,499,620,869,885,965,973,981,984,988,992,624 com/kwai/sodler/kwai/b.java, line(s) 30 com/kwai/sodler/lib/a.java, line(s) 20,10,24 com/kwai/sodler/lib/ext/d.java, line(s) 152,179 com/kwai/sodler/lib/kwai/f.java, line(s) 153 com/lsjwzh/widget/recyclerviewpager/LoopRecyclerViewPager.java, line(s) 24,73 com/romainpiel/shimmer/e.java, line(s) 125 com/sun/activation/registries/b.java, line(s) 24,31 com/sun/mail/imap/protocol/d.java, line(s) 48,52,58,72,76,82,87,95,99,104,114,121,130,137,149,153,158,166,170,174,178,182,188,199,213,221,230,234,244,250,258,265,273,318,327,332 com/szy/gamemorphvox/c.java, line(s) 105,122,129 com/szy/gamemorphvox/db/a.java, line(s) 21,37 com/szy/gamemorphvox/manager/UserManagerUtil.java, line(s) 274,47,177 com/szy/gamemorphvox/manager/ad/AdControlManager.java, line(s) 254 com/szy/gamemorphvox/manager/ad/DownloadApkConfirmDialogWebView.java, line(s) 196 com/szy/gamemorphvox/manager/ad/MyBxmAdManager.java, line(s) 63,65,69,156,162,177,182,185,97,138 com/szy/gamemorphvox/manager/ad/RedEnvelopesAdManager.java, line(s) 74,75,76,152,156,160,226,231,236,242,264,276,284,105,129,135,166,179,183,187,192 com/szy/gamemorphvox/manager/ad/TopOnBannerAdManager.java, line(s) 41,45,49,55,60,64,68,73 com/szy/gamemorphvox/manager/ad/TopOnRewardVideoAdManage.java, line(s) 61,49,67,75,80,85,90,95,100 com/szy/gamemorphvox/manager/ad/TopOnTimeIntervalShowInterstitialManage.java, line(s) 72,126,139 com/szy/gamemorphvox/net/api/ApiManager.java, line(s) 1405,777,1477,1598 com/szy/gamemorphvox/net/bean/DecryptionBean.java, line(s) 23 com/szy/gamemorphvox/net/bean/VoiceListDecryptionBean.java, line(s) 133 com/szy/gamemorphvox/o/i.java, line(s) 132 com/szy/gamemorphvox/tools/a.java, line(s) 87,89,92,110,118 com/szy/gamemorphvox/tools/e/a.java, line(s) 164,86,90,97,103,155,179,196 com/szy/gamemorphvox/tools/e/c.java, line(s) 25,30,78,140,144,198 com/szy/gamemorphvox/ui/adjustvoice/AdvancedSetFragment.java, line(s) 224,251 com/szy/gamemorphvox/ui/adjustvoice/BgMusicFragment.java, line(s) 106 com/szy/gamemorphvox/ui/adjustvoice/SoundEffectActivity.java, line(s) 157,198,388,631 com/szy/gamemorphvox/ui/common/a.java, line(s) 207 com/szy/gamemorphvox/ui/fragment/MineFragment.java, line(s) 194,925 com/szy/gamemorphvox/ui/fragment/n2.java, line(s) 201,216 com/szy/gamemorphvox/ui/fragment/z1.java, line(s) 356 com/szy/gamemorphvox/ui/permission/a/c.java, line(s) 205 com/szy/gamemorphvox/ui/viewmodel/y0.java, line(s) 33,43,61,71 com/szy/gamemorphvox/ui/vip/VipActivity.java, line(s) 155 com/szy/gamemorphvox/ui/welcome/SplashActivity.java, line(s) 225,349,356,365,371,851,895,943,987,1035,1084,1104,191,229,259,435,647,657,673,678,683,699,709,727,733,738,845,791,799,1148,1156 com/szy/gamemorphvox/widget/floatingview/FloatingBallView.java, line(s) 972,1180,1385 com/szy/ttutils/b.java, line(s) 26,30,44 com/szy/ttutils/e.java, line(s) 32,37,47,56,66,76,81,86,91,97,111 com/tachikoma/core/bridge/MemoryManager.java, line(s) 147,149,150 com/tachikoma/core/component/TKBase.java, line(s) 628 com/tachikoma/core/component/listview/TKBaseAdapter.java, line(s) 89 com/tachikoma/core/component/listview/viewpager/RecyclerViewPager.java, line(s) 96 com/tachikoma/core/component/listview/viewpager/ScrollEventAdapter.java, line(s) 176 com/tachikoma/core/log/Logger.java, line(s) 17,30 com/tachikoma/core/module/TKBusinessSchoolBridge.java, line(s) 31,41,51 com/tachikoma/core/utility/Console.java, line(s) 16,26 com/tachikoma/core/utility/TKAsync.java, line(s) 43,28,66 com/tencent/a/a/a/a/b.java, line(s) 20,42,48,28,54 com/tencent/a/a/a/a/c.java, line(s) 31,45 com/tencent/a/a/a/a/d.java, line(s) 16,32 com/tencent/a/a/a/a/e.java, line(s) 14,28 com/tencent/a/a/a/a/h.java, line(s) 31,21,61,25 com/vivo/ad/BaseAd.java, line(s) 189,438,811,121,261,570,874,125,210,62,82 com/vivo/ad/CrashHandler.java, line(s) 45,38,36 com/vivo/ad/a/a.java, line(s) 90,93,414,451,460,465,624,112,117,331,338,380,387,388,393,522 com/vivo/ad/a/c.java, line(s) 116,84 com/vivo/ad/c/c.java, line(s) 95,145,104,108,52 com/vivo/ad/exoplayer2/a/e.java, line(s) 841,335,343,357 com/vivo/ad/exoplayer2/d.java, line(s) 65,93,101,106,111,116,119 com/vivo/ad/exoplayer2/d/d/b.java, line(s) 572 com/vivo/ad/exoplayer2/d/d/e.java, line(s) 185,1018 com/vivo/ad/exoplayer2/d/d/f.java, line(s) 130,151,161,170,180,194,205,220 com/vivo/ad/exoplayer2/d/d/h.java, line(s) 27 com/vivo/ad/exoplayer2/d/e/k.java, line(s) 311 com/vivo/ad/exoplayer2/d/f/d.java, line(s) 98 com/vivo/ad/exoplayer2/d/f/k.java, line(s) 344 com/vivo/ad/exoplayer2/d/f/l.java, line(s) 61 com/vivo/ad/exoplayer2/d/f/o.java, line(s) 29,91,94 com/vivo/ad/exoplayer2/d/g/c.java, line(s) 38,59,63,79 com/vivo/ad/exoplayer2/e/a.java, line(s) 33,37,174 com/vivo/ad/exoplayer2/e/d.java, line(s) 294,296,204,341,353,358,363,368,417,422,430,437 com/vivo/ad/exoplayer2/f/b/g.java, line(s) 147,204,209,218,229 com/vivo/ad/exoplayer2/g.java, line(s) 43 com/vivo/ad/exoplayer2/h.java, line(s) 118,717,722,727,828,670,751 com/vivo/ad/exoplayer2/h/a/c.java, line(s) 756,321,333,356,370,571,711,724,829,834,838 com/vivo/ad/exoplayer2/h/a/g.java, line(s) 29 com/vivo/ad/exoplayer2/h/b/b.java, line(s) 506 com/vivo/ad/exoplayer2/h/c/a.java, line(s) 58,61 com/vivo/ad/exoplayer2/h/d/a.java, line(s) 70,81,209,213,216,219,223,226,339 com/vivo/ad/exoplayer2/h/f/e.java, line(s) 90 com/vivo/ad/exoplayer2/h/f/f.java, line(s) 151,154,215,350,399,445 com/vivo/ad/exoplayer2/j/n.java, line(s) 93 com/vivo/ad/exoplayer2/j/r.java, line(s) 157,163,175 com/vivo/ad/exoplayer2/k/b.java, line(s) 35,82 com/vivo/ad/exoplayer2/l/d.java, line(s) 216,575,581 com/vivo/ad/model/ADItemData.java, line(s) 77 com/vivo/ad/nativead/c.java, line(s) 323,91 com/vivo/ad/nativead/e.java, line(s) 19,28,37 com/vivo/ad/splash/a.java, line(s) 79 com/vivo/ad/splash/b.java, line(s) 18,27,36,45 com/vivo/ad/splash/c.java, line(s) 623,71,76,81,86,141,324,369,370,375 com/vivo/ad/splash/hot/a.java, line(s) 108 com/vivo/ad/video/a.java, line(s) 173,185,223,285,385,229 com/vivo/ad/video/b.java, line(s) 17,26,35,44,53,62,71,80,89,98 com/vivo/ad/video/video/MediaPlayer.java, line(s) 103,407,414,431,457,146,816 com/vivo/ic/BaseLib.java, line(s) 11,27,28 com/vivo/ic/CLog.java, line(s) 20,104,25,87,33,37,91,75,95,79,99 com/vivo/ic/CookieHelper.java, line(s) 66,90 com/vivo/ic/NetUtils.java, line(s) 95 com/vivo/ic/minidownload/MiniDownloadRunable.java, line(s) 130,142,243,232 com/vivo/ic/spmanager/BaseSharePreference.java, line(s) 13 com/vivo/ic/webview/CommonJsBridge.java, line(s) 43,64,336,265,296,96,142,83,117,197,290,300,328 com/vivo/ic/webview/CommonWebView.java, line(s) 109,143,159,285,223,269 com/vivo/ic/webview/HTMLFileUploader.java, line(s) 144,137 com/vivo/ic/webview/HtmlWebChromeClient.java, line(s) 121,123,129,127,125 com/vivo/ic/webview/HtmlWebViewClient.java, line(s) 239,301,337,333 com/vivo/mobilead/a.java, line(s) 60,64 com/vivo/mobilead/a/a.java, line(s) 19,27,36 com/vivo/mobilead/a/b.java, line(s) 54,66,90,103,68,105,187,127,150,153,174,180,185 com/vivo/mobilead/a/c.java, line(s) 53 com/vivo/mobilead/a/d.java, line(s) 39 com/vivo/mobilead/b/c.java, line(s) 102,143,168 com/vivo/mobilead/banner/VivoBannerAd.java, line(s) 34 com/vivo/mobilead/banner/b.java, line(s) 28,34,40 com/vivo/mobilead/banner/f.java, line(s) 18,25,31,37,43 com/vivo/mobilead/c/a.java, line(s) 15,19,17 com/vivo/mobilead/extendvideo/VVideoView.java, line(s) 215,351,386,442 com/vivo/mobilead/interstitial/VivoInterstitialAd.java, line(s) 28 com/vivo/mobilead/interstitial/e.java, line(s) 19,25,30,36,42,49 com/vivo/mobilead/listener/b.java, line(s) 18,27,36,45,54 com/vivo/mobilead/manager/StrategyManager.java, line(s) 45 com/vivo/mobilead/manager/VivoAdManager.java, line(s) 22 com/vivo/mobilead/manager/a.java, line(s) 210,217,227,230,236,240 com/vivo/mobilead/manager/b.java, line(s) 62,103,190,192,211,229,231,282,106,85,94,181 com/vivo/mobilead/manager/c.java, line(s) 39 com/vivo/mobilead/manager/d.java, line(s) 94,82,133,113,115,118,120,160,176,189,192,195,214 com/vivo/mobilead/marterial/MaterialHelper.java, line(s) 78,101,108,117,122,134,146,154,165,177,210,233,250,257,263,268,280,295,303,344,350,352,363,372,387,393,395,411,413 com/vivo/mobilead/marterial/a.java, line(s) 427 com/vivo/mobilead/nativead/VivoNativeAd.java, line(s) 27 com/vivo/mobilead/nativead/a.java, line(s) 32 com/vivo/mobilead/nativead/h.java, line(s) 138 com/vivo/mobilead/nativead/j.java, line(s) 31 com/vivo/mobilead/net/RequestTaskUtil.java, line(s) 51,173 com/vivo/mobilead/net/a.java, line(s) 17,21 com/vivo/mobilead/net/e.java, line(s) 58,105,111,114,118,122,45,70 com/vivo/mobilead/net/f.java, line(s) 99,106,117,39,48,165 com/vivo/mobilead/net/l.java, line(s) 14 com/vivo/mobilead/parser/a.java, line(s) 16 com/vivo/mobilead/parser/c.java, line(s) 14,17,21,23 com/vivo/mobilead/splash/VivoSplashAd.java, line(s) 87 com/vivo/mobilead/splash/e.java, line(s) 18 com/vivo/mobilead/splash/g.java, line(s) 93 com/vivo/mobilead/splash/k.java, line(s) 48 com/vivo/mobilead/unified/banner/UnifiedVivoBannerAd.java, line(s) 33 com/vivo/mobilead/unified/banner/b.java, line(s) 248 com/vivo/mobilead/unified/banner/d.java, line(s) 20,29,38,47,56 com/vivo/mobilead/unified/base/c.java, line(s) 87,90,93,96,103,108,117,124 com/vivo/mobilead/unified/base/view/k.java, line(s) 346,337,349,351,354 com/vivo/mobilead/unified/icon/UnifiedVivoFloaticonAd.java, line(s) 34 com/vivo/mobilead/unified/icon/a.java, line(s) 72 com/vivo/mobilead/unified/icon/b.java, line(s) 19,28,37,46,55 com/vivo/mobilead/unified/interstitial/UnifiedVivoInterstitialAd.java, line(s) 33 com/vivo/mobilead/unified/interstitial/a.java, line(s) 50,190 com/vivo/mobilead/unified/interstitial/a/b.java, line(s) 312,387 com/vivo/mobilead/unified/interstitial/d.java, line(s) 18,27,36,45,54 com/vivo/mobilead/unified/nativead/UnifiedVivoNativeExpressAd.java, line(s) 33 com/vivo/mobilead/unified/nativead/c.java, line(s) 18,27,36,45,54 com/vivo/mobilead/unified/reward/UnifiedVivoRewardVideoAd.java, line(s) 44 com/vivo/mobilead/unified/reward/e.java, line(s) 18,28,37,46,55 com/vivo/mobilead/util/AssetsTool.java, line(s) 107,110,54,60,71,86,119 com/vivo/mobilead/util/CommonHelper.java, line(s) 49,115,297,304,312,339,367,400,431,46,98,142,148,192,200,254,275,318,323,355,361,390,437,443 com/vivo/mobilead/util/DeviceInfo.java, line(s) 89,516,612,162,208,216,220,226,228,232,235,248,309,483,491,532,559,565,573,583,104,188,355 com/vivo/mobilead/util/NetUtils.java, line(s) 36,173,233,244,253,267,281,298 com/vivo/mobilead/util/PositionHelper.java, line(s) 50 com/vivo/mobilead/util/ReportUtil.java, line(s) 205,681 com/vivo/mobilead/util/Utils.java, line(s) 71,74,94,117,105 com/vivo/mobilead/util/ViewUtils.java, line(s) 177,257,291,83,146,193,195,197,200 com/vivo/mobilead/util/a.java, line(s) 50,230,90,93,96,99,106,112,120,129 com/vivo/mobilead/util/a/a.java, line(s) 21,31,34 com/vivo/mobilead/util/a/b.java, line(s) 30,33,38 com/vivo/mobilead/util/b.java, line(s) 39,42,47,51,59 com/vivo/mobilead/util/b/b.java, line(s) 123,51,134,141,147 com/vivo/mobilead/util/b/c.java, line(s) 24 com/vivo/mobilead/util/c/c.java, line(s) 317 com/vivo/mobilead/util/d/a.java, line(s) 13 com/vivo/mobilead/util/e.java, line(s) 53 com/vivo/mobilead/util/g.java, line(s) 52,54,56 com/vivo/mobilead/util/l.java, line(s) 97,100,103,130,164,178,203,151,184,193,159 com/vivo/mobilead/video/VivoVideoAd.java, line(s) 28 com/vivo/mobilead/video/b.java, line(s) 16,33,42,51,84 com/vivo/mobilead/video/g.java, line(s) 20,38,47,56,91 com/vivo/mobilead/web/VivoADSDKWebView.java, line(s) 309,466 com/vivo/mobilead/web/a.java, line(s) 267,72,78,80,201,236,362,53,133,206,233,240,259,338 com/vivo/mobilead/web/b.java, line(s) 137,181,217,213 com/vivo/secboxsdk/a/b.java, line(s) 11,19,15 com/wgs/sdk/third/glide/gifdecoder/b.java, line(s) 161,299,160,298 com/wgs/sdk/third/glide/gifdecoder/c.java, line(s) 180,196,210,179,195,209,565,574 com/wgs/sdk/third/glide/manager/SupportRequestManagerFragment.java, line(s) 108,109 com/wgs/sdk/third/glide/manager/e.java, line(s) 30,29,52,85,53,86 com/wgs/sdk/third/glide/manager/f.java, line(s) 18,17 com/wgs/sdk/third/glide/manager/k.java, line(s) 112,113 com/wgs/sdk/third/glide/manager/l.java, line(s) 130,131,139 com/wgs/sdk/third/glide/manager/n.java, line(s) 28,29 com/wgs/sdk/third/glide/util/b.java, line(s) 52,51 com/wgs/sdk/third/jcvideo/c.java, line(s) 75 com/yalantis/ucrop/UCropActivity.java, line(s) 248 com/yalantis/ucrop/f/a.java, line(s) 117 com/yalantis/ucrop/f/b.java, line(s) 54,185,218,131,197,204,210 com/yalantis/ucrop/g/a.java, line(s) 113,53,84 com/yalantis/ucrop/g/c.java, line(s) 78 com/yalantis/ucrop/g/f.java, line(s) 130,138,147,154,170,180,192,224,240,244,249,258,261,266,289,129,137,146,153,169,179,191,223,239,243,248,257,260,265 com/yalantis/ucrop/view/TransformImageView.java, line(s) 217,249,57,154 com/yanzhenjie/permission/d.java, line(s) 188 com/zhy/http/okhttp/cookie/a.java, line(s) 147,156,159 com/zsyj/pandasdk/base/BasePandaActivity.java, line(s) 70 com/zsyj/pandasdk/net/body/BodyMap.java, line(s) 80,95 com/zsyj/pandasdk/util/b0.java, line(s) 41,47,53,11,17,23,29,35,59,65 com/zsyj/pandasdk/util/h0.java, line(s) 96 com/zsyj/pandasdk/util/y.java, line(s) 255,272 com/zsyj/pandasdk/widget/viewpager/VerticalViewPager.java, line(s) 1047,1053,1065 com/zsyj/sharesdk/QQLoginActivity.java, line(s) 45,63,64,65,88,126,137 com/zsyj/sharesdk/l/c.java, line(s) 126 com/zsyj/sharesdk/m/g.java, line(s) 246,249 com/zsyj/sharesdk/m/j.java, line(s) 54 com/zsyj/ui/web/DownloadService.java, line(s) 132 i/a/a/h/b.java, line(s) 10,40,16,46,22,28,34,52 i/a/a/h/c.java, line(s) 42,46,50 j/a/b.java, line(s) 65,73,25,45,29,49,81,33,53,37,41,57,61,69,77 me/drakeet/multitype/f.java, line(s) 115 me/jessyan/rxerrorhandler/handler/RetryWithDelay.java, line(s) 33 me/jessyan/rxerrorhandler/handler/RetryWithDelayOfFlowable.java, line(s) 33 org/fmod/AudioDevice.java, line(s) 26,50,56,38,42,36 org/fmod/FMOD.java, line(s) 66 org/fmod/MediaCodec.java, line(s) 119,167,169,82,88,136,52,72,79,85,111,171,225 org/greenrobot/greendao/AbstractDao.java, line(s) 593,630 org/greenrobot/greendao/DaoException.java, line(s) 15,16 org/greenrobot/greendao/DaoLog.java, line(s) 15,47,51,27,31,55,39,59,19,43,63,67 org/greenrobot/greendao/DbUtils.java, line(s) 58,91 org/greenrobot/greendao/async/AsyncOperationExecutor.java, line(s) 328 org/greenrobot/greendao/internal/LongHashMap.java, line(s) 62 org/greenrobot/greendao/query/QueryBuilder.java, line(s) 93,96 org/greenrobot/greendao/test/AbstractDaoTest.java, line(s) 25,27,56 org/greenrobot/greendao/test/AbstractDaoTestLongPk.java, line(s) 28,31 org/greenrobot/greendao/test/AbstractDaoTestSinglePk.java, line(s) 31 org/greenrobot/greendao/test/DbTest.java, line(s) 58 rx/internal/util/e.java, line(s) 75 rx/internal/util/k.java, line(s) 47 rx/q/c.java, line(s) 298
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/dhcw/sdk/bf/d.java, line(s) 4,35 com/vivo/ic/webview/CommonJsBridge.java, line(s) 6,115 com/vivo/mobilead/web/a.java, line(s) 6,50
信息 邮件服务器
邮件服务器 Files: c/n/c.java, line(s) 41,51
信息 此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密
此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密 Files: org/greenrobot/greendao/database/SqlCipherEncryptedHelper.java, line(s) 15,4,5
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: c/g/b/g/a.java, line(s) 32,139,31,30,30,137,137 c/g/b/h/a.java, line(s) 123,65 c/z/a/a/f/a.java, line(s) 31,103,30,29,29,101,101
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (ad.szsszykj.com) 通信。
{'ip': '121.228.130.197', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (hydra.alibaba.com) 通信。
{'ip': '121.228.130.197', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.toutiaopage.com) 通信。
{'ip': '121.228.130.197', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '盐城', 'latitude': '33.385559', 'longitude': '120.125282'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (appstore.vivo.com.cn) 通信。
{'ip': '121.228.130.197', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (static.yximgs.com) 通信。
{'ip': '121.228.130.197', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '镇江', 'latitude': '32.209366', 'longitude': '119.434372'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (cs.szsszykj.com) 通信。
{'ip': '47.107.166.115', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '深圳', 'latitude': '22.545673', 'longitude': '114.068108'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (survey.szsszykj.com) 通信。
{'ip': '47.107.166.115', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '深圳', 'latitude': '22.545673', 'longitude': '114.068108'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (task.hzbxm.com) 通信。
{'ip': '221.231.83.104', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (pv.sohu.com) 通信。
{'ip': '121.228.130.197', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '常州', 'latitude': '31.783331', 'longitude': '119.966667'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (i.snssdk.com) 通信。
{'ip': '47.107.166.115', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '盐城', 'latitude': '33.385559', 'longitude': '120.125282'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (h5.m.taobao.com) 通信。
{'ip': '47.107.166.115', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (voice-oss.szsszykj.com) 通信。
{'ip': '58.216.16.253', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '常州', 'latitude': '31.783331', 'longitude': '119.966667'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.chengzijianzhan.com) 通信。
{'ip': '180.97.251.225', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (wx.tenpay.com) 通信。
{'ip': '180.97.251.225', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (apps.oceanengine.com) 通信。
{'ip': '180.97.251.225', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '盐城', 'latitude': '33.385559', 'longitude': '120.125282'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (yxdt.szsszykj.com) 通信。
{'ip': '39.106.231.93', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (voicechanger.szsszykj.com) 通信。
{'ip': '60.205.169.55', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (count.hzbxm.com) 通信。
{'ip': '8.136.137.241', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (adsdk.vivo.com.cn) 通信。
{'ip': '220.181.128.253', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (sf6-ttcdn-tos.pstatp.com) 通信。
{'ip': '115.231.153.88', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '台州', 'latitude': '28.666668', 'longitude': '121.349998'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (adv.szsszykj.com) 通信。
{'ip': '60.205.169.55', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (ssp.vivo.com.cn) 通信。
{'ip': '61.160.227.101', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '南通', 'latitude': '32.030296', 'longitude': '120.874779'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (shop.vivo.com.cn) 通信。
{'ip': '61.160.227.101', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '常州', 'latitude': '31.783331', 'longitude': '119.966667'}