安全分析报告:
安全分数
安全分数 40/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
7
用户/设备跟踪器
调研结果
高危
6
中危
17
信息
1
安全
1
关注
0
高危 应用程序容易受到 Janus 漏洞的影响
应用程序使用 v1 签名方案进行签名,如果仅使用 v1 签名方案进行签名,则在 Android 5.0-8.0 上容易受到 Janus 漏洞的影响。在使用 v1 和 v2/v3 方案签名的 Android 5.0-7.0 上运行的应用程序也容易受到攻击。
高危 Activity (.MainNavigationActivity) 容易受到 Android Task Hijacking/StrandHogg 的攻击。
活动不应将启动模式属性设置为“singleTask”。 然后,其他应用程序可以将恶意活动放置在活动栈顶部,从而导致任务劫持/StrandHogg 1.0 漏洞。 这使应用程序成为网络钓鱼攻击的易受攻击目标。 可以通过将启动模式属性设置为“singleInstance”或设置空 taskAffinity (taskAffinity="") 属性来修复此漏洞。 您还可以将应用的目标 SDK 版本 (23) 更新到 28 或更高版本以在平台级别修复此问题。
高危 Activity (com.wsollys.VideoPlayerActivity) 容易受到 Android Task Hijacking/StrandHogg 的攻击。
活动不应将启动模式属性设置为“singleTask”。 然后,其他应用程序可以将恶意活动放置在活动栈顶部,从而导致任务劫持/StrandHogg 1.0 漏洞。 这使应用程序成为网络钓鱼攻击的易受攻击目标。 可以通过将启动模式属性设置为“singleInstance”或设置空 taskAffinity (taskAffinity="") 属性来修复此漏洞。 您还可以将应用的目标 SDK 版本 (23) 更新到 28 或更高版本以在平台级别修复此问题。
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/chartboost/sdk/impl/at.java, line(s) 49,5,6 com/chartboost/sdk/impl/bt.java, line(s) 61,8 com/chartboost/sdk/impl/bu.java, line(s) 56,6,7 com/inmobi/rendering/RenderView.java, line(s) 587,677,33,34 com/jirbo/adcolony/ad.java, line(s) 792,24,25 com/startapp/android/publish/h/v.java, line(s) 635,23,24 com/startapp/android/publish/splash/c.java, line(s) 146,10
高危 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/chartboost/sdk/impl/bu.java, line(s) 54,6,7 com/inmobi/rendering/RenderView.java, line(s) 628,33,34
高危 应用程序包含隐私跟踪程序
此应用程序有多个7隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 应用程序数据存在被泄露的风险
未设置[android:allowBackup]标志 这个标志 [android:allowBackup]应该设置为false。默认情况下它被设置为true,允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Broadcast Receiver (com.google.android.gcm.GCMBroadcastReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (.pull.PullServerController) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.wsollys.server.CampaignReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.inmobi.commons.core.utilities.uid.ImIdShareBroadCastReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (.notification.NotificationCheckerBootReciever) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/immersion/hapticmediasdk/controllers/HapticPlaybackThread.java, line(s) 28 com/wsollys/configuration/XMLConfigurationHandler.java, line(s) 50 com/wsollys/notification/NotificationChecker.java, line(s) 16,18 com/wsollys/pull/PullServerClient.java, line(s) 20,19 com/wsollys/pull/PullServerController.java, line(s) 14 com/wsollys/server/AppsGeyserServerClient.java, line(s) 13 com/wsollys/ui/navigationdrawer/NavigationDrawer.java, line(s) 28
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/chartboost/sdk/Libraries/b.java, line(s) 14 com/inmobi/commons/core/utilities/a/b.java, line(s) 93,81 com/jirbo/adcolony/ah.java, line(s) 31
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/inmobi/commons/core/c/a.java, line(s) 17 com/inmobi/commons/core/utilities/uid/d.java, line(s) 7 com/inmobi/rendering/a/a.java, line(s) 3 com/startapp/android/publish/b/a.java, line(s) 16 com/startapp/android/publish/b/c.java, line(s) 18 com/startapp/android/publish/banner/Banner.java, line(s) 25 com/startapp/android/publish/video/a/b.java, line(s) 9
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/applovin/impl/sdk/z.java, line(s) 401 com/chartboost/sdk/Libraries/h.java, line(s) 104,661,823,831,867,868 com/inmobi/rendering/mraid/c.java, line(s) 68 com/jirbo/adcolony/ADCImage.java, line(s) 229 com/jirbo/adcolony/ADCStorage.java, line(s) 70 com/jirbo/adcolony/m.java, line(s) 128,133,134 com/startapp/android/publish/h/p.java, line(s) 65 com/wsollys/media/camera/AlbumStorageController.java, line(s) 43 com/wsollys/media/camera/BaseAlbumDirFactory.java, line(s) 11 com/wsollys/media/camera/FroyoAlbumDirFactory.java, line(s) 9 com/wsollys/utils/FileManager.java, line(s) 131,136
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/wsollys/media/camera/AlbumStorageController.java, line(s) 37
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/inmobi/rendering/RenderView.java, line(s) 647,642 com/startapp/android/publish/adinformation/a.java, line(s) 145,141 com/startapp/android/publish/banner/bannerstandard/BannerStandard.java, line(s) 230,172 com/startapp/android/publish/c/d.java, line(s) 90,77 com/startapp/android/publish/slider/b.java, line(s) 119,118 com/wsollys/BrowserActivity.java, line(s) 88,87 com/wsollys/ads/BottomBannerLayout.java, line(s) 56,70 com/wsollys/ads/FullscreenBanner/FullScreenBannerController.java, line(s) 137,171 com/wsollys/controllers/WebContentController.java, line(s) 57,58,61 com/wsollys/notification/NotificationService.java, line(s) 99,98
中危 IP地址泄露
IP地址泄露 Files: com/immersion/hapticmediasdk/HapticMediaSDKVersion.java, line(s) 4
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/inmobi/commons/core/b/b.java, line(s) 6,7,76,84 com/wsollys/storage/BookmarksManager.java, line(s) 6,7,34,39 com/wsollys/storage/DatabaseOpenHelper.java, line(s) 4,5,27,28,34,35
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/immersion/hapticmediasdk/utils/FileManager.java, line(s) 150 com/startapp/android/publish/b/e.java, line(s) 41 com/wsollys/utils/Hasher.java, line(s) 10
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/chartboost/sdk/impl/bt.java, line(s) 33,24 com/wsollys/MessageViewer.java, line(s) 38,36 com/wsollys/ads/AdsLoader.java, line(s) 93,91 com/wsollys/ads/FullscreenBanner/FullScreenBannerController.java, line(s) 173,171 com/wsollys/controllers/WebContentController.java, line(s) 63,61
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 AppLovin广告SDK的=> "applovin.sdk.key" : "-ZSF2wakygzAiT2ruKb6qE7Of7o4QhWOGzeIuE0qv--bX0RQL2WAGdZxmL_A2VZISDaLRb9KZ8x69MWUO1effC" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Passwort" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Nombre" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" "username" : "Name" "password" : "Password" Rm3kPC7ii9O6xx5NzKs8XGrNQTfazCw4zB70goJXehA4Gy3oxwq36x71Cn7KxcAFeIEfVhbOVk9S Ok9yaWdpbmFsRG9jdW1lbnRJRD0ieG1wLmRpZDpGQkU5MjA4OTBDMjA2ODExODA4M0YyQ0E4QjA4 0Is1LgSOVaPgZ90MbTyPrQhhmcuBo04r+BG3QtfpgGUeBY66hhEUOw1dauHWGRdVjuWTdLxd+ltu Pc4bLrEjuo5GWxxYp4bwoYxwqVgWfQEMC3a7WHL4xkkX2t8BT/523hMXiswDG0EHAxxpqwftjAAl NTJCNjI0NTY5OCIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgQ1M2IChNYWNpbnRv Ok9yaWdpbmFsRG9jdW1lbnRJRD0ieG1wLmRpZDpGRUU5MjA4OTBDMjA2ODExODA4M0YyQ0E4QjA4 bUBWYjSWU2Y2m8Ank40jRSIc1uhqSV/E7E5zO5feXMTddbAIjbIQPSK5cRhtQBctQupB2hSoJkxH Be7QrsqPmAw+/mGKt1rfE4xUyqIbwDhIMrm+gI9R36osBPfr7AZBjsXYdbRbryI6ifGz3sLxbs24 vaDO2J17VOrNdi+J04px1GM3Cu2ENj7l+3r1JrM9Vvhyq6GXYCVafJjEhfBBEzBLoVcZkyl0+zT7 Ok9yaWdpbmFsRG9jdW1lbnRJRD0ieG1wLmRpZDpGNEU5MjA4OTBDMjA2ODExODA4M0YyQ0E4QjA4 Ok9yaWdpbmFsRG9jdW1lbnRJRD0ieG1wLmRpZDpGOUU5MjA4OTBDMjA2ODExODA4M0YyQ0E4QjA4 BykSfu+BL2CRrGixnkcVkhmPJtfa/UQiPWfZZ52s6BYOEK4QY8UgMxaC34CVCv72s99vL2y4ScYq X+wupr62RM8Hr5mUZwRZsKjwH3CSigItbN0suXoUkh07VFPwZafOPXbS4XujrMsBztP/fb6Ijp0w M0I1MCIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDo2MzBFQTlFNjYxMjAxMUUzQjhCRkRDNTJC N3hs1m5l8jHVRki0jIbXqcByVfEGuKx4xLMcZOMkeMQCTq86Kx4xit6vmXWzOFTdVBCi33nDFsIF aADPWGT8Fd9c4vgpI44VhxD7jTPfF+hni9CHopDo/1X0TwEGAMn4kfWfS4oUAAAAAElFTkSuQmCC PrAAfAOjoAd0kqG5Fl0DjoA6kEuRA2Ccv9P5fyDmfBu4CG6CabFqJdomW0Fb9E97Dc6CWrAYpMVd URTHnU1NzI9Wi1y31jCiNfMjwhL6sqSHSOwhInoq+vA1qtdAeq8ee4p6KKynCvIhsEwLEgrKfFA3 bWFnZVJlYWR5ccllPAAAA2hpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdp n8P5xAz+rr7J3ukeerw1CgW/BBfBcwNl0scpJCXaR+fsViBWzNdLoJHjykY5TbLHSJd3gKtZockV 87gToILv2ETXq/LvCnAItNAuDI4lKA1bQlpUT+XO1cAt12BEFmLQNcW42suUqYh26mvAJXCZxfc5 eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMy1jMDExIDY2LjE0 ZIMNYAmIBZNgFHSCFtAMWsHMbIl2gW2gDGwHUfz/CBgE4yASxIMkEMHr7eAmuAU+2BpZiLZBPmjS NTY2MSwgMjAxMi8wMi8wNi0xNDo1NjoyNyAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJo b3VyY2VSZWYjIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtcE1N 39GluvWwGycKpL6SS4VOhU6FttX+CjAAgpoINtDHo/4AAAAASUVORK5CYII= 63zvDVq4pJyL3wYrphfCLFwDn0NYNxFjsqK1q0y2SewQuAFqw9iuRDqfEdnp0Q98IEex2HHQAEo5 MC9tbS8iIHhtbG5zOnN0UmVmPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvc1R5cGUvUmVz OlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz6uekVTAAADwElEQVR42uyZXUgV bZFPoY2B4JM+ONOh32MEm3x6NDZrXWnp8TA6wiu9YJLdSjRytNp5I97BTh8ekaNasT+zGzqs1Xay wHmQZFC0gyvufaOixdR4KJkklGgtOjnfYwwIrwF9IE7ve71+OhVksHKoiEJwBzxlJygTbWzEsmVN UL94q7CdKlraOn/A4RdFBajAYZRpJT6i2VlEQ2qW5ufGIvkpbuDJVDM4r+vTk60rjbG2WFPLDI3L C10F7968CFE2C76AC6F0650C877806D4514DE58FC239592D2385BCE5609A84B2A0FBDAF29B05505EAD1FDFEF3D7209ACBF34B5D0A806DF18147EA9C0337D6B5B cQhUgxQTvcdS4ANnjC7jqcDLHkRG9BjFCtt0FxRY6PJOcqxcM86lDvziBYQ7Lo9JRBtbbrEtFe1o dGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wTU09Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEu M0I1MCIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDo2MzBFQTlFQTYxMjAxMUUzQjhCRkRDNTJC c2gpIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6MDY4MDEx MkiCvaSBIdAPkgMRnUvBj4Is2Esxx7ttV7QIW81gjI/PzE6ErF2SorLBRj82Nyg8147oAnY+bWET NjI0NTY5OCIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDo2MzBFQTlFOTYxMjAxMUUzQjhCRkRD aYwSyk8tkPPpfHAY7ODvftAE2sAA82FxJp0AUnngnk7bHnAF1IEvs/ElIJ3CxcH6WhBnYDMFekEj c2gpIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6QTlBRDI1 bMFq5CETP9GHdrzGc/Q7PVnAwegxG8dwEhvwB53owSBGkY18lGIpwmhGA17aTm2EtqECHzGGuziA EvgxxWS9Elw3uTYECkG3gr+v/Bvje8FMtMak3qUwiBvkmFxbCPYqpvreomJGtggQb20vNw+ZRyni cJ/EmvYoLI8j7JMlu6avMeNKkHDuNonDwybCqyRFXwWTRkWGWYdyDpAnMcNGgt+CVeBUADP+CnQZ OTIwODkwQzIwNjgxMTgwODNGMkNBOEIwODNCNTAiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRm BqQgPWjjUHyWmhDr4m6riNeSC5gl0RoHQQ8Tt4JKJk8MMWfFlDrKWq6tmCcM+kbp6hFpY303nYiL BXH2z0QJatAT+dduocjO+a3+Qw4addLbWGfjpFk4jq8YxEEvQ+fjDYZwyOYdijUP1/UBVHsReiG6 n3nMsiI6GneUNHXjheC5Rh8z+o8XbU5nrobDHE5rSKMPc4QnrYj+xAuLNRwuA2ngpUYf5loOWxE9 URiG1dW1H0szrazwF9O0ItmEDBOW8qKopC66qKiIgiDKLkKCfgiJIArSLuyiQsoMIugiMAgqCylE CEWGLRSoWG5Cptt36Le0iO7OdQdhD3wY0XHmNztzzpzz30AkEkmbbi09bRq2VOhU6Dgtw6XjrMdW eXzsMn0Ee1sjiDTxnUObShXRJRJxM5ozayXcDT4aXG9jtDDzPYc3+lxF9Dk6T5N4ucyE1+o2DX1r c2gpIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6MDI4MDEx OlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz77Lxw7AAADm0lEQVR42uyZXUgU TEKyEjRxrFsg3g7RTtDAJBck76wMxznmE5CgWvRtDn5IkdhgdoBx3nmnKtGnKfiIDYI1KpjjugrR NjI0NTY5OCIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDo2MzBFQTlFNTYxMjAxMUUzQjhCRkRD WWVmeoia2gmaJRLlBP7HM1BmUXgja/gco6LXU8ROSdH+IOF+VpsVJkWXRJrboU68AjyStXOiaC0G wHIwF3xU3LtvZid4E+RFOLaLn5myopNEywp6bTAdDnAYtIBzbF31QmtZU2RFxwe5DrtCTMFq8BYU NjI0NTY5OCIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDpDNDMxMTM3QTYxMjAxMUUzQjhCRkRD MTgxMDIwNjgxMTgwODNGMkNBOEIwODNCNTAiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6RkVF frUf4C7YA9aAuSCCdmJSokEi2Ao8oJP9PoNjtFcaX1VsDKjhoBPgDFiu6EPcRBF4QT+tIDNYouPB MzMrWc20D63NaPvf+g8syyYz584oxV74McvOnHv+c++dueecMaLRaMq/1oyk6KRod0Xng7WgAqwB Wi5OoDHecBsvtNF7r6BKtytRm6Ft5sQyBWaZLA5Va9+rTipMl3WrGkyEfoeOmJEn2kbVPzrUV6Zq dHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlw c2gpIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6MDM4MDEx RQdAL5gAOxwQG0uQS+Yr2OyUaC87fQ/KHBZssgg85qCUOSH6OpgGG1wSbFIABkAILNQRfZhr+KDL E72409364B865B757E1D6B8DB73011BBB1D20C1A9F931ADD3C4C09E2794CE102F8AA7F2D50EB88F9880A576E6C7B0E95712CAE9416F7BACB798564627846E93B M0I1MCIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDpDNDMxMTM3NzYxMjAxMUUzQjhCRkRDNTJC s9UHUbW7XNtHhU5V/WNQY5T3gExwzW4J4Qz4zvzQboDUwIxbEnOojL8PtEviaRVaToIrs5S1xIel q+A3VbxxEnifyhLGYnajl2Wx6OLzGwZwzkb4bXiki2/CIq9rebEr7EsIq0zWpOe9VOWuoPabiULs NzQwNzIwNjgxMTgwODNBRjJCNzQzNDlDQ0IiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6RkJF J+ABYuAFIBusBW6QD0ZAHajhUzAeQrRBtoOuwL94ANwgVuI8B9gA6nnud7DXRH5DosVTucyELaDY HCsOpIMlIIH/84I+0A1+TxXR88EWsAuUgWTgnHCMHwyDVvAINIFBK0mjTVaPRHAMVIJF4At4AdrB CAMtgpJAS/JvLY2ldpXtPfQOLTK7e2bmjCj4wcOiO3O+d2bOfud7z0QHAoGo6RYxUdMwZkRPVsQq URzHcddVu4hlFwvTsKToZhZRPlVQgdFDQReyQui1XgLBSirwQXqLwvC1EKIgrMgKgkIfoqALimFa bj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6 gk2q6O+8VLSasjFwS1PEaps2pym8SiK6kcarhIJLaT8O8m3YZYM3oNmu6CwwApo0RtnPDaSV/dmx M0I1MCIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDpDNDMxMTM3QjYxMjAxMUUzQjhCRkRDNTJC Ew70EKy2+ZT04g+B75yAYqdFLwYvKfgEH3uYQ2SBbvoudUq0WBJP6fSAg2L1rADvwBTY7IToCxR8 yoegUsOhuuEpMKbRh0qQf4I+K6J/gEegmompVLSarWEN0bWgN+YtMqPoFGbKAY3RDlKwdHPKA9tA OlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz7tuMs8AAADCElEQVR42uzZW0gU NzQwNzIwNjgxMTgwODNBRjJCNzQzNDlDQ0IiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6RjlF rHNYsC+mRFbvdFksyCpThG8HwwHBO5nEqtLYLrcKkCqrvspRuQ+2C8WW82FTrYMz6VrV1GQvM+0o bEOJ1dCLFTrkU+hezQrTrYTOVuiwT6GNeXgOglZCj2sb9Cl0MN7wOFXoIY2vc30KPR8DWliYDt2n NjI0NTY5OCIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDpDNDMxMTM3NjYxMjAxMUUzQjhCRkRD QRTHvX5lGZVCWkpUWlhU+HD9qAcRNIoyQaV6sYfoQYKw8qUgK4LqWmJU9JhW0AfkQ4UFERFCL2Jh NzQwNzIwNjgxMTgwODNBRjJCNzQzNDlDQ0IiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6RjRF
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/applovin/adview/AppLovinAdView.java, line(s) 39,91 com/applovin/adview/AppLovinIncentivizedInterstitial.java, line(s) 50 com/applovin/adview/AppLovinInterstitialActivity.java, line(s) 477,480 com/applovin/impl/adview/AdViewControllerImpl.java, line(s) 133,136,139,142,145,266,301,378 com/applovin/impl/adview/q.java, line(s) 15 com/applovin/impl/sdk/AppLovinSdkImpl.java, line(s) 56,233,237,240,258,52 com/applovin/impl/sdk/NativeAdImpl.java, line(s) 189 com/applovin/impl/sdk/cz.java, line(s) 34 com/applovin/impl/sdk/k.java, line(s) 31,46,70,56,84 com/applovin/sdk/AppLovinSdk.java, line(s) 44,68 com/applovin/sdk/AppLovinSdkUtils.java, line(s) 53 com/chartboost/sdk/Libraries/CBLogging.java, line(s) 21,27,33,39,69,45,51,57,63 com/chartboost/sdk/Libraries/h.java, line(s) 756,757,758,759 com/chartboost/sdk/impl/bs.java, line(s) 55,74,77,80,83,86,91,94,97,100,103,125,139,154 com/chartboost/sdk/impl/t.java, line(s) 20,24,28,11,15 com/immersion/content/EndpointWarp.java, line(s) 77 com/immersion/content/Log.java, line(s) 39,50,74 com/immersion/hapticmediasdk/HapticContentSDK.java, line(s) 193 com/immersion/hapticmediasdk/HapticContentSDKFactory.java, line(s) 33,54,72,41 com/immersion/hapticmediasdk/MediaPlaybackSDK.java, line(s) 72,79,84,91,137,144 com/immersion/hapticmediasdk/MediaTaskManager.java, line(s) 60,551,555 com/immersion/hapticmediasdk/controllers/FileReaderFactory.java, line(s) 168,164 com/immersion/hapticmediasdk/controllers/HapticDownloadThread.java, line(s) 161,204,224,255,277,300,264 com/immersion/hapticmediasdk/controllers/HapticPlaybackThread.java, line(s) 154,149,160,811 com/immersion/hapticmediasdk/controllers/ImmersionHttpClient.java, line(s) 76,78 com/immersion/hapticmediasdk/controllers/MediaController.java, line(s) 108,114,395 com/immersion/hapticmediasdk/controllers/MemoryAlignedFileReader.java, line(s) 461,463,479,480,481,482,484,486,488,489,490,491,497,499,501,144 com/immersion/hapticmediasdk/controllers/MemoryMappedFileReader.java, line(s) 371,373,374,375,376,383,385,387,389,390,391,392,393,395,397,133,467 com/immersion/hapticmediasdk/utils/Log.java, line(s) 37,73,96 com/inmobi/commons/core/utilities/Logger.java, line(s) 22,25,38,41,19,35 com/jirbo/adcolony/ADCData.java, line(s) 667,675,677,678,679,680,681,682,683,684,685,686,687,688,689,690 com/jirbo/adcolony/a.java, line(s) 179,185,182 com/jirbo/adcolony/ae.java, line(s) 154 com/jirbo/adcolony/e.java, line(s) 144,300,462,645,647,655,657 com/jirbo/adcolony/k.java, line(s) 340 com/jirbo/adcolony/p.java, line(s) 141 com/jirbo/adcolony/y.java, line(s) 54 com/silvermob/sdk/AdManager.java, line(s) 109,119,129,148,155,336,425,541,582 com/silvermob/sdk/MediationRulesManager.java, line(s) 45,50,58,64,59,129,148 com/silvermob/sdk/connectors/ApplovinConnector.java, line(s) 68,72,134 com/silvermob/sdk/connectors/StartappConnector.java, line(s) 81 com/silvermob/sdk/utils/ImageDownloader.java, line(s) 25 com/startapp/android/publish/b/e.java, line(s) 43,70 com/startapp/android/publish/banner/bannerstandard/BannerStandard.java, line(s) 349,359 com/startapp/android/publish/h/j.java, line(s) 147,152,159,163,171,195 com/startapp/android/publish/h/l.java, line(s) 54,63,57,51,60 com/startapp/android/publish/h/v.java, line(s) 599,820 com/startapp/android/publish/splash/a.java, line(s) 203 com/startapp/android/publish/video/b.java, line(s) 84 com/wsollys/DownloadsListActivity.java, line(s) 281 com/wsollys/MainNavigationActivity.java, line(s) 188,560,766 com/wsollys/ads/AdMobUtils/AdMobParameters.java, line(s) 55,69 com/wsollys/ads/AdsLoader.java, line(s) 168 com/wsollys/ads/FullscreenBanner/AdMobFSBannerController.java, line(s) 84,66,114,56,64,74,79,85,126 com/wsollys/ads/sdk/SilvermobSdkWrapper.java, line(s) 23,30,36,42,48,54 com/wsollys/browser/BrowserDownloadListener.java, line(s) 58,94,141 com/wsollys/browser/BrowserWebChromeClient.java, line(s) 89 com/wsollys/browser/BrowserWebViewClient.java, line(s) 80,51 com/wsollys/controllers/TabsController.java, line(s) 53,54 com/wsollys/controllers/WebContentController.java, line(s) 178 com/wsollys/javascriptinterface/JavascriptInterface.java, line(s) 694 com/wsollys/media/camera/AlbumStorageController.java, line(s) 46,50 com/wsollys/notification/NotificationJavascriptInterface.java, line(s) 77 com/wsollys/notification/NotificationService.java, line(s) 63,68,70,107 com/wsollys/notification/NotificationWebChromeClient.java, line(s) 12 com/wsollys/notification/NotificationWebViewClient.java, line(s) 33 com/wsollys/push/PushGCMIntentService.java, line(s) 40,16,24,29,35,45 com/wsollys/push/PushNotificationsExecutor.java, line(s) 26,27 com/wsollys/push/PushWebViewClient.java, line(s) 51 com/wsollys/server/BaseServerClient.java, line(s) 51,53 com/wsollys/server/CampaignReceiver.java, line(s) 39 com/wsollys/server/StatController.java, line(s) 83,88 com/wsollys/storage/BrowsingHistoryStorage.java, line(s) 81,90 com/wsollys/storage/DatabaseOpenHelper.java, line(s) 33 com/wsollys/ui/views/WebContent.java, line(s) 199,229 com/wsollys/utils/ImageReader.java, line(s) 57 org/nexage/sourcekit/util/DefaultMediaPicker.java, line(s) 47,52,57,62,67,72,123,107 org/nexage/sourcekit/util/HttpTools.java, line(s) 18,26,36,47 org/nexage/sourcekit/util/NetworkTools.java, line(s) 11,15,20,25,28 org/nexage/sourcekit/util/VASTLog.java, line(s) 36,54,60,42,65,30,48 org/nexage/sourcekit/util/XmlTools.java, line(s) 26,37,44,64,84,98,39,58,78,92,120 org/nexage/sourcekit/util/XmlValidation.java, line(s) 27,16,24 org/nexage/sourcekit/vast/VASTPlayer.java, line(s) 51,140,155,167,91,117,151 org/nexage/sourcekit/vast/activity/VASTActivity.java, line(s) 78,81,83,87,106,112,118,124,131,141,147,153,313,324,333,338,360,366,370,376,415,421,429,439,444,450,453,458,463,468,470,484,489,499,500,501,502,503,514,539,546,565,572,580,584,595,610,618,621,667,702,91,346,355,372,433,530,532,683,635,638,641,644,709,575,680,486,652 org/nexage/sourcekit/vast/model/VASTModel.java, line(s) 46,80,122,141,175,181,187,207,211,215,218,220,74,116,135,169,201,67 org/nexage/sourcekit/vast/processor/VASTModelPostValidator.java, line(s) 14,16,28,34,39,47,32 org/nexage/sourcekit/vast/processor/VASTProcessor.java, line(s) 36,61,71,85,88,106,110,119,124,128,55,73,100,113,65 rrrrrr/rrccrr.java, line(s) 113
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/chartboost/sdk/Libraries/CBUtility.java, line(s) 181,189,185,189,189,189,189