移动应用安全检测报告:
安全基线评分
安全基线评分 45/100
综合风险等级
风险等级评定
- A
- B
- C
- F
漏洞与安全项分布(%)
隐私风险
9
检测到的第三方跟踪器数量
检测结果分布
高危安全漏洞
7
中危安全漏洞
42
安全提示信息
3
已通过安全项
2
重点安全关注
0
高危安全漏洞 域配置不安全地配置为允许明文流量到达范围内的这些域。
Scope: passport.airtel.in mcext.zumigo.com partnerapi.jio.com
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: co/hyperverge/hyperkyc/data/network/OffScreenWebView.java, line(s) 200,11 co/hyperverge/hyperkyc/utils/FormWebViewDriver.java, line(s) 1615,14,15,108,109 co/hyperverge/hyperkyc/webCore/ui/HKWebCoreActivity.java, line(s) 1589,23,24,277,278,351,352 com/clevertap/android/sdk/inapp/CTInAppBaseFullHtmlFragment.java, line(s) 135,12,13 com/clevertap/android/sdk/inapp/CTInAppBasePartialHtmlFragment.java, line(s) 138,16,17 in/juspay/hypersdk/core/DynamicUI.java, line(s) 235,479,10 in/juspay/hypersdk/safe/JuspayWebView.java, line(s) 57,9,10
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/bureau/devicefingerprint/tools/a.java, line(s) 82 com/camsfinserv/widget/a.java, line(s) 89 com/clevertap/android/sdk/cryption/AESCrypt.java, line(s) 66 com/jar/app/core_base/util/n.java, line(s) 38 com/jar/app/feature/home/ui/activity/alias/b.java, line(s) 855 com/userexperior/utilities/d.java, line(s) 34 com/userexperior/utilities/o.java, line(s) 351
高危安全漏洞 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: in/juspay/hypersdk/core/AndroidInterface.java, line(s) 667 in/juspay/hypersdk/data/KeyValueStore.java, line(s) 14 so/plotline/insights/Database/o.java, line(s) 18
高危安全漏洞 该文件是World Readable。任何应用程序都可以读取文件
该文件是World Readable。任何应用程序都可以读取文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/userexperior/recording/a.java, line(s) 39 com/userexperior/utilities/o.java, line(s) 177
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: easypay/appinvoke/actions/EasypayBrowserFragment.java, line(s) 639,21,304,305
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个9隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危安全漏洞 Activity-Alias (com.jar.app.feature.home.ui.activity.alias.HomeActivityDiwaliAlias) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity-Alias (com.jar.app.feature.home.ui.activity.alias.HomeActivityGaneshAlias) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity-Alias (com.jar.app.feature.home.ui.activity.alias.HomeActivityRakhiAlias) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity-Alias (com.jar.app.feature.home.ui.activity.alias.HomeActivityAlias) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (so.plotline.insights.Activities.PlotlineActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Service (com.jar.app.feature.dev_tools.service.ChuckerDevToolsService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (com.jar.app.feature_sms_sync.impl.receiver.NewSmsReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BROADCAST_SMS [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Activity (co.hyperverge.hyperkyc.ui.HKRedirectionActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (androidx.compose.ui.tooling.PreviewActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (in.juspay.hypersdk.core.CustomtabResult) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (com.clevertap.android.sdk.pushnotification.fcm.CTFirebaseMessagingReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Activity (com.google.firebase.auth.internal.GenericIdpActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.google.firebase.auth.internal.RecaptchaActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Activity (androidx.test.core.app.InstrumentationActivityInvoker$BootstrapActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (androidx.test.core.app.InstrumentationActivityInvoker$EmptyActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (androidx.test.core.app.InstrumentationActivityInvoker$EmptyFloatingActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Broadcast Receiver (com.camsfinserv.widget.OTPReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.android.commonsdk.activity.OtpAuthWaitingActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.android.commonsdk.activity.LoginActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.android.commonsdk.activity.ConsentDetailsActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.android.commonsdk.activity.discoverLinkedAccounts.DiscoverLinkedAccountsActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (com.android.commonsdk.utility.OTPBroadCastReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 高优先级的Intent (999) - {1} 个命中
[android:priority] 通过设置一个比另一个Intent更高的优先级,应用程序有效地覆盖了其他请求。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: co/hyperverge/hyperkyc/data/models/HyperKycConfig.java, line(s) 27,31,28 co/hyperverge/hyperkyc/data/models/Properties.java, line(s) 25 co/hyperverge/hyperkyc/data/models/result/HyperKycData.java, line(s) 47 co/hyperverge/hyperkyc/data/models/result/HyperKycResult.java, line(s) 33,32 co/hyperverge/hyperkyc/data/network/ApiAction.java, line(s) 19 co/hyperverge/hyperkyc/ui/viewmodels/VideoStatementV2VM.java, line(s) 455 co/hyperverge/hyperkyc/ui/viewmodels/VideoStatementVM.java, line(s) 547,579,1042,1010 co/hyperverge/hypersnapsdk/objects/HVDocConfig.java, line(s) 16 co/hyperverge/hypersnapsdk/objects/HyperSnapSDKConfig.java, line(s) 303 co/hyperverge/hypersnapsdk/service/security/HVSecurity.java, line(s) 44 co/hyperverge/hypersnapsdk/utils/AppConstants.java, line(s) 9,64 coil3/request/l.java, line(s) 54 com/amplitude/id/b.java, line(s) 51 com/clevertap/android/sdk/Constants.java, line(s) 59,20,266,57,80,88,110,109,107,97,105,111,114,141,211,324,317,21,325,355,60,53,72,366,125,126,142 com/clevertap/android/sdk/inapp/InAppController.java, line(s) 178,182 com/clevertap/android/sdk/inapp/data/InAppResponseAdapter.java, line(s) 32,27 com/clevertap/android/sdk/inapp/store/preference/LegacyInAppStore.java, line(s) 18 com/clevertap/android/sdk/product_config/CTProductConfigConstants.java, line(s) 13 com/clevertap/android/sdk/product_config/DefaultXmlParser.java, line(s) 14 com/jar/app/feature_lending/shared/domain/model/realTimeFlow/f2.java, line(s) 34 com/jar/app/feature_onboarding/shared/domain/model/e1.java, line(s) 78 com/jar/app/feature_transactions_common/shared/domain/model/g0.java, line(s) 47 com/kuuurt/paging/multiplatform/c.java, line(s) 39 com/truecaller/android/sdk/PartnerInformation.java, line(s) 17 com/truecaller/android/sdk/TrueException.java, line(s) 17 contacts/core/entities/Contact.java, line(s) 170 easypay/appinvoke/manager/Constants.java, line(s) 44,43,84,85 io/ktor/client/request/forms/c.java, line(s) 36
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: co/hyperverge/hyperkyc/utils/extensions/CoreExtsKt.java, line(s) 251 com/bureau/devicefingerprint/tools/a.java, line(s) 61 com/clevertap/android/sdk/cryption/AESCrypt.java, line(s) 65 in/juspay/hypersdk/security/EncryptionHelper.java, line(s) 182,260
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: co/hyperverge/hyperkyc/utils/extensions/ContextExtsKt.java, line(s) 117 co/hyperverge/hypersnapsdk/utils/AppConstants.java, line(s) 56 co/hyperverge/hypersnapsdk/utils/DeviceExtensionsKt.java, line(s) 162,256 com/jar/app/core_image_picker/impl/ui/camera/b.java, line(s) 50 com/jar/app/core_image_picker/impl/ui/crop/CropFragment.java, line(s) 61,91 com/jar/app/core_image_picker/impl/ui/crop/e.java, line(s) 42 com/jar/app/core_image_picker/impl/ui/crop_v2/c.java, line(s) 45 com/jar/app/feature/home/custom_web_cache/l.java, line(s) 84,114 com/jar/app/feature/home/nekCache/a.java, line(s) 65 com/jar/app/feature/home/ui/activity/n1.java, line(s) 77 com/jar/app/feature/web_view/e.java, line(s) 316 easypay/appinvoke/manager/PaytmAssist.java, line(s) 186 io/sentry/c2.java, line(s) 299
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: co/hyperverge/hyperkyc/utils/extensions/ContextExtsKt.java, line(s) 482,482,482,482,482 co/hyperverge/hypersnapsdk/utils/RootChecker.java, line(s) 28,28,28,28,28 com/scottyab/rootbeer/a.java, line(s) 7,7,7,7,7,7 io/sentry/android/core/internal/util/d.java, line(s) 30,30,30,30,30
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: so/plotline/insights/Helpers/b.java, line(s) 75
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/clevertap/android/sdk/BuildConfig.java, line(s) 7
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/jar/app/core_base/util/n.java, line(s) 34 com/userexperior/external/volley/r.java, line(s) 54 io/sentry/m2.java, line(s) 959
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: co/hyperverge/hyperkyc/data/network/OffScreenWebView.java, line(s) 194,195 co/hyperverge/hyperkyc/ui/WebViewFragment.java, line(s) 1044,1043 co/hyperverge/hyperkyc/utils/FormWebViewDriver.java, line(s) 1599,1600 co/hyperverge/hyperkyc/webCore/ui/HKWebCoreActivity.java, line(s) 1576,1577 com/camsfinserv/widget/h.java, line(s) 77,78,83,94,140 com/clevertap/android/sdk/inapp/CTInAppBaseFullHtmlFragment.java, line(s) 70,65 com/clevertap/android/sdk/inapp/CTInAppBasePartialHtmlFragment.java, line(s) 117,112 com/jar/app/feature/web_view/VibaWebViewFragment.java, line(s) 325,329 com/jar/app/feature/web_view/WebViewFragment.java, line(s) 199,202 com/jar/app/feature_lending/impl/ui/common/LendingWebViewFragment.java, line(s) 124,127 com/jar/app/feature_lending_web_flow/impl/ui/web_flow/WebFlowLendingFragment.java, line(s) 231,234 com/paytm/pgsdk/PaytmWebView.java, line(s) 45,43 in/juspay/hypersdk/core/DynamicUI.java, line(s) 153,190,284,151 in/juspay/hypersdk/safe/Godel.java, line(s) 359,607,601 so/plotline/insights/FlowViews/WebView/a.java, line(s) 33,19
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: co/hyperverge/hyperkyc/ui/WebViewFragment.java, line(s) 1048,1043 co/hyperverge/hyperkyc/utils/FormWebViewDriver.java, line(s) 1605,1600 co/hyperverge/hyperkyc/webCore/ui/HKWebCoreActivity.java, line(s) 1582,1577 com/camsfinserv/widget/h.java, line(s) 96,94,140 com/jar/app/feature/web_view/WebViewFragment.java, line(s) 209,202 com/jar/app/feature_lending_web_flow/impl/ui/web_flow/WebFlowLendingFragment.java, line(s) 242,234 in/juspay/hypersdk/safe/Godel.java, line(s) 614,601
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: co/hyperverge/hypersnapsdk/helpers/HVActiveLiveness.java, line(s) 22 co/hyperverge/hypersnapsdk/utils/Utils.java, line(s) 64 com/amplitude/core/utilities/j.java, line(s) 10 com/clevertap/android/sdk/pushnotification/LaunchPendingIntentFactory.java, line(s) 14 com/jar/app/core_ui/glide/b.java, line(s) 101 j$/util/concurrent/ThreadLocalRandom.java, line(s) 11 so/plotline/insights/Helpers/v.java, line(s) 22
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/userexperior/database/a.java, line(s) 4,5,14,15,20,21,22,23
中危安全漏洞 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/721302513672/namespaces/firebase:fetch?key=AIzaSyDDaUONy-7x1PCpTuPSmmI86V2GkB7uNAY ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"APP_STARTUP_TYPE": "non_blocking",
"Is_translation_enabled": "true",
"SHOULD_APPLY_CUSTOM_GLIDE_BITMAP_POOL": "false",
"account_deletion_url": "https://www.myjar.app/savings/account-settings-shopnek.com",
"app_update_data": "{ \"lottieUrl\": \"https://cdn.myjar.app/Homefeed/update_app.json\", \"textScrollerDuration\": 3000, \"expansionSpeed\": 800, \"texts\": [\"New version available, update now!\"] }",
"buy_gold_cta_drawable_link": "https://d21tpkh2l1zb46.cloudfront.net/Images/BuyGold/ic_gold_coin.png",
"buy_gold_fab_text": "Invest more",
"daily_recurring_feature": "true",
"dynamic_app_icon_end_date": "2024-08-20 00:00:00",
"dynamic_app_icon_start_date": "2024-08-17 22:00:00",
"dynamic_app_icon_variant": "RAKHI",
"enable_measure_sdk": "false",
"enable_only_manual_payment_experiment": "false",
"fallback_time_for_splash_screen": "6000",
"fb_analytics_enabled": "false",
"feature_gifting": "true",
"festival_asset_buy_gold_flowers": "https://d21tpkh2l1zb46.cloudfront.net/Diwali23/flowers_top_buy_gold_flow.webp",
"festival_asset_daily_savings_banner": "https://d21tpkh2l1zb46.cloudfront.net/Diwali23/ds_diwali_banner.webp",
"festival_locker_bottom_bg": "https://cdn.myjar.app/campaign/world-cup/locker_bottom_bg.webp",
"festival_locker_top_bg": "https://cdn.myjar.app/campaign/world-cup/locker_top_bg.webp",
"first_coin_and_daily_saving_v2_exp": "DAILY_SAVING_V2",
"free_gold": "1",
"get_setup_autopay_single_card_experiment_running_state": "HOME",
"goal_selection_fragment_variant": "1",
"hamburger_contact_us_link": "dl.myjar.app/webView/WIKI/HELP/false/false/https://wiki.myjar.app/en/chatsupport",
"help_and_support_multi_lang": "false",
"help_and_support_url": "https://wiki.myjar.app/",
"httpMaximumConnectionsPerHost": "5",
"in_app_story_experiment": "false",
"in_app_story_experiment_V2": "false",
"in_app_story_media_url": "https://cdn.myjar.app/Jar_Stories/audios/Audio%2027_09.mp3",
"in_app_update": "false",
"is_daily_saving_auto_pay_experiment": "false",
"is_daily_saving_single_card_experiment_running": "false",
"is_detect_phone_number_new_api": "false",
"is_experian_experiment_running": "true",
"is_festive_buy_gold_campaign_enabled": "false",
"is_gold_price_notch_experiment_running": "false",
"is_google_pay_supporting_all_banks_for_mandate_via": "true",
"is_homepage_festive_campaign_enabled": "false",
"is_language_screen_experiment_running": "false",
"is_language_screen_experiment_running_2": "true",
"is_mandate_bottom_sheet_experiment_running": "true",
"is_onboarding_experiment_running": "false",
"is_one_step_ds_experiment_running": "false",
"is_order_status_parent_lottie_campaign_enabled": "false",
"is_round_off_card_experiment_running": "false",
"is_setup_autopay_single_card_experiment_running": "false",
"is_sms_permission_required": "true",
"is_splashscreen_festive_campaign_enabled": "false",
"jv_customer_support_number": "08069806393",
"mandate_supported_upi_apps": "com.phonepe.app,com.google.android.apps.nbu.paisa.user,net.one97.paytm,com.dreamplug.androidapp",
"maximum_gold_buy_amount": "100000",
"min_version_supported": "80",
"minimum_sell_amount": "5",
"nek_caching_type": "CACHING",
"new_onboarding_flow_split": "100",
"one_time_payment_gateway": "JUSPAY",
"order_status_parent_lottie": "https://cdn.myjar.app/campaign/christmas/ChrisMain.json",
"payment_method_juspay": "false",
"privacy_policy_url": "https://www.myjar.app/jar-gold/privacy-policy",
"referral_link_expiry": "0",
"restrict_ds_abandon_bottom_sheet_shown_count": "10",
"round_off_amount": "20",
"sell_flow_cross_sell_redirection_deeplink": "dl.myjar.app/webView/VIBA/Jar/false/https://shopnek.com/gold-delivery?utm_source=JarApp&utm_medium=WithdrawalFlow&utm_campaign=WithdrawalFlow",
"sell_flow_gold_delivery_cross_sell_cash_mode_on_top": "false",
"sell_flow_gold_delivery_cross_sell_enabled": "true",
"should_ask_read_contact_permission": "false",
"should_ask_read_contact_permission_V2": "false",
"should_autoscroll_manual_success": "true",
"should_by_pass_custom_onboarding_based_on_upi_apps": "false",
"should_cancel_non_sticky_notifications": "true",
"should_enable_biometric_failure_fallback": "false",
"should_enable_deferred_analytics_syncing": "false",
"should_enable_kb_chrome_web": "false",
"should_enable_ktor_compression": "true",
"should_enable_onboarding_gold_narrative_experiment": "true",
"should_enable_onboarding_language_experiment": "false",
"should_enable_pinless_digilocker": "true",
"should_enable_samsung_pay": "false",
"should_enable_sell_gold_identity_verification": "true",
"should_enable_sell_gold_identity_verification_updated": "true",
"should_enable_truecaller_experian_consent_experiment": "true",
"should_fetch_ip_for_language": "true",
"should_filter_mandate_apps": "true",
"should_handle_unsupported_content_type": "2",
"should_hide_digital_coin_skip_button": "true",
"should_logout_only_on_403": "true",
"should_modify_digilocker_webview_ui": "true",
"should_remote_observer_on_await_close": "true",
"should_show_abandon_bs_in_ds_onboarding": "true",
"should_show_account_deletion": "false",
"should_show_google_pay_for_mandate_if_no_other_app_present": "false",
"should_show_more_upi_apps_option": "true",
"should_show_nek_lottie": "false",
"should_show_playstore_beta_section": "false",
"should_show_pre_notification_card": "true",
"should_show_skip_button_on_ds_custom_onboarding_lottie": "false",
"should_show_splash": "true",
"should_show_upi_collect_flow": "true",
"should_show_users_hindi": "true",
"should_use_async_epoxy_controller": "true",
"should_use_biometric_login": "true",
"should_use_metrics_manager": "true",
"should_use_new_onboarding": "true",
"should_use_new_refer_and_earn": "true",
"should_use_otl": "false",
"should_use_v2_in_festive_fetch": "true",
"show_help_support": "true",
"show_new_rtf_bank_statement_flow": "false",
"show_payment_after_daily_invest": "false",
"show_rating_dialog": "true",
"show_reminder_popup": "true",
"sip_subscription_type": "WEEKLY_SIP",
"spin_rewards_summary_enabled": "true",
"splash_screen_festive_asset_hi_res": "https://cdn.myjar.app/christmas/splash_subhmuhurat_hi_res.webp",
"splash_screen_festive_asset_low_res": "https://cdn.myjar.app/christmas/splash_subhmuhurat_low_res.webp",
"time_limit_till_first_home_card_isvisible": "12",
"uninstall_badge_deeplink": "dl.myjar.app/buyGold/WINNINGS_TAB",
"uninstall_badge_max_locker_amount": "20",
"uninstall_badge_should_show": "false",
"uninstall_badge_text": "🥺 Tusi na jao!",
"viba_home_webpage_url": "https://shopnek.com/gold-delivery?utm_source=JarApp&utm_medium=BottomNavJewellery&payment_provider=cashfree&utm_campaign=BottomNavJewellery",
"web_inject_keys": "shopnek.com",
"whatsapp_num": "+916366693874"
},
"state": "UPDATE",
"experimentDescriptions": [
{
"experimentId": "_exp_168",
"variantId": "1",
"experimentStartTime": "2025-03-18T09:26:46.981Z",
"triggerTimeoutMillis": "15552000000",
"timeToLiveMillis": "15552000000"
}
],
"templateVersion": "449"
}
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "com.truecaller.android.sdk.PartnerKey" : "@string/TRUECALLER_APP_KEY" "CLEVERTAP_ACCOUNT_TOKEN" : "556-4b0" "CLEVERTAP_XIAOMI_APP_ID" : "2882303761519927429" "MEASURE_SH_KEY" : "msrsh_ae1d2e3a5068ad7ed68efccc72928134103262a988a1656294a51bcb51b0d595_4be1b6fa" "TRUECALLER_APP_KEY" : "ZD4wr666c4798b2584a169c8350ce861c9a39" "com.google.firebase.crashlytics.mapping_file_id" : "3ff90422227649128358785d093370e0" "easypay_password" : "Password" "facebook_app_id" : "134931178603805" "facebook_client_token" : "cef89d746dfc9f47ddef496368bc2d5b" "feature_user_api_day" : "day" "feature_user_api_days" : "days" "feature_user_api_month" : "month" "feature_user_api_months" : "months" "feature_user_api_week" : "week" "feature_user_api_weeks" : "weeks" "google_api_key" : "AIzaSyDDaUONy-7x1PCpTuPSmmI86V2GkB7uNAY" "google_app_id" : "1:721302513672:android:54d8b070937ca8a1d709bd" "google_crash_reporting_api_key" : "AIzaSyDDaUONy-7x1PCpTuPSmmI86V2GkB7uNAY" 3BAF59A2E5331C30675FAB35FF5FFF0D116142D3D4664F1C3CB804068B40614F sha256/Ko8tivDrEjiY90yGasP6ZpBU4jwXvHqVvQI0GS3GNdA= 8a03e08e354a73ac49509c8b708fbe15aee2fb2a 21cef71639181e52da8d135031a8b583 tK5UTui+DPh8lIlBxya5XVsmeDCoUl6vHhdIESMB6sQ= Ko8tivDrEjiY90yGasP6ZpBU4jwXvHqVvQI0GS3GNdA= df6b721c8b4d3b6eb44c861d4415007e5a35fc95 8882c9e45ee245a71df5367600ecc476 041f5b3b-3c24-4c58-91f5-e86e66514541 E3F9E1E0CF99D0E56A055BA65E241B3399F7CEA524326B0CDD6EC1327ED0FDC1 2434c1137d022904efc246088996761c cc2751449a350f668590264ed76692694a80308a FBA3AF4E7757D9016E953FB3EE4671CA2BD9AF725F9A53D52ED4A38EAAA08901 b230776778ca63a772f574cb1c924e5148ec94e48faabc893d46ad1fc3cf12687e82252427e75c7c37a67f586458df5ca39c2928d7239c05babe6a75fbddde44 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= FFE391E0EA186D0734ED601E4E70E3224B7309D48E2075BAC46D8C667EAE7212 a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc 9Bwm9kIBsrAcvjMPTDjBzKtSD8OnnsGZPwlTJDMKteA= 0ac1169ae6cead75264c725febd8e8d941f25e31 9b8f518b086098de3d77736f9458a3d2f6f95a37 d-2434c1137d022904efc246088996761c e746709afc6606f277f6ba5e1f77d61f c56fb7d591ba6704df047fd98f535372fea00211 -2434c1137d022904efc246088996761c ee06fb08-7564-46e6-a6ac-4eac0f21ee44 0e8b89b433cdfb1bc449f4a61e4770de ActionBuyGoldUpsellFragmentToBuyGoldV2BreakdownBottomSheetFragmentV2 642a79bb0df16f999c3a8464 e1ccbacda3b1448314d3a50f308268d370ff8424ea8fbac8dfed174531dfcbad i37DevZ2HZFJyKzn2DDlsKsBZlbk3NmWWcvm0SgSpP4= 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 328bd77ee22fa5690cf57b4e1bd4d6b9 f48ae56d-60e9-4b5f-a9a9-373e1a65bdc8 f2aa8191-1945-4b84-a511-6bdae6556280 2623ca06-95e7-4d12-a5ff-9b4f98e7eab7 8Rw90Ej3Ttt8RRkrg+WYDS9n7IS03bk5bjP/UXPtaY8= ActionSpinGameFragmentV2ToResultLoanOfferJackpot 6762787dfb11370ee3f7ed3e-1734846307478 1bca992e-c98b-4ab7-a789-737ec20fd436-2 8a3c4b262d721acd49a4bf97d5213199c86fa2b9
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: aav/b.java, line(s) 74,58,42,108,90 aaz/e.java, line(s) 230 co/hyperverge/crashguard/utils/ExtensionsKt.java, line(s) 77 co/hyperverge/hyperkyc/core/a.java, line(s) 77,82 co/hyperverge/hyperlogger/HyperLogger.java, line(s) 79,98,102,148,92,140,162 co/hyperverge/hyperlogger/data/source/local/HyperLoggerFile$appendData$2.java, line(s) 63 co/hyperverge/hyperlogger/data/source/local/HyperLoggerFile$createFile$2.java, line(s) 54,64,77 co/hyperverge/hyperlogger/data/source/local/HyperLoggerFile$deleteFile$2.java, line(s) 46,55 co/hyperverge/hyperlogger/data/source/local/HyperLoggerFile$deleteLogFolder$2.java, line(s) 47,55,73 co/hyperverge/hyperlogger/data/source/local/HyperLoggerFile$isFileExists$2.java, line(s) 63 co/hyperverge/hyperlogger/data/source/local/HyperLoggerFile.java, line(s) 72,96,128 co/hyperverge/hypersnapsdk/HyperSnapSDK.java, line(s) 89,151,121,207,436 co/hyperverge/hypersnapsdk/activities/HVBaseActivity.java, line(s) 145 co/hyperverge/hypersnapsdk/activities/HVDocReviewActivity.java, line(s) 396,483,635 co/hyperverge/hypersnapsdk/activities/HVDocsActivity.java, line(s) 351,702,738,751,1158,1228,1805,1850,2038,2193,2205,2210,2249,2290,2455,2690,2709,2734,2851,2864,2949,3007,3056,3057,3078,3124,3148,300,358,365,375,653,677,685,864,899,1276,1290,1500,1790,1858,1868,2627,2716,2927,2997,3167,2568 co/hyperverge/hypersnapsdk/activities/HVFaceActivity.java, line(s) 95,172,333,392,416 co/hyperverge/hypersnapsdk/activities/HVFaceInstructionActivity.java, line(s) 214,249 co/hyperverge/hypersnapsdk/activities/HVQRScannerActivityInternal.java, line(s) 196,581,715,770,819 co/hyperverge/hypersnapsdk/activities/HVQrScannerActivity.java, line(s) 80,85 co/hyperverge/hypersnapsdk/activities/HVRetakeActivity.java, line(s) 269,306 co/hyperverge/hypersnapsdk/analytics/AnalyticsTracker.java, line(s) 43,47 co/hyperverge/hypersnapsdk/analytics/mixpanel/MixPanelManager.java, line(s) 59,66,514,518,547,551 co/hyperverge/hypersnapsdk/analytics/mixpanel/network/EventSyncRepo.java, line(s) 56,68,78,92,144,73,84,98,107,150 co/hyperverge/hypersnapsdk/analytics/mixpanel/network/MixPanelIntentService.java, line(s) 43,61,128,165,176,47,84,99,124,179,37,55,57,70,88,96,104,120,137,147,155,158,169 co/hyperverge/hypersnapsdk/analytics/rudderstack/HVApolloManager.java, line(s) 63,81,93 co/hyperverge/hypersnapsdk/components/camera/HVFacePreview$hvCamHost$1.java, line(s) 43 co/hyperverge/hypersnapsdk/data/models/APIResponse.java, line(s) 37,53,61,69 co/hyperverge/hypersnapsdk/data/remote/HVRemoteConfigRepo.java, line(s) 68,114,185 co/hyperverge/hypersnapsdk/data/remote/RemoteDataSource.java, line(s) 543,736,985,226,248,374,538,561,569,705,869,1116,1239 co/hyperverge/hypersnapsdk/data/remote/SignatureHelper.java, line(s) 102,132,142,150,163,190,230,267,331,382 co/hyperverge/hypersnapsdk/exceptions/ApplicationCrashHandler.java, line(s) 41 co/hyperverge/hypersnapsdk/helpers/CamPreviewFaceDetectionHandler.java, line(s) 143,103,126 co/hyperverge/hypersnapsdk/helpers/DocOCRHelper.java, line(s) 61,93,120,164,183 co/hyperverge/hypersnapsdk/helpers/ExifHelper.java, line(s) 76 co/hyperverge/hypersnapsdk/helpers/FaceRetryHelper.java, line(s) 64,86,117,134,142 co/hyperverge/hypersnapsdk/helpers/FileHelper.java, line(s) 113,120,153,160,235,280,328,380,424,447 co/hyperverge/hypersnapsdk/helpers/HVActiveLiveness.java, line(s) 140 co/hyperverge/hypersnapsdk/helpers/ImageComparisonHelper.java, line(s) 80,182 co/hyperverge/hypersnapsdk/helpers/SDKInternalConfig.java, line(s) 202 co/hyperverge/hypersnapsdk/helpers/SPHelper.java, line(s) 37,64,79,109,171,217,322 co/hyperverge/hypersnapsdk/helpers/SaveBitmapAsync.java, line(s) 199,247 co/hyperverge/hypersnapsdk/helpers/WaterMarkHelper.java, line(s) 99,106,110 co/hyperverge/hypersnapsdk/helpers/face/MLKitFaceHelper.java, line(s) 48,183,225 co/hyperverge/hypersnapsdk/helpers/face/NPDFaceHelper.java, line(s) 121 co/hyperverge/hypersnapsdk/helpers/xmlparser/XmlToJson.java, line(s) 197,208 co/hyperverge/hypersnapsdk/liveness/ui/texturetracker/TextureFragment.java, line(s) 477,890,947,1415,1688,1866,302,361,1343,2015,902 co/hyperverge/hypersnapsdk/liveness/ui/texturetracker/TexturePresenter.java, line(s) 182,908,214,690 co/hyperverge/hypersnapsdk/model/HVFaceObj.java, line(s) 114 co/hyperverge/hypersnapsdk/objects/HVBaseResponse.java, line(s) 145,157 co/hyperverge/hypersnapsdk/objects/HVDocConfig.java, line(s) 210 co/hyperverge/hypersnapsdk/service/HVSignatureService.java, line(s) 99 co/hyperverge/hypersnapsdk/service/errortracking/ErrorMonitor.java, line(s) 42 co/hyperverge/hypersnapsdk/service/exif/HVEXIFExtractor.java, line(s) 44 co/hyperverge/hypersnapsdk/service/iptogeo/IPToGeoServiceImpl.java, line(s) 25 co/hyperverge/hypersnapsdk/service/location/LocationServiceImpl.java, line(s) 85,120,137 co/hyperverge/hypersnapsdk/service/qr/HVBarcodeDetector.java, line(s) 39 co/hyperverge/hypersnapsdk/service/security/GKYCSignatureVerify.java, line(s) 110,127,155,168,194 co/hyperverge/hypersnapsdk/service/sensorbiometrics/HVSensorBiometrics.java, line(s) 104,224,230,236,242,248,258,116,157,165,300 co/hyperverge/hypersnapsdk/service/sensorbiometrics/PhoneTiltDetectorService.java, line(s) 37 co/hyperverge/hypersnapsdk/utils/FileExtensionsKt.java, line(s) 19,21 co/hyperverge/hypersnapsdk/utils/HyperSnapUIConfigUtil.java, line(s) 194,335,351,368,398,408,573,905,916,1152,1167,1174,1232,224,342,359,391,617 co/hyperverge/hypersnapsdk/utils/InternalToolUtils.java, line(s) 35,48,122 co/hyperverge/hypersnapsdk/utils/PDFUtils.java, line(s) 41,47,65 co/hyperverge/hypersnapsdk/utils/UIUtils.java, line(s) 79,123,197 co/hyperverge/hypersnapsdk/utils/Utils.java, line(s) 666,669,678,682 co/touchlab/kermit/b.java, line(s) 43 co/touchlab/kermit/h.java, line(s) 34,43,37,31,40,46 com/airbnb/epoxy/v.java, line(s) 17,26,31,36,41 com/amplitude/common/android/b.java, line(s) 39,17,47,25 com/amplitude/common/jvm/a.java, line(s) 37 com/appsflyer/AFLogger.java, line(s) 43,61,117,59,76,85,36 com/appsflyer/internal/AFa1eSDK.java, line(s) 1694,2422,2428 com/appsflyer/internal/AFb1nSDK.java, line(s) 279 com/appsflyer/internal/AFb1sSDK.java, line(s) 98,103 com/appsflyer/internal/AFc1bSDK.java, line(s) 104,96,296,95,155 com/appsflyer/internal/AFd1fSDK.java, line(s) 111,124 com/appsflyer/internal/AFd1hSDK.java, line(s) 53 com/appsflyer/internal/AFd1jSDK.java, line(s) 50 com/appsflyer/internal/AFd1lSDK.java, line(s) 40 com/appsflyer/internal/AFd1nSDK.java, line(s) 98 com/appsflyer/internal/AFd1oSDK.java, line(s) 118,126,153,155 com/appsflyer/internal/AFd1pSDK.java, line(s) 64,101 com/appsflyer/internal/AFd1rSDK.java, line(s) 33 com/appsflyer/internal/AFd1zSDK.java, line(s) 92,125,34 com/appsflyer/internal/AFe1pSDK.java, line(s) 21,49,50,53 com/appsflyer/internal/AFf1hSDK.java, line(s) 160,191,163,209 com/appsflyer/share/LinkGenerator.java, line(s) 84 com/bureau/devicefingerprint/BureauAPI.java, line(s) 368,386,139,147,159 com/bureau/devicefingerprint/tools/a.java, line(s) 69,70,71,73,87 com/bureau/onetaplogin/BureauAuth.java, line(s) 229,213 com/camsfinserv/widget/ConsentActivity.java, line(s) 57,67,69,39 com/camsfinserv/widget/ConsentService.java, line(s) 22,31,36 com/camsfinserv/widget/MainActivity.java, line(s) 12,14,21,25 com/camsfinserv/widget/OTPReceiver.java, line(s) 16,24,33,47,51,32 com/camsfinserv/widget/a.java, line(s) 97,37,102,148 com/camsfinserv/widget/e.java, line(s) 15 com/camsfinserv/widget/h.java, line(s) 117,138,141,144 com/caverock/androidsvg/SVGImageView.java, line(s) 162,80 com/caverock/androidsvg/b2.java, line(s) 216,806,222,294 com/caverock/androidsvg/c2.java, line(s) 42 com/caverock/androidsvg/d2.java, line(s) 41 com/caverock/androidsvg/n.java, line(s) 371,218 com/caverock/androidsvg/n2.java, line(s) 769,801,827,986,832 com/caverock/androidsvg/y1.java, line(s) 54 com/caverock/androidsvg/z1.java, line(s) 52 com/clevertap/android/sdk/Logger.java, line(s) 15,42,66,86,89,115,140,166,180,29,49,72,97,121,134,146,159,35,60,78,105,108,127,152,173,187 com/clevertap/android/sdk/displayunits/CTDisplayUnitType.java, line(s) 40 com/clevertap/android/sdk/product_config/DefaultXmlParser.java, line(s) 60,66,36,49 com/clevertap/android/sdk/response/CleverTapResponse.java, line(s) 11 com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java, line(s) 636,208,212,391,395,463,792,797,808,817,1508,1703,2066 com/davemorrissey/labs/subscaleview/decoder/SkiaPooledImageRegionDecoder.java, line(s) 119 com/github/mikephil/charting/charts/BarChart.java, line(s) 20 com/github/mikephil/charting/charts/BarLineChartBase.java, line(s) 129,132,326,332,581,634 com/github/mikephil/charting/charts/Chart.java, line(s) 202,395,216,457,510,514,565,526 com/github/mikephil/charting/charts/CombinedChart.java, line(s) 47 com/github/mikephil/charting/charts/HorizontalBarChart.java, line(s) 83,66,69 com/github/mikephil/charting/charts/PieRadarChartBase.java, line(s) 159 com/github/mikephil/charting/listener/a.java, line(s) 99 com/github/mikephil/charting/utils/h.java, line(s) 55 com/jar/app/core_ui/generic_post_action/data/a.java, line(s) 1036 com/jar/app/core_ui/glide/b.java, line(s) 1224 com/jar/app/core_ui/util/h.java, line(s) 40 com/jar/app/feature/home/ui/activity/HomeActivity.java, line(s) 3114,3113 com/jar/app/feature/home/ui/activity/alias/a.java, line(s) 1274,182,192,1290,1301,1442 com/jar/app/feature/home/ui/activity/alias/b.java, line(s) 859 com/jar/app/feature/home/ui/activity/alias/c.java, line(s) 936 com/jar/app/feature/home/ui/activity/alias/d.java, line(s) 1120,1162,1119,1161 com/jar/app/feature/rate_us/util/a.java, line(s) 65,45,44,64 com/jar/app/feature/web_view/c.java, line(s) 50 com/jar/app/feature/web_view/e.java, line(s) 351 com/jar/app/feature_lending_common/impl/di/a.java, line(s) 146 com/jar/app/feature_lending_common/shared/domain/usecase/impl/a.java, line(s) 132 com/jar/app/feature_lending_common/shared/domain/usecase/impl/c.java, line(s) 141 com/onemoney/custom/c.java, line(s) 85 com/onemoney/custom/h.java, line(s) 121,139 com/onemoney/custom/l.java, line(s) 89,123 com/onemoney/custom/q.java, line(s) 41 com/onemoney/custom/x.java, line(s) 46 com/onemoney/custom/y.java, line(s) 94 com/paytm/pgsdk/g.java, line(s) 970 com/paytm/pgsdk/i.java, line(s) 353 com/paytm/pgsdk/model/a.java, line(s) 1941,1945,1949 com/pirimid/pirimid_sdk/a.java, line(s) 207 com/userexperior/external/volley/m.java, line(s) 61 com/userexperior/external/volley/r.java, line(s) 144 com/userexperior/external/volley/toolbox/a.java, line(s) 121,178,180 com/userexperior/external/volley/toolbox/d.java, line(s) 111 com/userexperior/external/volley/toolbox/f.java, line(s) 64,76,115,232,251,258,170 easypay/appinvoke/actions/v.java, line(s) 166 easypay/appinvoke/utils/AnalyticsService.java, line(s) 34 easypay/appinvoke/widget/OtpEditText.java, line(s) 365,369 in/juspay/hyper/core/JuspayLogger.java, line(s) 24,32,96,40,87 in/juspay/hypersdk/core/AndroidInterface.java, line(s) 463,707,755 io/ktor/client/plugins/api/c.java, line(s) 174,769 io/sentry/android/core/k0.java, line(s) 61,59,51,55,63 io/sentry/config/a.java, line(s) 220 io/sentry/y0.java, line(s) 95 so/plotline/insights/FlowViews/TooltipViews/h.java, line(s) 219 so/plotline/insights/Network/c.java, line(s) 139 top/zibin/luban/Checker.java, line(s) 147,161,189,197,201
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: com/amplitude/android/utilities/a.java, line(s) 14 com/bureau/devicefingerprint/datacollectors/e.java, line(s) 712,712 com/skydoves/balloon/h.java, line(s) 35,35 com/truecaller/android/sdk/clients/callVerification/PermissionsFragment.java, line(s) 40,45,40,45
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/clevertap/android/sdk/inbox/CTInboxButtonClickListener.java, line(s) 4,37 com/jar/app/base/util/p.java, line(s) 4,673,692,674,693 in/juspay/hypersdk/core/JBridge.java, line(s) 7,419 so/plotline/insights/FlowViews/Stories/d.java, line(s) 8,190 so/plotline/insights/e.java, line(s) 5,71
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: co/hyperverge/hypersnapsdk/data/remote/ApiClient.java, line(s) 51,65,83,98,109,121,121,121,121,121,121,121,121,121,121,121,121,126,121 com/clevertap/android/sdk/network/http/UrlConnectionHttpClient.java, line(s) 68,66,68,65,59,59 com/userexperior/network/d.java, line(s) 31,38 in/juspay/hypersdk/security/HyperSSLSocketFactory.java, line(s) 75,67,74,73,73
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: co/hyperverge/hyperkyc/utils/extensions/ContextExtsKt.java, line(s) 514,482,482,482,482,482,482,447,477 co/hyperverge/hypersnapsdk/utils/RootChecker.java, line(s) 88,25,25,25,25,25,25 in/juspay/hypersdk/data/SessionInfo.java, line(s) 139,143 io/sentry/android/core/internal/util/d.java, line(s) 29,29,29,29,29,29