安全分析报告:
安全分数
安全分数 45/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
2
用户/设备跟踪器
调研结果
高危
10
中危
46
信息
4
安全
3
关注
6
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危 程序可被任意调试
[android:debuggable=true] 应用可调试标签被开启,这使得逆向工程师更容易将调试器挂接到应用程序上。这允许导出堆栈跟踪和访问调试助手类。
高危 Activity (im.qnzikhbjxh.tel.CallApiAbove29Dialer) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危 App 链接 assetlinks.json 文件未找到
[android:name=im.qnzikhbjxh.ui.LaunchActivity][android:host=http://m12345.cc] App Link 资产验证 URL (http://m12345.cc/.well-known/assetlinks.json) 未找到或配置不正确。(状态代码:None)。应用程序链接允许用户从 Web URL/电子邮件重定向到移动应用程序。如果此文件丢失或为 App Link 主机/域配置不正确,则恶意应用程序可以劫持此类 URL。这可能会导致网络钓鱼攻击,泄露 URI 中的敏感数据,例如 PII、OAuth 令牌、魔术链接/密码重置令牌等。您必须通过托管 assetlinks.json 文件并通过 Activity intent-filter 中的 [android:autoVerify=“true”] 启用验证来验证 App Link 网域。
高危 App 链接 assetlinks.json 文件未找到
[android:name=im.qnzikhbjxh.ui.LaunchActivity][android:host=https://m12345.cc] App Link 资产验证 URL (https://m12345.cc/.well-known/assetlinks.json) 未找到或配置不正确。(状态代码:302)。应用程序链接允许用户从 Web URL/电子邮件重定向到移动应用程序。如果此文件丢失或为 App Link 主机/域配置不正确,则恶意应用程序可以劫持此类 URL。这可能会导致网络钓鱼攻击,泄露 URI 中的敏感数据,例如 PII、OAuth 令牌、魔术链接/密码重置令牌等。您必须通过托管 assetlinks.json 文件并通过 Activity intent-filter 中的 [android:autoVerify=“true”] 启用验证来验证 App Link 网域。
高危 Activity (im.qnzikhbjxh.messenger.OpenChatReceiver) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/alivc/rtc/device/utils/AESUtils.java, line(s) 39,46 im/qnzikhbjxh/network/DohNet.java, line(s) 97 im/qnzikhbjxh/network/DotNet.java, line(s) 159 im/qnzikhbjxh/ui/hui/friendscircle/okhttphelper/AESHelper.java, line(s) 50 im/qnzikhbjxh/ui/utils/AesUtils.java, line(s) 40,62,71 im/qnzikhbjxh/ui/utils/ChiperUtils.java, line(s) 51,73,82
高危 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/litesuits/orm/BuildConfig.java, line(s) 3,4 com/serenegiant/uvccamera/BuildConfig.java, line(s) 3,6 im/qnzikhbjxh/messenger/BuildConfig.java, line(s) 3,6
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: im/qnzikhbjxh/ui/ArticleViewer.java, line(s) 7332,61,62 im/qnzikhbjxh/ui/components/EmbedBottomSheet.java, line(s) 688,33,34
高危 应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文
应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode Files: a/a/a/a.java, line(s) 59,166
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 Service (im.qnzikhbjxh.messenger.GcmPushListenerService) 未被保护。
存在一个intent-filter。 发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。
中危 Broadcast Receiver (com.google.android.gms.measurement.AppMeasurementReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (im.qnzikhbjxh.tel.IncomingCallReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (im.qnzikhbjxh.tel.CallApiAbove29Dialer) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (im.qnzikhbjxh.tel.CallApiAbove29ScreeningService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_SCREENING_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Activity (im.qnzikhbjxh.ui.ShareActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (im.qnzikhbjxh.ui.ExternalActionActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (im.qnzikhbjxh.messenger.OpenChatReceiver) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (im.qnzikhbjxh.ui.hui.visualcall.VisualCallActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (im.qnzikhbjxh.ui.hui.visualcall.VisualCallReceiveActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity设置了TaskAffinity属性
(im.qnzikhbjxh.ui.VoIPPermissionActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity设置了TaskAffinity属性
(im.qnzikhbjxh.ui.VoIPFeedbackActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Service (im.qnzikhbjxh.messenger.AuthenticatorService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (im.qnzikhbjxh.messenger.ContactsSyncAdapterService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (im.qnzikhbjxh.messenger.AppChooserTargetService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_CHOOSER_TARGET_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (im.qnzikhbjxh.messenger.MusicPlayerService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (im.qnzikhbjxh.messenger.MusicBrowserService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (im.qnzikhbjxh.messenger.WearDataLayerListenerService) 未被保护。
存在一个intent-filter。 发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。
中危 Service (im.qnzikhbjxh.messenger.voip.AppConnectionService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_TELECOM_CONNECTION_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (im.qnzikhbjxh.messenger.MusicPlayerReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (im.qnzikhbjxh.messenger.voip.VoIPMediaButtonReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (im.qnzikhbjxh.messenger.AppStartReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (im.qnzikhbjxh.messenger.RefererReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.INSTALL_PACKAGES [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Content Provider (im.qnzikhbjxh.messenger.voip.CallNotificationSoundProvider) 未被保护。
[android:exported=true] 发现 Content Provider与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (im.qnzikhbjxh.keepalive.ChannelService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (im.qnzikhbjxh.keepalive.DaemonService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (im.qnzikhbjxh.keepalive.ScheduleService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (im.qnzikhbjxh.keepalive.MonitorReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (im.qnzikhbjxh.keepalive.ScreenReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.blankj.utilcode.util.MessengerUtils$ServerService) 未被保护。
存在一个intent-filter。 发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。
中危 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (com.qiniu.android.dns.NetworkReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: a/a/a/f.java, line(s) 11 a/a/a/g.java, line(s) 15 com/alivc/rtc/device/UTUtdid.java, line(s) 16 com/alivc/rtc/device/utils/PhoneInfoUtils.java, line(s) 7 com/app/protect/AppProtectManager.java, line(s) 46 com/socks/library/klog/FileLog.java, line(s) 12 im/qnzikhbjxh/network/DotNet.java, line(s) 22 im/qnzikhbjxh/ui/hui/visualcall/VisualCallReceiveService.java, line(s) 27 im/qnzikhbjxh/ui/utils/NameUtil.java, line(s) 3 im/qnzikhbjxh/ui/utils/number/StringUtils.java, line(s) 4 im/qnzikhbjxh/ui/utils/translate/ssrc/SSRC.java, line(s) 16 im/qnzikhbjxh/utils/VerifyCodeUtils.java, line(s) 7 java9/util/concurrent/ThreadLocalRandom.java, line(s) 7 org/xbill/DNS/Header.java, line(s) 5
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/alivc/rtc/device/core/persistent/PersistentConfiguration.java, line(s) 52,151,326,376 com/danikula/videocache/StorageUtils.java, line(s) 25,44 im/qnzikhbjxh/messenger/AndroidUtilities.java, line(s) 1465,837,1459,1460 im/qnzikhbjxh/messenger/FileLog.java, line(s) 50,83,332 im/qnzikhbjxh/messenger/ImageLoader.java, line(s) 1420,1421 im/qnzikhbjxh/messenger/SharedConfig.java, line(s) 693 im/qnzikhbjxh/messenger/voip/VoIPController.java, line(s) 300 im/qnzikhbjxh/ui/DocumentSelectActivity.java, line(s) 481,582,582,582,585 im/qnzikhbjxh/ui/SettingsActivity.java, line(s) 1218 im/qnzikhbjxh/ui/components/voip/VoIPHelper.java, line(s) 488 im/qnzikhbjxh/ui/dialogs/McShareDialog.java, line(s) 168 im/qnzikhbjxh/ui/fragments/MeFragmentV2.java, line(s) 862 im/qnzikhbjxh/ui/hui/chats/GroupShareActivity.java, line(s) 268 im/qnzikhbjxh/ui/hui/mine/AboutAppActivity.java, line(s) 385 im/qnzikhbjxh/ui/hui/mine/QrCodeActivity.java, line(s) 374 im/qnzikhbjxh/ui/hviews/helper/MryDisplayHelper.java, line(s) 270 im/qnzikhbjxh/ui/utils/DownloadUtils.java, line(s) 152 np/log/NPCrashHandler.java, line(s) 126
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/alivc/rtc/device/UTUtdid.java, line(s) 23,24,43 com/app/protect/AppProtectManager.java, line(s) 2111 com/bjz/comm/net/bean/AtUserBean.java, line(s) 60 com/bjz/comm/net/bean/FCEntitysRequest.java, line(s) 49 com/bjz/comm/net/bean/FCEntitysResponse.java, line(s) 121 com/bjz/comm/net/bean/FcUserInfoBean.java, line(s) 116 com/bjz/comm/net/bean/MiniGameBean.java, line(s) 113 com/bjz/comm/net/bean/ResponseAccessTokenBean.java, line(s) 60 com/litesuits/orm/db/assit/SQLBuilder.java, line(s) 61 com/litesuits/orm/db/model/EntityTable.java, line(s) 32 com/litesuits/orm/db/model/MapProperty.java, line(s) 7 com/zhy/http/okhttp/builder/PostFormBuilder.java, line(s) 48 im/qnzikhbjxh/javaBean/ShareInstallConfigBean.java, line(s) 46 im/qnzikhbjxh/messenger/ContactsController.java, line(s) 1265,1606 im/qnzikhbjxh/messenger/FileRefController.java, line(s) 130,162,179,194,199,204,211,229,226,232 im/qnzikhbjxh/messenger/ImageLoader.java, line(s) 773 im/qnzikhbjxh/messenger/LocaleController.java, line(s) 727 im/qnzikhbjxh/messenger/NotificationsController.java, line(s) 2183,2228 im/qnzikhbjxh/messenger/SendMessagesHelper.java, line(s) 2609,1780,1788,3495 im/qnzikhbjxh/network/NetworkConstant.java, line(s) 5,4,15 im/qnzikhbjxh/ui/ArticleViewer.java, line(s) 1811,4742,3996 im/qnzikhbjxh/ui/DataAutoDownloadActivity.java, line(s) 300,315,308 im/qnzikhbjxh/ui/DataSettingsActivity.java, line(s) 217,381,229,389,223,385 im/qnzikhbjxh/ui/LaunchActivity.java, line(s) 2024 im/qnzikhbjxh/ui/NotificationsCustomSettingsActivity.java, line(s) 386,384,382 im/qnzikhbjxh/ui/NotificationsSettingsActivity.java, line(s) 380 im/qnzikhbjxh/ui/PassportActivity.java, line(s) 3897,3903,892,4971,887,4963,3911,890,4967,883,4951,3907,3890,3893,895,4955 im/qnzikhbjxh/ui/QuickRepliesSettingsActivity.java, line(s) 169,165,161,157 im/qnzikhbjxh/ui/actionbar/Theme.java, line(s) 2776,3206,3274 im/qnzikhbjxh/ui/adapters/MentionsAdapter.java, line(s) 396 im/qnzikhbjxh/ui/components/AlertsCreator.java, line(s) 535,537 im/qnzikhbjxh/ui/components/EmojiView.java, line(s) 4005,4009 im/qnzikhbjxh/ui/components/EmojiViewV2.java, line(s) 3989,3993 im/qnzikhbjxh/ui/hui/contacts/CreateGroupingActivity.java, line(s) 559 im/qnzikhbjxh/ui/hui/contacts/PhonebookUsersActivity.java, line(s) 197 im/qnzikhbjxh/ui/hui/friendscircle_v1/view/edittext/span/User.java, line(s) 152 im/qnzikhbjxh/ui/hui/login/LoginContronllerActivity.java, line(s) 77 im/qnzikhbjxh/ui/hui/packet/SelecteContactsActivity.java, line(s) 162,166 im/qnzikhbjxh/ui/settings/AutoDownloadSettingActivity.java, line(s) 78,470,88,485,83,478 im/qnzikhbjxh/ui/settings/DataAndStoreSettingActivity.java, line(s) 291,299,295
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/danikula/videocache/sourcestorage/DatabaseSourceInfoStorage.java, line(s) 6,7,28 com/litesuits/orm/db/assit/Querier.java, line(s) 4,14
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/alivc/rtc/device/UTUtdid.java, line(s) 344 im/qnzikhbjxh/messenger/Utilities.java, line(s) 228,242 im/qnzikhbjxh/ui/PassportActivity.java, line(s) 2794 im/qnzikhbjxh/ui/utils/DeviceIdUtil.java, line(s) 89 im/qnzikhbjxh/utils/DeviceUtils.java, line(s) 96 im/qnzikhbjxh/utils/FingerprintUtil.java, line(s) 155 org/xbill/DNS/NSEC3Record.java, line(s) 62
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: im/qnzikhbjxh/ui/fragments/TabWebFragment.java, line(s) 81,74 im/qnzikhbjxh/ui/hui/discoveryweb/DiscoveryJumpToPage.java, line(s) 257,249,271
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/app/protect/AppProtectManager.java, line(s) 1676 com/bjz/comm/net/utils/MD5Utils.java, line(s) 19 com/danikula/videocache/ProxyCacheUtils.java, line(s) 74 com/litesuits/orm/db/assit/Encrypt.java, line(s) 35 im/qnzikhbjxh/messenger/AndroidUtilities.java, line(s) 2411 im/qnzikhbjxh/messenger/FileUploadOperation.java, line(s) 417 im/qnzikhbjxh/messenger/Utilities.java, line(s) 373 im/qnzikhbjxh/translate/MD5.java, line(s) 20,51 im/qnzikhbjxh/ui/hui/friendscircle/okhttphelper/MD5Utils.java, line(s) 19 im/qnzikhbjxh/ui/utils/ChiperUtils.java, line(s) 17
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: im/qnzikhbjxh/messenger/utils/PlayerUtils.java, line(s) 1242,1249 im/qnzikhbjxh/ui/ArticleViewer.java, line(s) 7202,7197 im/qnzikhbjxh/ui/WebviewActivity.java, line(s) 277,264 im/qnzikhbjxh/ui/components/EmbedBottomSheet.java, line(s) 664,221 im/qnzikhbjxh/ui/components/WebPlayerView.java, line(s) 1234,1241
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: im/qnzikhbjxh/ui/components/paint/Slice.java, line(s) 20 im/qnzikhbjxh/ui/utils/translate/ssrc/SSRC.java, line(s) 782
中危 IP地址泄露
IP地址泄露 Files: com/danikula/videocache/HttpProxyCacheServer.java, line(s) 31 im/qnzikhbjxh/network/NetWorkManager.java, line(s) 52,53 im/qnzikhbjxh/network/NetworkConstant.java, line(s) 6,13 im/qnzikhbjxh/tgnet/NetworkConfig.java, line(s) 181,173,183,171
中危 应用程序包含隐私跟踪程序
此应用程序有多个2隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 谷歌地图的=> "com.google.android.maps.v2.API_KEY" : "AIzaSyA-t0jLPjUt2FxrA8VPK2EiYHcYcboIR6k" 百度地图的=> "com.baidu.lbsapi.API_KEY" : "oYnHR3odlaw9KUleHaQP5BrTLivxSCz1" openinstall统计的=> "com.openinstall.APP_KEY" : "wvxnbp" "Sessions" : "Sitzung" "PaymentPasswordTitle" : "Passwort" "YourPasswordSuccess" : "Erfolg!" "Username" : "Username" "PaymentPasswordEmailTitle" : "Wiederherstellungs-E-Mail" "LoginPassword" : "Senha" "TypePrivate" : "Privado" "UseProxyUsername" : "Username" "Sessions" : "Sesi" "UseProxyPassword" : "Password" "LoginPassword" : "Passwort" "RestorePasswordNoEmailTitle" : "Sorry" "PasscodePassword" : "Passwort" "TypePrivateGroup" : "privat" "UseProxySecret" : "Rahsia" "PasscodePassword" : "Senha" "FindBackPassword" : "FindBack" "TypePrivate" : "Private" "PayPassword" : "PayPassword" "UserNameOrPhoneNumberSearch" : "Username" "PayPasswordSetting" : "PayPasswordSetting" "TypePrivate2" : "Privado" "TypePrivateGroup" : "pribadi" "firebase_database_url" : "https://qnzikhbjxh-48b0d.firebaseio.com" "RestorePasswordNoEmailTitle" : "Maaf" "YourPasswordSuccess" : "Sucesso!" "TypePrivate" : "Pribadi" "PaymentPasswordTitle" : "Password" "YourPasswordSuccess" : "Success!" "Sessions" : "Session" "google_crash_reporting_api_key" : "AIzaSyC6uk1nvjb5BYzqEzgaWy_iTryf5373Nyw" "UseProxyUsername" : "namapengguna" "TypePrivateGroup" : "Private" "baidu_map_key" : "oYnHR3odlaw9KUleHaQP5BrTLivxSCz1" "Sessions" : "Sessions" "key_walletDefaultBackground" : "walletDefaultBackground" "TypePrivateGroup" : "privado" "PasswordCode" : "Code" "TypePrivate" : "Privat" "LoginByPassword" : "Passwortanmeldung" "FindBackPassword" : "FindBackPassword" "UseProxySecret" : "Geheimnis" "google_app_id" : "1:194512522065:android:a3b6ee229cc1efe012e170" "PaymentPasswordTitle" : "Senha" "PayPasswordSetting" : "Zahlungskennworteinstellung" "RestorePasswordNoEmailTitle" : "Desculpe" "UseProxySecret" : "Secret" "google_api_key" : "AIzaSyC6uk1nvjb5BYzqEzgaWy_iTryf5373Nyw" "RestorePasswordNoEmailTitle" : "Entschuldigung" "TypePrivate2" : "Pribadi" "UseProxySecret" : "Rahasia" "PayPasswordSetReminder" : "Tips" "LoginPasswordReset" : "LoginPasswordReset" "key_windowBackgroundWhite" : "windowBackgroundWhite" "TypePrivate2" : "Privat" "UseProxySecret" : "Segredo" "PasscodePassword" : "Password" "YourPasswordSuccess" : "Berjaya!" "UseProxyUsername" : "Benutzername" "PayPasswordReset" : "PayPasswordReset" "LoginPassword" : "Password" "pref_speakerphone_key" : "speakerphone_preference" "PayPassword" : "Zahlungspasswort" "UseProxyPassword" : "Passwort" "TypePrivateGroup" : "peribadi" "yuncheng_app_key" : "-dSPyyHFK-C3oeMlwHTO+pKDObpgxP2MO7Uo2UCH0+AxbvSwOHSK26vswxbHqitmfpzvpr_umcseBVAt1Jhc+ZSpVK2u1Jycd5vGXSkkeksUjEvw7B1ab_L72k9kUie93wo9MKEFb_z5dDVJuy1dmCJ1lkTEoczXTFwV8KDvdhxGgMFuczwD-9Dky82dyNcpoA5r1MQjP9ySfIjUZBsaePOvidufUoObTop+UEXpSPUk0S9Qz8Pt8bxT4nwwFJr18bwcZoeGyMLOYYBtZsWjTSuoCM-evTn1HNr6AjGt9PsQ2REKz14oSNoo4JB7gRopFVzhEnZYwMTBKe3jbvAufn_d4Ur6uhiE34czv+fdJVeUHP" "UseProxyPassword" : "Senha" "YourPasswordSuccess" : "Sukses!" "TypePrivate2" : "Private" "key_windowBackgroundGray" : "windowBackgroundGray" RqNgNlFUZjMBdDk061Bi5HlMYQYLMYHBV7c4Kg== e283aac0-7c0f-4f2e-bcf7-90acc19903ed SvtY1+t9ft27oaP88vb0gXV8gZA9ErIcpflR0w== 5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B ANKvF42Ib3kBgeUavl3kry22dHnRRudcBE3ok5bc41I= c06c8400-8e06-11e0-9cb6-0002a5d5c51b 3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7 9A04F079-9840-4286-AB92-E65BE0885F95 C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5B f180c508-f49a-40bd-b8ac-50577ce9aff6 bb392ec0-8d4d-11e0-a896-0002a5d5c51b i18Yu9KnddqBMATtlFj4pC22dHnRRudcBE3ok5bc41I= 4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5 B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF cBdIEgrORCUuPQGBZt5M3RlvwQNy2pic 6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296 IP/nBhaY2b4vith5AIbHiS22dHnRRudcBE3ok5bc41I= e+D4HmIgNObpEFwj5QL66l4jxZKSe7vSx0yC/w== A2B55680-6F43-11E0-9A3F-0002A5D5C51B 8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14 FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551 QrMgt8GGYI6T52ZY5AnhtxkLzb8egpFn3j5JELI8H6wtACbUnZ5cc3aYTsTRbmkAkRJeYbtx92LPBWm7nBO9UIl7y5i5MQNmUZNf5QENurR5tGyo7yJ2G0MBjWvy6iAtlAbacKP0SwOUeUWx5dsBdyhxa7Id1APtybSdDgicBDuNjI0mlZFUzZSS9dmN8lBD0WTVOMz0pRZbR3cysomRXOO1ghqjJdTcyDIxzpNAEszN8RMGjrzyU7Hjbmwi6YNK lJXUSTA8T6D299KIGpgREzoPUhHjbJ8ZsWLfFA== 8TXAmriKUNWtdFwJEEnDoS22dHnRRudcBE3ok5bc41I= aa717156fa6e34325d3d4a7004a6647a pE5eNoBQIFVcd9IEuyIhvopfgS1RSj5C fb9f0bb7fdd0760c354cc3d80cecb1d9 ABVGDE2JZIQKLMNOPRSTUFHC34WXY9678
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: cn/dreamtobe/kpswitch/handler/KPSwitchRootLayoutHandler.java, line(s) 35,46,50,56,60 cn/dreamtobe/kpswitch/util/KeyboardUtil.java, line(s) 44,186,193,233,164,202,219 cn/dreamtobe/kpswitch/util/StatusBarHeightUtil.java, line(s) 21 cn/dreamtobe/kpswitch/util/ViewUtil.java, line(s) 17 com/alivc/component/capture/VideoPusher.java, line(s) 157,305,309,328,333,338,396,411,422,427,450,456,466,582,614,634,639,666,727,757,761,763,770,964,998,1051,368,387,391,648,814,877,924,982,1015,658 com/alivc/component/capture/VideoPusherJNI.java, line(s) 40,51,59,74,82,97,105,115,127,139,150,158,167,176,185,194,196,203,212,221,229,238,246,255,68,91,121,133 com/alivc/rtc/AliRtcEngine.java, line(s) 271,284,301,308 com/alivc/rtc/AliRtcEngineImpl.java, line(s) 1547,1619,1965,2003,2178,3288,317,342,626,897,922,1206,1349,1365,1384,1398,1438,1451,1472,1528,1535,1537,1541,1549,1565,1569,1573,1577,1596,1600,1621,1625,1637,1641,1649,1675,1689,1693,1754,1758,1762,1767,1792,1811,1818,1821,1825,1840,1844,1849,1853,1878,1884,1886,1892,1898,1900,1905,1907,1913,1915,1921,1929,1940,1952,1972,2015,2159,2201,2216,2231,2246,2630,2635,2680,2685,2690,2697,2712,2731,2737,2739,2890,2903,2980,72,74,81,83,96,98,105,107,113,119,147,149,159,162,188,190,212,214,226,228,251,253,275,277,287,289,297,325,327,340,360,364,366,374,376,383,385,391,393,399,406,412,433,435,441,467,469,475,480,487,489,491,493,495,497,503,505,507,513,516,518,520,522,524,526,572,574,624,638,640,646,648,654,656,662,664,670,672,691,727,729,739,742,768,770,792,794,806,808,831,833,855,857,867,869,877,905,907,920,940,944,946,954,956,963,965,971,973,979,986,992,1013,1015,1021,1047,1049,1055,1060,1067,1069,1071,1073,1075,1077,1083,1085,1087,1093,1096,1098,1100,1102,1104,1106,1152,1154,1204,1218,1220,1226,1228,1234,1236,1242,1244,1250,1252,1289,1291,1317,1325,1372,1376,1382,1385,1390,1396,1402,1408,1410,1416,1423,1430,1436,1454,1459,1461,1515,1529,1557,1563,1581,1587,1590,1613,1635,1659,1666,1672,1681,1687,1698,1705,1709,1714,1719,1727,1732,1737,1746,1752,1803,1809,1832,1838,1866,1871,1875,1927,1933,1946,1960,2009,2026,2038,2044,2071,2081,2089,2091,2097,2103,2105,2112,2125,2132,2134,2142,2144,2149,2151,2157,2170,2176,2184,2186,2192,2194,2207,2209,2222,2224,2235,2237,2252,2257,2266,2276,2284,2286,2292,2296,2306,2308,2318,2320,2332,2340,2351,2367,2377,2382,2388,2390,2406,2438,2455,2487,2504,2519,2521,2529,2531,2538,2540,2552,2560,2569,2617,2705,2716,2742,2804,2806,2812,2835,2841,2847,2853,2859,2865,2871,2877,2883,2985,2994,2996,3005,3007,3016,3018,3027,3029,3038,3040,3049,3051,3060,3062,3071,3073,3082,3087,3096,3098,3107,3112,3121,3123,3132,3137,3146,3148,3157,3162,3171,3173,3182,3184,3193,3195,3204,3206,3215,3217,3226,3228,3239,3251,3255,3265,3269,3284,3338,3343,3352,3354,1452 com/alivc/rtc/device/DeviceInfo.java, line(s) 30,57,61 com/alivc/rtc/device/UTUtdid.java, line(s) 132,134,139,141,152,154,159,161,207,212,238,241,246,249 com/bjz/comm/net/factory/ApiFactory.java, line(s) 61,68 com/bjz/comm/net/factory/ApiGameFactory.java, line(s) 59,66 com/bjz/comm/net/mvp/presenter/FcCommonPresenter.java, line(s) 112 com/bjz/comm/net/premission/PermissionActivity.java, line(s) 56,334,346,360 com/bjz/comm/net/premission/PermissionManager.java, line(s) 33 com/bjz/comm/net/receiver/NetworkConnectChangedReceiver.java, line(s) 23,29,39 com/bjz/comm/net/utils/MD5Utils.java, line(s) 21,88,92,93 com/bjz/comm/net/utils/RxHelper.java, line(s) 97,102,124,128,139,185 com/bjz/comm/net/utils/TokenLoader.java, line(s) 49,81,85 com/contrarywind/view/WheelView.java, line(s) 337 com/coremedia/iso/boxes/sampleentry/AudioSampleEntry.java, line(s) 194 com/litesuits/orm/LiteOrm.java, line(s) 81,83,87,117,327 com/litesuits/orm/db/TableManager.java, line(s) 91,132,123,171,249,90,95,96,101,102,119,121,131,138,139,159,160,180,181,182,187,188 com/litesuits/orm/db/assit/Querier.java, line(s) 12,18,21,11,17,20 com/litesuits/orm/db/assit/SQLStatement.java, line(s) 250,280,519,170,285,101,102,126,127,169,183,184,187,188,233,234,249,275,276,279,284,323,359,375,380,422,423,496,506,518,324,360,497,507 com/litesuits/orm/db/assit/Transaction.java, line(s) 15,21,22 com/litesuits/orm/db/utils/DataUtil.java, line(s) 109,110 com/litesuits/orm/log/OrmLog.java, line(s) 41,74,124,157,62,95,145,178,20,27,48,81,131,164,34,67,117,150,55,88,138,171 com/preview/PreviewDialogFragment.java, line(s) 160 com/serenegiant/usb/DeviceFilter.java, line(s) 73,75 com/serenegiant/usb/USBMonitor.java, line(s) 241,248,827,846,424,428,431,843,281,466 com/serenegiant/usb/UVCCamera.java, line(s) 1050,1056,1061,1067,484,1084 com/socks/library/Util.java, line(s) 13,15 com/socks/library/klog/BaseLog.java, line(s) 28,37,31,25,34,40 com/socks/library/klog/FileLog.java, line(s) 18,21 com/socks/library/klog/JsonLog.java, line(s) 29 com/socks/library/klog/XmlLog.java, line(s) 21 com/tablayout/SlidingScaleTabLayout.java, line(s) 674 com/tablayout/transformer/TabScaleTransformer.java, line(s) 28 com/zhy/http/okhttp/cookie/store/PersistentCookieStore.java, line(s) 143,156,159 com/zhy/http/okhttp/log/LoggerInterceptor.java, line(s) 42,45,46,47,49,52,55,58,60,71,72,73,75,79,81,83,86 com/zhy/http/okhttp/utils/L.java, line(s) 10 ezy/assist/compat/RomUtil.java, line(s) 148 ezy/assist/compat/SettingsCompat.java, line(s) 94,114,125 im/qnzikhbjxh/keepalive/ChannelService.java, line(s) 56 im/qnzikhbjxh/keepalive/CheckTopTask.java, line(s) 23,48 im/qnzikhbjxh/keepalive/DaemonService.java, line(s) 138,65,95,109,119,141 im/qnzikhbjxh/keepalive/MonitorReceiver.java, line(s) 11,16 im/qnzikhbjxh/keepalive/OnePxActivity.java, line(s) 34,61,85 im/qnzikhbjxh/keepalive/ScheduleService.java, line(s) 11,20 im/qnzikhbjxh/keepalive/ScreenReceiver.java, line(s) 37 im/qnzikhbjxh/messenger/AndroidUtilities.java, line(s) 760,1463,1473,169,226,353,445,459,721,752,797,810,830,839,848,857,954,957,1075,1090,1105,1150,1168,1172,1239,1260,1358,1373,1428,1450,1510,1573,1614,1626,1667,1828 im/qnzikhbjxh/messenger/AnimatedFileDrawableStream.java, line(s) 56 im/qnzikhbjxh/messenger/AppChooserTargetService.java, line(s) 54,96,178 im/qnzikhbjxh/messenger/ApplicationLoader.java, line(s) 78,127,157,173,184,198,208,245,248,259,262,295,71,130,282,310,324,344,361,409 im/qnzikhbjxh/messenger/ContactsController.java, line(s) 444,461,477,729,782,896,906,930,1081,1086,1117,1194,1211,1773,1930,585,611,852,1418,1427,1664,1673,1679,1697,2009,2495 im/qnzikhbjxh/messenger/ContactsSyncAdapterService.java, line(s) 49,30 im/qnzikhbjxh/messenger/DispatchQueue.java, line(s) 26,35,47,61,85 im/qnzikhbjxh/messenger/DownloadController.java, line(s) 998 im/qnzikhbjxh/messenger/Emoji.java, line(s) 193,105,118,129,357,403,423,492,504,730,742 im/qnzikhbjxh/messenger/FileLoadOperation.java, line(s) 594,790,861,1118,1225,1257,422,435,452,707,713,720,726,733,739,746,752,760,820,822,831,839 im/qnzikhbjxh/messenger/FileLoader.java, line(s) 945,1402,1410,1418,1427 im/qnzikhbjxh/messenger/FileLog.java, line(s) 235,260,102,128,153,178,285,310 im/qnzikhbjxh/messenger/FileRefController.java, line(s) 124,637,975 im/qnzikhbjxh/messenger/FileStreamLoadOperation.java, line(s) 138 im/qnzikhbjxh/messenger/FileUploadOperation.java, line(s) 116,140,206,426,548,689 im/qnzikhbjxh/messenger/GcmPushListenerService.java, line(s) 21,34,80,135 im/qnzikhbjxh/messenger/ImageLoader.java, line(s) 1347,1417,1431,1443,1456,1469,1477,192,200,209,232,236,245,251,301,330,349,369,392,403,422,579,588,597,620,624,634,646,820,838,1186,1192,1407,1413,1435,1447,1460,1473,1481,1526,1531,1539,1547,2067,2079,2106,2271,2277,2387 im/qnzikhbjxh/messenger/ImageReceiver.java, line(s) 513,602,649,681 im/qnzikhbjxh/messenger/KeepAliveJob.java, line(s) 28,44,50,72,84 im/qnzikhbjxh/messenger/LocaleController.java, line(s) 995,2133,2242,2279,462,468,749,888,935,943,949,955,1073,1102,1157,1558,1634,1659,1681,1703,1737,1785,1825,1920,1937,1961,2210,3326 im/qnzikhbjxh/messenger/LocationController.java, line(s) 553,636,700 im/qnzikhbjxh/messenger/MediaController.java, line(s) 694,1174,1212,1255,1260,1280,1299,1311,1321,580,588,648,653,658,663,680,704,713,819,830,896,910,944,955,1530,1560,1675,1802,1817,2127,2133,2218,2321,2453,2475,2591,2600,2704,2784,2848,2876,2884,2907,2913,2921,2944,2950,2958,2976,3009,3016,3036,3042,3046,3051,3058,3199,3344 im/qnzikhbjxh/messenger/MediaDataController.java, line(s) 268,407,463,526,670,726,934,1003,1041,1055,1266,1349,1590,1729,1916,1936,2046,2449,2708,2746,2828,2896,2930,2951,2982,3067,3186,3271,3302,3483,3555,3572,3647,3777,3853,3875,4001,4033,4111,4113,4347,4595,4680,4821,4863,4902,4941,4977,5049 im/qnzikhbjxh/messenger/MessageObject.java, line(s) 258,865,2451,2496,2591,2597 im/qnzikhbjxh/messenger/MessagesController.java, line(s) 2431,2436,2482,2493,2518,2525,2542,2554,3917,3926,5575,5884,5891,5897,5948,5981,6019,8129,8144,8194,8305,8314,8327,8389,8398,8410,8802,8821,9036,10266,1378,3341,3452,3480,3510,5290,5588,6000,6370,6796,7373,7398,8447,8576,9100,9223,9299,9784,10658,10753,11064,11158,11161 im/qnzikhbjxh/messenger/MessagesStorage.java, line(s) 3778,245,281,836,898,934,1040,1077,1120,1193,1287,1346,1358,1442,1481,1537,1577,1611,1613,1659,1717,1746,1844,1920,1965,1999,2081,2218,2294,2363,2423,2467,2469,2551,2631,2671,2701,2868,2923,2954,2977,3004,3033,3094,3181,3250,3389,3443,3520,3579,3643,3658,3705,3748,3789,3840,3902,3923,3959,4000,4066,4095,4167,4226,4272,4312,4418,4474,4495,4531,4652,4755,4796,4876,4910,4948,4970,4997,5014,5076,5087,5103,5112,5166,5206,5271,5374,5407,5526,5566,5595,5669,5708,5748,5806,5819,5896,5958,6030,6059,6091,6206,6259,6324,6364,6404,6637,6691,6768,6824,6867,6888,6909,6931,6951,6962,6977,6992,7020,7043,7077,7112,7146,7180,7217,7251 im/qnzikhbjxh/messenger/MusicBrowserService.java, line(s) 209,301,338,387,516 im/qnzikhbjxh/messenger/MusicPlayerService.java, line(s) 192,394 im/qnzikhbjxh/messenger/NativeLoader.java, line(s) 47,77,83,89,95,100,107 im/qnzikhbjxh/messenger/NotificationBadge.java, line(s) 182,463 im/qnzikhbjxh/messenger/NotificationCenter.java, line(s) 959 im/qnzikhbjxh/messenger/NotificationImageProvider.java, line(s) 109 im/qnzikhbjxh/messenger/NotificationsController.java, line(s) 204,340,2126,179,184,192,215,252,286,307,1356,1370,1973,2050,2063,2078,2105,2109,2118,2132,2190,2222,2330,2364,2368,2377 im/qnzikhbjxh/messenger/ScreenReceiver.java, line(s) 13,27 im/qnzikhbjxh/messenger/SecretChatHelper.java, line(s) 586,1157,663,689,775,1089,1303,1481,1783,1797,1909,1938,1979,1995 im/qnzikhbjxh/messenger/SendMessagesHelper.java, line(s) 129,185,190,199,920,937,1397,2106,3763,3769,4198,4247,4274,4582,4585,4600,4608 im/qnzikhbjxh/messenger/SharedConfig.java, line(s) 742,155,287,308,322,392,715 im/qnzikhbjxh/messenger/SmsReceiver.java, line(s) 50 im/qnzikhbjxh/messenger/UserConfig.java, line(s) 194 im/qnzikhbjxh/messenger/Utilities.java, line(s) 72,232,248,277,290,301,313,332,349,381 im/qnzikhbjxh/messenger/VideoEncodingService.java, line(s) 36,87,54 im/qnzikhbjxh/messenger/WearDataLayerListenerService.java, line(s) 40,47,62,231,238,55,225,242,337 im/qnzikhbjxh/messenger/XiaomiUtilities.java, line(s) 46 im/qnzikhbjxh/messenger/browser/Browser.java, line(s) 85,100 im/qnzikhbjxh/messenger/camera/CameraController.java, line(s) 161,188,508,525,544,302,318,323,374,396,422,434,466,498,551,580,629,657,660,677,683,704,727,741,793,798,804,809,817,840 im/qnzikhbjxh/messenger/camera/CameraSession.java, line(s) 211,215,172,253,268,344,357,373,378,465 im/qnzikhbjxh/messenger/secretmedia/ExtendedDefaultDataSource.java, line(s) 199 im/qnzikhbjxh/messenger/support/JobIntentService.java, line(s) 129 im/qnzikhbjxh/messenger/support/customtabs/CustomTabsSessionToken.java, line(s) 19,28,37,46 im/qnzikhbjxh/messenger/support/customtabsclient/shared/CustomTabsHelper.java, line(s) 90 im/qnzikhbjxh/messenger/support/fingerprint/FingerprintManagerCompatApi23.java, line(s) 21,30,39 im/qnzikhbjxh/messenger/utils/PlayerUtils.java, line(s) 470,391,450,526,585,640,703,770,1190,1452,1522,1920,1932,1945,1959,1973,1987,2001 im/qnzikhbjxh/messenger/utils/SelectorUtils.java, line(s) 91 im/qnzikhbjxh/messenger/voip/AppConnectionService.java, line(s) 31,68,48,58,16,24 im/qnzikhbjxh/messenger/voip/AudioRecordJNI.java, line(s) 249,67,80,96,115,138,181,204,240,110,212,64,77,93 im/qnzikhbjxh/messenger/voip/AudioTrackJNI.java, line(s) 38,65,111,121,119,32 im/qnzikhbjxh/messenger/voip/JNIUtilities.java, line(s) 81 im/qnzikhbjxh/messenger/voip/VoIPBaseService.java, line(s) 597,690,747,849,891,898,904,1070,1268,1430,1442,1470,1482,1489,179,187,278,531,569,645,738,830,859,1005,1021,1179,1346,1357 im/qnzikhbjxh/messenger/voip/VoIPServerConfig.java, line(s) 19 im/qnzikhbjxh/messenger/voip/VoIPService.java, line(s) 365,450,456,463,704,723,752,759,788,804,971,1082,1102,1258,95,284,341,363,397,420,469,521,578,588,696,728,888,1039,1096,1143,109,390,416,568,743,832,839,849,875,903 im/qnzikhbjxh/network/DohNet.java, line(s) 94,102,45,50,62,71,82 im/qnzikhbjxh/network/DotNet.java, line(s) 74,106,115,134,164,185,114,133,170,181,259 im/qnzikhbjxh/network/NetWorkManager.java, line(s) 41,58,69,74,84,121,151,165,193,209 im/qnzikhbjxh/network/OSSNet.java, line(s) 55,56,88,89,103,115,63 im/qnzikhbjxh/phoneformat/PhoneFormat.java, line(s) 101,107,128,137,200,239 im/qnzikhbjxh/sqlite/SQLiteCursor.java, line(s) 98,103 im/qnzikhbjxh/sqlite/SQLiteDatabase.java, line(s) 60,77 im/qnzikhbjxh/sqlite/SQLitePreparedStatement.java, line(s) 107,108 im/qnzikhbjxh/tgnet/ConnectionsManager.java, line(s) 231,349,494,502,518,533,545,596,629,637,645,800,807,810,1004,1041,342,360,362,548,571,613,683,695,719,816,844,897,902,923,937,950,984,1021 im/qnzikhbjxh/tgnet/FCTokenRequestCallback.java, line(s) 45,65,66,119,125,131,139,143 im/qnzikhbjxh/tgnet/NativeByteBuffer.java, line(s) 37,130,145,174,189,209,220,256,292,303,340,392,412,426,442,455,488,515,545,561 im/qnzikhbjxh/tgnet/NetworkConfig.java, line(s) 240,78,101 im/qnzikhbjxh/tgnet/SerializedData.java, line(s) 63,71,79,87,118,141,173,188,203,218,254,265,301,312,347,374,389,425,456,472,491,512 im/qnzikhbjxh/tgnet/TLClassStore.java, line(s) 54 im/qnzikhbjxh/tgnet/TLJsonResolve.java, line(s) 86,114 im/qnzikhbjxh/translate/MD5.java, line(s) 33 im/qnzikhbjxh/ui/ArticleViewer.java, line(s) 3734,4361,4438,4625,4799,4848,4869,5008,5018,5045,5058,7168,7178,7291,7312,7338,9707,10136,10538,10729,10801,10807,10835,10892 im/qnzikhbjxh/ui/AudioSelectActivity.java, line(s) 280 im/qnzikhbjxh/ui/CacheControlActivity.java, line(s) 228,405,427 im/qnzikhbjxh/ui/CancelAccountDeletionActivity.java, line(s) 134,264,397,955,1067 im/qnzikhbjxh/ui/ChangeBioActivity.java, line(s) 232,243 im/qnzikhbjxh/ui/ChangePersonalInformationActivity.java, line(s) 520,491,541 im/qnzikhbjxh/ui/ChangePhoneActivity.java, line(s) 130,286,678,688,856,1473,1585 im/qnzikhbjxh/ui/ChangePhoneNumberActivity.java, line(s) 185,195 im/qnzikhbjxh/ui/ChangeSignActivity.java, line(s) 161,172 im/qnzikhbjxh/ui/ChangeUsernameActivity.java, line(s) 85,103,489,504 im/qnzikhbjxh/ui/ChannelAdminLogActivity.java, line(s) 965,1415,2487,2496,2505,2514,2523,2532,2541,2550 im/qnzikhbjxh/ui/ChannelCreateActivity.java, line(s) 756,892,1018,1030 im/qnzikhbjxh/ui/ChatActivity.java, line(s) 9941,9977,837,863,892,912,1203,3624,3767,5099,5308,6946,7273,7394,8266,8633,10054,10832,10871,11325,11675,11850,11856,12824,12875,12890,14462,14526,14747,14756,14765,14774,14783,14792,14801,14810 im/qnzikhbjxh/ui/ChatEditActivity.java, line(s) 409 im/qnzikhbjxh/ui/ChatEditTypeActivity.java, line(s) 436,450,482 im/qnzikhbjxh/ui/ChatRightsEditActivity.java, line(s) 610,637 im/qnzikhbjxh/ui/ChatUsersActivity.java, line(s) 2170 im/qnzikhbjxh/ui/ContactAddActivity.java, line(s) 179 im/qnzikhbjxh/ui/ContactsActivity.java, line(s) 520,626,708 im/qnzikhbjxh/ui/ContentPreviewViewer.java, line(s) 776,823,858,879,891,986 im/qnzikhbjxh/ui/CountrySelectActivity.java, line(s) 418,429 im/qnzikhbjxh/ui/DialogsActivity.java, line(s) 1876,2753 im/qnzikhbjxh/ui/DocumentSelectActivity.java, line(s) 144,166,505,695 im/qnzikhbjxh/ui/ExternalActionActivity.java, line(s) 589,593,68,386,434 im/qnzikhbjxh/ui/GroupCreateFinalActivity.java, line(s) 148 im/qnzikhbjxh/ui/GroupInviteActivity.java, line(s) 143,158 im/qnzikhbjxh/ui/GroupStickersActivity.java, line(s) 718 im/qnzikhbjxh/ui/IdenticonActivity.java, line(s) 65 im/qnzikhbjxh/ui/IndexActivity.java, line(s) 333,363,368,751,781,359,784 im/qnzikhbjxh/ui/InviteContactsActivity.java, line(s) 569,613,785,811 im/qnzikhbjxh/ui/LanguageSelectActivity.java, line(s) 271,282 im/qnzikhbjxh/ui/LaunchActivity.java, line(s) 558,607,614,644,686,732,2192,2407,2465,2759,2989,3023,3119,3123,264,523,574,1080,1228,1236,1287,1414,1510,1528,1545,1566,1594,1649,1686,1795,1821,1831,2047,2185,2287,2295,2569,2578,2852,3053,3243,3311 im/qnzikhbjxh/ui/LaunchAgDialogActivity.java, line(s) 39 im/qnzikhbjxh/ui/LocationActivity.java, line(s) 213,269,797,976,1087,1137,1182,1195,1397,1479,1536,1553,1562 im/qnzikhbjxh/ui/LoginActivity.java, line(s) 368,425,726,1132,1142,1342,2036,2152,4024 im/qnzikhbjxh/ui/Media1Activity.java, line(s) 2206 im/qnzikhbjxh/ui/MediaActivity.java, line(s) 2245 im/qnzikhbjxh/ui/NewContactActivity.java, line(s) 456,470,582 im/qnzikhbjxh/ui/NotificationsCustomSettingsActivity.java, line(s) 352 im/qnzikhbjxh/ui/NotificationsSettingsActivity.java, line(s) 357 im/qnzikhbjxh/ui/PasscodeActivity.java, line(s) 494,604 im/qnzikhbjxh/ui/PassportActivity.java, line(s) 1060,2798,3274,3562,3665,4592,6782,6848,7031,7102,7261,7988,8100 im/qnzikhbjxh/ui/PeopleNearbyActivity.java, line(s) 434,361,568 im/qnzikhbjxh/ui/PhoneBookSelectActivity.java, line(s) 224 im/qnzikhbjxh/ui/PhonebookShareActivity.java, line(s) 518,574,622 im/qnzikhbjxh/ui/PhotoCropActivity.java, line(s) 347,411,334,339,353 im/qnzikhbjxh/ui/PhotoViewer.java, line(s) 1370,4906,9550,9557,9565,9571,450,648,1924,2559,2572,2890,3106,3748,3806,3835,3893,3921,4329,4336,4558,4580,4674,4733,4746,4993,5000,6632,7384,7848,7885,7965,8195,8287,9577 im/qnzikhbjxh/ui/PopupNotificationActivity.java, line(s) 526,1288 im/qnzikhbjxh/ui/PrivacyControlActivity.java, line(s) 114,713 im/qnzikhbjxh/ui/PrivacySettingsActivity.java, line(s) 438,516 im/qnzikhbjxh/ui/ProfileActivity.java, line(s) 350,833,851,1647,1661,1673,1701,2803 im/qnzikhbjxh/ui/ProfileNotificationsActivity.java, line(s) 506,531 im/qnzikhbjxh/ui/SecretMediaViewer.java, line(s) 495,501,543,591,871,1001,1234 im/qnzikhbjxh/ui/SessionsActivity.java, line(s) 363,389 im/qnzikhbjxh/ui/SettingsActivity.java, line(s) 2789 im/qnzikhbjxh/ui/ShareActivity.java, line(s) 76,97 im/qnzikhbjxh/ui/StickersActivity.java, line(s) 409,420,512 im/qnzikhbjxh/ui/TestActivity.java, line(s) 34 im/qnzikhbjxh/ui/ThemeActivity.java, line(s) 1032,1044,1130,1135,1176,1514,1520,1526,1552 im/qnzikhbjxh/ui/ThemeSetUrlActivity.java, line(s) 101,119,452,467,693,704 im/qnzikhbjxh/ui/TwoStepVerificationActivity.java, line(s) 168,1017 im/qnzikhbjxh/ui/TwoStepVerificationActivity2.java, line(s) 173,719,1012,1463,1466 im/qnzikhbjxh/ui/TwoStepVerificationActivityNew.java, line(s) 356,375,400,424,444,484,504,554,574,631,660,674 im/qnzikhbjxh/ui/VoIPActivity.java, line(s) 223 im/qnzikhbjxh/ui/WallpaperActivity.java, line(s) 457,466,487,511,530,547 im/qnzikhbjxh/ui/WebviewActivity.java, line(s) 89,187,293,304,494,511 im/qnzikhbjxh/ui/actionbar/ActionBarLayout.java, line(s) 182,1471,1662,2269 im/qnzikhbjxh/ui/actionbar/ActionBarPopupWindow.java, line(s) 101,320,382 im/qnzikhbjxh/ui/actionbar/AlertDialog.java, line(s) 900 im/qnzikhbjxh/ui/actionbar/BaseFragment.java, line(s) 134,146,174,189,289,324,415,434,488,502 im/qnzikhbjxh/ui/actionbar/BottomSheet.java, line(s) 616,1041,1104,1121 im/qnzikhbjxh/ui/actionbar/DrawerLayoutContainer.java, line(s) 318 im/qnzikhbjxh/ui/actionbar/Theme.java, line(s) 2991,3033,1162,1218,1226,2121,2185,2746,2753,2805,3292,3313,3326,3448,3460,4642,4649,4658,4665 im/qnzikhbjxh/ui/actionbar/ThemeDescription.java, line(s) 711 im/qnzikhbjxh/ui/actionbar/XAlertDialog.java, line(s) 940,993 im/qnzikhbjxh/ui/adapters/BaseLocationAdapter.java, line(s) 61,83 im/qnzikhbjxh/ui/adapters/ContactsAdapter.java, line(s) 98 im/qnzikhbjxh/ui/adapters/DialogsAdapter.java, line(s) 231 im/qnzikhbjxh/ui/adapters/DialogsSearchAdapter.java, line(s) 355,399,419 im/qnzikhbjxh/ui/adapters/PhonebookSearchAdapter.java, line(s) 37,53 im/qnzikhbjxh/ui/adapters/SearchAdapter.java, line(s) 86,106 im/qnzikhbjxh/ui/adapters/SearchAdapterHelper.java, line(s) 362,486,488,509,572 im/qnzikhbjxh/ui/bottom/BottomBarLayout.java, line(s) 166 im/qnzikhbjxh/ui/cell/FmtDialogCell.java, line(s) 362 im/qnzikhbjxh/ui/cells/AboutLinkCell.java, line(s) 120,130,147,195 im/qnzikhbjxh/ui/cells/ArchiveHintCell.java, line(s) 49,53 im/qnzikhbjxh/ui/cells/AudioPlayerCell.java, line(s) 67,75 im/qnzikhbjxh/ui/cells/BotHelpCell.java, line(s) 100,133,143,160 im/qnzikhbjxh/ui/cells/ChatActionCell.java, line(s) 334,339 im/qnzikhbjxh/ui/cells/ChatMessageCell.java, line(s) 2360,2459,2494,3292,3953,3963,5594,2920 im/qnzikhbjxh/ui/cells/DialogCell.java, line(s) 357 im/qnzikhbjxh/ui/cells/DialogMeUrlCell.java, line(s) 119 im/qnzikhbjxh/ui/cells/DrawerActionCell.java, line(s) 53 im/qnzikhbjxh/ui/cells/DrawerProfileCell.java, line(s) 109,155 im/qnzikhbjxh/ui/cells/PopMenuCell.java, line(s) 47 im/qnzikhbjxh/ui/cells/SharedAudioCell.java, line(s) 75,80 im/qnzikhbjxh/ui/cells/SharedLinkCell.java, line(s) 230,242 im/qnzikhbjxh/ui/cells/ThemesHorizontalListCell.java, line(s) 624,633,639,728 im/qnzikhbjxh/ui/components/AlertsCreator.java, line(s) 1025,1077,1092 im/qnzikhbjxh/ui/components/AnimatedFileDrawable.java, line(s) 193,224 im/qnzikhbjxh/ui/components/AudioPlayerAlert.java, line(s) 861,1305,1320 im/qnzikhbjxh/ui/components/AvatarDrawable.java, line(s) 219 im/qnzikhbjxh/ui/components/BlockingUpdateView.java, line(s) 252,274,278 im/qnzikhbjxh/ui/components/ChatActivityEnterView.java, line(s) 1605,1643,2604,3707,3753,3935,4082,4097,4111,4125,4148,4158,4212,4700 im/qnzikhbjxh/ui/components/ChatAttachAlert.java, line(s) 1897 im/qnzikhbjxh/ui/components/ChatAvatarContainer.java, line(s) 280 im/qnzikhbjxh/ui/components/ClippingImageView.java, line(s) 75,151 im/qnzikhbjxh/ui/components/EditTextBoldCursor.java, line(s) 178,314,571,579 im/qnzikhbjxh/ui/components/EditTextCaption.java, line(s) 323,345,405 im/qnzikhbjxh/ui/components/EditTextEmoji.java, line(s) 88,489 im/qnzikhbjxh/ui/components/EmbedBottomSheet.java, line(s) 199,303,318,344,372,418,496,503,685,694,713,823,842,920 im/qnzikhbjxh/ui/components/EmojiView.java, line(s) 589,1467,3449 im/qnzikhbjxh/ui/components/EmojiViewV2.java, line(s) 589,1466,3433 im/qnzikhbjxh/ui/components/ForegroundDetector.java, line(s) 59,92,67,100 im/qnzikhbjxh/ui/components/ImageUpdater.java, line(s) 271,301,324,346 im/qnzikhbjxh/ui/components/InstantCameraView.java, line(s) 488,496,502,872,891,913,1047,1292,1315,1562,1611,1618,1622,1631,1643,1683,1763,2009,448,931,946,977,989,1055,1063,1073,1086,1097,1134,1156,1162,1168,1177,1229,1385,1390,1398,1659,1716,1728,1845,1854,1864,1872,1946,2082 im/qnzikhbjxh/ui/components/LetterDrawable.java, line(s) 60 im/qnzikhbjxh/ui/components/PasscodeView.java, line(s) 139,254,926,935,949,1000,1028,1047 im/qnzikhbjxh/ui/components/PhotoFilterView.java, line(s) 401,418,433,441,451,464,729,735,744,945 im/qnzikhbjxh/ui/components/PhotoPaintView.java, line(s) 438,1266,1273,1300 im/qnzikhbjxh/ui/components/PhotoViewerCaptionEnterView.java, line(s) 112,326,360,426,540,570,584,613,694,707 im/qnzikhbjxh/ui/components/PipRoundVideoView.java, line(s) 255 im/qnzikhbjxh/ui/components/PipVideoView.java, line(s) 406 im/qnzikhbjxh/ui/components/RLottieDrawable.java, line(s) 215,339,415 im/qnzikhbjxh/ui/components/RadioButton.java, line(s) 60,159 im/qnzikhbjxh/ui/components/RecyclerListView.java, line(s) 594,806,819,1497,1505 im/qnzikhbjxh/ui/components/ShareAlert.java, line(s) 943 im/qnzikhbjxh/ui/components/SpannableStringLight.java, line(s) 24,41,58 im/qnzikhbjxh/ui/components/StaticLayoutEx.java, line(s) 58,122,155,161,172,177,182,216,249,257 im/qnzikhbjxh/ui/components/StickersAlert.java, line(s) 115,809,845,923 im/qnzikhbjxh/ui/components/TermsOfServiceView.java, line(s) 165 im/qnzikhbjxh/ui/components/ThemeEditorView.java, line(s) 98,106,1150,1396,1601 im/qnzikhbjxh/ui/components/TimerDrawable.java, line(s) 78 im/qnzikhbjxh/ui/components/VideoTimelinePlayView.java, line(s) 300,357,385 im/qnzikhbjxh/ui/components/VideoTimelineView.java, line(s) 230,287,315 im/qnzikhbjxh/ui/components/WallpaperUpdater.java, line(s) 84,100,125,151,182,185,197,213 im/qnzikhbjxh/ui/components/WebPlayerView.java, line(s) 463,384,443,519,578,633,696,763,1183,1444,1492,1852,1864,1877,1891,1905,1919,1933 im/qnzikhbjxh/ui/components/compress/Luban.java, line(s) 86,85 im/qnzikhbjxh/ui/components/paint/RenderView.java, line(s) 307,315,325,338,349,359,378,498 im/qnzikhbjxh/ui/components/paint/Shader.java, line(s) 20,28,82,92 im/qnzikhbjxh/ui/components/paint/Slice.java, line(s) 22,53 im/qnzikhbjxh/ui/components/paint/Utils.java, line(s) 12 im/qnzikhbjxh/ui/components/toast/ToastUtils.java, line(s) 77 im/qnzikhbjxh/ui/components/voip/CallSwipeView.java, line(s) 94 im/qnzikhbjxh/ui/components/voip/DarkTheme.java, line(s) 2379 im/qnzikhbjxh/ui/components/voip/VoIPHelper.java, line(s) 154,570 im/qnzikhbjxh/ui/dialogs/McShareDialog.java, line(s) 198 im/qnzikhbjxh/ui/dialogs/TwoPasswordCheckDialog.java, line(s) 327,341,382 im/qnzikhbjxh/ui/fragments/BaseFmts.java, line(s) 213,268,282,304 im/qnzikhbjxh/ui/fragments/CallRecordsFragment.java, line(s) 593,195 im/qnzikhbjxh/ui/fragments/ContactsFragment.java, line(s) 611 im/qnzikhbjxh/ui/fragments/DialogsFragment.java, line(s) 491,506,1701 im/qnzikhbjxh/ui/fragments/DiscoveryFragment.java, line(s) 146,294 im/qnzikhbjxh/ui/fragments/MeFragmentV2.java, line(s) 489,976,1034,1049 im/qnzikhbjxh/ui/fragments/TabWebFragment.java, line(s) 172,277,314,337,501 im/qnzikhbjxh/ui/fragments/adapter/FmtContactsAdapter.java, line(s) 143 im/qnzikhbjxh/ui/hui/CameraViewActivity.java, line(s) 1764 im/qnzikhbjxh/ui/hui/CharacterParser.java, line(s) 28 im/qnzikhbjxh/ui/hui/WebViewAppCompatActivity.java, line(s) 101,212 im/qnzikhbjxh/ui/hui/adapter/AddNewCallAdapter.java, line(s) 77 im/qnzikhbjxh/ui/hui/adapter/CreateGroupAdapter.java, line(s) 95 im/qnzikhbjxh/ui/hui/adapter/CreateSecureAdapter.java, line(s) 81 im/qnzikhbjxh/ui/hui/adapter/MyDialogsAdapter.java, line(s) 240 im/qnzikhbjxh/ui/hui/adapter/NewChatAdapter.java, line(s) 86 im/qnzikhbjxh/ui/hui/adapter/SelectContactsAdapter.java, line(s) 85 im/qnzikhbjxh/ui/hui/adapter/StartChatAdapter.java, line(s) 86 im/qnzikhbjxh/ui/hui/adapter/grouping/AddGroupingUserAdapter.java, line(s) 84 im/qnzikhbjxh/ui/hui/adapter/pageAdapter/PageSelectionAdapter.java, line(s) 78 im/qnzikhbjxh/ui/hui/adapter/pageAdapter/PageStickerAdapter.java, line(s) 110 im/qnzikhbjxh/ui/hui/chats/CreateGroupFinalActivity.java, line(s) 154 im/qnzikhbjxh/ui/hui/chats/GroupShareActivity.java, line(s) 215 im/qnzikhbjxh/ui/hui/chats/MryDialogsActivity.java, line(s) 1752,2591 im/qnzikhbjxh/ui/hui/chats/NewChatActivity.java, line(s) 403 im/qnzikhbjxh/ui/hui/chats/ProfileGroupActivity.java, line(s) 361,843,861,1056,1610,1624,1636,1664,2796 im/qnzikhbjxh/ui/hui/chats/StartChatActivity.java, line(s) 347 im/qnzikhbjxh/ui/hui/contacts/AddContactsActivity.java, line(s) 193 im/qnzikhbjxh/ui/hui/contacts/PhonebookUsersActivity.java, line(s) 538 im/qnzikhbjxh/ui/hui/discovery/ActionIntroActivity.java, line(s) 381,428,463,509 im/qnzikhbjxh/ui/hui/discovery/NearPersonAndGroupActivity.java, line(s) 482,486,491,494,501,554,418,645 im/qnzikhbjxh/ui/hui/discovery/QrScanActivity.java, line(s) 322,348 im/qnzikhbjxh/ui/hui/discoveryweb/DiscoveryJumpPausedFloatingView.java, line(s) 254,526 im/qnzikhbjxh/ui/hui/discoveryweb/DiscoveryJumpToPage.java, line(s) 112,139,574,587,621,801 im/qnzikhbjxh/ui/hui/friendscircle/fcHelper/OKHttpStreamFetcher.java, line(s) 43,42 im/qnzikhbjxh/ui/hui/friendscircle/okhttphelper/AESHelper.java, line(s) 62,75 im/qnzikhbjxh/ui/hui/friendscircle/okhttphelper/MD5Utils.java, line(s) 21,88,92,93 im/qnzikhbjxh/ui/hui/friendscircle/okhttphelper/OkHttpStringCallBack.java, line(s) 69,61,70 im/qnzikhbjxh/ui/hui/friendscircle_v1/adapter/FcDetailAdapter.java, line(s) 187 im/qnzikhbjxh/ui/hui/friendscircle_v1/adapter/FcHomeAdapter.java, line(s) 179,687 im/qnzikhbjxh/ui/hui/friendscircle_v1/adapter/UserFcListAdapter.java, line(s) 165 im/qnzikhbjxh/ui/hui/friendscircle_v1/base/BaseFcActivity.java, line(s) 295,366,473,208,222,245,330,351,496 im/qnzikhbjxh/ui/hui/friendscircle_v1/base/BaseFcFragment.java, line(s) 378,448,555,250,264,286,413,433,578 im/qnzikhbjxh/ui/hui/friendscircle_v1/base/CommFcListActivity.java, line(s) 161 im/qnzikhbjxh/ui/hui/friendscircle_v1/base/CommFcListFragment.java, line(s) 165,169,180 im/qnzikhbjxh/ui/hui/friendscircle_v1/fragments/FcFollowFragment.java, line(s) 323,909 im/qnzikhbjxh/ui/hui/friendscircle_v1/fragments/FcHomeFragment.java, line(s) 238,790,842 im/qnzikhbjxh/ui/hui/friendscircle_v1/fragments/FcRecommendFragment.java, line(s) 233,764,816 im/qnzikhbjxh/ui/hui/friendscircle_v1/helper/FcDBHelper.java, line(s) 150,156,165,167 im/qnzikhbjxh/ui/hui/friendscircle_v1/player/logger/ExoPlayerLogger.java, line(s) 89,93,111,114,127,134,151,156,173,176,182,190,198,216,221,225,227,231,233,237,241,245,249,253,257,261,265,269,273,287,291,295,311,314,317,320,323,326,329,332,103,303 im/qnzikhbjxh/ui/hui/friendscircle_v1/player/player/AbsBaseVideoPlayer.java, line(s) 36,47,54,63,70,78,90 im/qnzikhbjxh/ui/hui/friendscircle_v1/player/player/VideoPlayerManager.java, line(s) 385 im/qnzikhbjxh/ui/hui/friendscircle_v1/player/utils/Utils.java, line(s) 111,115 im/qnzikhbjxh/ui/hui/friendscircle_v1/ui/FcPageDetailActivity.java, line(s) 148,192,325,344,848 im/qnzikhbjxh/ui/hui/friendscircle_v1/ui/FcPageMineActivity.java, line(s) 965,1014 im/qnzikhbjxh/ui/hui/friendscircle_v1/ui/FcPageOthersActivity.java, line(s) 1031 im/qnzikhbjxh/ui/hui/friendscircle_v1/ui/FcPublishActivity.java, line(s) 744,998,1441,894,1444,1454 im/qnzikhbjxh/ui/hui/friendscircle_v1/ui/FcTopicMainActivity.java, line(s) 836,885 im/qnzikhbjxh/ui/hui/friendscircle_v1/ui/ImagePreSelectorActivity.java, line(s) 1605 im/qnzikhbjxh/ui/hui/friendscircle_v1/ui/ImagePreviewActivity.java, line(s) 1326,9042,9049,9057,9063,544,742,1874,2521,2534,2833,3042,3751,3807,3836,3896,3924,4335,4342,4547,4569,4663,4720,4733,6316,7019,7394,7431,7690,7777,9069 im/qnzikhbjxh/ui/hui/friendscircle_v1/ui/ImageSelectorActivity.java, line(s) 2085 im/qnzikhbjxh/ui/hui/friendscircle_v1/utils/KeyboardUtils.java, line(s) 48,191,198,238,169,207,224 im/qnzikhbjxh/ui/hui/friendscircle_v1/utils/StatusBarHeightUtil.java, line(s) 21 im/qnzikhbjxh/ui/hui/friendscircle_v1/utils/ViewUtil.java, line(s) 17 im/qnzikhbjxh/ui/hui/friendscircle_v1/view/FCIndexBar.java, line(s) 117 im/qnzikhbjxh/ui/hui/friendscircle_v1/view/FcChildReplyListDialog.java, line(s) 207 im/qnzikhbjxh/ui/hui/friendscircle_v1/view/FcDoReplyDialog.java, line(s) 185,392 im/qnzikhbjxh/ui/hui/friendscircle_v1/view/flowLayout/TagAdapter.java, line(s) 84,88 im/qnzikhbjxh/ui/hui/friendscircle_v1/view/flowLayout/TagFlowLayout.java, line(s) 121 im/qnzikhbjxh/ui/hui/friendscircle_v1/view/panel/KPSwitchRootLayoutHandler.java, line(s) 35,46,50,56,60 im/qnzikhbjxh/ui/hui/friendscircle_v1/view/richtext/TextCommonUtils.java, line(s) 246,274,280 im/qnzikhbjxh/ui/hui/friendscircle_v1/view/toast/FcToastUtils.java, line(s) 82 im/qnzikhbjxh/ui/hui/login/ChangePersonalInformationActivity.java, line(s) 554,522,561,588,589 im/qnzikhbjxh/ui/hui/login/HloginActivity.java, line(s) 367,424,707,1148,1163,1407,2140,2256,4118 im/qnzikhbjxh/ui/hui/login/LoginContronllerActivity.java, line(s) 1288,910,941,1310,481,814,1262,1279,1309 im/qnzikhbjxh/ui/hui/login/LoginPasswordContronllerActivity.java, line(s) 184,219,370 im/qnzikhbjxh/ui/hui/mine/AboutAppActivity.java, line(s) 213,298,349,364 im/qnzikhbjxh/ui/hui/mine/DataUsageActivity.java, line(s) 352 im/qnzikhbjxh/ui/hui/mine/MryLanguageSelectActivity.java, line(s) 271,282 im/qnzikhbjxh/ui/hui/mine/MrySessionsActivity.java, line(s) 725,750 im/qnzikhbjxh/ui/hui/mine/MryThemeActivity.java, line(s) 1011,1044,1056,1142,1147,1188,1526,1532,1538,1564 im/qnzikhbjxh/ui/hui/mine/PrivacyAndSafeActivity.java, line(s) 284 im/qnzikhbjxh/ui/hui/mine/QrCodeActivity.java, line(s) 360 im/qnzikhbjxh/ui/hui/packet/RedpktGroupSendActivity.java, line(s) 775,1004,1171,1222,1237 im/qnzikhbjxh/ui/hui/packet/RedpktSendActivity.java, line(s) 460,665,846,897,912 im/qnzikhbjxh/ui/hui/packet/pop/RedPacketViewHolder.java, line(s) 229,234,239 im/qnzikhbjxh/ui/hui/transfer/TransferSendActivity.java, line(s) 453,700,898,949,964 im/qnzikhbjxh/ui/hui/transfer/TransferStatusActivity.java, line(s) 323,502 im/qnzikhbjxh/ui/hui/views/SilderRelativeLayout.java, line(s) 93,103 im/qnzikhbjxh/ui/hui/visualcall/AVideoCallInterface.java, line(s) 74,92,107,117,161,179,184,202 im/qnzikhbjxh/ui/hui/visualcall/BaseCallActivity.java, line(s) 229,263,359,421,423,157,218,331 im/qnzikhbjxh/ui/hui/visualcall/FlowService.java, line(s) 260,208 im/qnzikhbjxh/ui/hui/visualcall/PermissionUtils.java, line(s) 66,71,89,93,113,116,136,155,166,203,217,225,77,230,52,60,62,176,178,181,215,82,172 im/qnzikhbjxh/ui/hui/visualcall/RingUtils.java, line(s) 169,65 im/qnzikhbjxh/ui/hui/visualcall/ThreadUtils.java, line(s) 54 im/qnzikhbjxh/ui/hui/visualcall/VisualCallActivity.java, line(s) 311,315,379,410,467,712,816,907,929,956,961,1075,1101,1259,1291,1335,1337,1364,1399,1403,1429,1433,1442,1466,1470,1515,1746,654,1066,1489,792,796 im/qnzikhbjxh/ui/hui/visualcall/VisualCallReceiveActivity.java, line(s) 466,506,588,627,755,861,1001,1029,1078,1082,1180 im/qnzikhbjxh/ui/hui/visualcall/VisualCallReceiveService.java, line(s) 51 im/qnzikhbjxh/ui/hviews/MryCheckBox.java, line(s) 96 im/qnzikhbjxh/ui/hviews/MyScrollView.java, line(s) 479,545 im/qnzikhbjxh/ui/hviews/PasswordEditText.java, line(s) 138,291 im/qnzikhbjxh/ui/hviews/dialogs/XDialog.java, line(s) 672 im/qnzikhbjxh/ui/hviews/dragView/DragCallBack.java, line(s) 241 im/qnzikhbjxh/ui/hviews/dragView/DragHelperFrameLayout.java, line(s) 169 im/qnzikhbjxh/ui/hviews/helper/MryDeviceHelper.java, line(s) 44,53 im/qnzikhbjxh/ui/hviews/helper/MryDrawableHelper.java, line(s) 158 im/qnzikhbjxh/ui/hviews/helper/MryNotchHelper.java, line(s) 48,64,67,368,370,372,45,61 im/qnzikhbjxh/ui/hviews/page/PagerConfig.java, line(s) 43,37 im/qnzikhbjxh/ui/hviews/page/PagerGridLayoutManager.java, line(s) 478,482,516,520 im/qnzikhbjxh/ui/hviews/pop/BasePopup.java, line(s) 151,155 im/qnzikhbjxh/ui/hviews/slidemenu/SwipeLayout.java, line(s) 800,805 im/qnzikhbjxh/ui/hviews/swipelist/reservation/TopWrappedDividerItemDecoration.java, line(s) 28 im/qnzikhbjxh/ui/load/animation/SpriteAnimatorBuilder.java, line(s) 145 im/qnzikhbjxh/ui/newcall/NewCallActivity.java, line(s) 320 im/qnzikhbjxh/ui/settings/CacheControlSettingActivity.java, line(s) 194 im/qnzikhbjxh/ui/settings/NoticeAndSoundSettingActivity.java, line(s) 265,326,387 im/qnzikhbjxh/ui/utils/AppUpdater.java, line(s) 84,146,159 im/qnzikhbjxh/ui/utils/ChatActionBarHelper.java, line(s) 302 im/qnzikhbjxh/ui/utils/DownloadUtils.java, line(s) 186,219 im/qnzikhbjxh/ui/utils/OpenInstallUitl.java, line(s) 56,82 im/qnzikhbjxh/ui/utils/QrCodeParseUtil.java, line(s) 138,153,199,236 im/qnzikhbjxh/ui/utils/ThirdPartSdkInitUtil.java, line(s) 42,74,101 im/qnzikhbjxh/ui/utils/number/MoneyUtil.java, line(s) 147 im/qnzikhbjxh/ui/utils/picture/PictureUtil.java, line(s) 72 im/qnzikhbjxh/ui/utils/translate/DecodeEngine.java, line(s) 114,118,134,141,169,173,267,289,297,315,323,378,382,417,445 im/qnzikhbjxh/ui/utils/translate/ssrc/SSRC.java, line(s) 58,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,291,295,298,519,533,616,681,682,683,684,689,691,693,695,767,909,1072,1076,1120,1214,1215,1216,1217,1218,1220,1222,1224,1273,1279 im/qnzikhbjxh/ui/utils/translate/utils/AudioFileUtils.java, line(s) 32,35,56,111,113,134,150 im/qnzikhbjxh/ui/wallet/WalletRechargeH5Activity.java, line(s) 131,211 im/qnzikhbjxh/ui/wallet/WalletWithdrawActivity.java, line(s) 305,356,371 im/qnzikhbjxh/ui/wallet/WalletWithdrawAddNewAccountActivity.java, line(s) 427,434,613,639,695 im/qnzikhbjxh/ui/wallet/model/BankCardListResBean.java, line(s) 83 im/qnzikhbjxh/ui/wallet/model/BillRecordDetailBean.java, line(s) 89 im/qnzikhbjxh/ui/wallet/model/BillRecordResBillListBean.java, line(s) 211 im/qnzikhbjxh/ui/wallet/model/WalletPaymentBankCardBean.java, line(s) 77,89 im/qnzikhbjxh/ui/wallet/model/WalletWithdrawTemplateBean.java, line(s) 69 np/log/NPCrashHandler.java, line(s) 96,53,87,98,137 org/webrtc/ali/AliHardwareAudioEncoder.java, line(s) 113,126,175,67 org/webrtc/ali/USBAudioDevice.java, line(s) 67 org/webrtc/alirtcInterface/ALI_RTC_INTERFACE_IMPL.java, line(s) 401,692,712,718,733,739,1269,289,294,304,343,348,353,358,363,368,373,378,383,388,336 org/webrtc/alirtcInterface/SophonEngine.java, line(s) 275 org/webrtc/alirtcInterface/SophonEngineImpl.java, line(s) 82,222,247,256,266,321,333,430,439,449,509,671,99,102,104,197,299,83,122,300,410,414,1211 org/webrtc/audio/AppRTCAudioManager.java, line(s) 258,272,305,347,390,399,95,100,110,113,179,191,202,214,243,255,261,270,293,297,319,329,333,350,392,497,498,528,548,554 org/webrtc/audio/AppRTCBluetoothManager.java, line(s) 61,64,72,78,94,109,113,121,123,127,132,137,142,159,190,191,193,199,214,219,228,234,240,248,255,260,264,266,298,301,303,310,316,322,331,341,344,355,178,183,221,225,118,161,165,174,348 org/webrtc/audio/AppRTCProximitySensor.java, line(s) 26,33,43,71,74,81,126,61 org/webrtc/sdk/SophonSurfaceView.java, line(s) 58,68,77,34 org/webrtc/utils/AppRTCUtils.java, line(s) 21 org/webrtc/utils/CpuMonitor.java, line(s) 100,111,118,125,164,237,178,183,185,283,318,345,351,354,357 org/webrtc/utils/MemoryMonitor.java, line(s) 33,40,63,69 org/webrtc/utils/NetworkMonitor.java, line(s) 49,55 org/xbill/DNS/Client.java, line(s) 51 org/xbill/DNS/ExtendedResolver.java, line(s) 59 org/xbill/DNS/Lookup.java, line(s) 190,217 org/xbill/DNS/SimpleResolver.java, line(s) 168 org/xbill/DNS/TSIG.java, line(s) 78,91,324,332,368,374,383 org/xbill/DNS/spi/DNSJavaNameService.java, line(s) 42,49,111 pub/devrel/easypermissions/EasyPermissions.java, line(s) 138,140,34 pub/devrel/easypermissions/helper/ActivityPermissionHelper.java, line(s) 38 pub/devrel/easypermissions/helper/BaseSupportPermissionsHelper.java, line(s) 22
信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: com/alivc/rtc/device/core/persistent/TransactionXMLFile.java, line(s) 17
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: im/qnzikhbjxh/messenger/AndroidUtilities.java, line(s) 10,1426 im/qnzikhbjxh/ui/ChangeUsernameActivity.java, line(s) 4,82 im/qnzikhbjxh/ui/ChannelCreateActivity.java, line(s) 8,753 im/qnzikhbjxh/ui/ChatActivity.java, line(s) 11,11668 im/qnzikhbjxh/ui/ChatEditTypeActivity.java, line(s) 4,433,447 im/qnzikhbjxh/ui/GroupInviteActivity.java, line(s) 4,139 im/qnzikhbjxh/ui/PhonebookShareActivity.java, line(s) 4,571,611 im/qnzikhbjxh/ui/ProfileActivity.java, line(s) 11,1644,1669 im/qnzikhbjxh/ui/StickersActivity.java, line(s) 5,417 im/qnzikhbjxh/ui/ThemeSetUrlActivity.java, line(s) 4,98 im/qnzikhbjxh/ui/components/EmbedBottomSheet.java, line(s) 9,821 im/qnzikhbjxh/ui/components/ShareAlert.java, line(s) 8,936 im/qnzikhbjxh/ui/dialogs/McShareDialog.java, line(s) 5,234 im/qnzikhbjxh/ui/hui/chats/ProfileGroupActivity.java, line(s) 11,1607,1632 im/qnzikhbjxh/ui/hui/discovery/QrScanResultActivity.java, line(s) 4,67 im/qnzikhbjxh/ui/hui/packet/BillDetailsActivity.java, line(s) 4,311
信息 应用与Firebase数据库通信
该应用与位于 https://qnzikhbjxh-48b0d.firebaseio.com 的 Firebase 数据库进行通信
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: a/a/a/f.java, line(s) 37,34,37,32,33,33 com/bjz/comm/net/factory/ApiFactory.java, line(s) 51,51 com/bjz/comm/net/factory/ApiGameFactory.java, line(s) 49,49 com/bjz/comm/net/factory/ApiHuanHuiFactory.java, line(s) 41,41 com/bjz/comm/net/factory/ApiMPFactory.java, line(s) 47,47 com/bjz/comm/net/factory/ApiTranslateAudioFactory.java, line(s) 40,40 com/zhy/http/okhttp/https/HttpsUtils.java, line(s) 110,174,42,109,135,173,98,108,108,172,172
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: im/qnzikhbjxh/ui/utils/SimulatorUtil.java, line(s) 19
安全 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/194512522065/namespaces/firebase:fetch?key=AIzaSyC6uk1nvjb5BYzqEzgaWy_iTryf5373Nyw ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (acs.m.taobao.com) 通信。
{'ip': '203.119.238.233', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '惠州', 'latitude': '39.509766', 'longitude': '116.693001'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (whois.pconline.com.cn) 通信。
{'ip': '58.217.200.220', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '南京', 'latitude': '32.061668', 'longitude': '118.777992'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (2024.ipchaxun.com) 通信。
{'ip': '52.20.185.129', 'country_short': 'CN', 'country_long': '中国', 'region': '天津', 'city': '天津', 'latitude': '39.142181', 'longitude': '117.176102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (myip.ipip.net) 通信。
{'ip': '65.108.151.63', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '台州', 'latitude': '28.666668', 'longitude': '121.349998'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (impyq.gz.bcebos.com) 通信。
{'ip': '121.228.183.252', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.ntsc.ac.cn) 通信。
{'ip': '159.226.242.43', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}