安全分析报告:
安全分数
安全分数 44/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
4
用户/设备跟踪器
调研结果
高危
9
中危
43
信息
3
安全
2
关注
18
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: c/t/m/g/cm.java, line(s) 14 c/t/m/g/cn.java, line(s) 32 c/t/m/g/gq.java, line(s) 19 com/engagelab/privates/common/utils/AESUtil.java, line(s) 16 com/fido/android/framework/tm/core/prov/CryptoModule.java, line(s) 94 com/gmrz/appsdk/util/Compatibility.java, line(s) 24 com/gmrz/appsdk/util/CryptoSuit.java, line(s) 14,26 com/gmrz/fido/client/core/go.java, line(s) 31,80 com/gmrz/fido/client/core/ql.java, line(s) 55,81 com/gmrz/fido/sdk/k.java, line(s) 86
高危 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: cn/cloudwalk/util/net/HttpsUrlConnectionUtil.java, line(s) 71,16,17,18,19,20,21,22 com/gmrz/android/client/utils/TlsSocketFactory.java, line(s) 9,10,11,12,13,3 com/gmrz/appsdk/utils/HttpDirectUtil.java, line(s) 89,180,21,22,23,24,25
高危 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/gmrz/authKernel/BuildConfig.java, line(s) 3,5 com/gmrz/fpasm/BuildConfig.java, line(s) 3,5 com/gmrz/gestureasm/BuildConfig.java, line(s) 3,5
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/gmrz/fido/client/core/ta0.java, line(s) 34,111,5
高危 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/gmrz/fido/client/core/ln.java, line(s) 79,93,86
高危 使用弱加密算法
使用弱加密算法 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/gmrz/fido/client/core/jj1.java, line(s) 46,58 com/gmrz/fido/client/core/uj1.java, line(s) 37,57,77,109 com/unionpay/utils/d.java, line(s) 15
高危 应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文
应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode Files: com/engagelab/privates/common/utils/AESUtil.java, line(s) 23 com/gmrz/fido/client/core/ms2.java, line(s) 741 com/gmrz/fido/client/core/pv2.java, line(s) 100 wdoa/wdoa/wdoa/wdoa/wswitcha/winta.java, line(s) 502
高危 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: com/digitalgd/auth/ui/DGAuthWebFragment.java, line(s) 180,178
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 Activity (com.gmrz.asm.gesture.GestureLockActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity设置了TaskAffinity属性
(com.digitalgd.dgyss.wxapi.WXEntryActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity (com.digitalgd.dgyss.wxapi.WXEntryActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity设置了TaskAffinity属性
(com.digitalgd.dgyss.test.wxapi.WXEntryActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity (com.digitalgd.dgyss.test.wxapi.WXEntryActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.digitalgd.module.launcher.view.LauncherActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Broadcast Receiver (com.digitalgd.module.widget.broadcast.YSSWidgetProvider) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.digitalgd.module.widget.broadcast.YKMWidgetProvider) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.digitalgd.module.widget.broadcast.YSSMWidgetProvider) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Activity (com.aurora.privates.common.component.MTCommonActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.engagelab.privates.common.component.MTCommonActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.xiaomi.mipush.sdk.NotificationClickedActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.xiaomi.mipush.sdk.PushMessageHandler) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.xiaomi.xmsf.permission.MIPUSH_RECEIVE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (com.engagelab.privates.push.platform.mi.callback.MTMiCallback) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.meizu.cloud.pushsdk.NotificationService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.engagelab.privates.push.platform.meizu.callback.MTMeizuCallback) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.heytap.msp.push.service.CompatibleDataMessageCallbackService) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.coloros.mcs.permission.SEND_MCS_MESSAGE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (com.heytap.msp.push.service.DataMessageCallbackService) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.heytap.mcs.permission.SEND_PUSH_MESSAGE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (com.vivo.push.sdk.service.CommandClientService) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.push.permission.UPSTAGESERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Activity设置了TaskAffinity属性
(com.digitalgd.dgyss.wxapi.WXPayEntryActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity (com.digitalgd.dgyss.wxapi.WXPayEntryActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.digitalgd.module.common.view.SchemeFilterActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (androidx.core.google.shortcuts.TrampolineActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (com.huawei.hms.support.api.push.service.HmsMsgService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Content Provider (com.huawei.hms.support.api.push.PushProvider) 未被保护。
[android:exported=true] 发现 Content Provider与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.alipay.sdk.app.PayResultActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.alipay.sdk.app.AlipayResultActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: c/t/m/g/b.java, line(s) 50 c/t/m/g/dk.java, line(s) 219,317 c/t/m/g/fl.java, line(s) 14 c/t/m/g/gc.java, line(s) 27 c/t/m/g/gn.java, line(s) 83,85 cn/cloudwalk/util/LoggerUtil.java, line(s) 195 cn/cloudwalk/util/Util.java, line(s) 20,15 com/digitalgd/library/media/picture/PictureExternalPreviewActivity.java, line(s) 431,525,427,429,521,523 com/digitalgd/library/media/ucrop/PictureMultiCuttingActivity.java, line(s) 221 com/digitalgd/module/media/service/MediaServiceImpl.java, line(s) 101,69,98 com/digitalgd/module/media/view/MediaImageEditActivity.java, line(s) 82,81 com/gmrz/fido/client/core/am0.java, line(s) 34 com/gmrz/fido/client/core/aq.java, line(s) 464,465 com/gmrz/fido/client/core/ar.java, line(s) 225,100,213,248 com/gmrz/fido/client/core/cc0.java, line(s) 621,710 com/gmrz/fido/client/core/ei0.java, line(s) 611 com/gmrz/fido/client/core/fp.java, line(s) 23 com/gmrz/fido/client/core/fs2.java, line(s) 160 com/gmrz/fido/client/core/gq.java, line(s) 152,165,173,175,179,183,187,191,195,203,207,211,17,21,25,29,148,215,223,225,229,233,237,241 com/gmrz/fido/client/core/ij1.java, line(s) 830,178,187,408,833 com/gmrz/fido/client/core/jq0.java, line(s) 282,285 com/gmrz/fido/client/core/k81.java, line(s) 50 com/gmrz/fido/client/core/kj0.java, line(s) 82,94,106,135 com/gmrz/fido/client/core/mq.java, line(s) 139,143 com/gmrz/fido/client/core/nj1.java, line(s) 58 com/gmrz/fido/client/core/nk0.java, line(s) 26,52,98 com/gmrz/fido/client/core/np.java, line(s) 110,112 com/gmrz/fido/client/core/ok0.java, line(s) 271,279,287,301,333,376,391,423,426,428,432,216,217,339,393 com/gmrz/fido/client/core/ps2.java, line(s) 154 com/gmrz/fido/client/core/qs2.java, line(s) 239 com/gmrz/fido/client/core/ri.java, line(s) 447,448,718,719 com/gmrz/fido/client/core/rs2.java, line(s) 22,28,34 com/gmrz/fido/client/core/rt2.java, line(s) 156 com/gmrz/fido/client/core/ts2.java, line(s) 14,18 com/gmrz/fido/client/core/zi.java, line(s) 12,24,28 com/gmrz/fido/sdk/b.java, line(s) 13 com/tencent/aai/audio/utils/FileUtils.java, line(s) 24,38,56,70,80 com/tencent/aai/audio/utils/WavCache.java, line(s) 39,130,139,250,293,305,320,332,350,369,494 com/tencent/aai/capture/LogCollectorUtility.java, line(s) 42,145
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: c/t/m/g/ba.java, line(s) 82 c/t/m/g/bb.java, line(s) 82 com/engagelab/privates/common/utils/StringUtil.java, line(s) 79 com/gmrz/android/uaf/framework/service/FacetIDsValidator.java, line(s) 43 com/gmrz/appsdk/util/UACUtil.java, line(s) 70 com/gmrz/fido/client/core/fo.java, line(s) 11 com/gmrz/fido/client/core/go.java, line(s) 30,79 com/gmrz/fido/client/core/ho.java, line(s) 72 com/gmrz/fido/client/core/ob1.java, line(s) 234 com/gmrz/fido/client/core/pi.java, line(s) 115 com/gmrz/fido/client/core/si1.java, line(s) 420 com/gmrz/fido/client/core/xj1.java, line(s) 113 com/unionpay/utils/UPUtils.java, line(s) 37 wdoa/wdoa/wdoa/wdoa/wtrya.java, line(s) 104
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: c/t/m/g/cp.java, line(s) 5 com/digitalgd/library/router/impl/DGNavigator.java, line(s) 46 com/engagelab/privates/common/h.java, line(s) 36 com/gmrz/appsdk/a/a.java, line(s) 14 com/gmrz/appsdk/commlib/e.java, line(s) 17 com/gmrz/fido/client/core/as1.java, line(s) 7 com/gmrz/fido/client/core/im.java, line(s) 9 com/gmrz/fido/client/core/j91.java, line(s) 8 com/gmrz/fido/client/core/ln.java, line(s) 6 com/gmrz/fido/client/core/no0.java, line(s) 19 com/gmrz/fido/client/core/qs2.java, line(s) 20 com/gmrz/fido/client/core/r12.java, line(s) 8 com/gmrz/fido/client/core/s12.java, line(s) 3 com/gmrz/fido/client/core/t12.java, line(s) 5 com/gmrz/fido/client/core/tl.java, line(s) 5 com/gmrz/fido/client/core/uj1.java, line(s) 7 com/gmrz/fido/client/core/vj1.java, line(s) 9 com/gmrz/fido/client/core/w12.java, line(s) 3 com/gmrz/fido/client/core/wn0.java, line(s) 14 com/gmrz/fido/client/core/wr1.java, line(s) 16 com/gmrz/fido/client/core/xj1.java, line(s) 13 com/gmrz/fido/client/core/xn.java, line(s) 47 com/gmrz/fido/client/core/yl.java, line(s) 11 com/liveness_action/lib/ActionActNewUI.java, line(s) 41 com/liveness_action/lib/ActionChecker.java, line(s) 26 com/tencent/aai/audio/buffer/FixSizeAudioDataBuffer.java, line(s) 3 com/tencent/aai/audio/common/VoiceIdFactory.java, line(s) 7 com/tencent/aai/model/AAIRequest.java, line(s) 4 wdoa/wdoa/wdoa/wdoa/wswitcha/winta.java, line(s) 96
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: c/t/m/g/fs.java, line(s) 17 c/t/m/g/gy.java, line(s) 232 cn/weijing/sdk/wiiauth/util/EncryptUtil.java, line(s) 23 com/engagelab/privates/common/utils/StringUtil.java, line(s) 39,62,96,149 com/gmrz/appsdk/utils/SignUtil.java, line(s) 18 com/gmrz/fido/client/core/cc0.java, line(s) 271 com/gmrz/fido/client/core/jq0.java, line(s) 380 com/gmrz/fido/client/core/kj1.java, line(s) 18,94,107,126 com/gmrz/fido/client/core/m91.java, line(s) 83 com/gmrz/fido/client/core/oj1.java, line(s) 111 com/gmrz/fido/client/core/rp.java, line(s) 108 com/gmrz/fido/client/core/tp.java, line(s) 317 com/gmrz/fido/client/core/x0.java, line(s) 35 com/tencent/aai/audio/common/VoiceIdFactory.java, line(s) 17 com/tencent/aai/capture/LogCollectorUtility.java, line(s) 74 com/tencent/aai/task/model/AudioRecognizeTask.java, line(s) 197,330 wdoa/wdoa/wdoa/wdoa/wswitcha/winta.java, line(s) 712
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: cn/weijing/framework/okhttpUtils/builder/PostFormBuilder.java, line(s) 27 com/digitalgd/auth/core/C0160d1.java, line(s) 13 com/digitalgd/auth/core/C0166f1.java, line(s) 13 com/digitalgd/auth/core/C0168g0.java, line(s) 121 com/digitalgd/auth/core/C0171h0.java, line(s) 43 com/digitalgd/auth/core/C0177j0.java, line(s) 49 com/digitalgd/auth/core/C0186m0.java, line(s) 49 com/digitalgd/auth/core/C0198q0.java, line(s) 76 com/digitalgd/auth/core/C0206t0.java, line(s) 67 com/digitalgd/auth/core/O1.java, line(s) 39 com/digitalgd/library/livebus/ipc/consts/IpcConst.java, line(s) 5 com/digitalgd/module/network/interceptor/JWTHeaderInterceptor.java, line(s) 14 com/digitalgd/module/speech/bean/SpeechConfigBean.java, line(s) 32 com/engagelab/privates/common/cache/MTCommonConfig.java, line(s) 8 com/engagelab/privates/common/global/MTGlobal.java, line(s) 29 com/engagelab/privates/core/constants/MTCoreConstants.java, line(s) 30 com/engagelab/privates/push/platform/meizu/business/MTMeizuBusiness.java, line(s) 20 com/engagelab/privates/push/platform/mi/business/MTMiBusiness.java, line(s) 21 com/engagelab/privates/push/platform/oppo/business/MTOppoBusiness.java, line(s) 17,18 com/engagelab/privates/push/platform/vivo/business/MTVivoBusiness.java, line(s) 17 com/gmrz/android/client/asm/api/uaf/json/Extension.java, line(s) 8 com/gmrz/appsdk/GestureManager.java, line(s) 21 com/gmrz/appsdk/direct/Settings.java, line(s) 32,32 com/gmrz/asm/gesture/GestureLockActivity.java, line(s) 15,19 com/gmrz/asm/gesture/model/GestureSpModel.java, line(s) 8 com/gmrz/fido/client/core/cv.java, line(s) 62 com/gmrz/fido/client/core/ed1.java, line(s) 38 com/gmrz/fido/client/core/kt.java, line(s) 86 com/gmrz/fido/client/core/ku.java, line(s) 35 com/gmrz/fido/client/core/mm0.java, line(s) 28 com/gmrz/fido/client/core/ns0.java, line(s) 76 com/gmrz/fido/client/core/om0.java, line(s) 26 com/gmrz/fido/client/core/rs0.java, line(s) 105 com/gmrz/fido/client/core/vs0.java, line(s) 92 com/gmrz/fido/client/core/vu.java, line(s) 96 com/liveness_action/lib/ActionKeys.java, line(s) 47,15 com/unionpay/tsmservice/data/Constant.java, line(s) 305,307 com/unionpay/tsmservice/data/ResultCode.java, line(s) 95,81 com/unionpay/tsmservice/mi/data/Constant.java, line(s) 212,216 com/unionpay/tsmservice/mi/data/ResultCode.java, line(s) 48,45 com/unionpay/tsmservice/mi/request/RealNameAuthenticationRequestParams.java, line(s) 107 com/unionpay/tsmservice/request/RealNameAuthenticationRequestParams.java, line(s) 107 io/jsonwebtoken/JwsHeader.java, line(s) 8 org/fidoalliance/uaf/client/AdditionData.java, line(s) 6
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/gmrz/fido/client/core/a21.java, line(s) 190 com/gmrz/fido/client/core/fx1.java, line(s) 388,389,408,409,412,413,433,434 com/gmrz/fido/client/core/kp2.java, line(s) 16,72 com/gmrz/fido/client/core/nb1.java, line(s) 111 org/mp4parser/boxes/iso14496/part12/MediaDataBox.java, line(s) 44
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/digitalgd/auth/ui/DGAuthWebFragment.java, line(s) 455,442 com/digitalgd/module/launcher/view/PrivacyActivity.java, line(s) 144,135 com/gmrz/fido/client/core/oa0.java, line(s) 35,21
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/digitalgd/auth/core/C0183l0.java, line(s) 5,121 com/digitalgd/auth/core/C0192o0.java, line(s) 4,5,87 com/digitalgd/auth/core/C0203s0.java, line(s) 5,123 com/gmrz/fido/client/core/hi1.java, line(s) 5,38 com/gmrz/fido/client/core/nr0.java, line(s) 6,7,148 com/gmrz/fido/sdk/b.java, line(s) 4,5,18 com/gmrz/fido/sdk/f.java, line(s) 4,5,14 com/gmrz/fido/sdk/g.java, line(s) 6,130
中危 IP地址泄露
IP地址泄露 Files: com/engagelab/privates/core/global/MTCoreGlobal.java, line(s) 37,37,40 com/engagelab/privates/push/platform/huawei/BuildConfig.java, line(s) 7 com/engagelab/privates/push/platform/vivo/BuildConfig.java, line(s) 7 com/gmrz/appsdk/util/FpUtil.java, line(s) 34 com/gmrz/fido/client/core/i21.java, line(s) 9 com/gmrz/fido/client/core/jg1.java, line(s) 1550 com/gmrz/fido/client/core/o21.java, line(s) 46 com/gmrz/fido/client/core/pg1.java, line(s) 5
中危 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/gmrz/appsdk/util/ThreatDetector.java, line(s) 64,85,99,79
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/digitalgd/auth/ui/DGAuthWebFragment.java, line(s) 393,442 com/unionpay/WebViewJavascriptBridge.java, line(s) 44,31
中危 应用程序包含隐私跟踪程序
此应用程序有多个4隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息
Engagelab-推送SDK的=> "ENGAGELAB_PRIVATES_APPKEY" : "13647107329edda0ab4c8650"
OPPO推送的=> "OPPO_APPKEY" : "OP-ca2288308c114ed68d4f1a03f6cefdd0"
vivo推送的=> "local_iv" : "MzMsMzQsMzUsMzYsMzcsMzgsMzksNDAsNDEsMzIsMzgsMzcsMzYsMzUsMzQsMzMsI0AzNCwzMiwzMywzNywzMywzNCwzMiwzMywzMywzMywzNCw0MSwzNSwzNSwzMiwzMiwjQDMzLDM0LDM1LDM2LDM3LDM4LDM5LDQwLDQxLDMyLDM4LDM3LDMzLDM1LDM0LDMzLCNAMzQsMzIsMzMsMzcsMzMsMzQsMzIsMzMsMzMsMzMsMzQsNDEsMzUsMzIsMzIsMzI"
腾讯位置服务的=> "TencentMapSDK" : "I5VBZ-RDMEI-TW3GF-5U2Z4-UQIVH-6JBEF"
OPPO推送的=> "OPPO_APPID" : "OP-30707797"
OPPO推送的=> "OPPO_APPSECRET" : "OP-1655a0c6398c4c2d916f448da1f47589"
vivo推送的=> "com.vivo.push.app_id" : "105528884"
魅族推送的=> "MEIZU_APPID" : "MZ-147550"
凭证信息=> "com.gmrz.authentication.API_KEY" : "True"
vivo推送的=> "com.vivo.push.api_key" : "7f01560c8d0c1af278e62df41c698374"
小米推送的=> "XIAOMI_APPKEY" : "MI-5832011741512"
魅族推送的=> "MEIZU_APPKEY" : "MZ-fbc5702f9c584195ad8b9d3dfa3bd60a"
小米推送的=> "XIAOMI_APPID" : "MI-2882303761520117512"
"offline_auth_trans_msg" : "[{"header":{"upv":{"major":1,"minor":0},"op":"Auth","appID":"%1$s","serverData":"1DkIK0DS3Li3imb6Gz-2Ys8_mqBaj_wLuu9yU4mYNHpHSpCAg4JrihFHfukBr9ODrtWtsDINNBpBqGVkkCt23P-BgXEEIsnnWAM9VLT0E84eHb0XgpgxEl5isXnelIOjNIGkORJvZ9adaOyQJRPXcGFmGyZjWlaQyDtg7QLoqvUK4rQCeqkVZIMyRx_nMiGWF79blsGZ1trv7YfvVZwpqOOAUq-9r7kbFSWaNyZnk93YXzUGNun4v03biRbzNy25LsY7o4bE6Ccxo6p_gFw3FijXGtvso3-vMaCrxSQJT-KwopiNl3NkmX8kSabiir7tZblRk0Pi-8_taWbFzhaXT-VZxFBH19I7dbSzEi-o4YUtePk1rrMr6C-j15M34BdJKEiVnv_IkSk4q83mCjVRsQ"},"challenge":"%2$s","transaction":[{"contentType":"text/plain","content":"%5$s"}],"policy":{"accepted":[[{"aaid":["%3$s"],"keyIDs":["%4$s"]}]]}}]"
"click_to_authorize" : "Authorize"
"offline_auth_msg" : "[{"header":{"upv":{"major":1,"minor":0},"op":"Auth","appID":"%1$s","serverData":"1DkIK0DS3Li3imb6Gz-2Ys8_mqBaj_wLuu9yU4mYNHpHSpCAg4JrihFHfukBr9ODrtWtsDINNBpBqGVkkCt23P-BgXEEIsnnWAM9VLT0E84eHb0XgpgxEl5isXnelIOjNIGkORJvZ9adaOyQJRPXcGFmGyZjWlaQyDtg7QLoqvUK4rQCeqkVZIMyRx_nMiGWF79blsGZ1trv7YfvVZwpqOOAUq-9r7kbFSWaNyZnk93YXzUGNun4v03biRbzNy25LsY7o4bE6Ccxo6p_gFw3FijXGtvso3-vMaCrxSQJT-KwopiNl3NkmX8kSabiir7tZblRk0Pi-8_taWbFzhaXT-VZxFBH19I7dbSzEi-o4YUtePk1rrMr6C-j15M34BdJKEiVnv_IkSk4q83mCjVRsQ"},"challenge":"%2$s","policy":{"accepted":[[{"aaid":["%3$s"],"keyIDs":["%4$s"]}]]}}]"
308202eb30820254a00302010202044d36f7a4300d06092a864886f70d01010505003081b9310b300906035504061302383631123010060355040813094775616e67646f6e673111300f060355040713085368656e7a68656e31353033060355040a132c54656e63656e7420546563686e6f6c6f6779285368656e7a68656e2920436f6d70616e79204c696d69746564313a3038060355040b133154656e63656e74204775616e677a686f7520526573656172636820616e6420446576656c6f706d656e742043656e7465723110300e0603550403130754656e63656e74301e170d3131303131393134333933325a170d3431303131313134333933325a3081b9310b300906035504061302383631123010060355040813094775616e67646f6e673111300f060355040713085368656e7a68656e31353033060355040a132c54656e63656e7420546563686e6f6c6f6779285368656e7a68656e2920436f6d70616e79204c696d69746564313a3038060355040b133154656e63656e74204775616e677a686f7520526573656172636820616e6420446576656c6f706d656e742043656e7465723110300e0603550403130754656e63656e7430819f300d06092a864886f70d010101050003818d0030818902818100c05f34b231b083fb1323670bfbe7bdab40c0c0a6efc87ef2072a1ff0d60cc67c8edb0d0847f210bea6cbfaa241be70c86daf56be08b723c859e52428a064555d80db448cdcacc1aea2501eba06f8bad12a4fa49d85cacd7abeb68945a5cb5e061629b52e3254c373550ee4e40cb7c8ae6f7a8151ccd8df582d446f39ae0c5e930203010001300d06092a864886f70d0101050500038181009c8d9d7f2f908c42081b4c764c377109a8b2c70582422125ce545842d5f520aea69550b6bd8bfd94e987b75a3077eb04ad341f481aac266e89d3864456e69fba13df018acdc168b9a19dfd7ad9d9cc6f6ace57c746515f71234df3a053e33ba93ece5cd0fc15f3e389a3f365588a9fcb439e069d3629cd7732a13fff7b891499
059e2480adf8c1c5b3d9ec007645ccfc442a23c5
7imFVQoi4K6iTXj0AScc2ipFCFpWzFhpMlDLRbs7
5e1fe70424035ee83066ac22b24f31dc
omxODF8mwxeshdTaoeOM64qxvl0JdmhYszJYBzKGrXLl
f451RFA4nLoYhAoWPU04kKoCIsLAwrEGOFBe4FLwloG
DKIgeUKn50Yz4rjUR3Cc5eb8QQ1GlSaWBwvffWvG
UAWFaEmVVlkpi5cUhYAkGAghvBMehZWKAiGJmBCMkJg7NzM3d
v4NDghVswHQUOK0HpAr5spNupY3HqKBYPiZA0pR5qoAEMbcFkCRrDhJ3DwCPn9xl5RUMYBGLB2qMvTxzGUFUlfnecwS4gGiuScVTApTl2EGjde5ZJAfVq9EwsLgFcSQa9yekIgokhxGUZSNFyz6Br7x1aIxhRvQVtwfQrlvm6qjE2x114AHoERF
1655a0c6398c4c2d916f448da1f47589
cdEZ4mJ0YEvVeO1dEpWoyEyibX9LDsigzFnxb0
536C79B93ACFBEA950AE365D8CE1AEF91FEA9535
eyJ6ZmFjZSI6eyJuYW1lIjoiQmxpbmtBbGdvIiwiaW5kZXgiOiIxIiwidmVyc2lvbiI6IjEifSwibXVsdGkiOnsibmFtZSI6Ik11bHRpQWN0aW9uQWxnbyIsImluZGV4IjoiMTIiLCJ2ZXJzaW9uIjoiMiJ9LCJwaG90aW51cyI6eyJuYW1lIjoiQ29sb3JmdWxBbGdvIiwiaW5kZXgiOiIyMiIsInZlcnNpb24iOiIyIn0sImZhbGNvbiI6eyJuYW1lIjoiQW50aUluamVjdGlvbkF0dGFja0FsZ28iLCJpbmRleCI6IjI2IiwidmVyc2lvbiI6IjIifSwiZmFuY3lmcmFtZSI6eyJuYW1lIjoiZmFuY3lGcmFtZVNjYW4iLCJpbmRleCI6IjE2IiwidmVyc2lvbiI6IjEifSwiemRvYyI6eyJuYW1lIjoiZG9jU2ltcGxlU2NhbiIsImluZGV4IjoiOCIsInZlcnNpb24iOiIxIn0sImZhbmN5Ijp7Im5hbWUiOiJkb2NGYW5jeVNjYW4iLCJpbmRleCI6IjE0IiwidmVyc2lvbiI6IjEifSwiY2xhc3NpZnkiOnsibmFtZSI6ImRvY0NsYXNzaWZ5IiwiaW5kZXgiOiIzMCIsInZlcnNpb24iOiIxIn19
FDA50693-A4E2-4FB1-AFCF-C6EB07647825
iln7Vxie6pRTwJwhcZ9m25HhDdtuSbVNDMl1aJGlcmv3nP7V2m0
Hd83Ih959fHr13DBfDAeDpN4kb8xG8SPIbfMo0B3
K9m3rp2LwgfNG9I27tRv0IpjQpOQ45VkuQOg1KRsKJpTcVG
ssEYHvv8N86eDNwekhp24j2R54gmcWq4PJXcadYP1yIb1Nzr3PmnD7bUiWhL7niZ9YtMOQ9BX04LZMVKNDFOi2Y1CHnooMS5959Zn30FQLxz3HJvPog2P0tACc4lbtoUruQNKhJ7T7D1Q7Tf8M54hJiGpPeZt8WeOIGg563Wn5OD9Qxu0C6isXwM5bhyF6jvPz8bPzh9ok3dxcPFY7
EDVHawgC3hiGNOSFcvvqeUPnrMqq9ujK9265bXIZvubfO3YOw9OGJNsHh7ZWnGyk1YxJoew2ngs
A2B55680-6F43-11E0-9A3F-0002A5D5C51B
fAJBemZKtYR3Li46VJ+Hwnor7ZpQnblGWPFaLv5JoPqvavgB0GInuhm+T+syPs1mw0uPLWaqwvZsCfoaIvUuxy5xHJgmWARrK4/9pHyDxRlZte0PCIoR1ko5B8lVVH1X1dQIDAQAB
iFCE2LiHB1Issm2srKqJjQEzATnojd69GydXHkHpQzLUDKYwgmlGLNSWCvgh6
Emwv4sevrnB9Jm7ct156jnVFV6iZ6qZytn5mNqJqAA4IzpHV9J0Py4thZ1JydjnjNozN2r8cLXVGye135O4
fWnufR3efvrfvezLMkMgwJM4og3kYguhghBB5FAnGQi2pioZKRQENUqJ
fbc5702f9c584195ad8b9d3dfa3bd60a
iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAYAAABXAvmHAAAAAXNSR0IArs4c6QAABEJJREFUaAXtV01oXFUUPve9ZKadjIumixY3NhREEBHrqiWbQCHzEwjSNghJzbyJyWvBFBcuRKil3dhNK3QhM
6QFSM0ZF7M1bPhp487sUmQjnzxihTicZMRx9qpBWNeyEc7dvRVv1kW
iQNdK6TVmo2CJTgQf88ykg5O4aFMmlBbPOIzBJLWqHY5kQKNHDXMpkeaBmW
HTWroJ41GR9vmUsfitRtBA0BjOqzaYCnWYpN
aEJ7REbukgyt10ch5QXxuej0ibQOSwJqhRq1u2I0BRjJLvzgpkyHUXSEcKyHSrbtMAofdSotQJ
bd4VAyMKlhY5IsumqylXtjU47OYie9sheEYZY
8bhzKVnEIjbclhtspI5llfa5K84iLsdeSe0RyWkzHccZb
MCwwDQYJKoZIhvcNAQEBBQADGwAwGAIRAMRB/Q0hTCD+XtnQhpQJefUCAwEAAQ==
e34cceff8e26941633750438783
77nORc1xwuszHFjdrkH8O2ZlGb7vsG4G
gmu9WBL4B0dArQ0PPrynGqlTKJZSx5idx4s4DIX9poJ0aN
AKIDLUSv9OmHrAbmlTFhZAV1GExPFp78a3Eg
30820253308201bca00302010202044bbb0361300d06092a864886f70d0101050500306d310e300c060355040613054368696e61310f300d06035504080c06e58c97e4baac310f300d06035504070c06e58c97e4baac310f300d060355040a0c06e885bee8aeaf311b3019060355040b0c12e697a0e7babfe4b89ae58aa1e7b3bbe7bb9f310b30090603550403130251513020170d3130303430363039343831375a180f32323834303132303039343831375a306d310e300c060355040613054368696e61310f300d06035504080c06e58c97e4baac310f300d06035504070c06e58c97e4baac310f300d060355040a0c06e885bee8aeaf311b3019060355040b0c12e697a0e7babfe4b89ae58aa1e7b3bbe7bb9f310b300906035504031302515130819f300d06092a864886f70d010101050003818d0030818902818100a15e9756216f694c5915e0b529095254367c4e64faeff07ae13488d946615a58ddc31a415f717d019edc6d30b9603d3e2a7b3de0ab7e0cf52dfee39373bc472fa997027d798d59f81d525a69ecf156e885fd1e2790924386b2230cc90e3b7adc95603ddcf4c40bdc72f22db0f216a99c371d3bf89cba6578c60699e8a0d536950203010001300d06092a864886f70d01010505000381810094a9b80e80691645dd42d6611775a855f71bcd4d77cb60a8e29404035a5e00b21bcc5d4a562482126bd91b6b0e50709377ceb9ef8c2efd12cc8b16afd9a159f350bb270b14204ff065d843832720702e28b41491fbc3a205f5f2f42526d67f17614d8a974de6487b2c866efede3b4e49a0f916baa3c1336fd2ee1b1629652049
oEyQYIsOgsihdEpTrSIi0g437fmJzbusXpgYHJ9pWgJ2j3dwQk8X4vxy8HXn
amr0nZPmU78v0vN0IQHIIzXYKiJgSzdjUjeEM1gCp1e54StANjwTCLdup2Dd57fuBVFTrvDfIYMEvfj4Tf
Y1fN76gofOGgdBWihSdmAKJy2YqYeJF6YeLk
yyDcMfWqAjXwnTV3ycN0gxTKlavLgQpk6YAKzpbJlqV7iETbYnRw4r2znXKYOUwVcQ5De3AcEJbLuS0kBQ
43K7pgpARumurp4RLOKresnwmXAJf1FdrGfX7HhDm9ibZPaz759y7j34WvlrCo2x0E8nUoljvGCv71b1m5oBkXxssPefnXpnHFn4Q
AB8190D5-D11E-4941-ACC4-42F30510B408
uCgwJeCTyrbh7MKzDtjEYRiHV5y0VhU3XtQ0zauib8LphozB40wGk1GRBXVqDGKokFbMMECarGcaihSK6
LmAMZnr0zW0CM0BehpjGjDoJqaKNZB2iC09AlwCeJODhoGs6sj
KlPEDkxImHjZ8nJ5jB1NneFGcSfvW
YavDoKeCP5tXHgRvAX38wslk7PPoqy09ZsI
308202ad30820216a00302010202044c26cea2300d06092a864886f70d010105050030819a310b3009060355040613023836311530130603550408130c4265696a696e672043697479311530130603550407130c4265696a696e67204369747931263024060355040a131d515a6f6e65205465616d206f662054656e63656e7420436f6d70616e7931183016060355040b130f54656e63656e7420436f6d70616e79311b301906035504031312416e64726f696420515a6f6e65205465616d301e170d3130303632373034303830325a170d3335303632313034303830325a30819a310b3009060355040613023836311530130603550408130c4265696a696e672043697479311530130603550407130c4265696a696e67204369747931263024060355040a131d515a6f6e65205465616d206f662054656e63656e7420436f6d70616e7931183016060355040b130f54656e63656e7420436f6d70616e79311b301906035504031312416e64726f696420515a6f6e65205465616d30819f300d06092a864886f70d010101050003818d003081890281810082d6aca037a9843fbbe88b6dd19f36e9c24ce174c1b398f3a529e2a7fe02de99c27539602c026edf96ad8d43df32a85458bca1e6fbf11958658a7d6751a1d9b782bf43a8c19bd1c06bdbfd94c0516326ae3cf638ac42bb470580e340c46e6f306a772c1ef98f10a559edf867f3f31fe492808776b7bd953b2cba2d2b2d66a44f0203010001300d06092a864886f70d0101050500038181006003b04a8a8c5be9650f350cda6896e57dd13e6e83e7f891fc70f6a3c2eaf75cfa4fc998365deabbd1b9092159edf4b90df5702a0d101f8840b5d4586eb92a1c3cd19d95fbc1c2ac956309eda8eef3944baf08c4a49d3b9b3ffb06bc13dab94ecb5b8eb74e8789aa0ba21cb567f538bbc59c2a11e6919924a24272eb79251677
cuN3wFc9veNNfMbZvCKM0giGtIb8EJ6DG1kT56J847sxrJoVip3D5xwLKX7z940axfpeb9LTJOeHmjvA3Hza
0000000023456789abcdef12123456786789abcd
g85Bp9P9a19angYrNTV3NdDKraVCb4U29ySMdOga3EjxP1VAB3GEiNXAON
8xhs34jxzZnN7vrTwoE41S6fhetX4T
suKfsNLZQMZuppwRQu1o1KB6UTSmc8bypcOxDeeWNMYYHxSk00G2HnHGuTMbP1MWUR3XjhcpwSa0S1Hs3Uj5Miedu
x7dQWBaO1CiC0fGmSEhX56kq2RYo1LRpwvfHlzYRI3p9Ay
zxcvbnmlkjhgfdsaqwertyuiopQWERTYUIOPASDFGHJKLZXCVBNM1234567890
9095F915D6C143A41CE029209AFECB87AB481DDD
ca2288308c114ed68d4f1a03f6cefdd0
UhOLmtD6ccgOJ787xB2sXmRkGdEKxLUSxplEkirS5G
2PHDO0QRDzXDHeM3TykGoedqsM5wmGF
3N3Vk64HntexaQGFwrWdUqFbKk7P2UfBpV
8Kpx8YJB6MEZersn2aKh806S1XNW4GSpFLbuhX
Z32pC0zIjiBQpz8DxHuGVKknLTmFVScp1HD
9115954a17ac76a5c3ed391dd635cfd46d0e3e8eb0a637e639db6be200014418b4f94ec5e7fe3a6e518d384b637ce3827bf0a43553f13e84ad26300b8f24041d
5GJge25471oAInTaQoTgLFUFLX1QBSXZoWSL6OKsg33j37zygI2zxo292LYEpw8m
75DCx8aHT38t7DZrnZLCuDgZq8svPjYcTMEWKgzBMfSwwO3tgt0EDdgIGAgYCBgIGAgYKBdGPgPk7xNaPuEPzwAAAAASUVORK5CYII=
nn6vak9qqHqTNWcP3fmkMBZ4OpKD21DVIBL7xtxr
uevGL1wveHLhWPN1NL4qGNJCWQXSryjmaXXl4tk4prrBDwSnfVBeHPtVg2K87Q338tJH1tm51stie6Be
Pax6dRUhad0eWas5ffiDGA40aiKAhPtMZcZ9T7zEdIGIZQlIQWCc9
tam239QUpznRiWCUvPo9DQDlGLSFIfgMyUWNOlZrAtQN7N2JTfeeh1d8nvBnZrA5im3XD
308203773082025fa003020102020448bb959d300d06092a864886f70d01010b0500306b310b300906035504061302636e31123010060355040813094775616e67646f6e673111300f060355040713085368656e7a68656e3110300e060355040a130754656e63656e74310c300a060355040b13034d4947311530130603550403130c4d696e676875204875616e673020170d3136303532313039353730335a180f32303731303232323039353730335a306b310b300906035504061302636e31123010060355040813094775616e67646f6e673111300f060355040713085368656e7a68656e3110300e060355040a130754656e63656e74310c300a060355040b13034d4947311530130603550403130c4d696e676875204875616e6730820122300d06092a864886f70d01010105000382010f003082010a02820101008c58deabefe95f699c6322f9a75620873b490d26520c7267eb8382a91da625a5876b2bd617116eb40b371c4f88c988c1ba73052caaa9964873c94b7755c3429fca47a6677229fb2e72908d3b17df82f1ebe70447b94c1e5b0a763dad8948312180322657325306f01e423e0409ef3a59e5c0e0b9c765a2322699a2dec2d4dbe58ec15f41752516192169d9596169f5bf08eaf8aab9893240ad679e82fc92b97d2ae98b28021dc5a752f0a69437ea603c541e6753cea52dbc8e8043fe21fd5da46066c92e0714905dfad3116f35aca52b13871c57481459aa4ca255a6482ba972bd17af90d0d2c21a57ef65376bbd4ce7078e6047060640669f3867fdc69fbb750203010001a321301f301d0603551d0e0416041450fb9b6362e829797b1b29ca55e6d5e082e93ff3300d06092a864886f70d01010b050003820101004952ffbfba7c00ee9b84f44b05ec62bc2400dc769fb2e83f80395e3fbb54e44d56e16527413d144f42bf8f21fa443bc42a7a732de9d5124df906c6d728e75ca94eefc918080876bd3ce6cb5f7f2d9cc8d8e708033afc1295c7f347fb2d2098be2e4a79220e9552171d5b5f8f59cff4c6478cc41dce24cbe942305757488d37659d3265838ee54ebe44fccbd1bec93d809f950034f5ef292f20179554d22f5856c03b4d44997fcb9b3579e16a49218fce0e2e6bfe1fd4aa0ab39f548344c244c171c203baff1a730883aaf4506b6865a45c3c9aba40c6326d4152b6ce09cc058864bec1d6422e83dad9496b83fb252b4bfb30d3a6badf996099793e11f9af618d
eci51XUrjhBCfxRTrr5ZiQo1S6qQA0IfDgRszgi2Rzpt4o3NFjnDCfHcOdCj6255loTRWixjTZiGjUlHb5LEBjihk0QVo4lqNo7V7n4WGgbgKGZzwqmE5KNmcl778WsN1t7jy
CWasVmqe6ctEt7RvapSBWU9UlMN1btvawQH7RB4jtv4VwHCeB2HVONN9530Namy56NGJ
9A04F079-9840-4286-AB92-E65BE0885F95
eUaaQll4vIOrT9xBnFEURevFRGLM54jmRETAiEX7IcmQyPtyiCuuTRUNzSqcXLoIjbJQWCwa5NpVKhx27gyjc2fYWOuMUgB8Kob1l5MKLBXvs4EeBgDJHqX8rQVj3fYgBwhCmVS5CspHPvYkAOfOTKH1YP3sz9NfRS7MeBy4Z7gLsQMCcZoJFD7WUASHdwF1RolQ4yhQrHCMG4VxQVDPaLFgfv1Jdj91g9uTEdNxydrWJn5znWkKC8Y9a56XmNoBs5zXAYyXcjNPIXmFZCCsM2O
bF0VSxr8vjy7XyGCiKG9hI7pAWkuKWplsWRdo19ADMDxuuH8BlN
rZDHNWeFTgAIwfXb0cv98k3F5g
1QigFnrcO79l2NI1E44vrOXGPmlH3XLGatdMJuhgHOmP8vEtnuOfiGcrS02hg0YT2Z23Kxrjgn7xyi70ffD4veVHJztW9oyMFvDTMd4QXXagpvGdRx
b08ab57893728693540b6ef8117e4da3
kBoUrouDsrQuP8dHdHCCCbVZTAQs59nLWnQaz
3082023f308201a8a00302010202044c46914a300d06092a864886f70d01010505003064310b30090603550406130238363110300e060355040813074265696a696e673110300e060355040713074265696a696e673110300e060355040a130754656e63656e74310c300a060355040b13035753443111300f0603550403130873616d75656c6d6f301e170d3130303732313036313835305a170d3430303731333036313835305a3064310b30090603550406130238363110300e060355040813074265696a696e673110300e060355040713074265696a696e673110300e060355040a130754656e63656e74310c300a060355040b13035753443111300f0603550403130873616d75656c6d6f30819f300d06092a864886f70d010101050003818d0030818902818100c209077044bd0d63ea00ede5b839914cabcc912a87f0f8b390877e0f7a2583f0d5933443c40431c35a4433bc4c965800141961adc44c9625b1d321385221fd097e5bdc2f44a1840d643ab59dc070cf6c4b4b4d98bed5cbb8046e0a7078ae134da107cdf2bfc9b440fe5cb2f7549b44b73202cc6f7c2c55b8cfb0d333a021f01f0203010001300d06092a864886f70d010105050003818100b007db9922774ef4ccfee81ba514a8d57c410257e7a2eba64bfa17c9e690da08106d32f637ac41fbc9f205176c71bde238c872c3ee2f8313502bee44c80288ea4ef377a6f2cdfe4d3653c145c4acfedbfbadea23b559d41980cc3cdd35d79a68240693739aabf5c5ed26148756cf88264226de394c8a24ac35b712b120d4d23a
ExuHbTsApwIAXgVy4O6R4NyAG4AorSeOEVxxv
EK0IEkLI5SzkMOAOup6CtLqThKcLHWaGfEHPd5svRGfXhLbqxliKSwMbOwBehf6oZyOGON2az2hWZLouS0zBGSnSYFmhJyfZRLDT3U
3AOXMwiWq3JcJxTVPOU62yWqrb2blQ4PvRJqG7vMznvsBWNWf29L
zZhVm7MyxSw7L5AY3jtHO9362uSIuzZ2U9rw12Z7PLJ
MKLznsO6eFT2ZgEJoNO8SxehrkC17D7Try
jQkAPOTiA6fhYNseLxtzOQhyhc71KBVAEeq5OrYUTgjDxwsj6kIalVqN0wkQgpCmVDaSqogjZ4inRJgkOEWiC4jyYI06JeDbBQAiodhlplyR3I6iaVVfexBpJ
2ztxOLWC6px2g8ptZhg1S6gUEfI0VvJTNrYFCjqQNF6bl0bsradMRk5ElJfruo2U4t59p0y5DHi0lRvAPjy7Oq2UAwEQtjcSl4JHFbS
5bzt3wZNrtRZxPcpdFNp2m5lFnggId6uFImdqwh5g0B
R2h5AZZV3LsGrMgYHPBgA9DIeydSyXeq9JKipQVkravPMXBKwNg
mNCmU994QHn0b0e4AqisPSZDiZwa1aHsHpBT
e6b1bdcb890370f2f2419fe06d0fdf7628ad0083d52da1ecfe991164711bbf9297e75353de96f1740695d07610567b1240549af9cbd87d06919ac31c859ad37ab6907c311b4756e1e208775989a4f691bff4bbbc58174d2a96b1d0d970a05114d7ee57dfc33b1bafaf6e0d820e838427018b6435f903df04ba7fd34d73f843df9434b164e0220baabb10c8978c3f4c6b7da79d8220a968356d15090dea07df9606f665cbec14d218dd3d691cce2866a58840971b6a57b76af88b1a65fdffd2c080281a6ab20be5879e0330eb7ff70871ce684e7174ada5dc3159c461375a0796b17ce7beca83cf34f65976d237aee993db48d34a4e344f4d8b7e99119168bdd7
XjKC94iwlshnP19cYDWzXbc2FeQ0Hv5Ztg4lC1HvxuZN47tufC9tx444sD7
mODGuJeAIV5sJvvBZmpbE9NwpTVI0QrOswoCbUGn8CWDBCUGqNL04N6kZBFQ
9Oehx8wXCWoNgiOkDySE1nyTl7ierpzEYp3tmSUmyYQ1Jitl2zO1piMyqidKYj7l1874ztffZ4feu8u3
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMi0gKCzapHg05OXTOlWf9sT20tJJ8C+h41HJZI+nGU2h4sdirRTUB7wdwRR1w604QZJmn55p4S9xBRVCZWIXX2kWmekr90vvvpQow55PYk1JyGXKz7a+yzQxmyEIsD4mtw+M7G76YQrgrjD42EcGH453xTUTdJGwjrn/eCJng6QIDAQAB
ERmUJRukjjHzkqbdWwJkS9ht4540xF8ZRfQWNOVQqhHkHqi5NI6gba31ptjdNmgr3XdlibVSyX9dHyhPiorfcrxp2q4px4Xnft9
qbmuCBlJ59JnLS69tov2YBPNiEkfxFB20Q98Qjb3B
CoB3RB9ua0YycpWyOVyueO326sZStmYnJ8QcBlor5pG
fBisILo8Khz0JA9bQ0KMOpgvHgzwQee8y4cAFCskVHBtbXomeiQavn5ee59Flh
d4p3Aglv7q7xZdM7rBRBubJZjrnKDZnrBfC1MWajJ81BCtYNA0uhxXWBXECacPEybDM4C
O7ALzsFZf43EsTHr9V4b0Q0ppccGlvtloMarE2oBksufZ3igaDojC
RMeq8IqXrEK74uOFP0ShV3ERQh7mcrNTu3N
rXKSCJ67StbgJOhIvnNqiTA8uzSSFG1OR2i0nzEqmMM7c4Wi2CaLC
teHGNSi2hM2JxYFmPkODPg7ESe0J5q05yB3h614O
5TLiERKpu39wOlHMAeoau0hMyGIfKGYfT9W9FJQja3cIARt4jH5F5JvUEkGpnBs358g7LBjnIGRAwzlbiJsxDD02hZ6CotY2NrsLLIWa7onggZqxjDC
Nkq4VtfEDr6gLN4oNpqijWCV0ODEVQREywYjUYoWVvibFPMHPHSGM0vqvjMVz1foxYlzekDMTNkadnJOONr9nYOmS8k2qEQM
HYdUMKkImwPjLKoZuEEx5Qwa2DCAzgJQ
nxJj4YTjHSdYiL92yTEBo8lLSM4CUXXPPDKfxJgZLuVgrmV7eMmGtPYrTzccQgLhv504Fs9Lx9ZcW3LsmLHoVznIAhDdr2
sa2Zkvdten5cYzuZFDUGwJTBOMH
30820239308201a2a00302010202044c96f48f300d06092a864886f70d01010505003060310b300906035504061302434e310b300906035504081302474431123010060355040713094775616e677a686f753110300e060355040a130754656e63656e74310b3009060355040b130233473111300f0603550403130857696c736f6e57753020170d3130303932303035343334335a180f32303635303632333035343334335a3060310b300906035504061302434e310b300906035504081302474431123010060355040713094775616e677a686f753110300e060355040a130754656e63656e74310b3009060355040b130233473111300f0603550403130857696c736f6e577530819f300d06092a864886f70d010101050003818d0030818902818100b56e79dbb1185a79e52d792bb3d0bb3da8010d9b87da92ec69f7dc5ad66ab6bfdff2a6a1ed285dd2358f28b72a468be7c10a2ce30c4c27323ed4edcc936080e5bedc2cbbca0b7e879c08a631182793f44bb3ea284179b263410c298e5f6831032c9702ba4a74e2ccfc9ef857f12201451602fc8e774ac59d6398511586c83d1d0203010001300d06092a864886f70d0101050500038181002475615bb65b8d8786b890535802948840387d06b1692ff3ea47ef4c435719ba1865b81e6bfa6293ce31747c3cd6b34595b485cc1563fd90107ba5845c28b95c79138f0dec288940395bc10f92f2b69d8dc410999deb38900974ce9984b678030edfba8816582f56160d87e38641288d8588d2a31e20b89f223d788dd35cc9c8
mtZblWl2XxquRE4HYxZq1YoJzMPVxuq0W5RqNbUWCNxvDbuMJYYFI0cIixxsavZEQNcVCzsciHMGhlr7TvIy8DGdV7qSUZuIPQdNSdHMIgLjjqxSbo5xKpCqeGJjgV6LxpTuYRTjxDZVcIJDZTj3UBmVPkcoe6sIZTSE82UC1cLF4VkfcLultHKPm
zvMtDlid0I4apybYwYyBKkvgsVpJsNT7ThIplF7gil7hw2ll7T81J28CqQY2hLrENRZXHEgJm8aQowwnaOpmzgNNFA3sRBeB6OqA6YVk2bOQsHOXYRp0WpPyKP2y6sj0E0ziKlHCyvlpf096jmVbNSO7DzJoul
B3K1hacnSU42fj24WRZNczHyXFa1L9e4fJZCB5e
abdafc9a-9b69-4060-ae4f-ed512821a9a5
l4zJcV3lX6rQ0CYNWi5nNDabClFm3k0pPj0kX5V
b6cbad6cbd5ed0d209afc69ad3b7a617efaae9b3c47eabe0be42d924936fa78c8001b1fd74b079e5ff9690061dacfa4768e981a526b9ca77156ca36251cf2f906d105481374998a7e6e6e18f75ca98b8ed2eaf86ff402c874cca0a263053f22237858206867d210020daa38c48b20cc9dfd82b44a51aeb5db459b22794e2d649
7gPxnK1z6ctTwAGQAOahrqHaNW59t2dSKIfN6abbYWjuDsiJ4L3wonc0fPI2XFgXVE8PyRts7wth1
4e6124988c62d7bcbcdf16dc31f2c2a2
tsV4UeKH1Ru2zekD67UGFoMbGxpTSC1U2tF7ghCg5g9qva7wIv
ZnNae7TUl5HHORn8t2lKtMNiK1tz8jQTE6SdWm4JUulizee8D3zTPXNqFWqTJY81pD192zNyRzUq9NON9FOwFpYnrjyYGphrp0C
PEbpm25pLSA46lS8ewZdiAXWqoinO1DkcI7jZz8h
sVsXjZhSCqYcnGKWkzatsiEleFLbuzgAjcWhQ8euGQn3xinUrj1Inu3doIehUMGOP0
fsu4sxDm6bR1g82x8YJzwqOX4OH74aXnPSMv
GTtwDYvNSrb4WmhRQsvsn1M8bFDc9BpUljUlw1YGZbq
RYJT6znx8eARQDM2trKofqGI2Vz9
Uk2V7yI4N9XgyfLuqYnGgHPc6tnIFecw4vkNRkcrscFvUsffn0odk
0123456789ABCDEFabcdef
QrMgt8GGYI6T52ZY5AnhtxkLzb8egpFn3j5JELI8H6wtACbUnZ5cc3aYTsTRbmkAkRJeYbtx92LPBWm7nBO9UIl7y5i5MQNmUZNf5QENurR5tGyo7yJ2G0MBjWvy6iAtlAbacKP0SwOUeUWx5dsBdyhxa7Id1APtybSdDgicBDuNjI0mlZFUzZSS9dmN8lBD0WTVOMz0pRZbR3cysomRXOO1ghqjJdTcyDIxzpNAEszN8RMGjrzyU7Hjbmwi6YNK
pS6k6qILFVtKi5iNbYlNsOl793ou6R1u3tzMvBkTZhbvEXLPPff8fOe7vwMQfAEDAQMBAwEDAQMBA61jgLQudf3MM3P2Sy5lcwzY0wTIKdNIfuz10ryKdulP5Ur9jku
edef8ba9-79d6-4ace-a3c8-27dcd51d21ed
ZYy9AAx2YxGXVNjasoBMvmhQoPMIOCpA41JZErLctl0BU
VTIht8MABw0jqXzfV9nXUfgugMfBc9zE23PTl2GdXPzQvk
FikKWrHRQjLgHTg8F7YrYydRloIWTKoDKsP6dYBfNULYXNi3N5XMKNWqJUWSjDDnFGjqIA00lZhJfSgWJxuISiNBhoNBANCw6d3Aq99KLBx1ri9WBlVD4yZtQcAY
01360240043788015936020505
CW75SeOmFAuhAeSfPqmbt1zVyZ7GwtXKwy6cW0
3tXI0eIKpMR0Zv3tTeMVPweVLtHCynAQpw5mK8Xuv8zywVROCsFvHsQ11U9Vw4tCUAQczttbjDX
2qkcAiXOdCicjKgLbjefhzQWvvCzcqkgwrAXR15yNFGyOiwhn7Ds4Q9t0cvIZECzdTyVWGePzu4tie
WIJ2gPWqxOtro6aCSIWvYjGcoUkusF53nTfgtIJC7VTwynussUuGFS5bp061
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: c/t/m/g/ce.java, line(s) 79 cn/cloudwalk/util/FpsUtil.java, line(s) 53 com/digitalgd/library/media/picture/thread/PictureThreadUtils.java, line(s) 97 com/engagelab/privates/analysis/api/Account.java, line(s) 93,97,141,147,151,159,165,169,179,189,193,207,213,49,59,73,83 com/engagelab/privates/analysis/api/Event.java, line(s) 54,58,75,67,71,78 com/engagelab/privates/analysis/api/ExposureEvent.java, line(s) 36,41 com/engagelab/privates/analysis/api/JSEvent.java, line(s) 18,34 com/engagelab/privates/analysis/api/MTAnalysisPrivatesApi.java, line(s) 35,44,53,61,76,80,90,94,172,185,217,221,271,275 com/engagelab/privates/common/a.java, line(s) 52,63,67,86,102,118,146,248,40,167 com/engagelab/privates/common/a0.java, line(s) 68,92,48,84,106 com/engagelab/privates/common/api/MTCommonPrivatesApi.java, line(s) 25,39,41,57,61,63,71,75,77,85,93 com/engagelab/privates/common/b.java, line(s) 61,66,109,135,34,75,127,149 com/engagelab/privates/common/b0.java, line(s) 63,65,43,47,51,69,79 com/engagelab/privates/common/binder/MTMessenger.java, line(s) 49,43,94,100,80,121,136,154,73,111,131,147,175,177,198,200 com/engagelab/privates/common/binder/MainMessengerHandler.java, line(s) 24 com/engagelab/privates/common/binder/RemoteMessengerHandler.java, line(s) 32 com/engagelab/privates/common/business/lifecycle/MTLifecycleBusiness.java, line(s) 67,81,101 com/engagelab/privates/common/business/network/MTNetworkBusiness.java, line(s) 86,97,131 com/engagelab/privates/common/business/network/MTNetworkListener.java, line(s) 24,31 com/engagelab/privates/common/c0.java, line(s) 41,47,67,55,88,103 com/engagelab/privates/common/component/MTCommonActivity.java, line(s) 48,36,73 com/engagelab/privates/common/component/MTCommonReceiver.java, line(s) 59 com/engagelab/privates/common/component/MTCommonService.java, line(s) 19,25 com/engagelab/privates/common/component/TransferCheck.java, line(s) 28,36 com/engagelab/privates/common/d.java, line(s) 89,93,171,175,64,86,95,102,127,150,168,177,183 com/engagelab/privates/common/d0.java, line(s) 65,77,102,120,160,163,197,201,205,209,241,271,341,350,358,365,368,384,388,443,455,476,482,489,493,500,504,512,520,524,536,544,555,560,565,570,574,600,620,132,145,172,221,258,268,277,281,376,396,422,440,471,639 com/engagelab/privates/common/e.java, line(s) 118,190,204,168,198 com/engagelab/privates/common/f0.java, line(s) 44,47,55,68,92,95,107,114,120,130,141,152,163,174,196,204,208,210,217,252,266,271,278,299,301,307,84,227,242,61,288,337,346 com/engagelab/privates/common/g.java, line(s) 35,50 com/engagelab/privates/common/g0.java, line(s) 21,122,38,111,115,119,140,23,27,46,51,65,83 com/engagelab/privates/common/global/MTGlobal.java, line(s) 96,110,118,149,157,188,210,221,241,249,256,264,272,320,345,384,404 com/engagelab/privates/common/h.java, line(s) 136,161,191,201,204,211,214,218,224,244,250,254,258,106,117,150,158,165,169,247 com/engagelab/privates/common/h0.java, line(s) 20,30 com/engagelab/privates/common/handler/CommonHandler.java, line(s) 38 com/engagelab/privates/common/handler/CommonHandlerThread.java, line(s) 18 com/engagelab/privates/common/handler/MTHandler.java, line(s) 35,119,124,48,60,77,94,127 com/engagelab/privates/common/i.java, line(s) 86,155 com/engagelab/privates/common/i0.java, line(s) 71,115,154,182,44,58,76,125,187 com/engagelab/privates/common/j0.java, line(s) 60,75,82,108,114,43,65,88,94,119 com/engagelab/privates/common/k.java, line(s) 66,75 com/engagelab/privates/common/k0.java, line(s) 115,165,251,309,334,66,83,120,175,201,227,314,344 com/engagelab/privates/common/l.java, line(s) 212,98,102,116,125,128,136,140,146,149,159,162,197,200,215 com/engagelab/privates/common/m.java, line(s) 90,97 com/engagelab/privates/common/n.java, line(s) 33,37 com/engagelab/privates/common/n0.java, line(s) 24,47,61 com/engagelab/privates/common/o.java, line(s) 49,55,65,71,76,82,104,116,106,46 com/engagelab/privates/common/observer/MTObservable.java, line(s) 63,138 com/engagelab/privates/common/p.java, line(s) 31,65,75,68,78,24,49,52,61 com/engagelab/privates/common/q.java, line(s) 49,51,63,67,92,99,119,123,134,143,150,163,177,180,184,212,220,227,233,241,268,281,292,356,357,362,387,409,422,427,46,42,70,76,79,89,96,140,147,169,254,298 com/engagelab/privates/common/r.java, line(s) 37,49,53,59,64,69,72,102,107,202,34,95,98,112,117,123,129,134,140,148,155,162,217 com/engagelab/privates/common/t.java, line(s) 78,84,119,138,141,171,242,298,71,94,97,100,103,106,109,239,252,257,262,267,272,277,164,167,175,183,189,197,305 com/engagelab/privates/common/u.java, line(s) 42,57,93,99,108,113,131,132,133,141,165,200,232,267,282,235,289 com/engagelab/privates/common/utils/FileUtils.java, line(s) 55,77,86,116,136,156,167,200,223,233,265 com/engagelab/privates/common/utils/GZipUtil.java, line(s) 19,43,68 com/engagelab/privates/common/utils/RsaUitl.java, line(s) 23,28,31,40,49 com/engagelab/privates/common/utils/Utils.java, line(s) 148 com/engagelab/privates/common/v.java, line(s) 96,101,106,134,144,147,172,222,226,232,253,259,263,267,87,152,186,213,256 com/engagelab/privates/common/x.java, line(s) 32,59,116,34,41,51,79 com/engagelab/privates/common/y.java, line(s) 120,127,69,78,146,156,166,192,199,207,219,227,239,253,264,275,284 com/engagelab/privates/common/z.java, line(s) 48,57,61,88,97,100,104,108,111,117,120,124,128,132,135,140,144,148,152,155,158,167,189,192,198,223,236,241,247,255,261,264,288,297,317,360,211,304,402,405,73,83,183,213,231,291,345,374,392 com/engagelab/privates/core/api/MTCorePrivatesApi.java, line(s) 32,36,45,49,85,94,103,118,130,145,157,172,187,202 com/engagelab/privates/push/api/MTPushPrivatesApi.java, line(s) 128,228,233,48,52,56,60,72,74,92,107,122,139,143,153,157,167,171,175,179,191,193,201,221,230,235,247,251,261,265,269,280,284,295,299,310,314,325,329,345,353,361,371,379,392,396,417,429,434,446,466,476,480,484,494,498,509,513,517,521,525,529,543,547,551,555,570,599,601,609,625,627,635,643,645,653,661,665,669,673,684,688,699,710 com/engagelab/privates/push/platform/huawei/business/MTHuaweiBusiness.java, line(s) 41,44,48,68,36,52,90,101 com/engagelab/privates/push/platform/huawei/callback/MTHuaweiCallback.java, line(s) 24,41,57,61,68,72,50 com/engagelab/privates/push/platform/meizu/business/MTMeizuBusiness.java, line(s) 65,69,95,101,104,107,110,143,54,61,76,44,137,166,177 com/engagelab/privates/push/platform/meizu/callback/MTMeizuCallback.java, line(s) 48 com/engagelab/privates/push/platform/mi/business/MTMiBusiness.java, line(s) 64,68,72,94,100,102,104,122,49,54,60,76,41,116,144,155 com/engagelab/privates/push/platform/mi/callback/MTMiCallback.java, line(s) 32,36,67,71 com/engagelab/privates/push/platform/oppo/business/MTOppoBusiness.java, line(s) 65,69,73,77,97,48,53,58,81,125,136 com/engagelab/privates/push/platform/oppo/callback/MTOppoCallback.java, line(s) 38,42 com/engagelab/privates/push/platform/vivo/business/MTVivoBusiness.java, line(s) 50,54,58,78,100,111,35,40,46,62 com/engagelab/privates/push/platform/vivo/callback/MTVivoCallback.java, line(s) 15,19 com/engagelab/privates/push/utils/HttpUtils.java, line(s) 32,68,74,86,92,104,110,128,142,156,187 com/engagelab/privates/push/utils/NotificationChannelUtil.java, line(s) 39 com/engagelab/privates/push/utils/NotificationUtil.java, line(s) 201,219,222,296,347,465,481,333,438,449,58,79,104,156,184,208,241,255,268,302,332,352,426,470,531,543 com/fido/android/framework/tm/utils/Logger.java, line(s) 68 com/gmrz/android/client/utils/Logger.java, line(s) 207,188 com/gmrz/android/uaf/framework/service/utils/Logger.java, line(s) 68 com/gmrz/appsdk/FidoAppSDK.java, line(s) 784 com/gmrz/appsdk/GestureManager.java, line(s) 81 com/gmrz/appsdk/commlib/d.java, line(s) 86,88,139 com/gmrz/appsdk/commlib/k.java, line(s) 51,55,59 com/gmrz/appsdk/task/ProcessTask.java, line(s) 756,762 com/gmrz/appsdk/util/EnvObserver.java, line(s) 27,31,36,41,44 com/gmrz/appsdk/util/ExceptionRecorder.java, line(s) 15,23 com/gmrz/appsdk/util/Logger.java, line(s) 33 com/gmrz/appsdk/utils/Logger.java, line(s) 25 com/gmrz/appsdk/utils/SignUtil.java, line(s) 42,51 com/gmrz/asm/fp/authui/view/FpActivity.java, line(s) 87,93 com/gmrz/authenticationso/AuthKernel.java, line(s) 57 com/gmrz/fido/client/core/a21.java, line(s) 203 com/gmrz/fido/client/core/a40.java, line(s) 446 com/gmrz/fido/client/core/at.java, line(s) 148,156,165,178,335 com/gmrz/fido/client/core/au.java, line(s) 54 com/gmrz/fido/client/core/ay.java, line(s) 18 com/gmrz/fido/client/core/bt.java, line(s) 63,157,202,215,252 com/gmrz/fido/client/core/ct.java, line(s) 24 com/gmrz/fido/client/core/ee0.java, line(s) 31 com/gmrz/fido/client/core/ei0.java, line(s) 618 com/gmrz/fido/client/core/ev.java, line(s) 57 com/gmrz/fido/client/core/f00.java, line(s) 32,55,72 com/gmrz/fido/client/core/fs2.java, line(s) 501 com/gmrz/fido/client/core/ft2.java, line(s) 88,95,155,156 com/gmrz/fido/client/core/fu.java, line(s) 116 com/gmrz/fido/client/core/fw.java, line(s) 155 com/gmrz/fido/client/core/fx.java, line(s) 105 com/gmrz/fido/client/core/g00.java, line(s) 18 com/gmrz/fido/client/core/gs.java, line(s) 607 com/gmrz/fido/client/core/gx.java, line(s) 39 com/gmrz/fido/client/core/h20.java, line(s) 75,116 com/gmrz/fido/client/core/hd2.java, line(s) 77 com/gmrz/fido/client/core/hu.java, line(s) 48,97 com/gmrz/fido/client/core/hw.java, line(s) 144 com/gmrz/fido/client/core/iw.java, line(s) 49 com/gmrz/fido/client/core/jw.java, line(s) 83 com/gmrz/fido/client/core/jy.java, line(s) 99,202,212,282,306,339 com/gmrz/fido/client/core/k91.java, line(s) 181,194,202 com/gmrz/fido/client/core/ky.java, line(s) 48,54 com/gmrz/fido/client/core/lj2.java, line(s) 81 com/gmrz/fido/client/core/lz.java, line(s) 81,86,91,100 com/gmrz/fido/client/core/m30.java, line(s) 59 com/gmrz/fido/client/core/m91.java, line(s) 76,134,147,155 com/gmrz/fido/client/core/ma1.java, line(s) 105,108 com/gmrz/fido/client/core/ms.java, line(s) 95,123 com/gmrz/fido/client/core/ms2.java, line(s) 301 com/gmrz/fido/client/core/nz.java, line(s) 26 com/gmrz/fido/client/core/os.java, line(s) 537,557,574 com/gmrz/fido/client/core/ou.java, line(s) 55 com/gmrz/fido/client/core/ov.java, line(s) 112,153 com/gmrz/fido/client/core/ow1.java, line(s) 14,19,24,29,34,39,44,49,54,59,64,69,74,79,84,89,94,99,104,109,114 com/gmrz/fido/client/core/p00.java, line(s) 157 com/gmrz/fido/client/core/pj2.java, line(s) 379,386 com/gmrz/fido/client/core/pk1.java, line(s) 18,41,54,94,135 com/gmrz/fido/client/core/pv.java, line(s) 97,136,146,169,178,189,201,222,229 com/gmrz/fido/client/core/pw.java, line(s) 19 com/gmrz/fido/client/core/py.java, line(s) 96,139,143,147,151,155,160,164,170 com/gmrz/fido/client/core/q00.java, line(s) 277 com/gmrz/fido/client/core/qe0.java, line(s) 111,112 com/gmrz/fido/client/core/qr.java, line(s) 222,254,304,311 com/gmrz/fido/client/core/qt.java, line(s) 53 com/gmrz/fido/client/core/qu.java, line(s) 31 com/gmrz/fido/client/core/qw.java, line(s) 49 com/gmrz/fido/client/core/re0.java, line(s) 57,64,78,92,52,45,71,85 com/gmrz/fido/client/core/s00.java, line(s) 104 com/gmrz/fido/client/core/sw.java, line(s) 108 com/gmrz/fido/client/core/sx.java, line(s) 77 com/gmrz/fido/client/core/t91.java, line(s) 120,435 com/gmrz/fido/client/core/tk1.java, line(s) 25,31 com/gmrz/fido/client/core/tz.java, line(s) 41 com/gmrz/fido/client/core/uk1.java, line(s) 17,28,39 com/gmrz/fido/client/core/un1.java, line(s) 260 com/gmrz/fido/client/core/v10.java, line(s) 75,116 com/gmrz/fido/client/core/v91.java, line(s) 143 com/gmrz/fido/client/core/vl0.java, line(s) 174,184,194,208,224,226,231,240,243,248,259,267,274 com/gmrz/fido/client/core/vs2.java, line(s) 625,673 com/gmrz/fido/client/core/wn1.java, line(s) 12 com/gmrz/fido/client/core/xr2.java, line(s) 56,60,61 com/gmrz/fido/client/core/y00.java, line(s) 52,57,60,66,71 com/gmrz/fido/client/core/y91.java, line(s) 289 com/gmrz/fido/client/core/yn1.java, line(s) 22,98,119 com/gmrz/fido/client/core/yt.java, line(s) 74,84,194,196,202,209 com/gmrz/fido/client/core/yv.java, line(s) 61,67,94,104,114,124 com/gmrz/fido/client/core/yy.java, line(s) 167,170,213,220,225,336 com/gmrz/fido/client/core/z20.java, line(s) 46 com/gmrz/fido/client/core/zs.java, line(s) 15,35 com/gmrz/fido/client/core/zx.java, line(s) 70,85 com/liveness_action/lib/util/AWLogger.java, line(s) 75,86,101,128,139 com/tencent/aai/audio/buffer/FixSizeAudioDataBuffer.java, line(s) 23,31,32,93,118,120 com/tencent/aai/capture/LogHelper.java, line(s) 16,26,36,46 com/tencent/aai/capture/QCloudSignUtil.java, line(s) 96,99 com/tencent/aai/capture/QCloudUpLoadLogBaseAsyncTask.java, line(s) 56,121,137,160,172,208 com/unionpay/utils/j.java, line(s) 15,24,18,12,21 com/zoloz/zeta/zface/activity/ZFaceGroupActivity.java, line(s) 436 org/mp4parser/muxer/container/mp4/FragmentedMp4SampleList.java, line(s) 223,225 org/mp4parser/muxer/tracks/DTSTrackImpl.java, line(s) 103,154,272 org/mp4parser/muxer/tracks/encryption/CencDecryptingSampleList.java, line(s) 95 org/mp4parser/muxer/tracks/h263/H263TrackImpl.java, line(s) 93 org/mp4parser/muxer/tracks/h264/parsing/Debug.java, line(s) 18,21,29,32,46,49,56,58 org/mp4parser/muxer/tracks/h265/H265TrackImpl.java, line(s) 85,92,97,113,221,223,225 org/mp4parser/muxer/tracks/h265/SEIMessage.java, line(s) 16
信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/gmrz/fido/client/core/hp.java, line(s) 12,40,5
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/digitalgd/auth/core/A.java, line(s) 4,15 com/gmrz/fido/client/core/hp.java, line(s) 5,17,21,25 com/gmrz/fido/client/core/m90.java, line(s) 4,23,25
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: cn/weijing/framework/okhttpUtils/https/HttpsUtils.java, line(s) 29,145,28,27,27,143,143 com/digitalgd/module/network/DGRetrofitClient.java, line(s) 38,38,57,79 com/engagelab/privates/common/k.java, line(s) 46,48 com/engagelab/privates/common/t.java, line(s) 64,63,62,62 com/engagelab/privates/common/y.java, line(s) 49,51,141 com/engagelab/privates/push/utils/HttpUtils.java, line(s) 45,47 com/gmrz/fido/client/core/cn0.java, line(s) 33,162,32,31,31,160,160 com/unionpay/a/b.java, line(s) 29,28,27,27 wdoa/wdoa/wdoa/wdoa/wshorta.java, line(s) 80,79,78,78
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: cn/cloudwalk/util/RootUtil.java, line(s) 70,134,240,240,243,243,215 com/gmrz/appsdk/FidoAppSDK.java, line(s) 941,1427 com/gmrz/appsdk/util/ThreatDetector.java, line(s) 33,17,21,21,21,21,21,21,113 com/gmrz/fido/client/core/kn.java, line(s) 19,19,19,19,19,19 com/gmrz/fido/client/core/pp.java, line(s) 295 com/unionpay/UPPayAssistEx.java, line(s) 350
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (apps.samsung.com) 通信。
{'ip': '117.91.193.4', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (norma-external-collect.meizu.com) 通信。
{'ip': '120.236.114.203', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '广州', 'latitude': '23.127361', 'longitude': '113.264572'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (yss.gdzwfw.gov.cn) 通信。
{'ip': '210.76.81.210', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '湖州', 'latitude': '30.870550', 'longitude': '120.093300'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (resolver.msg.xiaomi.net) 通信。
{'ip': '220.181.106.176', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (mobilegw.alipaydev.com) 通信。
{'ip': '206.161.233.191', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (cn.register.xmpush.xiaomi.com) 通信。
{'ip': '220.181.106.176', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (auth.weijing.gov.cn) 通信。
{'ip': '206.161.233.191', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '广州', 'latitude': '23.127361', 'longitude': '113.264572'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (sit.weijing.gov.cn) 通信。
{'ip': '58.248.230.122', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '广州', 'latitude': '23.127361', 'longitude': '113.264572'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (aaistats.qcloud.com) 通信。
{'ip': '121.228.130.197', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (asr.cloud.tencent.com) 通信。
{'ip': '206.161.233.191', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (zwms.gdbs.gov.cn) 通信。
{'ip': '206.161.233.191', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '广州', 'latitude': '23.127361', 'longitude': '113.264572'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api-yst.gdzwfw.gov.cn) 通信。
{'ip': '206.161.233.191', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '广州', 'latitude': '23.127361', 'longitude': '113.264572'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (apicloud.fosafer.com) 通信。
{'ip': '103.103.36.50', 'country_short': 'CN', 'country_long': '中国', 'region': '-', 'city': '-', 'latitude': '39.907501', 'longitude': '116.397232'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (asr.tencentcloudapi.com) 通信。
{'ip': '121.228.130.197', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (h5.m.taobao.com) 通信。
{'ip': '121.228.130.197', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (maplbs-40171.sh.gfp.tencent-cloud.com) 通信。
{'ip': '49.86.42.76', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.taobao.com) 通信。
{'ip': '121.228.130.197', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (tts.tencentcloudapi.com) 通信。
{'ip': '110.40.162.108', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}