移动应用安全检测报告:
安全基线评分
安全基线评分 40/100
综合风险等级
风险等级评定
- A
- B
- C
- F
漏洞与安全项分布(%)
隐私风险
3
检测到的第三方跟踪器数量
检测结果分布
高危安全漏洞
6
中危安全漏洞
18
安全提示信息
2
已通过安全项
1
重点安全关注
0
高危安全漏洞 Activity (com.sneepix.vidpix.ui.SubscriptionActivityWb) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危安全漏洞 Activity (com.sneepix.vidpix.SplashActivity) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危安全漏洞 Activity (com.videoplayerexo.MasterPlayerActivity) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危安全漏洞 Activity (com.videoplayerexo.LocalPlayerActivity) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危安全漏洞 Activity (com.facebook.CustomTabActivity) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: K2/Alpha.java, line(s) 58
中危安全漏洞 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危安全漏洞 Activity (com.sneepix.vidpix.ui.SubscriptionActivityWb) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.videoplayerexo.MasterPlayerActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.videoplayerexo.LocalPlayerActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/cloudinject/customview/C0020.java, line(s) 496 com/cloudinject/customview/C0145.java, line(s) 496 mirrorb/android/app/job/C0029.java, line(s) 122 mirrorb/android/app/job/C0032.java, line(s) 377 mirrorb/android/app/job/C0268.java, line(s) 122 mirrorb/android/app/job/C0271.java, line(s) 377 mirrorb/android/app/role/C0035.java, line(s) 592 mirrorb/android/app/role/C0274.java, line(s) 592 mirrorb/android/app/servertransaction/C0038.java, line(s) 126 mirrorb/android/app/servertransaction/C0277.java, line(s) 126 mirrorb/android/bluetooth/C0042.java, line(s) 310 mirrorb/android/bluetooth/C0281.java, line(s) 310 mirrorb/android/graphics/drawable/C0045.java, line(s) 117 mirrorb/android/graphics/drawable/C0284.java, line(s) 117 mirrorb/android/hardware/display/C0046.java, line(s) 431 mirrorb/android/hardware/display/C0285.java, line(s) 431 mirrorb/android/media/session/C0048.java, line(s) 556 mirrorb/android/media/session/C0287.java, line(s) 555 mirrorb/android/net/wifi/C0053.java, line(s) 131 mirrorb/android/net/wifi/C0292.java, line(s) 131 mirrorb/android/os/storage/C0057.java, line(s) 602 mirrorb/android/os/storage/C0296.java, line(s) 602 mirrorb/android/providers/C0059.java, line(s) 376 mirrorb/android/providers/C0298.java, line(s) 376 mirrorb/android/rms/C0063.java, line(s) 365 mirrorb/android/rms/C0064.java, line(s) 373 mirrorb/android/rms/C0302.java, line(s) 365 mirrorb/android/rms/C0303.java, line(s) 373 mirrorb/android/security/net/config/C0065.java, line(s) 193 mirrorb/android/security/net/config/C0304.java, line(s) 193 mirrorb/android/service/persistentdata/C0067.java, line(s) 187,263 mirrorb/android/service/persistentdata/C0068.java, line(s) 314 mirrorb/android/service/persistentdata/C0306.java, line(s) 187,263 mirrorb/android/service/persistentdata/C0307.java, line(s) 314 mirrorb/android/view/accessibility/C0072.java, line(s) 317 mirrorb/android/view/accessibility/C0311.java, line(s) 317 mirrorb/android/webkit/C0073.java, line(s) 606 mirrorb/android/webkit/C0074.java, line(s) 153 mirrorb/android/webkit/C0312.java, line(s) 606 mirrorb/android/webkit/C0313.java, line(s) 153 mirrorb/java/io/C0091.java, line(s) 141 mirrorb/java/io/C0330.java, line(s) 141
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: F3/u0.java, line(s) 300 b0/Gamma.java, line(s) 107 d3/jj.java, line(s) 156 w1/sfdfssdvsdv.java, line(s) 29
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: D2/ll.java, line(s) 17 D2/ss.java, line(s) 22 E0/scmscsc.java, line(s) 8 F/dd.java, line(s) 77 F2/sI.java, line(s) 4 F3/u0.java, line(s) 40 J6/AbstractC0766Alpha.java, line(s) 3 J6/AbstractC0872Alpha.java, line(s) 3 J6/C0767Beta.java, line(s) 4 J6/C0873Beta.java, line(s) 4 L/E.java, line(s) 15 L1/Beta.java, line(s) 10 O1/ee.java, line(s) 3 O5/a1.java, line(s) 12 O5/gg.java, line(s) 21 O5/ii.java, line(s) 11 P4/sfdfssdvsdv.java, line(s) 9 T4/C1143Alpha.java, line(s) 14 T4/C1249Alpha.java, line(s) 14 T4/aa.java, line(s) 4 T4/bb.java, line(s) 11 U4/cc.java, line(s) 13 U4/sfdfssdvsdv.java, line(s) 14 com/sneepix/vidpix/ExtraClass/MessagingService.java, line(s) 31 k6/C0794Alpha.java, line(s) 5 k6/C0900Alpha.java, line(s) 5 mirrorb/android/providers/C0058.java, line(s) 61 mirrorb/android/providers/C0297.java, line(s) 61
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: C2/Alpha.java, line(s) 65 M0/sfdfssdvsdv.java, line(s) 43 O0/Zeta.java, line(s) 36 O0/oo.java, line(s) 85 O0/ww.java, line(s) 92 X4/Gamma.java, line(s) 45
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: R1/AbstractC1065sfdfssdvsdv.java, line(s) 245 R1/AbstractC1171sfdfssdvsdv.java, line(s) 245 bin/mt/signature/KillerApplication.java, line(s) 77 cd/C0015.java, line(s) 230 cd/C0130.java, line(s) 230 com/sneepix/vidpix/ui/PaymentZamZamQRCodeActivity.java, line(s) 383
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: F2/g7.java, line(s) 9,82,94 F3/AbstractC0294d.java, line(s) 6,7,78 F3/AbstractC0398d.java, line(s) 6,7,79 F3/C0405g7.java, line(s) 5,6,7,8,78 F3/C0421oE.java, line(s) 4,64 F3/SI.java, line(s) 4,112 F3/o0.java, line(s) 8,1352 F3/sfdfssdvsdv.java, line(s) 5,6,502,983,1244 P4/dd.java, line(s) 8,226 U4/Zeta.java, line(s) 6,30 Y1/Gamma.java, line(s) 8,68 Y1/scscsef.java, line(s) 5,58 Z1/aa.java, line(s) 3,12,13,14,15,16,19,20,21,24,27,28,29,32,33,34,35,36 Z1/bb.java, line(s) 4,5,46 b2/scmscsc.java, line(s) 11,88
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: K4/Beta.java, line(s) 50 O6/Delta.java, line(s) 203 S3/AbstractC1128Beta.java, line(s) 60 S3/AbstractC1234Beta.java, line(s) 121
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: F/dd.java, line(s) 197
中危安全漏洞 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/833978796721/namespaces/firebase:fetch?key=AIzaSyAaWf17IjyhF1v0yXHK5M3rUWOll9yWMeQ ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"ApiKey": "$78cgXwvAX^QiSC$",
"ContactShow": "false",
"CreateOrderId": "https://sunehrashop.com/api/createOrder",
"CurrentPlan": "https://sunehrashop.com/api/getCurrentPlan",
"Email": "assyvilla@gmail.com",
"EncyPass": "!tD0VRZ4-oS@Xj7y",
"Key1": "0188373608",
"Key2": "9107883167",
"LocCheck": "true",
"MainUrl": "https://sunehrashop.com/api/sneepix/pHyG9SlPdk/user-info",
"MethodK": "AES/ECB/PKCS7PADDING",
"PaymentDone": "https://sunehrashop.com/api/sneepix/pHyG9SlPdk/plan-success",
"Review": "https://sunehrashop.com/api/save-review",
"Support": "http://shareapp.appdotsinfotech.in/save-help-support",
"TypeD": "AES",
"UpdateProfile": "https://sunehrashop.com/api/updateUserInfo",
"api1": "https://ipapi.co/json/",
"api2": "http://ip-api.com/json",
"apicall": "2",
"bloc": "balaji teleworks,facebook,teleworkssc,google",
"blockNew": "google,gujarat",
"chatrequest": "https://shareapp.appdotsinfotech.in/save-chat-support",
"isreffer": "0",
"upi": "sbipads000003728@sbipay",
"xipp": "O?hPZ2}lr_d?nKBEfZu&_tewElDy6c",
"zip_url": "https://sunehrashop.com/app_data/sneepix.zip"
},
"state": "UPDATE",
"templateVersion": "12"
}
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个3隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "google_app_id" : "1:833978796721:android:835aed16d9fe0cd2fd7090" "facebook_client_token" : "722a4614ac84090bc4d0cd75dcec24e5" "library_zxingandroidembedded_author" : "JourneyApps" "google_api_key" : "AIzaSyAaWf17IjyhF1v0yXHK5M3rUWOll9yWMeQ" "library_zxingandroidembedded_authorWebsite" : "https://journeyapps.com/" "google_crash_reporting_api_key" : "AIzaSyAaWf17IjyhF1v0yXHK5M3rUWOll9yWMeQ" "facebook_app_id" : "9338137459585110" cc2751449a350f668590264ed76692694a80308a nkCxI9Ar+bE1V2QIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAFklsf 970a14d9b0e93bc1093742c1ec138d285982fb13125c1fe1e3da1a684cd3f7c6d7601a879abd1d89f8236491d094248084c2f250093cbbc1c955a5ece498e80632c88f16c6eced5c8d508a031dd35bbbb799d640acfadba0 c56fb7d591ba6704df047fd98f535372fea00211 16a09e667f3bcc908b2fb1366ea957d3e3adec17512775099da2f590b0667322a nMlyF97RDtLoJYIM/crqrpRuyS2WJvuwzg78iKKZslp0xa99hmgSzmPt4XC6WZKuPdq4HPUuGF0fu 7defa30b4642cc2697c711ed8fa5db05 nA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDAS ad79730a7e9813ce1476246dac7eb05c6260997a60e38b6a6f34f79486ee693e4213548ec5a911e3 8b4413666ed687900000242d50cf1f9f nC7o7VNR7IWQfvhigLJJGg+hC8/XAvCxYQQT5647dkRL9vR8O1v3rWEUr480Fbqt5lO9EuRCTwBnb nBgNVBAoTC0dvb2dsZSBJbmMuMRAwDgYDVQQLEwdBbmRyb2lkMRAwDgYDVQQDEwdBbmRyb2lkMCAX nfDo7iZSf4n9/SoRvo1DxhaMYZjaUVWoNtArxe17D+8lQSDhm+pxeDvsZDznZSsIgrk0yVLdcMUM9 9b8f518b086098de3d77736f9458a3d2f6f95a37 naNCjIYt8xoTL7msNIjdPpUshufUsxWicp2Bd+UgqLfRkOxcVVskIqclvCDxUhk8guUFy+xpnFVOC na4diOURdAN3Re+oS/ybBfSDjK72k80MKEQxo7HqU8AJNm8dWdrCmERDj6G11j99iqZEqbg== nY1sSrdKALhRE8eAQjfiHsfKRkoRakyom0MfxCBWwjyBYWrfU9SKAbx6YRo4AUbWnwCymPnFjVAIl df6b721c8b4d3b6eb44c861d4415007e5a35fc95 MIIFiDCCA3CgAwIBAgIUOCqL6MYXO4TQ2mYO7oW+ymAItvAwDQYJKoZIhvcNAQELBQAwdDELMAkG nEDAOBgNVBAsTB0FuZHJvaWQxEDAOBgNVBAMTB0FuZHJvaWQwggIiMA0GCSqGSIb3DQEBAQUAA4IC nDwAwggIKAoICAQDVrvFyCyfNp06pEoVnwcg6w1grYblXlpiB6SEvDGVoVFuYnbG82JriixM/ILMN edef8ba9-79d6-4ace-a3c8-27dcd51d21ed 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 nXWiuhopqMbV3bawhg60jGsBLrA40SJHmj4vQ4FL4OjbRp6e3JHNlbDu3Gf0qsGlxAygvjcDT/uGR nQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xlIEluYy4x n5zuqXqPvH3Ly5nIiQQ6zJEwrN71fNNmyTX2JVfdwYfTkRuyBJLEtczWMIxQjvuAuxbGgos5v53FF a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc nfMl2vyIuXItprWOljVBK9CKFa6CWH92cQpsYRvONFhDHjgaPeVXd+FGNvSnh3k6JVF/d2PKSpSGz
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: B4/C0386Delta.java, line(s) 100,134 B4/C0492Delta.java, line(s) 100,134 C/scmscsc.java, line(s) 54 C0/scscwfwfsw.java, line(s) 60 C1/Delta.java, line(s) 33,32,32 C1/ll.java, line(s) 87,142 C1/tt.java, line(s) 90,121,130,111,113,133,139,142,89,120 C1/vv.java, line(s) 96 C4/Gamma.java, line(s) 20 D0/C0529Beta.java, line(s) 86,91,98,102,114,122 D0/C0635Beta.java, line(s) 86,91,98,102,114,122 D2/C0641Gamma.java, line(s) 65 D2/F6.java, line(s) 498,370,575 D2/ll.java, line(s) 86,497 D2/ss.java, line(s) 426,1449 D2/yO.java, line(s) 70 E/dd.java, line(s) 44 E/ff.java, line(s) 55 E/oo.java, line(s) 63,80,110 E/rr.java, line(s) 957,959,961,531,615,618 E/scscwfwfsw.java, line(s) 396 E0/Beta.java, line(s) 23,33 E4/C0573scmscsc.java, line(s) 129 E4/C0679scmscsc.java, line(s) 132 E4/sfdfssdvsdv.java, line(s) 877,427,437,428,438,891 E5/Alpha.java, line(s) 84,85 F/Beta.java, line(s) 52,211,220 F/dd.java, line(s) 203 F0/AbstractC0597Alpha.java, line(s) 122 F0/AbstractC0703Alpha.java, line(s) 122 F2/AbstractC0603Alpha.java, line(s) 209 F2/AbstractC0709Alpha.java, line(s) 497 F2/C0728nn.java, line(s) 215,860 F2/C0730pp.java, line(s) 727,749,772 F2/g7.java, line(s) 164,223 F3/C0309kA.java, line(s) 167 F3/C0325t.java, line(s) 81,100,80,99,74,97 F3/C0336yO.java, line(s) 42,52,84,90,43,85,55,91 F3/C0413kA.java, line(s) 167 F3/C0429t.java, line(s) 81,100,80,99,74,97 F3/C0440yO.java, line(s) 42,52,84,90,43,85,55,91 F3/RunnableC0310l.java, line(s) 45,39,121,42,53,56,59 F3/RunnableC0332wM.java, line(s) 252,519 F3/RunnableC0410j.java, line(s) 178,183,186 F3/RunnableC0414l.java, line(s) 45,39,121,42,53,56,59 F3/RunnableC0436wM.java, line(s) 249,516 F3/tt.java, line(s) 276,277 F3/u0.java, line(s) 935,744 G/aa.java, line(s) 26 G/bb.java, line(s) 55 G/cc.java, line(s) 37 G/dd.java, line(s) 55,113 G/sfdfssdvsdv.java, line(s) 36,41 G5/Beta.java, line(s) 110,92,131,240 G6/Beta.java, line(s) 413 H/Delta.java, line(s) 30,33,36,72,74,76,116,122 H/sfdfssdvsdv.java, line(s) 37,205 H2/Zeta.java, line(s) 80 H3/Alpha.java, line(s) 116,121 H3/C0684Beta.java, line(s) 92,193 H3/C0790Beta.java, line(s) 92,193 H4/scscwfwfsw.java, line(s) 116,56,131,145 I2/C0706Zeta.java, line(s) 256,396 I2/C0811Gamma.java, line(s) 334 I2/C0812Zeta.java, line(s) 256,396 I2/Delta.java, line(s) 82,93 I3/Alpha.java, line(s) 92,115,193,269,281,101,109,122,210 J/C0733scscwfwfsw.java, line(s) 89,140,152,162 J/C0734sfdfssdvsdv.java, line(s) 157 J/C0839scscwfwfsw.java, line(s) 90,141,153,163 J/C0840sfdfssdvsdv.java, line(s) 158 J/bb.java, line(s) 22 J2/C0747ee.java, line(s) 69 J2/C0853ee.java, line(s) 69 J4/Beta.java, line(s) 34 J4/Zeta.java, line(s) 175,355 J5/C0764Gamma.java, line(s) 9 J5/C0870Gamma.java, line(s) 9 J5/Gamma.java, line(s) 34,33,41 J5/Zeta.java, line(s) 19 J5/scmscsc.java, line(s) 52 J5/scscsef.java, line(s) 140,225,142 J5/scscwfwfsw.java, line(s) 24 K/ViewOnKeyListenerC0776Zeta.java, line(s) 445 K/ViewOnKeyListenerC0882Zeta.java, line(s) 445 K0/Gamma.java, line(s) 190 K0/f6.java, line(s) 45 K0/ii.java, line(s) 131,102 K0/kA.java, line(s) 157 K0/vv.java, line(s) 513 K2/ff.java, line(s) 65,73 K2/hh.java, line(s) 227 K3/Beta.java, line(s) 90,107,89,106,130 K3/Delta.java, line(s) 31,30 K3/Epsilon.java, line(s) 45,58,79,44,57,78,75,99,111 K3/Zeta.java, line(s) 16,13,13 K3/aa.java, line(s) 56,63,55,62 K3/bb.java, line(s) 80,79 K3/scscwfwfsw.java, line(s) 59,58 K3/sfdfssdvsdv.java, line(s) 49,48,62,85,114,134,142,63,86,115,135,143 K4/Beta.java, line(s) 43,54 K5/Beta.java, line(s) 38,58,71 K5/Delta.java, line(s) 27 K5/Epsilon.java, line(s) 28,42,70,92,36,64,87,115 K5/Gamma.java, line(s) 21,22,26,31,45,47 K5/aa.java, line(s) 68,76 K5/scmscsc.java, line(s) 26,52 K5/scscsef.java, line(s) 254,59,118,132,175,176,199,215,220,222,228,72,80,115,120 L/AbstractC0827rH.java, line(s) 20 L/AbstractC0933rH.java, line(s) 21 L/C0804b.java, line(s) 30,39,49,59 L/C0835vL.java, line(s) 97,106,210 L/C0910b.java, line(s) 30,39,49,59 L/C0912c.java, line(s) 231 L/C0917e5.java, line(s) 73 L/C0941vL.java, line(s) 98,107,211 L/D.java, line(s) 128,218 L/E.java, line(s) 149,106 L/Epsilon.java, line(s) 30,33 L/H.java, line(s) 27 L/TJ.java, line(s) 270,84,89,96,189,253 L/ZP.java, line(s) 21 L/hh.java, line(s) 58 L/o.java, line(s) 92,115,214,228 L/r.java, line(s) 32 L/yy.java, line(s) 58,63,68,73 L0/Gamma.java, line(s) 182,209,179,208 L1/AbstractC0847Epsilon.java, line(s) 123 L1/AbstractC0953Epsilon.java, line(s) 124 L1/ee.java, line(s) 263 L1/nn.java, line(s) 37 L1/qq.java, line(s) 63 L3/Delta.java, line(s) 44 L3/Zeta.java, line(s) 50,95,102 L3/aa.java, line(s) 23 L3/dd.java, line(s) 68 L3/gg.java, line(s) 113,117,42 L3/scscsef.java, line(s) 34 L3/scscwfwfsw.java, line(s) 250,252,141,174,178,247,53 L4/Gamma.java, line(s) 238,243,93,94,229,231 L5/Alpha.java, line(s) 71 L5/Delta.java, line(s) 63 L5/Zeta.java, line(s) 85,388,389 N/AbstractC0347i9.java, line(s) 330,235,329 N/AbstractC0453i9.java, line(s) 332,237,331 N/Gamma.java, line(s) 80 N/ff.java, line(s) 30,43,91,154,197,214,238 N/lB.java, line(s) 20,31 N/uK.java, line(s) 30 N/vL.java, line(s) 30,42,49,58 N/xx.java, line(s) 79 N/zP.java, line(s) 77,94,68 N0/Beta.java, line(s) 118,143,117,142 O0/dd.java, line(s) 435,137,174,434,281 O0/ee.java, line(s) 132,133 O0/gg.java, line(s) 12,53 O0/qq.java, line(s) 82 O0/yy.java, line(s) 77,106,67,76,105,68 O1/Delta.java, line(s) 68,73,78 O1/d4.java, line(s) 187,190,195 O5/gg.java, line(s) 155 O5/vv.java, line(s) 44,58,139,153 O5/zz.java, line(s) 9,16 O6/Delta.java, line(s) 180 O6/bb.java, line(s) 160 P0/C1072Gamma.java, line(s) 171,182 P0/Zeta.java, line(s) 51,114,52,115 P0/dd.java, line(s) 482 P0/scmscsc.java, line(s) 72,125,212,224,68,84,90,108,120,127,180,186,193,211,223,53,88,184,201,109 P1/Zeta.java, line(s) 123 P1/hh.java, line(s) 118,138 P1/scscsef.java, line(s) 148,157,218,224,219,225,327 P4/Epsilon.java, line(s) 21,24 P4/RunnableC1094Alpha.java, line(s) 270,581 P4/dd.java, line(s) 266,349,310,265,345 P4/ee.java, line(s) 52,26,29,41,51,42 P4/ff.java, line(s) 84,72,100 P4/ll.java, line(s) 575,585,574,584 P4/mm.java, line(s) 32,48 P4/nn.java, line(s) 22 P4/qq.java, line(s) 68,68 P4/rr.java, line(s) 24,37,23,23,36,36 P4/scmscsc.java, line(s) 59,58 P4/scscwfwfsw.java, line(s) 28,27 P4/ss.java, line(s) 57,106,56,119,132,149,156 P4/uu.java, line(s) 22,21 P4/ww.java, line(s) 45,49,57,70,87,116,141,95,100,124,44,48,56,69,84,115,140 P5/Zeta.java, line(s) 149,170 P6/Delta.java, line(s) 44 Q0/Gamma.java, line(s) 253,252,129,135 Q2/AbstractC1026sfdfssdvsdv.java, line(s) 50,57,95,139,150,163,173 Q2/AbstractC1124Epsilon.java, line(s) 292,396 Q2/AbstractC1132sfdfssdvsdv.java, line(s) 51,58,96,140,151,164,174 Q2/C1025scscwfwfsw.java, line(s) 127 Q2/C1131scscwfwfsw.java, line(s) 138,929 Q4/AbstractC1032Beta.java, line(s) 274,426,655,295,273,294,592,601,440,450 Q4/AbstractC1138Beta.java, line(s) 286,438,603,764,307,285,306,701,710,452,462,598,616 Q4/C1033Delta.java, line(s) 21 Q4/C1139Delta.java, line(s) 21 Q4/Zeta.java, line(s) 223,241,72,76,82,85,152 R/kk.java, line(s) 16,15 R0/Delta.java, line(s) 11,10 R0/scmscsc.java, line(s) 1213 R1/AbstractC1065sfdfssdvsdv.java, line(s) 139,153,164 R1/AbstractC1171sfdfssdvsdv.java, line(s) 139,153,164 R1/C1060bb.java, line(s) 66,87,102 R1/C1165aa.java, line(s) 74,84,122 R1/C1166bb.java, line(s) 66,87,102 R1/RunnableC1053Alpha.java, line(s) 107 R1/RunnableC1159Alpha.java, line(s) 106 R2/C1074scscwfwfsw.java, line(s) 291 R2/C1180scscwfwfsw.java, line(s) 291 R2/Gamma.java, line(s) 76 R2/scmscsc.java, line(s) 155,110,95,179 S0/Beta.java, line(s) 60,80,85,93,107,61,81,88,96,110 S0/Delta.java, line(s) 67,66 S0/tt.java, line(s) 89,88 S1/C1125scscsef.java, line(s) 92,316 S1/C1231scscsef.java, line(s) 165,389 S3/AbstractC1128Beta.java, line(s) 100,99,93 S3/AbstractC1129Delta.java, line(s) 50,57 S3/AbstractC1234Beta.java, line(s) 161,160,154 S3/AbstractC1235Delta.java, line(s) 50,57 S3/Zeta.java, line(s) 154,250,152 S4/Gamma.java, line(s) 697,692,696,200,456,469,493,496,532,567,577,617 T4/Alpha.java, line(s) 42,60,44,57 U/Epsilon.java, line(s) 255 U0/Beta.java, line(s) 70,71 U1/Gamma.java, line(s) 51 U1/bb.java, line(s) 215 U2/C1259Delta.java, line(s) 126 U4/Beta.java, line(s) 63,68,116 U4/Gamma.java, line(s) 87 U4/aa.java, line(s) 49 V0/Gamma.java, line(s) 43,44 V0/dd.java, line(s) 22,29,123,133,147,157,180,190,214,221,228,232,235,238,21,28,122,132,144,156,179,189,209,220,227,231,234,237 V0/jj.java, line(s) 47,50,48,51 V0/nn.java, line(s) 59,65,71,77,83,90,96,111,123,60,66,72,78,84,91,97,124,112 V0/rr.java, line(s) 42,51,58,43,52,59,60,61,64 V0/scscwfwfsw.java, line(s) 21,26,22,29 V2/Alpha.java, line(s) 126,133,137,141 V2/Delta.java, line(s) 40 V2/Epsilon.java, line(s) 55 V2/cc.java, line(s) 277,304,220 V2/ee.java, line(s) 514,598,1068 V2/ll.java, line(s) 88 W3/Delta.java, line(s) 59,65,239,295,320,290,62,89,148,184,199,207,217 X/Beta.java, line(s) 128 X/scmscsc.java, line(s) 202,236,242,306,382,459,509,529,543,577,595,655,700,703,789,794,800,817,827,838,845,940,972,60,280,285,434,761,765,769,875,883 X2/Delta.java, line(s) 384,68,88,112,311,322 X4/C1229Delta.java, line(s) 71 X4/C1335Delta.java, line(s) 71 Y/Delta.java, line(s) 56,65 Y/bb.java, line(s) 367,427,430 Y/ff.java, line(s) 624,1365,1722,1729,1730,1731,1739,1783,1790,1791,1792,1800,1811,1819,1820,1821,1830,1846,1854,1855,1856,1865,1947,337,726,1503,1518,1669 Y/scscwfwfsw.java, line(s) 50 Y1/Gamma.java, line(s) 100,99 Y3/Gamma.java, line(s) 230 Z0/Alpha.java, line(s) 46,108,125,131,136,54,109,126,132,137 Z0/scscsef.java, line(s) 50,51 Z1/C1258Beta.java, line(s) 42 Z1/C1364Beta.java, line(s) 42 Z2/scscwfwfsw.java, line(s) 300,338,409,425,435,439,528,697 a1/Zeta.java, line(s) 321 a3/C0363Beta.java, line(s) 46 a3/C0469Beta.java, line(s) 46 a3/scmscsc.java, line(s) 116 b0/Epsilon.java, line(s) 194 b0/Gamma.java, line(s) 228 b2/scmscsc.java, line(s) 131 bin/mt/signature/KillerApplication.java, line(s) 116,126,161 c3/hh.java, line(s) 152 com/journeyapps/barcodescanner/BarcodeView.java, line(s) 58 com/sneepix/vidpix/ExtraClass/MessagingService.java, line(s) 63,140,146,86,93 com/sneepix/vidpix/SplashActivity.java, line(s) 122,139,200,312,368,393,458,485,486 com/sneepix/vidpix/ui/MainActivity.java, line(s) 784,798 com/sneepix/vidpix/ui/SettingActivity.java, line(s) 112 com/sneepix/vidpix/ui/SubscriptionActivityUPI.java, line(s) 252 com/sneepix/vidpix/ui/SubscriptionActivityWb.java, line(s) 121,167,220,235,241,270 d1/sfdfssdvsdv.java, line(s) 511,23,254,367 d3/AbstractC0552Alpha.java, line(s) 330,425,494,505,249 d3/AbstractC0658Alpha.java, line(s) 478,573,642,653,397 dev/shreyaspatil/easyupipayment/ui/PaymentChooseActivity.java, line(s) 87 e1/C0563Gamma.java, line(s) 37,38 e1/C0669Gamma.java, line(s) 37,38 e1/ViewTreeObserverOnPreDrawListenerC0560Beta.java, line(s) 26,59,27,60 e1/ViewTreeObserverOnPreDrawListenerC0666Beta.java, line(s) 26,59,27,60 e1/Zeta.java, line(s) 37,38 e3/gg.java, line(s) 85 e3/scscwfwfsw.java, line(s) 366,443 g2/scscwfwfsw.java, line(s) 52,68,77,87 k1/Beta.java, line(s) 174,423 n2/C1009Alpha.java, line(s) 210 n2/Gamma.java, line(s) 99 n3/bb.java, line(s) 269,339 n5/scmscsc.java, line(s) 84,131 o3/Epsilon.java, line(s) 338,164,170,176,185,367 o3/ff.java, line(s) 84,87,90,93,96,99,107,110,113,116,156,161 o3/ii.java, line(s) 17 o3/scmscsc.java, line(s) 83 o3/uu.java, line(s) 37 o3/ww.java, line(s) 39,54 org/lsposed/hiddenapibypass/HiddenApiBypass.java, line(s) 74,313 p2/C1089Gamma.java, line(s) 259,443 r3/C1075Alpha.java, line(s) 73,92 r3/C1181Alpha.java, line(s) 73,92 t/Gamma.java, line(s) 248 t2/kk.java, line(s) 63,74 t2/scmscsc.java, line(s) 98 w1/Beta.java, line(s) 97,76 w1/Zeta.java, line(s) 29 w1/scscwfwfsw.java, line(s) 63 w1/sfdfssdvsdv.java, line(s) 64 w2/Alpha.java, line(s) 71,74,306 y2/Alpha.java, line(s) 156,168
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: O1/Gamma.java, line(s) 13,18,13,18 O1/d4.java, line(s) 121,121 U1/scscwfwfsw.java, line(s) 229,229 a1/Beta.java, line(s) 81,81
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: O6/Epsilon.java, line(s) 51,50,49 O6/cc.java, line(s) 51,50,49,49 O6/ee.java, line(s) 102,90,101,100,100 O6/scscsef.java, line(s) 85,74,84,100,83,83