移动应用安全检测报告:
安全基线评分
安全基线评分 50/100
综合风险等级
风险等级评定
- A
- B
- C
- F
漏洞与安全项分布(%)
隐私风险
3
检测到的第三方跟踪器数量
检测结果分布
高危安全漏洞
4
中危安全漏洞
14
安全提示信息
1
已通过安全项
3
重点安全关注
2
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: s8/kb.java, line(s) 27
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: s8/h70.java, line(s) 336,9,10 s8/k70.java, line(s) 426,713,21,22
高危安全漏洞 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: vb/e.java, line(s) 24,25,3
高危安全漏洞 Firebase数据库未授权访问
位于 https://camera-app-3f4e6-default-rtdb.firebaseio.com/.json 的 Firebase 数据库在没有任何身份验证的情况下暴露在互联网上。响应内容如下所示:
{
"com_admobAdsDemo_mandyadsdemo": {
"admobappid": "ca-app-pub-7055351390443714~6612494594",
"appstatus": "1",
"bannerid": "ca-app-pub-3940256099942544/6300978111",
"commanadstatus": "1",
"commancounter": "30",
"dialogadsstatus": "1",
"intertialid": "ca-app-pub-3940256099942544/1033173712",
"nativeid": "ca-app-pub-3940256099942544/2247696110",
"openappadbetaid": "ca-app-pub-3940256099942544/3419835294",
"privacypolicy": "https://sites.google.com/view/keboardforiphon13/home",
"rewardid": "ca-app-pub-3940256099942544/5224354917"
},
"com_browser_fastsecureinternetbrowser": {
"addmobadcounter": "30",
"admobadstatus": "1",
"admobappid": "ca-app-pub-7055351390443714~6612494594",
"admobbannerid": "ca-app-pub-3940256099942544/6300978111",
"admobintertialid": "/6499/example/interstitial",
"admobnativeid": "ca-app-pub-3940256099942544/2247696110",
"admobopenappadbetaid": "ca-app-pub-3940256099942544/3419835294",
"admobrewardid": "ca-app-pub-3940256099942544/5224354917",
"advancestatus": "",
"app_version": "1.0.0",
"applicationname": "dynamic",
"applivestatus": "1",
"backad": "1",
"commanadstatus": "2",
"commancounter": "30",
"facebookadcounter": "30",
"facebookadstatus": "2",
"fbadappid": "YOUR_PLACEMENT_ID",
"fbbannerid": "YOUR_PLACEMENT_ID",
"fbintertialid": "YOUR_PLACEMENT_ID",
"fbnativebannerid": "YOUR_PLACEMENT_ID",
"fbnativeid": "YOUR_PLACEMENT_ID",
"fbrewardid": "YOUR_PLACEMENT_ID",
"other_id_or_url": "",
"packagename": "com.multiplead.dynamicdemo2",
"privacyurl": "",
"recentAppsDatalist": [
{
"app_id": "0",
"app_logo": "https://play-lh.googleusercontent.com/5kziuoT3GwkoMhTPhFnUXHDsgyLs1ORV32RretBQC_aQIs2mNTLUKIOJ3Ybk5_wq51Y=s180-rw",
"market_url": "https://youtube.com/channel/UCCFClTXspa_vlH-sbEJS7Ng",
"name": "Iphone Ringtone on my youtube"
}
],
"recentappstatus": "1"
},
"com_cameraforiphone_cameraforiphonefirst": {
"admobappid": "",
"appstatus": "1",
"bannerid": "ca-app-pub-8559063628998296/4583257191",
"commanadstatus": "1",
"commancounter": "60",
"dialogadsstatus": "2",
"intertialid": "ca-app-pub-8559063628998296/5952179188",
"nativeid": "ca-app-pub-8559063628998296/1502670426",
"openappadbetaid": "ca-app-pub-8559063628998296/8654364148",
"privacypolicy": "https://iphonewidget01.blogspot.com/",
"rewardid": "ca-app-pub-8559063628998296/3513718105"
},
"com_cameraforiphonehdcamera_icamera14promaxos16": {
"admobappid": "ca-app-pub-7055351390443714~6612494594",
"appstatus": "1",
"bannerid": "ca-app-pub-3940256099942544/6300978111",
"commanadstatus": "2",
"commancounter": "5",
"dialogadsstatus": "1",
"intertialid": "ca-app-pub-3940256099942544/1033173712",
"nativeid": "ca-app-pub-3940256099942544/2247696110",
"openappadbetaid": "ca-app-pub-3940256099942544/3419835294",
"privacypolicy": "https://hdcamboard.blogspot.com/",
"rewardid": "ca-app-pub-3940256099942544/5224354917"
},
"com_ios14keyboard_ikeyboardforiphone13promax": {
"admobappid": "",
"appstatus": "1",
"bannerid": "ca-app-pub-8559063628998296/6894823248",
"commanadstatus": "1",
"commancounter": "35",
"dialogadsstatus": "1",
"intertialid": "ca-app-pub-8559063628998296/5704767171",
"nativeid": "",
"openappadbetaid": "ca-app-pub-8559063628998296/3326015840",
"privacypolicy": "https://varshadeveloper.blogspot.com/",
"rewardid": "ca-app-pub-8559063628998296/8172245890"
},
"com_ioscallscreen_icallscreen": {
"admobappid": "ca-app-pub-8615712507416068~9540075297",
"appstatus": "1",
"bannerid": "ca-app-pub-8615712507416068/4685288140",
"commanadstatus": "2",
"commancounter": "25",
"dialogadsstatus": "1",
"intertialid": "ca-app-pub-8615712507416068/9257004266",
"nativeid": "ca-app-pub-8615712507416068/2059124804",
"openappadbetaid": "ca-app-pub-8615712507416068/9746043135",
"privacypolicy": "https://varshadevcallscreencamera.blogspot.com/",
"rewardid": ""
},
"com_ioskeyboard_keyboardforiphone14": {
"admobappid": "",
"appstatus": "1",
"bannerid": "/21753324030,22888694591/com.ioskeyboard.keyboardforiphone14_Banner",
"commanadstatus": "2",
"commancounter": "35",
"dialogadsstatus": "1",
"intertialid": "/21753324030,22888694591/com.ioskeyboard.keyboardforiphone14_Interstitial",
"nativeid": "/21753324030,22888694591/com.ioskeyboard.keyboardforiphone14_Native",
"openappadbetaid": "/21753324030,22888694591/com.ioskeyboard.keyboardforiphone14_AppOpen",
"privacypolicy": "https://sites.google.com/view/keboardforiphon13/home",
"rewardid": "/21753324030,22888694591/com.ioskeyboard.keyboardforiphone14_Rewarded"
},
"com_ioskeyboardpromax_keyboardforiphone14promax": {
"admobappid": "ca-app-pub-7055351390443714~6612494594",
"appstatus": "1",
"bannerid": "ca-app-pub-3940256099942544/6300978111",
"commanadstatus": "2",
"commancounter": "30",
"dialogadsstatus": "1",
"intertialid": "ca-app-pub-3940256099942544/1033173712",
"nativeid": "ca-app-pub-3940256099942544/2247696110",
"openappadbetaid": "ca-app-pub-3940256099942544/3419835294",
"privacypolicy": "https://sites.google.com/view/keboardforiphon13/home",
"rewardid": "ca-app-pub-3940256099942544/5224354917"
},
"com_iphoneforoscamera_icameraforiphone14": {
"admobappid": "",
"appstatus": "1",
"bannerid": "",
"commanadstatus": "2",
"commancounter": "50",
"dialogadsstatus": "1",
"intertialid": "",
"nativeid": "",
"openappadbetaid": "",
"privacypolicy": "https://iphonewidget01.blogspot.com/",
"rewardid": ""
},
"com_iphoneforoscamera_icameraforiphone14_1_4_5": {
"admobappid": "",
"appstatus": "1",
"bannerid": "ca-app-pub-2956543958840718/6145382819",
"commanadstatus": "1",
"commancounter": "60",
"dialogadsstatus": "1",
"intertialid": "ca-app-pub-2956543958840718/4692700342",
"nativeid": "ca-app-pub-2956543958840718/2084415540",
"openappadbetaid": "ca-app-pub-2956543958840718/3519219475",
"privacypolicy": "https://iphonewidget01.blogspot.com/",
"rewardid": ""
},
"com_livescore_livecrickettvwatchmatches": {
"admobadstatus": "2",
"admobappid": "ca-app-pub-7055351390443714~6612494594",
"appstatus": "1",
"backad": "2",
"bannerid": "ca-app-pub-3940256099942544/6300978111",
"commanadstatus": "2",
"commancounter": "30",
"dialogadsstatus": "1",
"intertialid": "ca-app-pub-3940256099942544/1033173712",
"metaadappid": "",
"metaadcounter": "30",
"metaadstatus": "2",
"metabannerid": "3419802131631954_3419803994965101",
"metaintertialid": "3419802131631954_3419804188298415",
"metanativebannerid": "YOUR_PLACEMENT_ID",
"metanativeid": "3419802131631954_3419804621631705",
"metarewardid": "YOUR_PLACEMENT_ID",
"nativeid": "ca-app-pub-3940256099942544/2247696110",
"openappadbetaid": "ca-app-pub-3940256099942544/3419835294",
"privacypolicy": "https://livecrikettv123.blogspot.com/",
"qurekagame": "https://198.game.qureka.com/",
"qurekapredchap": "https://198.game.predchamp.com/",
"qurekastatus": "2",
"rewardid": "ca-app-pub-3940256099942544/5224354917",
"yetme": "https://www.atmegame.com/"
},
"com_themekeyboard_keyboardforiphone14promax": {
"admobappid": "ca-app-pub-7055351390443714~6612494594",
"appstatus": "1",
"bannerid": "ca-app-pub-3940256099942544/6300978111",
"commanadstatus": "2",
"commancounter": "30",
"dialogadsstatus": "1",
"intertialid": "ca-app-pub-3940256099942544/1033173712",
"nativeid": "ca-app-pub-3940256099942544/2247696110",
"openappadbetaid": "ca-app-pub-3940256099942544/3419835294",
"privacypolicy": "https://sites.google.com/view/keboardforiphon13/home",
"rewardid": "ca-app-pub-3940256099942544/5224354917"
}
}
中危安全漏洞 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危安全漏洞 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/cameraforiphone/cameraforiphonefirst/CameraForBlur/CameraBlur/CameraBlurShapeBlurActivity.java, line(s) 393,783,791 com/cameraforiphone/cameraforiphonefirst/CameraForBlur/CameraBlurMyCreationActivity.java, line(s) 29,31 com/cameraforiphone/cameraforiphonefirst/CameraForBlur/CameraBlurbluMainActivity.java, line(s) 149,623,627,630 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/CameraActivity.java, line(s) 205,320,210,322,663,669,676,817,983,990,1720,1726,1733 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/EditImageActivity.java, line(s) 609,613 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/GalleryappActivity.java, line(s) 269,569 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/SelectImageListActivity.java, line(s) 57 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/filter/CameraEngine.java, line(s) 162,162 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/filter/helper/FilterResourceHelper.java, line(s) 20,20 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/utils/StorageHelper.java, line(s) 173 s8/hj.java, line(s) 30 s8/pi.java, line(s) 12 s8/zf.java, line(s) 62
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: a8/e0.java, line(s) 4,5,118 a8/w.java, line(s) 5,20 a8/y.java, line(s) 5,6,84,116,162,183,203,389 a9/c0.java, line(s) 6,709,718 a9/l.java, line(s) 5,6,69,571,878 a9/n.java, line(s) 4,5,15 p1/e.java, line(s) 5,187,204,220 s8/kx0.java, line(s) 5,6,68,73,78 s8/mw0.java, line(s) 5,6,15,16,28,29,34,35 z7/j.java, line(s) 5,32
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: a9/y7.java, line(s) 41 jd/k.java, line(s) 4 jd/o.java, line(s) 4 jd/s.java, line(s) 4 lb/b.java, line(s) 3 nf/a.java, line(s) 3 nf/b.java, line(s) 3 of/a.java, line(s) 3 s8/jb2.java, line(s) 12 s8/ka2.java, line(s) 20 s8/sc2.java, line(s) 5 s8/tc2.java, line(s) 29 s8/yh2.java, line(s) 4 s8/za.java, line(s) 9 vb/j.java, line(s) 9 x8/m1.java, line(s) 14
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: m3/p.java, line(s) 91
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: hc/b.java, line(s) 44 pb/i.java, line(s) 88 ya/g.java, line(s) 157
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: a9/y7.java, line(s) 155 s8/he.java, line(s) 20 s8/na.java, line(s) 10
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: hc/c.java, line(s) 50 j1/c.java, line(s) 98 p1/i.java, line(s) 52
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: s8/k70.java, line(s) 200,161
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个3隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "ca-app-pub-3940256099942544~3347511713" "firebase_database_url" : "https://camera-app-3f4e6-default-rtdb.firebaseio.com" "google_api_key" : "AIzaSyDGapr-ItjmgAuCg4-qrCIjV3nSJo_qhHw" "google_app_id" : "1:576123520280:android:57446537b4ef16f50e4a6d" "google_crash_reporting_api_key" : "AIzaSyDGapr-ItjmgAuCg4-qrCIjV3nSJo_qhHw" pzDMLx6PDOtUoiq4sHYJQM6a/7OSGXuSt3rWDXG0BK02rgL9BLEjiNa6eKy3zt3D HoawD5bopn0ma7odT68Aadbw04A5xMOxr41zcgTyqd8= P15x9IMUDXyyNpUGLmOqAZQoNBvbyJrmT9y8WtTTpOumBqbGOWGo0g3udSuM87xK XDZeV64PENx+9tx6tUBxGqpVXuPWj1qf1leYJ9jGf1Q= igtIy1RPdtSwwFM0MzyB8nIIZ5v2CDGgVI3q8yVZqtR6IDXyW0WRS0Qe3gwz+vAY mRDnAxmcvCyIBH5WNtliGg9hBFiZxBdTgSZroxtaIc7MFEUgKYH4Tzf+3NcKVcmn 8BESx6lpu/rT8vpssHW7TVG8DbeYQulEHs4g7WxmlH0= 19q79G2Hoay9HG8W07mTTjUi2VQ2m7mmzg4dFY+yKc8= 470fa2b4ae81cd56ecbcda9735803434cec591fa vRn7geI+WCeFJoZ7qQQ1ZFwlsU3+f9F9Kf66GT9NZts= rdAhvKU2UpL3pac61l5593jAaYZYClyk7m7X/gWtAl4= lGLGd1/lOSwZNvJFVMee07xTqqB6gC2uy3r930yIvSk= zOES1C/X3KjGUl735PWTCIIeaiX8ogaBw1coqgLpdTjY6Symxbx5mbEMtlABs9zo uJP+jOkstXYybMCjk2UNbhttr8UNt74vp0QYS1O6gudZhXLs5QWRNg4TXtm9Zlmd 8K8iphpsbuNlHSV9RO0kHH/W0Vms8FEDcMVNLCvzWGo= c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66 1vYYgGa1kSZn3v+ZOQuFaiTzDZd9yTFr5T4txRDl4On2u8cPqYe1RveVsleWcOe5 frdByYsbmru5qm4CvqXIK0tqT/G3yjsT+PIiwI69Mdg= mI62XAU6hkSJHBt5knDDlPT1Fqr4dlfaZ+n4XjM0AiKKuoUuq7VAlzpsb6e8DhEf O5il9ZZjBEgIiHjallNs+C68w5c7XQAr0WIqU8TcTvI= 6864797660130609714981900799081393217269435300143305409394463459185543183397655394245057746333217197532963996371363321113864768612440380340372808892707005449 2PenHGVoRtCO3QQhfYSZVJz6AfJrwJ5fA2DWAmwbKY4= ML9A2VCkghGr4j9IIk2plgQeFzpoPp+ogmQdRJzLv80= 0QJdUleGFbUoMNzD5fazqxL5C8zhAUBMAOlt+v3NY80= z+xFAlC1JJ/Cxy2NWKsDbM4NUy8C7neyeQZVK5Q+YiU= 4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5 aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7 5jsrpffMyqRCbSKE996yDJ4IoI5qc646KRWjOLMSbw18UnvhA6jyNpaXxK5q8Rhj CRusF084WLXlYQUHrYrs2r/R+2VKdiClv0NdEd7QrkclQLbsoBgPD6jF9jLeUeO0 308204433082032ba003020102020900c2e08746644a308d300d06092a864886f70d01010405003074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964301e170d3038303832313233313333345a170d3336303130373233313333345a3074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f696430820120300d06092a864886f70d01010105000382010d00308201080282010100ab562e00d83ba208ae0a966f124e29da11f2ab56d08f58e2cca91303e9b754d372f640a71b1dcb130967624e4656a7776a92193db2e5bfb724a91e77188b0e6a47a43b33d9609b77183145ccdf7b2e586674c9e1565b1f4c6a5955bff251a63dabf9c55c27222252e875e4f8154a645f897168c0b1bfc612eabf785769bb34aa7984dc7e2ea2764cae8307d8c17154d7ee5f64a51a44a602c249054157dc02cd5f5c0e55fbef8519fbe327f0b1511692c5a06f19d18385f5c4dbc2d6b93f68cc2979c70e18ab93866b3bd5db8999552a0e3b4c99df58fb918bedc182ba35e003c1b4b10dd244a8ee24fffd333872ab5221985edab0fc0d0b145b6aa192858e79020103a381d93081d6301d0603551d0e04160414c77d8cc2211756259a7fd382df6be398e4d786a53081a60603551d2304819e30819b8014c77d8cc2211756259a7fd382df6be398e4d786a5a178a4763074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964820900c2e08746644a308d300c0603551d13040530030101ff300d06092a864886f70d010104050003820101006dd252ceef85302c360aaace939bcff2cca904bb5d7a1661f8ae46b2994204d0ff4a68c7ed1a531ec4595a623ce60763b167297a7ae35712c407f208f0cb109429124d7b106219c084ca3eb3f9ad5fb871ef92269a8be28bf16d44c8d9a08e6cb2f005bb3fe2cb96447e868e731076ad45b33f6009ea19c161e62641aa99271dfd5228c5c587875ddb7f452758d661f6cc0cccb7352e424cc4365c523532f7325137593c4ae341f4db41edda0d0b1071a7c440f0fe9ea01cb627ca674369d084bd2fd911ff06cdbf2cfa10dc0f893ae35762919048c7efc64c7144178342f70581c9de573af55b390dd7fdb9418631895d5f759f30112687ff621410c069308a b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef 5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b c103703e120ae8cc73c9248622f3cd1e yYeL9qjPbrcPTY9ceVqgR0oHzmGoUGEuRTuU4UpOsMR57oewRJ2iJf5VjUsh44nU MaUcTJIBoiQLf4TPTc+cdEQ3B4zNVbaqm6xMenhmW9I= 39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643 Cm9abA75+yJPlHfzXp8tIbRygnDIUgXcqbjtuqZQZF0= 115792089210356248762697446949407573530086143415290314195533631308867097853951 051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00 hxygDHcsiGHhJW67le8OZpQ9Ae4yI4lOwJgTFo0BE4w= ZBu/zDVJcH0s7e1wI2CAP7CbHihYO+AvFuVQbZgL9s8= 9xUiBAiiy8Ja1KXne+aVhWFydz8zlt4gmIBXdZB7YyQ= YqTS1o+C7XbcWZ1ePdCg6lS0vIYMM7HzMu7AOHCWvWhuNgyk3szL95200diFQtk9 mdZYlvc02sSKOzn2zFon1K3MqwwFkSMjVA38SM16TyQ= uz1YArq5cHS8AYJUDc1zzIdIMbHyJKwb7tfYne2XDSTiUe1d6tP4aZb4XhmiO5Pa p7ASQw11uHfpr3F0dNO7FI4pxn6scCXfF77Ws5Wp6CJNKFLlAI1vk4wHUcU9a/Df 1j4REQrMq1PMMKcExjoDOWyg20MvDt1CpdYWmGJKkBHqeSdI3MLMTN450gavv1ax 3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f aYvhO7fsfNuvtwtNl2cSMeLS1U8tG39sTRl6fHheAX4= 6zId8d9NaX80sl0M8SJ9SnojSxUu8C5CZiLILGnPeUQ= 115792089210356248762697446949407573529996955224135760342422259061068512044369 dZ3ekQklptUO4wjXusxNysBk36QSHrO3zT4NNGUJMrPigBQpDB/jC+2sgZfguxZo 308204a830820390a003020102020900d585b86c7dd34ef5300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233333635365a170d3335303930313233333635365a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100d6ce2e080abfe2314dd18db3cfd3185cb43d33fa0c74e1bdb6d1db8913f62c5c39df56f846813d65bec0f3ca426b07c5a8ed5a3990c167e76bc999b927894b8f0b22001994a92915e572c56d2a301ba36fc5fc113ad6cb9e7435a16d23ab7dfaeee165e4df1f0a8dbda70a869d516c4e9d051196ca7c0c557f175bc375f948c56aae86089ba44f8aa6a4dd9a7dbf2c0a352282ad06b8cc185eb15579eef86d080b1d6189c0f9af98b1c2ebd107ea45abdb68a3c7838a5e5488c76c53d40b121de7bbd30e620c188ae1aa61dbbc87dd3c645f2f55f3d4c375ec4070a93f7151d83670c16a971abe5ef2d11890e1b8aef3298cf066bf9e6ce144ac9ae86d1c1b0f020103a381fc3081f9301d0603551d0e041604148d1cc5be954c433c61863a15b04cbc03f24fe0b23081c90603551d230481c13081be80148d1cc5be954c433c61863a15b04cbc03f24fe0b2a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900d585b86c7dd34ef5300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010019d30cf105fb78923f4c0d7dd223233d40967acfce00081d5bd7c6e9d6ed206b0e11209506416ca244939913d26b4aa0e0f524cad2bb5c6e4ca1016a15916ea1ec5dc95a5e3a010036f49248d5109bbf2e1e618186673a3be56daf0b77b1c229e3c255e3e84c905d2387efba09cbf13b202b4e5a22c93263484a23d2fc29fa9f1939759733afd8aa160f4296c2d0163e8182859c6643e9c1962fa0c18333335bc090ff9a6b22ded1ad444229a539a94eefadabd065ced24b3e51e5dd7b66787bef12fe97fba484c423fb4ff8cc494c02f0f5051612ff6529393e8e46eac5bb21f277c151aa5f2aa627d1e89da70ab6033569de3b9897bfff7ca9da3e1243f60b 8/+tyWwCNq6PB0rUMhC29myQhViveTsZErWXCGX5t00= q1ESzGxy3mMibo5bvVHy9HD4wURWKxH/5T27mG6V0M4= 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319 11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650 5go+5dJzPwtL428hPcvMvoz2IsnUZf/hKfz19p3YdYFOxVa6hNCHvBHHDAKylvFa bmivrcLZaHzijOhh62Orf3BoYYHHdZV06MDdRRTWkIM= 6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296 hsHYBstzTMhc90xao/PTJuPT724yCZ6q03cV54fb+14= 6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057151 n4163G8iyqIKefOY/uIEeKjctFj1OQ1ggOIXf5yF8QdKTrTHzFKlCjSxQhxSHW08
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a/c.java, line(s) 27,36,41,49 a/d.java, line(s) 716 a2/i.java, line(s) 21,23,32,34,43,45,54,56 a9/p3.java, line(s) 213,237 a9/y7.java, line(s) 465 aa/f.java, line(s) 302 b2/a.java, line(s) 26,32,38 b4/b.java, line(s) 42,41,141 c4/i.java, line(s) 435,21,367,377 com/cameraforiphone/cameraforiphonefirst/CameraForBlur/CameraBlur/CameraBlurShapeBlurActivity.java, line(s) 185,387 com/cameraforiphone/cameraforiphonefirst/CameraForBlur/CameraBlurbluMainActivity.java, line(s) 282,484 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/CameraActivity.java, line(s) 574,349,356,1056,1928 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/EditImageActivity.java, line(s) 171,208,373,406,436,467,495,577,694,134,212,288,585,624,625,633,696 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/GPSTracker.java, line(s) 60,76,49,51 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/GalleryappActivity.java, line(s) 753,264,319 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/b.java, line(s) 61 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/filter/CameraEngine.java, line(s) 76,211,242,274,277,342 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/filter/base/FilterGroup.java, line(s) 99,154,180 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/filter/codec/EGLBase.java, line(s) 114,123,134,135,146,147,220,183,229,241 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/filter/codec/MediaAudioEncoder.java, line(s) 52,84,115,132 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/filter/codec/MediaEncoder.java, line(s) 102,134,143,198,252,273,202,212,222,152,72,75,278,287,61,95 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/filter/codec/MediaMuxerWrapper.java, line(s) 53,77,85,102,109 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/filter/codec/MediaVideoEncoder.java, line(s) 112,178,73,128,151,28,36,41,53,95,122,133,139,145,158,83 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/filter/encoder/MediaCodecUtils.java, line(s) 31,54,47,71 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/filter/glessential/CameraView.java, line(s) 110,122 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/filter/glessential/GLRender.java, line(s) 88,106 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/filter/helper/FilterResourceHelper.java, line(s) 30,69 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/filter/imgeditor/gl/GLWrapper.java, line(s) 68 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/filter/removeit/PixelBuffer.java, line(s) 144,151,99,114,116 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/filter/util/FakeThreadUtils.java, line(s) 40 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/filter/util/FileUtils.java, line(s) 29,60,123 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/filter/util/GLUtils.java, line(s) 14,15,16 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/filter/util/Logger.java, line(s) 17,26,31,40,46,79 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/filter/util/ShaderUtils.java, line(s) 19,39,40,82,83 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/filter/util/TextureUtils.java, line(s) 33,37,77 com/cameraforiphone/cameraforiphonefirst/CameraForPhone/utils/StorageHelper.java, line(s) 130,180,194 com/cameraforiphone/cameraforiphonefirst/CameraForPip/MyFragment.java, line(s) 105,320 com/cameraforiphone/cameraforiphonefirst/CameraForPip/ScaleGestureDetector.java, line(s) 105 com/cameraforiphone/cameraforiphonefirst/adsclasses/AppOpenManager.java, line(s) 125,137,141 com/cameraforiphone/cameraforiphonefirst/adsclasses/GoogleAdsClasses.java, line(s) 252,334,67 com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java, line(s) 410,565,598,649,690,1075,1215,1234,1262,1537,1567,417,421,550,554,658,1152,296,805,810,821,830 com/yalantis/ucrop/UCropActivity.java, line(s) 166 d0/g.java, line(s) 31 d0/l.java, line(s) 43 d4/i.java, line(s) 46,92,93,47 d6/c.java, line(s) 65,64 db/c.java, line(s) 124 db/d.java, line(s) 63,94,68,62,93 e1/a.java, line(s) 345,972,1081,1091,1100,1106,1137,1223,1266,1368,1437,1501,1585,1621,1704,1767,1949,2041,2062,2124,2137,2195,2266,855,110,995,1385,1664,1677,1923 eb/c.java, line(s) 67,112,66,111 f0/k.java, line(s) 23 f7/j.java, line(s) 321 f7/u.java, line(s) 74 f9/g.java, line(s) 47 fb/b.java, line(s) 63,57,58,72,73 fb/d.java, line(s) 46,54,81,45,49,62,50,63 fb/e.java, line(s) 78,96,71,75,58,64,77,95,59,65 fc/c.java, line(s) 133,287 fe/b.java, line(s) 70,132,212,218,227,234,250 g/i.java, line(s) 762,764,767,1267,1390,1393 g/q.java, line(s) 29,43,55 g/t.java, line(s) 37 g0/d.java, line(s) 49,54 g0/e.java, line(s) 40 g0/f.java, line(s) 58 g0/g.java, line(s) 46 g0/h.java, line(s) 60,227 g0/l.java, line(s) 89 g3/b.java, line(s) 17 h/a.java, line(s) 55 h0/a.java, line(s) 135,144,161,171 h0/e.java, line(s) 45,68 h4/a.java, line(s) 49,52 h8/c0.java, line(s) 36,39,60 h8/e.java, line(s) 74,114,121 h8/f.java, line(s) 30 h8/i.java, line(s) 48 h8/j.java, line(s) 33,48 h8/l.java, line(s) 29 h8/t.java, line(s) 39 h8/x.java, line(s) 55,59 hc/b.java, line(s) 37,48 he/c.java, line(s) 89,154,160,228 i3/a.java, line(s) 313 i4/b.java, line(s) 873,727 i4/g.java, line(s) 413,638,501 i4/i.java, line(s) 1212,1243,1269,1487,1274 ib/h.java, line(s) 23,24,25 ic/c.java, line(s) 76,81 j1/a.java, line(s) 146,230,48,67,81,85,95,127,139,153,73,89,99,135,175 j1/c.java, line(s) 55,66,68,101,122,198,245,249,269,291,92,238,253,279,295,308 j3/d.java, line(s) 174,201,171,200 j3/e.java, line(s) 139,159,176,138,158,175 j8/d.java, line(s) 214,374 j8/k0.java, line(s) 95,107 j8/m0.java, line(s) 75,79 j8/w.java, line(s) 207,296 j8/y.java, line(s) 42 ja/e.java, line(s) 71,202,218,131 k/f.java, line(s) 152,186,198,208,366 k0/i.java, line(s) 33 k7/r.java, line(s) 771,766,777,783 k8/a1.java, line(s) 44 k8/b.java, line(s) 214,243,448,452,456,462 k8/e.java, line(s) 65 k8/h0.java, line(s) 28 k8/o0.java, line(s) 99,106 k8/s0.java, line(s) 46 k8/u.java, line(s) 80,83,109,112,115,154,162 k8/x.java, line(s) 16 k8/y0.java, line(s) 43,48 l3/a.java, line(s) 101,100 lc/n.java, line(s) 59 m3/i.java, line(s) 485,305,339,484,455 m3/j.java, line(s) 134,135 m3/l.java, line(s) 20,167 m3/q.java, line(s) 144 m3/z.java, line(s) 48,111,47,101,110,102 n3/h.java, line(s) 157,194,161,199 n3/i.java, line(s) 59,63,74,175,219,58,62,73,122,130,140,170,187,206,218,123,131,160,192,207 n8/a.java, line(s) 71,82 nc/c.java, line(s) 113 o0/a0.java, line(s) 40,51 o0/b.java, line(s) 49 o0/j0.java, line(s) 276,295,83,95,102,111,51,265 o0/m.java, line(s) 31,44,83,155,198,216,239 o0/y.java, line(s) 1090,1033,1089,445 o3/e.java, line(s) 50,82,94,104,51,95,83,107 o3/j.java, line(s) 94,79 o8/d.java, line(s) 14 o8/k.java, line(s) 35,34,28 p1/e.java, line(s) 181,262 p1/f.java, line(s) 92 p1/i.java, line(s) 145,148,153 p3/a.java, line(s) 107,106 pb/i.java, line(s) 33 q3/c.java, line(s) 44,43 q3/e.java, line(s) 101,100 q3/r.java, line(s) 85,86 q3/s.java, line(s) 40,79,39 qb/a.java, line(s) 231 qd/h.java, line(s) 65 r0/b.java, line(s) 72,91,90,45 r7/b.java, line(s) 146,145,150 r8/b.java, line(s) 36,100 s0/c.java, line(s) 51,60 s0/h.java, line(s) 55,64 s0/j.java, line(s) 18,17 s1/c.java, line(s) 23,27 s3/a.java, line(s) 75,86 s8/aw1.java, line(s) 33 s8/c30.java, line(s) 20,28,30,39,46,54,56,65,72,80,82,127,92,100,102,111 s8/cb.java, line(s) 173 s8/cd.java, line(s) 115,126,132 s8/cg1.java, line(s) 64,75,98 s8/d01.java, line(s) 13,19,29,35 s8/e7.java, line(s) 57 s8/e8.java, line(s) 21 s8/fi1.java, line(s) 30,39,48 s8/hj1.java, line(s) 22,31,38,30,37,44,45 s8/ij.java, line(s) 103 s8/ja0.java, line(s) 46,58,45,63,64 s8/k82.java, line(s) 21 s8/ka.java, line(s) 21 s8/kg1.java, line(s) 37 s8/m80.java, line(s) 126,136 s8/qs.java, line(s) 205,231 s8/s40.java, line(s) 78,132,133 s8/tb.java, line(s) 165,347,251,252,253 s8/tf1.java, line(s) 50 s8/tj1.java, line(s) 27,28 s8/vh1.java, line(s) 37,34 s8/w7.java, line(s) 13,17,8,22 s8/xf1.java, line(s) 110,115 s8/za.java, line(s) 80 sa/k.java, line(s) 69 t1/c.java, line(s) 59 t3/c.java, line(s) 19,29 t3/i.java, line(s) 21,26,22,29 t3/j.java, line(s) 187,194,284,294,308,321,342,350,372,404,186,193,283,293,305,320,341,349,367,381,384,387,394,397 t3/m.java, line(s) 52,62,58,68 t3/q.java, line(s) 57,63,69,75,81,88,94,108,117,58,64,70,76,82,89,95,118,109 t3/y.java, line(s) 75,84,91,76,85,92,93,94,98 t4/e.java, line(s) 19 td/b.java, line(s) 84 u/d.java, line(s) 253 u8/f.java, line(s) 49,56 u8/h.java, line(s) 43 u9/e.java, line(s) 256 ua/b.java, line(s) 16,17 ud/c.java, line(s) 32,51,61 uf/g0.java, line(s) 223,222 v0/c.java, line(s) 325 v1/a.java, line(s) 31 va/c.java, line(s) 29,30 wa/c.java, line(s) 37 x1/b.java, line(s) 258 x3/a.java, line(s) 66,130,137,144,74,133,140,147 x3/i.java, line(s) 44,45 x7/a.java, line(s) 11,18,25,10,17,24,39,40,46,47 x8/b5.java, line(s) 24 x8/c5.java, line(s) 21 x8/e5.java, line(s) 24 x8/m1.java, line(s) 218,224 x8/m4.java, line(s) 88 x8/p1.java, line(s) 58 x8/t4.java, line(s) 39 x8/w4.java, line(s) 40,33 x9/d.java, line(s) 118,154 xa/c.java, line(s) 9,8 xc/c.java, line(s) 33,26,22,28 y/d.java, line(s) 503,117,418 y9/b.java, line(s) 21 ya/a0.java, line(s) 105,55,110,81,104,82,51,100 ya/b0.java, line(s) 20,21 ya/e0.java, line(s) 42,31,35,41 ya/f0.java, line(s) 44,43 ya/g.java, line(s) 76,161 ya/h0.java, line(s) 30,38,44,29,37,43 ya/j.java, line(s) 27 ya/j0.java, line(s) 51,52,62 ya/k.java, line(s) 26,25,54 ya/m0.java, line(s) 134,74,133,75,98 ya/o.java, line(s) 20,25,27,19 ya/p.java, line(s) 23 ya/q.java, line(s) 46,54,55 ya/r.java, line(s) 20 ya/s.java, line(s) 26,25,39,40 ya/t.java, line(s) 109,241,261,286,388,333,363,108,129,240,260,285,323,328,365,378,387,130,324,329,379,282,294,312,320,368 z/a.java, line(s) 155,158,159,164,168 z/b.java, line(s) 113 z/d.java, line(s) 97,98 z2/i.java, line(s) 82 z3/k.java, line(s) 67,68 z3/o.java, line(s) 142,109,139,168,182,110,171,183 z3/q.java, line(s) 72,79,73,80 z8/a.java, line(s) 30,41 za/b.java, line(s) 40,71 za/e.java, line(s) 105,132,46,104,131,67,111,161,194 za/g.java, line(s) 70,85 zc/d.java, line(s) 494
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: s8/tj1.java, line(s) 43 ya/g.java, line(s) 148,148,149
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: eg/s.java, line(s) 140,139,148,138,138
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/576123520280/namespaces/firebase:fetch?key=AIzaSyDGapr-ItjmgAuCg4-qrCIjV3nSJo_qhHw ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (pagead2.googlesyndication.com) 通信。
{'ip': '220.181.174.102', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (app-measurement.com) 通信。
{'ip': '220.181.174.97', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}