移动应用安全检测报告:
安全基线评分
安全基线评分 43/100
综合风险等级
风险等级评定
- A
- B
- C
- F
漏洞与安全项分布(%)
隐私风险
6
检测到的第三方跟踪器数量
检测结果分布
高危安全漏洞
8
中危安全漏洞
31
安全提示信息
1
已通过安全项
2
重点安全关注
0
高危安全漏洞 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危安全漏洞 基本配置配置为信任用户安装的证书。
Scope: *
高危安全漏洞 程序可被任意调试
[android:debuggable=true] 应用可调试标签被开启,这使得逆向工程师更容易将调试器挂接到应用程序上。这允许导出堆栈跟踪和访问调试助手类。
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/onesignal/inAppMessages/internal/display/impl/i.java, line(s) 491,7
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/startapp/sdk/ads/splash/SplashHtml.java, line(s) 90,7,8 com/startapp/sdk/ads/splash/g.java, line(s) 107,8 com/startapp/wb.java, line(s) 457,24
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: Z2/a.java, line(s) 36
高危安全漏洞 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: com/startapp/networkTest/net/WebApiClient.java, line(s) 70,16,17,18,19
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个6隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 基本配置配置为信任系统证书。
Scope: *
中危安全漏洞 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危安全漏洞 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危安全漏洞 Activity (dev.google.yacinetv.tvui.splash.SplashActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (dev.google.ytvclib.ui.main.PlayerActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (com.onesignal.notifications.receivers.FCMBroadcastReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Activity (com.onesignal.notifications.activities.NotificationOpenedActivityHMS) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (com.onesignal.notifications.receivers.NotificationDismissReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (com.onesignal.notifications.receivers.BootUpReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (com.onesignal.notifications.receivers.UpgradeReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.onesignal.notifications.activities.NotificationOpenedActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.onesignal.notifications.activities.NotificationOpenedActivityAndroid22AndOlder) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Broadcast Receiver (com.startapp.sdk.adsbase.remoteconfig.BootCompleteListener) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 高优先级的Intent (999) - {1} 个命中
[android:priority] 通过设置一个比另一个Intent更高的优先级,应用程序有效地覆盖了其他请求。
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: N5/C0563x.java, line(s) 74 P1/C3823Y.java, line(s) 173 P1/C3912Y.java, line(s) 179 P1/I0.java, line(s) 233 e4/C3414a.java, line(s) 24 e4/C3477a.java, line(s) 24 j5/b.java, line(s) 51
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: G1/g.java, line(s) 53 I1/e.java, line(s) 37 I1/p.java, line(s) 89 I1/w.java, line(s) 81 K1/C3611d.java, line(s) 32 K1/C3688d.java, line(s) 32 T7/C4142e.java, line(s) 22 T7/C4251e.java, line(s) 22 com/onesignal/inAppMessages/internal/display/impl/i.java, line(s) 28,29,30,23 com/onesignal/inAppMessages/internal/prompt/impl/b.java, line(s) 26 com/onesignal/notifications/bridges/a.java, line(s) 21,22 com/onesignal/notifications/internal/c.java, line(s) 513 com/onesignal/notifications/receivers/FCMBroadcastReceiver.java, line(s) 16 com/startapp/networkTest/startapp/NetworkTester.java, line(s) 20,22,21 q7/C3926a.java, line(s) 19 q7/C4017a.java, line(s) 19
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: P1/Q0.java, line(s) 747,738 com/startapp/g5.java, line(s) 390,383 com/startapp/sdk/ads/banner/bannerstandard/BannerStandard.java, line(s) 876,674 com/startapp/sdk/ads/splash/SplashHtml.java, line(s) 85,81
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: B3/C0396p.java, line(s) 8 B3/C0437p.java, line(s) 8 E/e.java, line(s) 59 G/AbstractC3440d.java, line(s) 9 G/AbstractC3505d.java, line(s) 9 I0/g.java, line(s) 10 M9/AbstractC0076a.java, line(s) 3 M9/AbstractC3801a.java, line(s) 3 M9/C0077b.java, line(s) 4 M9/C3802b.java, line(s) 4 Q5/n.java, line(s) 3 Q5/o.java, line(s) 14 R3/h.java, line(s) 11 U2/F.java, line(s) 4 com/onesignal/common/AndroidUtils.java, line(s) 21 com/startapp/b4.java, line(s) 4 com/startapp/d2.java, line(s) 27 com/startapp/k0.java, line(s) 21 com/startapp/sdk/ads/banner/BannerBase.java, line(s) 30 com/startapp/sdk/adsbase/cache/d.java, line(s) 22 com/startapp/sdk/adsbase/cache/h.java, line(s) 29 n9/C0079a.java, line(s) 4 n9/C3819a.java, line(s) 4 r4/t2.java, line(s) 41
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: H/a.java, line(s) 4,59 P1/C3840h0.java, line(s) 5,35,99 P1/C3929h0.java, line(s) 5,35,99 P1/H0.java, line(s) 6,109 P1/RunnableC3931i0.java, line(s) 5,53 a6/c.java, line(s) 8,9,10,11,12,386 com/onesignal/session/internal/outcomes/impl/m.java, line(s) 3,4,11,12,13,14,15,20,28,29,30,31,32,33,34,39,47,48,49,50,51,56,64,65,70 com/startapp/i7.java, line(s) 6,65,66,67 com/startapp/l4.java, line(s) 6,299 o2/r.java, line(s) 5,6,286,334,369,412,447,474,530 o2/t.java, line(s) 3,9,10,11,12,13 o2/u.java, line(s) 3,9,10,11 o2/v.java, line(s) 3,9 o2/w.java, line(s) 3,9,10,11 o2/x.java, line(s) 3,9,10,11,12,13 o2/y.java, line(s) 4,5,49 q0/c.java, line(s) 6,7,8,9,10,84,182 r4/C3994j.java, line(s) 6,7,298,350,979 r4/C4009o.java, line(s) 4,5,15 r4/C4100j.java, line(s) 6,7,740,1057,1130,1181,1222,2238 r4/C4115o.java, line(s) 4,5,15
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: P1/Q0.java, line(s) 744,738 com/startapp/sdk/ads/splash/SplashHtml.java, line(s) 82,81
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: Modder/Hub.java, line(s) 39 P1/z0.java, line(s) 249,255,256 com/startapp/p2.java, line(s) 214,353 com/startapp/v2.java, line(s) 98
中危安全漏洞 IP地址泄露
IP地址泄露 Files: W9/e.java, line(s) 291,292,373 aa/a.java, line(s) 102 com/startapp/d2.java, line(s) 255 com/startapp/v2.java, line(s) 76
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/startapp/p8.java, line(s) 5,5,5,5,5,5 com/startapp/q8.java, line(s) 63,63,63,63,63
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: B3/C0396p.java, line(s) 35 B3/C0437p.java, line(s) 35 Z1/C4506d.java, line(s) 29 com/startapp/sdk/ads/video/e.java, line(s) 57 r4/t2.java, line(s) 255
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: j5/c.java, line(s) 91 x0/c.java, line(s) 95
中危安全漏洞 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/692330584196/namespaces/firebase:fetch?key=AIzaSyDRKL14PPiXzk7qNUNLgV2IsjasxNpWLeU ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"defaults": "a502.variety-buy.store",
"tv_defaults": "tv.variety-buy.store"
},
"state": "UPDATE",
"templateVersion": "46"
}
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "@string/admob_app_id" "google_app_id" : "1:692330584196:android:68ea9f0c920aa17904cad1" "yt_base64_key" : "YT_BASE64_KEY" "admob_app_id" : "Remove-Fucking-Ads-v3.5-3940256099942544~3347511713" "google_crash_reporting_api_key" : "AIzaSyDRKL14PPiXzk7qNUNLgV2IsjasxNpWLeU" "frc_key" : "defaults" "google_api_key" : "AIzaSyDRKL14PPiXzk7qNUNLgV2IsjasxNpWLeU" B3EEABB8EE11C2BE770B684D95219ECB 7bf3a1e7bbd31e612eda3310c2cdb8075c43c6b5 bb2cf0647ba654d7228dd3f9405bbc6a 3b7d79b3-3c74-47ff-b5a6-b7a0114061de edef8ba9-79d6-4ace-a3c8-27dcd51d21ed 3A757365722F72656C656173652D6B657973 com/Vo9wbFH89BbDbWFhUezQZOGPKmfkJSAtIbVWk3QxPbvJwcR8I79EVuI0aB41a 026ae9c9824b3e483fa6c71fa88f57ae27816141 c682b8144a8dd52bc1ad63 2F73797374656D2F6C69622F6C69627265666572656E63652D72696C2E736F ffd699de-6f10-406f-9a38-5f36221be999
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: A0/b.java, line(s) 183,205,261,296 A0/f.java, line(s) 24,25 A0/i.java, line(s) 64,74,102,65,75,103 A3/C0671h.java, line(s) 426 A4/AbstractC0626b.java, line(s) 221,249,319,325,331,340 A4/AbstractC0677b.java, line(s) 229,257,327,333,339,348 A4/AbstractDialogInterfaceOnClickListenerC0644u.java, line(s) 17 A4/AbstractDialogInterfaceOnClickListenerC0695u.java, line(s) 17 A4/C0629e.java, line(s) 78 A4/C0642s.java, line(s) 79,82,85,88,91,94,102,105,108,111,151,156 A4/C0648y.java, line(s) 42,56 A4/C0680e.java, line(s) 78 A4/C0693s.java, line(s) 80,83,86,89,92,95,103,106,109,112,152,157 A4/C0699y.java, line(s) 42,56 A4/T.java, line(s) 42,57 A4/Z.java, line(s) 40,45 A4/b0.java, line(s) 47 B/e.java, line(s) 722,152,633 B3/RunnableC0368d1.java, line(s) 67,86,90 B3/RunnableC0374f1.java, line(s) 105 B3/RunnableC0409d1.java, line(s) 67,86,90 B3/RunnableC0415f1.java, line(s) 106 B3/V0.java, line(s) 41,48,55 C/a.java, line(s) 105 C1/RunnableC0730B.java, line(s) 43 C1/RunnableC0788B.java, line(s) 43 C1/d.java, line(s) 411,433 C1/f.java, line(s) 20,30 D2/C3374a.java, line(s) 48,49 D2/C3433a.java, line(s) 48,49 D3/z.java, line(s) 91,104,128,131,161,177,187,219 D4/C3390a.java, line(s) 76,95 D4/C3449a.java, line(s) 76,95 E1/b.java, line(s) 316 E3/C0437i0.java, line(s) 12,20,22,31 E3/C0484i0.java, line(s) 12,20,22,31 E3/C3410a.java, line(s) 282 E3/C3412c.java, line(s) 389,356,341,409,554,559 E3/C3473a.java, line(s) 288 E3/C3475c.java, line(s) 409,376,361,429,574,579 E3/N.java, line(s) 110,118 E3/RunnableC0477f.java, line(s) 77 E5/d.java, line(s) 57 F1/d.java, line(s) 182,209,179,208 F2/C3488b.java, line(s) 258,311,312,409,410,259 F2/b.java, line(s) 92 F2/e.java, line(s) 287 F2/f.java, line(s) 18,25,55,65,77,87 F2/h.java, line(s) 86 F3/l.java, line(s) 24,32,34,43,50,58,60,69,76,84,86,130,96,104,106,115 G/C3439c.java, line(s) 57,64 G/C3504c.java, line(s) 57,64 G/F.java, line(s) 30 G/j.java, line(s) 74 G/p.java, line(s) 28 G/u.java, line(s) 35,34 G/z.java, line(s) 143,175,181,205,314,324,346,354,140,174,180,204,313,323,345,353,158,184,218,303 G4/C3468a.java, line(s) 67 G4/C3533a.java, line(s) 68 G5/b.java, line(s) 74 H/a.java, line(s) 54 H1/a.java, line(s) 99,98 H3/i.java, line(s) 666,698,722 H5/AbstractC3504j.java, line(s) 300,208,261 H5/AbstractC3569j.java, line(s) 300,208,261 H5/b.java, line(s) 82 H5/c.java, line(s) 32 H5/g.java, line(s) 177,334 I0/e.java, line(s) 47 I1/i.java, line(s) 521,252,289,520,399 I1/j.java, line(s) 137,138 I1/l.java, line(s) 20,174 I1/q.java, line(s) 140 I1/z.java, line(s) 44,109,43,99,108,100 I3/C3551a.java, line(s) 116,123,127,131 I3/C3553c.java, line(s) 82 I3/C3617a.java, line(s) 506,119,126,130,134,449,462 I3/C3619c.java, line(s) 82 I3/e.java, line(s) 282,86,281,291,270,292 I4/C3623d.java, line(s) 72,95 J0/C3573a.java, line(s) 303,710,716,780,856,933,983,1003,1017,1051,1069,1129,1170,1173,1259,1264,1270,1287,1297,1308,1315,1410,79,759,908,1231,1235,1239,1345,1353 J0/C3648a.java, line(s) 310,730,813,819,883,959,974,994,1001,1165,1359,1409,1429,1443,1477,1495,1555,1596,1599,1633,1653,1671,1682,1711,1725,1733,1738,1790,1796,1808,1824,1829,1836,1919,1924,1930,1947,1957,1968,1975,2070,82,751,862,1334,1891,1895,1899,2005,2013 J1/h.java, line(s) 155,188,156,189 J1/i.java, line(s) 58,70,167,220,57,69,105,111,118,163,179,185,203,215,222,109,126,148,183,204 J2/c.java, line(s) 41 J3/C3652a.java, line(s) 68,71,320 K/j.java, line(s) 49,54 K/k.java, line(s) 33 K/l.java, line(s) 57 K/m.java, line(s) 37 K/n.java, line(s) 56,221 K/s.java, line(s) 75 K1/d.java, line(s) 57,63,101,111,58,102,64,114 K1/i.java, line(s) 92,77 K2/m.java, line(s) 240,258,196 K2/o.java, line(s) 281,672,748 K2/w.java, line(s) 205 K3/C3626c.java, line(s) 409,104,119,138,337,348 K3/C3703c.java, line(s) 1221,115,130,149,254,257,259,270,287,290,292,303,373,376,1149,1160 K3/C3704d.java, line(s) 266 K4/f.java, line(s) 41,47 K4/h.java, line(s) 36 L/a.java, line(s) 113,124,140,150 L/e.java, line(s) 25,59 L0/AbstractC3641B.java, line(s) 1431,1432,1440,1448,372,674,792,938,1026,1036,1050,1070,1102,1147,1170,1189,1202,1228,1300,1454,1463,1538,1546,373,675,793,939,1027,1037,1051,1071,1107,1148,1171,1190,1205,1229,1301,1455,1464,1539,1547,191,307,335 L0/AbstractC3721B.java, line(s) 1507,1508,1516,1524,379,750,868,1014,1102,1112,1126,1146,1178,1223,1246,1265,1278,1304,1376,1530,1539,1614,1622,380,751,869,1015,1103,1113,1127,1147,1183,1224,1247,1266,1281,1305,1377,1531,1540,1615,1623,198,314,342 L0/AnimationAnimationListenerC3661h.java, line(s) 45,58,46,59 L0/AnimationAnimationListenerC3741h.java, line(s) 45,58,46,59 L0/C3644E.java, line(s) 52,88,95,51,70,81,87,94,129,133,71,82,130,136 L0/C3648I.java, line(s) 106,118,220,352,383,421,464,529,578,607,616,645,695,814,842,75,103,117,217,342,349,382,420,449,461,526,575,606,615,642,692,707,794,811,839,76,343,450,716,795 L0/C3649J.java, line(s) 102,113,103,114 L0/C3653N.java, line(s) 15 L0/C3654a.java, line(s) 88,139,149,161,89,140,150,162 L0/C3655b.java, line(s) 135,136 L0/C3658e.java, line(s) 116,224,245,275,280,303,320,336,117,225,246,276,281,304,321,337 L0/C3659f.java, line(s) 45,46 L0/C3724E.java, line(s) 53,89,96,52,71,82,88,95,130,134,72,83,131,137 L0/C3728I.java, line(s) 108,120,222,354,385,423,466,531,580,609,618,663,668,714,792,842,961,989,77,105,119,219,344,351,384,422,451,463,528,577,608,617,647,662,667,713,789,839,854,941,958,986,78,345,452,648,863,942 L0/C3729J.java, line(s) 102,113,103,114 L0/C3733N.java, line(s) 15 L0/C3734a.java, line(s) 88,139,149,161,89,140,150,162 L0/C3735b.java, line(s) 135,136 L0/C3738e.java, line(s) 319,427,448,478,483,506,523,539,320,428,449,479,484,507,524,540 L0/C3739f.java, line(s) 45,46 L0/ComponentCallbacksC3663j.java, line(s) 390,487,527,270,389,486,526,271 L0/ComponentCallbacksC3743j.java, line(s) 398,495,535,278,397,494,534,279 L0/DialogInterfaceOnCancelListenerC3662i.java, line(s) 113,237,239,269,398,442,112,234,268,397,441 L0/DialogInterfaceOnCancelListenerC3742i.java, line(s) 114,240,242,272,401,445,113,237,271,400,444 L0/P.java, line(s) 53,66,197,206,213,222,259,275,285,297,373,381,389,397,424,436,445,476,492,505,54,67,198,207,214,223,260,276,286,298,374,382,390,398,425,437,446,477,498,511 L0/h.java, line(s) 190,259,261 L0/i.java, line(s) 82,86 L0/j.java, line(s) 163 L0/u.java, line(s) 94,107,95,108 L1/a.java, line(s) 101,100 L1/l.java, line(s) 30 L1/n.java, line(s) 42 L3/C3674a.java, line(s) 154,159 L3/C3754a.java, line(s) 154,159 M1/c.java, line(s) 46,45 M1/f.java, line(s) 80,79 M1/v.java, line(s) 71,72 M1/w.java, line(s) 62,67,75,89,63,70,78,92 M1/x.java, line(s) 79,78 M9/d.java, line(s) 39 N5/A.java, line(s) 88,76,104 N5/AbstractServiceC0503j.java, line(s) 69,68 N5/AbstractServiceC0550j.java, line(s) 69,68 N5/C0498e.java, line(s) 24,27 N5/C0507n.java, line(s) 30,79,110,119,98,101,122,128,131,29,78,109 N5/C0508o.java, line(s) 36,50,35,49,29,47 N5/C0514v.java, line(s) 55,82,51 N5/C0517y.java, line(s) 53,27,30,42,52,43 N5/C0518z.java, line(s) 95,104,35,94,79,87,101 N5/C0545e.java, line(s) 24,27 N5/C0547g.java, line(s) 333,756,332,364,401,444,504,558,642,746,857,957,1070,140,161,196,232,246,254,262,322,326,328,454,651,751 N5/C0554n.java, line(s) 30,79,110,119,98,101,122,128,131,29,78,109 N5/C0555o.java, line(s) 36,50,35,49,29,47 N5/C0561v.java, line(s) 55,82,51 N5/C0563x.java, line(s) 88,100,82 N5/C0564y.java, line(s) 53,27,30,42,52,43 N5/C0565z.java, line(s) 265,62,274,42,264,81,120,132,142,152,209,249,257,271 N5/J.java, line(s) 92,40,41 N5/M.java, line(s) 39,49,38,48 N5/N.java, line(s) 35 N5/O.java, line(s) 34,44,80,74,115,33,33,43,43,77,88,91,94 N5/P.java, line(s) 23 N5/T.java, line(s) 69,69 N5/U.java, line(s) 44,57,96,146,43,43,56,56,95,159,172,189,196 N5/W.java, line(s) 26,25 N5/X.java, line(s) 25 N5/Y.java, line(s) 45,62,47,59 N5/Z.java, line(s) 56,60,68,81,98,127,152,106,111,135,55,59,67,80,95,126,151 O/o.java, line(s) 23 O1/h.java, line(s) 76,77 P/C3761B.java, line(s) 62,146,156,256 P/C3770K.java, line(s) 383,192,197,204,304,366 P/C3772M.java, line(s) 125 P/C3773N.java, line(s) 49,64,83,106 P/C3783j.java, line(s) 188 P/C3784k.java, line(s) 188 P/C3796x.java, line(s) 106,135,140,145 P/C3850B.java, line(s) 62,146,156,256 P/C3859K.java, line(s) 388,197,202,209,309,371 P/C3861M.java, line(s) 125 P/C3862N.java, line(s) 54,69,88,111,301 P/C3872j.java, line(s) 188 P/C3873k.java, line(s) 233 P/C3885x.java, line(s) 110,139,144,149,542 P/T.java, line(s) 106,129,205,219 P/U.java, line(s) 35 P/d.java, line(s) 47,78 P/d0.java, line(s) 83,154 P0/c.java, line(s) 44,48 P1/B.java, line(s) 41 P1/C0521c.java, line(s) 28,29 P1/C0567b.java, line(s) 49,48,58,88,89 P1/C0568c.java, line(s) 28,29 P1/C3850m0.java, line(s) 110,131 P1/C3855p.java, line(s) 140,146 P1/C3939m0.java, line(s) 110,131 P1/C3944p.java, line(s) 140,146 P1/RunnableC3857q.java, line(s) 71,86,90,76,81 P1/RunnableC3860r0.java, line(s) 194 P1/RunnableC3946q.java, line(s) 71,86,90,76,81 P1/RunnableC3949r0.java, line(s) 194 P1/i.java, line(s) 21,26,22,29 P1/j.java, line(s) 156,163,257,267,281,291,314,324,348,355,362,366,369,372,155,162,256,266,278,290,313,323,343,354,361,365,368,371 P1/m.java, line(s) 53,56,54,57 P1/q.java, line(s) 65,71,77,83,89,104,116,66,72,78,84,90,117,105 P1/y.java, line(s) 73,82,89,74,83,90,91,92,95 P4/C0525c.java, line(s) 244 P4/C0572c.java, line(s) 249 Q/b.java, line(s) 51,54 R0/a.java, line(s) 64 R3/C3945i.java, line(s) 300,108,321,333,372 R3/C4051i.java, line(s) 300,108,321,333,372 R3/r.java, line(s) 22,21 R5/d.java, line(s) 111 S/AbstractC0528b.java, line(s) 43 S/AbstractC0578b.java, line(s) 43 S/C0527a.java, line(s) 267 S/C0547v.java, line(s) 31,44,92,155,198,215,239 S/C0577a.java, line(s) 268 S/C0597v.java, line(s) 31,44,92,155,198,215,239 S/L.java, line(s) 916,830,915,258 S/N.java, line(s) 50,61 S/i0.java, line(s) 369,386,82,94,101,110,49,360 T1/a.java, line(s) 67,129,146,152,157,75,130,147,153,158 T1/i.java, line(s) 50,51 U2/C4157a.java, line(s) 97 U2/C4315a.java, line(s) 97 U2/C4334t.java, line(s) 1777,488,504,520,676,1811,1825 U4/C4342a.java, line(s) 94,117,195,276,288,103,111,124,212 U4/e.java, line(s) 123,157 V0/i.java, line(s) 861 V1/o.java, line(s) 109,163,208,110,164,209 V1/q.java, line(s) 21,20 W2/b.java, line(s) 24 W3/b.java, line(s) 40,53,116,119 W3/c.java, line(s) 90,107,89,106,130 W3/e.java, line(s) 18,17 W3/g.java, line(s) 51 W3/i.java, line(s) 44,57,78,43,56,77,74,98,110 W3/k.java, line(s) 16,13,13 W3/o.java, line(s) 108,107 W3/q.java, line(s) 52 W3/r.java, line(s) 43,80,42,79,93,116,143,163,171,94,117,144,164,172,50 W3/s.java, line(s) 22 W3/u.java, line(s) 28,35,27,34 W3/x.java, line(s) 44,43 W3/y.java, line(s) 47,29,68 X/C4405c.java, line(s) 419 X2/C4413a.java, line(s) 537 X2/C4414b.java, line(s) 249 X3/C0567e.java, line(s) 59,98,105 X3/C0568f.java, line(s) 29 X3/C0618e.java, line(s) 59,98,105 X3/C0619f.java, line(s) 104,37,114,148,154,159,165,173,182 X3/D.java, line(s) 43,46,60 X3/j.java, line(s) 38 X3/k.java, line(s) 183,185,96,123,127,180,48 X3/u.java, line(s) 48 X3/y.java, line(s) 80,84,40 X4/d.java, line(s) 33 Y/b.java, line(s) 51,60 Y/f.java, line(s) 49,58 Y/h.java, line(s) 19,18 Y1/i.java, line(s) 530,21,303 Y2/C4466b.java, line(s) 40 Y2/o.java, line(s) 83 Y3/C4477a.java, line(s) 116,163,250 Y3/C4478b.java, line(s) 37,52,60,69 Y4/f.java, line(s) 289 Z1/h.java, line(s) 43,98,99,44 Z2/l.java, line(s) 105 Z2/m.java, line(s) 221,229,390 Z3/C.java, line(s) 293,288,289,318,319 Z3/C0573d.java, line(s) 246 Z3/C0583n.java, line(s) 120,197 Z3/C0593y.java, line(s) 43 Z3/C0624d.java, line(s) 246 Z3/C0634n.java, line(s) 121,210 Z3/C0644y.java, line(s) 43 Z3/E.java, line(s) 103 Z3/N.java, line(s) 253,320 Z3/P.java, line(s) 44 b0/d.java, line(s) 43 b1/k.java, line(s) 22,29,36,43,50 c0/d.java, line(s) 341 com/onesignal/common/c.java, line(s) 20 com/onesignal/debug/internal/logging/a.java, line(s) 160,170,187,163,157,166 com/startapp/de.java, line(s) 60 com/startapp/f6.java, line(s) 32,36,39,43 com/startapp/gb.java, line(s) 155,160 com/startapp/je.java, line(s) 7 com/startapp/sdk/ads/splash/SplashConfig.java, line(s) 270,273 com/startapp/sdk/ads/video/VideoMode.java, line(s) 649 com/startapp/sdk/adsbase/StartAppSDKInternal.java, line(s) 486 d0/d.java, line(s) 235 dev/google/yacinetv/app/MainApp.java, line(s) 55,36,39,49,52,45 dev/google/ytvclib/ui/main/PlayerActivity.java, line(s) 767 e0/a.java, line(s) 190 e4/d.java, line(s) 14 e4/m.java, line(s) 33,32,26 e4/n.java, line(s) 50,57 g2/i.java, line(s) 294 i2/C3614k.java, line(s) 42,45,49,53,85,88,91,94,97 i2/o.java, line(s) 43 i2/t.java, line(s) 67,73,159 j/AbstractC3571i.java, line(s) 117 j/AbstractC3646i.java, line(s) 117 j/LayoutInflaterFactory2C3572j.java, line(s) 781,798,1343,1345,1347,828,2010,2119,2122,1244 j/LayoutInflaterFactory2C3647j.java, line(s) 809,826,1371,1373,1375,3001,2770,2779,2789,2798,2823,2854,2877,2905,856,2166,2297,2308,2560,2563,1272 j/f.java, line(s) 137,146 j/i.java, line(s) 24 j/w.java, line(s) 31,45,56 j5/b.java, line(s) 44,55 k5/c.java, line(s) 235,240,90,91,226,228 l2/C3673a.java, line(s) 10,17,9,16 l2/C3753a.java, line(s) 10,17,9,16 m0/b.java, line(s) 85,84 m3/f.java, line(s) 377,415,486,502,507,510,595,764 n/f.java, line(s) 137,187,199,209,382 n2/d.java, line(s) 93,92 n3/f.java, line(s) 544 n7/c.java, line(s) 65,88,98,62,87,156,160,166 o2/r.java, line(s) 202,201 o5/C3753b.java, line(s) 153 o5/C3837b.java, line(s) 153 o5/e.java, line(s) 76,301,319,133,137,143,146,229 q0/d.java, line(s) 145,257 q3/o.java, line(s) 101 r4/S.java, line(s) 178 s2/C4063E.java, line(s) 99,524 s2/C4171E.java, line(s) 103,528 s2/C4176c.java, line(s) 98 s2/C4185l.java, line(s) 61,66,89,120,130,135,142,151,154 s2/H.java, line(s) 555,1751 s2/c0.java, line(s) 77 s2/j0.java, line(s) 633,746 s3/g.java, line(s) 685,756 s3/m.java, line(s) 178 s4/a.java, line(s) 445 t0/a.java, line(s) 33 t4/C4134a.java, line(s) 67,95,152,156 t4/C4243a.java, line(s) 67,95,152,156 v4/b.java, line(s) 69 v5/h.java, line(s) 86 x0/a.java, line(s) 83,203,205,42,49,56,58,64,52,60,66,79,89,105,123,172 x0/c.java, line(s) 43,54,56,96,112,188,211,216,218,227,232,270,272,286,331,89,203,267,274,300,310,335,354 y0/C0165a.java, line(s) 213,232 y0/C0174k.java, line(s) 168,215,805 y0/C4439a.java, line(s) 224,243 y0/C4449k.java, line(s) 1410,203,250,1008,1087,1561
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: L9/c.java, line(s) 75,74,73 L9/d.java, line(s) 97,87,96,104,95,95 L9/g.java, line(s) 73,72,71,71 L9/h.java, line(s) 147,135,146,145,145 com/startapp/networkTest/net/WebApiClient.java, line(s) 118,70
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/startapp/p2.java, line(s) 125,125,125,125,125,125 com/startapp/q8.java, line(s) 88,49,52,16,16,56,16,16,16,16