安全分析报告:
安全分数
安全分数 42/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
3
用户/设备跟踪器
调研结果
高危
5
中危
17
信息
2
安全
1
关注
2
高危 应用程序存在Janus漏洞
应用程序使用了v1签名方案进行签名,如果只使用v1签名方案,那么它就容易受到安卓5.0-8.0上的Janus漏洞的攻击。在安卓5.0-7.0上运行的使用了v1签名方案的应用程序,以及同时使用了v2/v3签名方案的应用程序也同样存在漏洞。
高危 WebView域控制不严格漏洞
WebView域控制不严格漏洞 Files: com/unity3d/services/core/webview/WebView.java, line(s) 77,74 flix/com/vision/activities/player/WebPlayerActivity.java, line(s) 340,340,341,342,343,344,345,346 flix/com/vision/activities/player/YouTubeWebviewActivity.java, line(s) 93,91,92,93,94,95 flix/com/vision/subtitles/SubtitlesWebViewActivity.java, line(s) 118,116,117,118,120,121
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: l4/a.java, line(s) 44
高危 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: io/netas/task/ProtoAsyncTask.java, line(s) 28,29,30,31,3
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/unity3d/services/core/webview/WebViewApp.java, line(s) 179,11,57,63,77,114 org/adblockplus/libadblockplus/android/webview/AdblockWebView.java, line(s) 1069,19,20
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Activity (flix.com.vision.cast.ExpandedControlsActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Broadcast Receiver (io.netas.receiver.BootupReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.RECEIVE_BOOT_COMPLETED [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (io.netas.support.NetworkStateReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (io.netas.receiver.BatteryLevelReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: ae/a.java, line(s) 3 ba/p.java, line(s) 26 com/unity3d/services/core/request/metrics/SDKMetrics.java, line(s) 9 d/y.java, line(s) 25 flix/com/vision/activities/LinksActivity.java, line(s) 52 flix/com/vision/activities/player/WebPlayerActivity.java, line(s) 41 flix/com/vision/models/Json.java, line(s) 9 flix/com/vision/processors/english/BaseProcessor.java, line(s) 18 mb/a.java, line(s) 5 nb/a.java, line(s) 6 org/adblockplus/libadblockplus/android/webview/AdblockWebView.java, line(s) 29 ve/b.java, line(s) 33 zd/a.java, line(s) 6 zd/b.java, line(s) 3
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: b3/b.java, line(s) 8,165 flix/com/vision/materialsearchview/db/HistoryDbHelper.java, line(s) 4,5,14 j3/b.java, line(s) 7,131 k3/g.java, line(s) 4,29 ka/b.java, line(s) 4,5,28 ka/c.java, line(s) 8,9,760 l3/k.java, line(s) 4,36 l3/l.java, line(s) 3,37 l3/n.java, line(s) 4,24 l3/o.java, line(s) 4,5,143 l3/r.java, line(s) 4,5,223
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/comcast/viper/hlsparserj/tags/TagNames.java, line(s) 22 com/unity3d/ads/metadata/InAppPurchaseMetaData.java, line(s) 13 com/unity3d/services/ads/gmascar/utils/ScarConstants.java, line(s) 4,5,6,8,9 com/unity3d/services/core/configuration/ExperimentObject.java, line(s) 7,8 com/unity3d/services/core/device/reader/DeviceInfoReaderFilterProvider.java, line(s) 11,12 com/unity3d/services/core/device/reader/JsonStorageKeyNames.java, line(s) 4,6,7,8,10,11,12,13,9,14,5,15,16,17 com/unity3d/services/core/properties/SdkProperties.java, line(s) 31 com/uwetrottmann/trakt5/TraktV2.java, line(s) 47 f7/b.java, line(s) 78 g7/w.java, line(s) 122 org/adblockplus/libadblockplus/HttpClient.java, line(s) 21
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/unity3d/services/core/device/Device.java, line(s) 168 x7/a.java, line(s) 67
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/unity3d/services/core/cache/CacheDirectory.java, line(s) 54 flix/com/vision/App.java, line(s) 642,645 flix/com/vision/activities/MainActivity.java, line(s) 199,969 flix/com/vision/activities/SearchActivityTV.java, line(s) 126 flix/com/vision/activities/leanback/MainActivityLeanback.java, line(s) 128,611 flix/com/vision/filepickerlibrary/FilePicker.java, line(s) 186,232,248 flix/com/vision/filepickerlibrary/FilePickerActivity.java, line(s) 160,210,229 ka/a.java, line(s) 31,75,142
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/unity3d/services/ads/webplayer/WebPlayerView.java, line(s) 563,547 com/unity3d/services/core/webview/WebView.java, line(s) 122,88 org/adblockplus/libadblockplus/android/webview/AdblockWebView.java, line(s) 790,793
中危 IP地址泄露
IP地址泄露 Files: com/mikepenz/community_material_typeface_library/CommunityMaterial.java, line(s) 1928
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: bc/c.java, line(s) 244 flix/com/vision/models/Json.java, line(s) 32
中危 应用程序包含隐私跟踪程序
此应用程序有多个3隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "library_MaterialDesignIcons_authorWebsite" : "https://materialdesignicons.com/" "api_path_tv" : "/api/v3/img/tv/" "netas_preference_file_key" : "netas" "netas_country_key" : "netas.countryid" "netas_extra_info_key" : "netas.extra" "netas_state_key" : "netas.stateid" "netas_asn_key" : "netas.asn" "netas_city_key" : "netas.cityid" "netas_publisher_key" : "netas.publisher" "netas_ver_key" : "netas.ver" "netas_uid_key" : "netas.uuid" "library_AndroidIconics_authorWebsite" : "http://mikepenz.com/" "api_path_movie" : "/api/v3/img/movie/" "com.google.firebase.crashlytics.mapping_file_id" : "6a40e354277a4c539b0faaeefae10e4d" "netas_interval_key" : "netas.interval" "google_api_key" : "AIzaSyDRx3OklvFInfJ2VYhOga0FV-Sbr_ZapnI" "google_crash_reporting_api_key" : "AIzaSyDRx3OklvFInfJ2VYhOga0FV-Sbr_ZapnI" aHR0cHM6Ly9hcGkucmVhbC1kZWJyaWQuY29tL29hdXRoL3YyL2RldmljZS9jcmVkZW50aWFscz9jbGllbnRfaWQ9WDI0NUE0WEFJQkdWTSZjb2RlPQ e31Vga4MXIYss1I0jhtdKlkxxwv5N0CYSnCpQcRijIdSJYg 86227e303a08cf769cd77dc1691477f3e24a65f890431115c71369becdfe85b6 aHR0cHM6Ly9hcGkucmVhbC1kZWJyaWQuY29tL29hdXRoL3YyL3Rva2Vu 470fa2b4ae81cd56ecbcda9735803434cec591fa 2f3cb5763db1117fcba3948632f8aad9 aHR0cHM6Ly9hcGkucmVhbC1kZWJyaWQuY29tL29hdXRoL3YyL2RldmljZS9jb2RlP2NsaWVudF9pZD1YMjQ1QTRYQUlCR1ZNJm5ld19jcmVkZW50aWFscz15ZXM 9a04f079-9840-4286-ab92-e65be0885f95 39c944040d5f19862b77e7a66b6c419af653c1e3bf226cc691eb2abbb551730c
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a0/f.java, line(s) 50,55 a0/h.java, line(s) 58 a0/i.java, line(s) 40,63 a0/k.java, line(s) 55,243 a0/o.java, line(s) 124 a4/d.java, line(s) 140 a4/l.java, line(s) 34 a4/o.java, line(s) 61,64 a6/d.java, line(s) 157,192 ac/a.java, line(s) 68,89,152,225 b0/a.java, line(s) 155,164,206,216 b0/e.java, line(s) 27,38,70 b3/b.java, line(s) 101,118,122,132,136,143,147,151,155 b4/c.java, line(s) 43,72,79,102 b6/b.java, line(s) 58 b7/e.java, line(s) 31,41,22,51,61,71 c1/a.java, line(s) 32 c4/a.java, line(s) 85,207,128 c5/h.java, line(s) 74 ca/c.java, line(s) 71 com/thebluealliance/spectrum/SpectrumPalette.java, line(s) 272 com/unity3d/ads/UnityAdsBaseOptions.java, line(s) 22 com/unity3d/ads/metadata/InAppPurchaseMetaData.java, line(s) 28,41,61 com/unity3d/ads/metadata/MetaData.java, line(s) 42,57 com/unity3d/services/UnityServices.java, line(s) 75,127,134,139,147,153,162,171,159,168,109 com/unity3d/services/ads/UnityAdsImplementation.java, line(s) 105,82 com/unity3d/services/ads/adunit/AdUnitActivityController.java, line(s) 359,361,52,128,186,219,260,290,310,376,224 com/unity3d/services/ads/adunit/AdUnitViewHandlerFactory.java, line(s) 22 com/unity3d/services/ads/adunit/VideoPlayerHandler.java, line(s) 17,35 com/unity3d/services/ads/api/AdUnit.java, line(s) 203,209,258,261,265,268,325,328,331,334,361,110,132,155,163,339,352,364,368,408,499 com/unity3d/services/ads/api/VideoPlayer.java, line(s) 59,77,100,118,167,178 com/unity3d/services/ads/api/WebPlayer.java, line(s) 52 com/unity3d/services/ads/gmascar/adapters/ScarAdapterFactory.java, line(s) 46 com/unity3d/services/ads/gmascar/bridges/AdapterStatusBridge.java, line(s) 21,39 com/unity3d/services/ads/gmascar/bridges/InitializeListenerBridge.java, line(s) 21,40 com/unity3d/services/ads/gmascar/bridges/mobileads/MobileAdsBridge.java, line(s) 20 com/unity3d/services/ads/gmascar/bridges/mobileads/MobileAdsBridgeLegacy.java, line(s) 22 com/unity3d/services/ads/gmascar/finder/GMAInitializer.java, line(s) 53 com/unity3d/services/ads/gmascar/finder/ScarVersionFinder.java, line(s) 37,49 com/unity3d/services/ads/token/InMemoryAsyncTokenStorage.java, line(s) 147,181 com/unity3d/services/ads/token/NativeTokenGenerator.java, line(s) 41 com/unity3d/services/ads/topics/TopicsReceiver.java, line(s) 36 com/unity3d/services/ads/topics/TopicsService.java, line(s) 57 com/unity3d/services/ads/video/VideoPlayerView.java, line(s) 55,58,82,125,130,152,195,207,239 com/unity3d/services/ads/webplayer/WebPlayerView.java, line(s) 62,68,417,419,436,540,582,633,648,663,676 com/unity3d/services/banners/BannerView.java, line(s) 127 com/unity3d/services/core/api/Cache.java, line(s) 166,180,56,132,185,295,312,339 com/unity3d/services/core/api/DeviceInfo.java, line(s) 142,160,182,320,345,359,413 com/unity3d/services/core/api/Intent.java, line(s) 48,62,208,232,247 com/unity3d/services/core/api/Request.java, line(s) 33,45,96,108,126,138 com/unity3d/services/core/api/Sdk.java, line(s) 17,38,54,80,86,92,98 com/unity3d/services/core/broadcast/BroadcastEventReceiver.java, line(s) 39 com/unity3d/services/core/cache/CacheDirectory.java, line(s) 24,26,65,69,78,103,107,113,120,29,58,73 com/unity3d/services/core/cache/CacheThread.java, line(s) 76 com/unity3d/services/core/cache/CacheThreadHandler.java, line(s) 37,40,44,67 com/unity3d/services/core/configuration/ConfigurationReader.java, line(s) 25 com/unity3d/services/core/configuration/ConfigurationRequestFactory.java, line(s) 38 com/unity3d/services/core/configuration/EnvironmentCheck.java, line(s) 29,41,32,44,47,50,53 com/unity3d/services/core/configuration/ExperimentObject.java, line(s) 24 com/unity3d/services/core/configuration/ExperimentsReader.java, line(s) 25 com/unity3d/services/core/configuration/InitializationNotificationCenter.java, line(s) 47 com/unity3d/services/core/configuration/InitializeEventsMetricSender.java, line(s) 42,52,60,70,165,172 com/unity3d/services/core/configuration/InitializeThread.java, line(s) 282,318,445,460,504,512,612,624,651,708,127,291,294,325,328,373,393,561,598,712,863,872,198,354,454,538 com/unity3d/services/core/configuration/PrivacyConfigurationLoader.java, line(s) 63 com/unity3d/services/core/connectivity/ConnectivityMonitor.java, line(s) 56,91,100,82,130 com/unity3d/services/core/device/AdvertisingId.java, line(s) 127,145,155 com/unity3d/services/core/device/Device.java, line(s) 170,264,272,283,293,405,418,433,585,639,648,350 com/unity3d/services/core/device/OpenAdvertisingId.java, line(s) 129,151,158 com/unity3d/services/core/device/Storage.java, line(s) 47,51,58 com/unity3d/services/core/device/reader/DeviceInfoReaderCompressor.java, line(s) 20,33 com/unity3d/services/core/device/reader/DeviceInfoReaderExtended.java, line(s) 45 com/unity3d/services/core/domain/task/InitializeSDK$doWork$2.java, line(s) 146,163 com/unity3d/services/core/domain/task/InitializeStateConfig$doWork$2.java, line(s) 46 com/unity3d/services/core/domain/task/InitializeStateCreate$doWork$2.java, line(s) 44,53,56 com/unity3d/services/core/domain/task/InitializeStateCreateWithRemote$doWork$2.java, line(s) 44,52,55 com/unity3d/services/core/domain/task/InitializeStateError$doWork$2.java, line(s) 42 com/unity3d/services/core/domain/task/InitializeStateLoadCache$doWork$2.java, line(s) 47,61 com/unity3d/services/core/domain/task/InitializeStateLoadCache.java, line(s) 139 com/unity3d/services/core/domain/task/InitializeStateLoadWeb$doWork$2.java, line(s) 79 com/unity3d/services/core/domain/task/InitializeStateNetworkError$doWork$2.java, line(s) 44 com/unity3d/services/core/domain/task/InitializeStateNetworkError.java, line(s) 135,152 com/unity3d/services/core/domain/task/InitializeStateReset$doWork$2.java, line(s) 47 com/unity3d/services/core/extensions/TaskExtensionsKt.java, line(s) 181 com/unity3d/services/core/log/DeviceLog.java, line(s) 69,219,226 com/unity3d/services/core/misc/JsonFlattener.java, line(s) 43 com/unity3d/services/core/misc/JsonStorage.java, line(s) 156,26,32,51,72,84,96,165,171 com/unity3d/services/core/misc/JsonStorageAggregator.java, line(s) 34 com/unity3d/services/core/misc/Utilities.java, line(s) 237,41,59,181,207,213,218,231 com/unity3d/services/core/misc/ViewUtilities.java, line(s) 25,33 com/unity3d/services/core/preferences/AndroidPreferences.java, line(s) 17,31,45,59,73 com/unity3d/services/core/properties/ClientProperties.java, line(s) 39,70,82,84 com/unity3d/services/core/properties/SdkProperties.java, line(s) 230,232,103 com/unity3d/services/core/reflection/GenericBridge.java, line(s) 33,48,57,63,71,77,85,92 com/unity3d/services/core/request/WebRequest.java, line(s) 83,175,180 com/unity3d/services/core/request/WebRequestRunnable.java, line(s) 91,76,95 com/unity3d/services/core/request/WebRequestThread.java, line(s) 64,129,144 com/unity3d/services/core/request/metrics/MetricCommonTags.java, line(s) 72 com/unity3d/services/core/request/metrics/MetricSender$sendMetrics$$inlined$CoroutineExceptionHandler$1.java, line(s) 19 com/unity3d/services/core/request/metrics/MetricSender$sendMetrics$1.java, line(s) 79,81 com/unity3d/services/core/request/metrics/MetricSender.java, line(s) 72,85,94 com/unity3d/services/core/request/metrics/MetricSenderWithBatch.java, line(s) 44 com/unity3d/services/core/request/metrics/SDKMetrics.java, line(s) 37,51,61,85,96 com/unity3d/services/core/sensorinfo/SensorInfoListener.java, line(s) 28 com/unity3d/services/core/timer/BaseTimer.java, line(s) 81 com/unity3d/services/core/webview/WebView.java, line(s) 161 com/unity3d/services/core/webview/WebViewApp.java, line(s) 59,115,231,276,320,370,66,70,73,90,166,182,210,312,342,383 com/unity3d/services/core/webview/WebViewUrlBuilder.java, line(s) 32 com/unity3d/services/core/webview/bridge/Invocation.java, line(s) 80 com/unity3d/services/core/webview/bridge/NativeCallback.java, line(s) 45 com/unity3d/services/core/webview/bridge/WebViewBridge.java, line(s) 91 com/unity3d/services/core/webview/bridge/WebViewBridgeInterface.java, line(s) 55,62 com/unity3d/services/core/webview/bridge/WebViewCallback.java, line(s) 50 com/unity3d/services/store/core/StoreLifecycleListener.java, line(s) 43 com/unity3d/services/store/gpbl/bridges/CommonJsonResponseBridge.java, line(s) 38 com/unity3d/services/store/gpbl/bridges/PurchaseBridge.java, line(s) 37 d/b0.java, line(s) 37,51,62 d/c.java, line(s) 218 d/m.java, line(s) 69 d/n.java, line(s) 713,730,1498,1305,1314,1324,1333,1354,1363,1379,1388,757,1550,1704,2207,2210,1795 d/w.java, line(s) 188 d/z.java, line(s) 76,128,90,100,123,141 d6/g.java, line(s) 317 e0/m.java, line(s) 31 e3/i.java, line(s) 42,45,49,53,85,88,91,94,97 e7/w.java, line(s) 189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207 e8/r.java, line(s) 36,49,42 f4/g.java, line(s) 180,228,296,298,509,519 flix/com/vision/App.java, line(s) 479 flix/com/vision/activities/adult/AdultCategoriesActivity.java, line(s) 111,147 flix/com/vision/activities/player/SimpleVideoPlayer.java, line(s) 222,212,217,227 flix/com/vision/activities/player/WebPlayerActivity.java, line(s) 277,295 flix/com/vision/bvp/BetterVideoPlayer2.java, line(s) 488 flix/com/vision/exomedia/core/video/mp/NativeVideoDelegate.java, line(s) 223 flix/com/vision/utils/JsonUtils.java, line(s) 403 g0/b.java, line(s) 57,60 h3/a.java, line(s) 19,26,33,18,25,32,39,40,46,47 i/g.java, line(s) 152,202,273 i0/b.java, line(s) 63 i0/d0.java, line(s) 1380,1066,1379 i0/h0.java, line(s) 50,61 i0/j0.java, line(s) 43,52,66,86,100,115,129 i0/l.java, line(s) 95,103 i0/r0.java, line(s) 417,434,152,164,171,180,47,70,408 i1/a.java, line(s) 24 i4/b.java, line(s) 42 i4/h.java, line(s) 19,23 ic/a.java, line(s) 21,15,35,42,29,41,48,9,54 io/netas/Netas.java, line(s) 172 io/netas/receiver/BatteryLevelReceiver.java, line(s) 37,43 io/netas/receiver/BootupReceiver.java, line(s) 16,21,29 j/c.java, line(s) 371 j0/d.java, line(s) 287 j1/a.java, line(s) 360,682,884,899,906,918,925,335,409,519,535,538,596,769,780,808 j1/f.java, line(s) 269,300,378,109,148,153,167,172,195,205,346,362,373,428,433,452,473,513,576,600 j1/n.java, line(s) 824,954,1066,1068,1150 j1/r.java, line(s) 233 j1/s.java, line(s) 30 j1/v.java, line(s) 513,115,826,919,762,462 j1/w.java, line(s) 327,330,357,360 j4/e.java, line(s) 226,238,328,195 ja/a.java, line(s) 40 k4/c.java, line(s) 92,107,486 l0/c.java, line(s) 408,102 l4/e.java, line(s) 44,60,68,82 m0/c.java, line(s) 53,62 m0/h.java, line(s) 59,68 m0/j.java, line(s) 19,18 me/zhanghai/android/materialprogressbar/MaterialProgressBar.java, line(s) 86,94 n1/b.java, line(s) 139 n2/c.java, line(s) 34 n6/g.java, line(s) 7 o/a.java, line(s) 55 org/adblockplus/libadblockplus/JniExceptionHandler.java, line(s) 33 org/greenrobot/eventbus/Logger.java, line(s) 35,40 p0/c.java, line(s) 362 p3/f.java, line(s) 182,310 p3/g.java, line(s) 178,908,913,918,1054,1057,649,1305 p4/c.java, line(s) 830,443,456,751,756 p4/g.java, line(s) 38 q2/b.java, line(s) 110 q2/d.java, line(s) 146,279,312,329,339,411,414,422,441,356,267,288 q2/e.java, line(s) 122,119 q2/j.java, line(s) 53 q2/k.java, line(s) 111,81,92 q4/b.java, line(s) 818 rb/e.java, line(s) 110,112 rb/k.java, line(s) 37 s1/a.java, line(s) 41 s2/b.java, line(s) 16 s4/a.java, line(s) 42,71,74 t4/a.java, line(s) 621,78,182,192,215,218,221,224,495,504,513,632 t6/f.java, line(s) 78,245,250,170 u1/e.java, line(s) 238,241 u1/j.java, line(s) 1013,1016 ub/a.java, line(s) 41,57,60 ub/b.java, line(s) 25 ub/d.java, line(s) 41,57,60 ub/e.java, line(s) 21,24,30,33,36,39,57,60,63,66,69 ub/f.java, line(s) 25 v3/d.java, line(s) 1232,1246,1404,1572 v4/e.java, line(s) 73 v4/f.java, line(s) 219,300,317,320,540 v9/f2.java, line(s) 70,112,114 v9/n0.java, line(s) 32,36,40,50,60,86,70,99 v9/v.java, line(s) 26,30 v9/w1.java, line(s) 60 va/b.java, line(s) 107 va/c.java, line(s) 110 w1/b.java, line(s) 291,828 w2/d.java, line(s) 164 x/f.java, line(s) 59,219 x/k.java, line(s) 42 x/u.java, line(s) 81 x0/a.java, line(s) 220,1243,1676,430,438,486,498,510,522,534,546,558,570,577,588,600,583,1126,1193,1428,1479,1503,1507,1521,1657,1661,1731,1739 x3/b.java, line(s) 595,760 x3/e.java, line(s) 174,804 x3/f.java, line(s) 283,73,80,110,150,162,172,225 x3/h.java, line(s) 57 x3/k.java, line(s) 61 x4/i.java, line(s) 98,100,102,104,96 x4/k.java, line(s) 103,304,319,315 x5/a.java, line(s) 39,58 x7/a.java, line(s) 60,71 x9/a.java, line(s) 28,18,23,33 xb/a.java, line(s) 37 xb/d.java, line(s) 74,77 xb/g.java, line(s) 68,71 xb/j.java, line(s) 68,71 xb/m.java, line(s) 68,71 xb/q.java, line(s) 68,71 xb/t.java, line(s) 72,76 y/a.java, line(s) 286 y3/k.java, line(s) 191 y6/e.java, line(s) 33 y6/f.java, line(s) 36,40,46,49 y6/j.java, line(s) 109 z/b.java, line(s) 319 z/c.java, line(s) 141 z/g.java, line(s) 206,226,235,146,155,291 z4/c.java, line(s) 134,140 z4/e.java, line(s) 844,358,414,675
信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: v8/g.java, line(s) 29,29
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: ca/c.java, line(s) 62,80,89,95,101,110,128,135 com/uwetrottmann/trakt5/TraktV2.java, line(s) 251,251 ve/b.java, line(s) 495,504
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api.themoviedb.org) 通信。
{'ip': '13.224.163.26', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (app-measurement.com) 通信。
{'ip': '180.163.150.161', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}