移动应用安全检测报告:
安全基线评分
安全基线评分 48/100
综合风险等级
风险等级评定
- A
- B
- C
- F
漏洞与安全项分布(%)
隐私风险
0
检测到的第三方跟踪器数量
检测结果分布
高危安全漏洞
5
中危安全漏洞
18
安全提示信息
2
已通过安全项
3
重点安全关注
9
高危安全漏洞 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危安全漏洞 Activity (com.zta.android.activity.ZtaMainActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危安全漏洞 Activity (com.zta.android.news.activity.HomeActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/cmic/sso/sdk/d/a.java, line(s) 11,23,36,49
高危安全漏洞 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/cmic/sso/sdk/d/u.java, line(s) 20,37,54
中危安全漏洞 应用程序存在Janus漏洞
应用程序使用了v1签名方案进行签名,如果只使用v1签名方案,那么它就容易受到安卓5.0-8.0上的Janus漏洞的攻击。在安卓5.0-7.0上运行的使用了v1签名方案的应用程序,以及同时使用了v2/v3签名方案的应用程序也同样存在漏洞。
中危安全漏洞 应用程序可以安装在有漏洞的已更新 Android 版本上
Android 4.4W-4.4W.2, [minSdk=20] 该应用程序可以安装在具有多个未修复漏洞的旧版本 Android 上。这些设备不会从 Google 接收合理的安全更新。支持 Android 版本 => 10、API 29 以接收合理的安全更新。
中危安全漏洞 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危安全漏洞 Activity (com.zta.android.activity.MainActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危安全漏洞 Broadcast Receiver (com.zta.android.BootShutdownReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危安全漏洞 Service (com.zta.android.backend.GoBackend$VpnService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_VPN_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Service (com.zta.android.QuickTileService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Activity (com.xuexiang.xqrcode.ui.CaptureActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: cn/hutool/cache/impl/CacheObj.java, line(s) 45 cn/hutool/core/lang/Pair.java, line(s) 30 cn/hutool/core/lang/tree/TreeNodeConfig.java, line(s) 14,11,12 com/alibaba/android/vlayout/layout/StaggeredGridLayoutHelper.java, line(s) 20 com/bumptech/glide/load/Option.java, line(s) 74 com/bumptech/glide/load/engine/DataCacheKey.java, line(s) 33 com/bumptech/glide/load/engine/EngineResource.java, line(s) 89 com/bumptech/glide/load/engine/ResourceCacheKey.java, line(s) 80 com/bumptech/glide/manager/RequestManagerRetriever.java, line(s) 36 com/xuexiang/constant/RegexConstants.java, line(s) 23 com/xuexiang/xqrcode/decoding/Intents.java, line(s) 44 com/zta/android/news/adapter/entity/NewInfo.java, line(s) 16,20,33,42,132 com/zta/android/news/util/RsaUtils.java, line(s) 23,24 com/zta/android/news/util/Sm4Util.java, line(s) 5 com/zta/android/util/Constant.java, line(s) 4 com/zta/util/Keys.java, line(s) 15,17,4,14 com/zta/util/ZtaConfig.java, line(s) 128,128
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/xuexiang/xutil/app/PathUtils.java, line(s) 125,129,133,137,141,145,149,153,157,161,165,77,81,85,89,93,97,101,105,109,113,117,291,373 com/xuexiang/xutil/file/CleanUtils.java, line(s) 33 com/xuexiang/xutil/file/FileUtils.java, line(s) 55,43,68 com/yanzhenjie/permission/checker/StorageReadTest.java, line(s) 8 com/yanzhenjie/permission/checker/StorageWriteTest.java, line(s) 8 com/zta/android/news/fragment/AboutFragment.java, line(s) 59 com/zta/android/util/DownloadsFileSaver.java, line(s) 91
中危安全漏洞 IP地址泄露
IP地址泄露 Files: cn/hutool/core/net/MaskBit.java, line(s) 9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40 cn/hutool/core/net/NetUtil.java, line(s) 118,118,39,118,118,118,118 cn/hutool/crypto/asymmetric/Sign.java, line(s) 125 com/cmic/sso/sdk/auth/AuthnHelper.java, line(s) 31 com/xuexiang/xutil/net/NetworkUtils.java, line(s) 146,146 net/i2p/crypto/eddsa/EdDSASecurityProvider.java, line(s) 25,26,27,28,29,30
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: cn/hutool/core/img/ImgUtil.java, line(s) 40 cn/hutool/core/util/NumberUtil.java, line(s) 13 cn/hutool/core/util/RandomUtil.java, line(s) 20 com/scwang/smartrefresh/header/FunGameBattleCityHeader.java, line(s) 15 com/scwang/smartrefresh/header/TaurusHeader.java, line(s) 25 com/scwang/smartrefresh/header/storehouse/StoreHouseBarItem.java, line(s) 8 com/xuexiang/xui/utils/ColorUtils.java, line(s) 4 com/xuexiang/xui/widget/button/shinebutton/ShineView.java, line(s) 17 com/xuexiang/xui/widget/textview/badge/BadgeAnimator.java, line(s) 12 com/xuexiang/xutil/display/ColorUtils.java, line(s) 6 java9/util/concurrent/ThreadLocalRandom.java, line(s) 7
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/zta/android/activity/MainWebViewActivity.java, line(s) 31,39
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: cn/hutool/core/lang/UUID.java, line(s) 63 com/cmic/sso/sdk/d/e.java, line(s) 10,31 com/cmic/sso/sdk/d/n.java, line(s) 13 com/xuexiang/xutil/file/FileUtils.java, line(s) 767 com/xuexiang/xutil/security/CipherUtils.java, line(s) 16 com/xuexiang/xutil/security/EncryptUtils.java, line(s) 85 com/zta/util/DeviceTool.java, line(s) 321
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/cmic/sso/sdk/d/f.java, line(s) 18,40,65,15
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: cn/hutool/core/io/FileUtil.java, line(s) 426 cn/hutool/core/net/multipart/UploadFile.java, line(s) 128 com/yanzhenjie/permission/checker/RecordAudioTest.java, line(s) 17 com/zta/android/util/ModuleLoader.java, line(s) 150 com/zta/android/util/SharedLibraryLoader.java, line(s) 74
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: cn/hutool/core/util/RandomUtil.java, line(s) 38
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "gusturepass_auth" : "手势密码认证" 9778397bd19801ec9210c965cc920e 97bd097bd097c36b0b6fc9210c8dc2 eyJzdWIiOiJ6dGEiLCJpc3MiOiJodHRwOlwvXC93d3cuenRhLmNvbSIsImV4cCI6MTYwODcyODgyMCwidXNlcmlkIjoiM2JmOTQxNmU0MTVmNGExZiJ9 04fff201a34e823e204843835134e8f2e6b122d4521db3ad35daa8e1fe60a343fa6438bc162a5dc9ff33dfec5faf377e54747c42626e9664c1127bfc70d2e5033a bdee5aafe9cc2e0a618d055117c84139 977837f0e37f14998082b0787b0721 b0a00e4a271beec478e42fad0618432fa7d7fb3d99004d2b0bdfc14f8024832b 7f0e397bd097c36b0b6fc9210c8dc2 7f07e7f0e47f531b0723b0b6fb0721 7f0e397bd07f595b0b6fc920fb0722 7f0e27f0e47f531b0b0bb0b6fb0722 97bcf97c359801ec95f8c965cc920f 665f67f0e37f14898082b0723b02d5 7ec967f0e37f14998082b0787b0721 7f07e7f0e37f149b0723b0787b0721 7f0e397bd097c35b0b6fc9210c8dc2 7f0e37f0e366aa89801eb072297c35 5c6fc0cdf265da2dda694f05 7f0e37f5307f595b0b0bc920fb0722 97b6b7f0e47f531b0723b0b6fb0721 X2ZpgqrBuxwT8M0mv1G7No5ptPM 7f0e397bd07f595b0b0bc920fb0722 665f67f0e37f14898082b072297c35 7f07e7f0e47f149b0723b0787b0721 5b480b79e51d45190905ef44 7ec967f0e37f14998082b0723b06bd 97bd097bd07f595b0b6fc920fb0722 nAoGBAIC5wrkORKug3gw+BwIEk3AEddLYCT+wKqKceaxmTYIxQdGoblPp4AYlqtyd 7f07e7f0e37f14998083b0787b0721 977837f0e37f149b0723b0787b0721 7f0e37f1487f595b0b0bb0b6fb0722 7f07e7f0e47f531b0723b0b6fb0722 nPN6Dzx4OXVx7wYXoXG4rnjD8/qoIutmpS71CuafyhqGhqdsTMKKL7njWvn0KWbdL 9778397bd097c36c9210c9274c91aa 7f0e36665b66aa89801e9808297c35 463930705a844f638433d1b26273a7cf 97b6b97bd19801ec95f8c965cc920f ne6AxVJJ6wXQRkLEhmVTogfJFmQKXYeAoqNoMHkxtwJCTOQ== nYv+u4FlvGiJIlKsmLJweIbAqVNOCOmJzP6ycgpxR8qDUSwYBAkEA1USGJq/3CLE4 7f0e27f1487f595b0b0bb0b6fb0722 97bd07f5307f595b0b0bc920fb0722 MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/YHP9utFGOhGk7Xf5L7jOgQz5 97b6b7f0e47f531b0723b0b6fb0722 977837f0e37f14998082b0787b06bd nqDETE6BELpBYKHeS7j3t8PsCFddxI0vgzUMzCP4DDX1Rigv8cAM6yOo9utiGDxwQ 5b6b9b49e51d4576b828978d 977837f0e37f14898082b0723b02d5 97b6b97bd197c36c9210c9274c920e 7f0e26665b66a449801e9808297c35 7f0e36665b66a449801e9808297c35 7f0e37f0e37f14898082b072297c35 7ec967f0e37f14898082b0723b02d5 MIICXgIBAAKBgQCkzAyTd86uiPMkvwGPevdr77TnoCAfpuruO5c6XnbcbaMevG3r 97b6b97bd19801ec9210c965cc920e noLgqmma+jHAVyT5VzouzKIJNXy+WqahMN3vmLIt7ois7Vpt6131eI5uapWVNUN7+ 9778397bd19801ec9210c9274c920e 9778397bd097c36b0b6fc9274c91aa 97b6b97bd19801ec9210c9274c920e 5a77595aec52733a5f54cf078821d21939ae379550ac0654c178d96025bf1c50 a3785913ca4deb75abd841414d0a700098e879777940c78c73fe6f2bee6c0352 977837f0e37f14998082b0723b06bd 97b6b7f0e47f531b0723b0787b0721 nBl6croB68tFbAnIU8Nf95bHm1MW366riPKiN4yOgI+ig9qa4/lFFgH1RjQIDAQAB b027097bd097c36b0b6fc9274c91aa nq6s7XEjpZC4iyQhwZ0d4FW7LnyQY+UJg67ECQQCDPKS03+nLnorWPu2aahOBeEfr ngZlTTem7Pjdm1V9bJgQ6iQvFHsvT+vNgJ3wAIRd+iCMXm8y96yZhD2+SH5odBYS2 nY7XhFbhmr5B4+APsjBNfUWNFHaMGOQJsQlz/lynGNpiEjnLHIfHh7foegdV9AkEA 7f0e397bd097c35b0b6fc920fb0722 7f0e27f1487f531b0b0bb0b6fb0722 665f67f0e37f1489801eb072297c35 97bcf7f1487f531b0b0bb0b6fb0722 7ec967f0e37f14998082b0787b06bd 97bcf97c3598082c95f8c965cc920f 7f0e37f0e37f14898082b0723b02d5 97bcf97c3598082c95f8e1cfcc920f RWRmHuT9PSqtwfsLtEx+QS06BJtLgFYteL9WCNjH7yuyu5Y1DieSN7If 6438bc162a5dc9ff33dfec5faf377e54747c42626e9664c1127bfc70d2e5033a 9778397bd197c36c9210c9274c91aa 5c3ed1dae51d4543805ea48d 97bcf7f0e47f531b0b0bb0b6fb0722 97b6b97bd19801ec95f8c965cc920e 0123456789ABCDEFGHJKLMNPQRTUWXY 9778397bd097c36b0b6fc9210c91aa 9778397bd097c36c9210c9274c920e 97bd07f1487f595b0b0bc920fb0722 97bd0b06bdb0722c965ce1cfcc920f 9778397bd097c36b0b6fc9210c8dc2 fff201a34e823e204843835134e8f2e6b122d4521db3ad35daa8e1fe60a343fa 7f07e7f0e37f14998082b0787b0721 97bcf7f1487f595b0b0bb0b6fb0722 7f0e37f1487f531b0b0bb0b6fb0722 97bd097bd097c35b0b6fc920fb0722 97b6b7f0e47f149b0723b0787b0721 9778397bd097c36b0b70c9274c91aa 7f0e27f0e47f531b0723b0b6fb0722 49d2147716ff75a9dc3c984f02381780 97bd09801d98082c95f8e1cfcc920f
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: cn/hutool/core/lang/Console.java, line(s) 90,119,10,39,86 cn/hutool/cron/Scheduler.java, line(s) 93 cn/hutool/cron/listener/TaskListenerManager.java, line(s) 53 cn/hutool/db/Db.java, line(s) 122,132 cn/hutool/db/dialect/DialectFactory.java, line(s) 38 cn/hutool/db/ds/GlobalDSFactory.java, line(s) 14,40 cn/hutool/extra/pinyin/engine/PinyinFactory.java, line(s) 27 cn/hutool/extra/template/engine/TemplateFactory.java, line(s) 33 cn/hutool/extra/tokenizer/engine/TokenizerFactory.java, line(s) 27 cn/hutool/log/dialect/jdk/JdkLogFactory.java, line(s) 30 cn/hutool/setting/Setting.java, line(s) 129 cn/hutool/setting/dialect/Props.java, line(s) 372 cn/hutool/socket/aio/AcceptHandler.java, line(s) 19 cn/hutool/socket/aio/SimpleIoAction.java, line(s) 12 cn/hutool/socket/nio/AcceptHandler.java, line(s) 14,23 cn/hutool/socket/nio/NioServer.java, line(s) 82 com/alibaba/android/vlayout/ExposeLinearLayoutManagerEx.java, line(s) 282,283,284,285,290,899,902,904,908,1102 com/alibaba/android/vlayout/VirtualLayoutManager.java, line(s) 1077,486,576 com/alibaba/android/vlayout/extend/InnerRecycledViewPool.java, line(s) 95,102 com/alibaba/android/vlayout/layout/AbstractFullFillLayoutHelper.java, line(s) 42,117 com/alibaba/android/vlayout/layout/BaseLayoutHelper.java, line(s) 99,120 com/alibaba/android/vlayout/layout/GridLayoutHelper.java, line(s) 239 com/alibaba/android/vlayout/layout/OnePlusNLayoutHelperEx.java, line(s) 71,102 com/alibaba/android/vlayout/layout/RangeGridLayoutHelper.java, line(s) 314,531,538,569,588,611,629,655,718 com/alibaba/android/vlayout/layout/StickyLayoutHelper.java, line(s) 136,230 com/bumptech/glide/Glide.java, line(s) 219,228,142,141,218,225,257,258 com/bumptech/glide/gifdecoder/GifHeaderParser.java, line(s) 235,267,234,266 com/bumptech/glide/gifdecoder/StandardGifDecoder.java, line(s) 153,169,186,151,167,184,207,216 com/bumptech/glide/load/data/AssetPathFetcher.java, line(s) 35,34 com/bumptech/glide/load/data/HttpUrlFetcher.java, line(s) 55,131,169,54,58,63,70,130,168,67,71 com/bumptech/glide/load/data/LocalUriFetcher.java, line(s) 37,36 com/bumptech/glide/load/data/mediastore/ThumbFetcher.java, line(s) 51,50 com/bumptech/glide/load/data/mediastore/ThumbnailStreamOpener.java, line(s) 61,110,60,109 com/bumptech/glide/load/engine/DecodeJob.java, line(s) 343,389,450 com/bumptech/glide/load/engine/DecodePath.java, line(s) 57,58 com/bumptech/glide/load/engine/Engine.java, line(s) 27,110 com/bumptech/glide/load/engine/GlideException.java, line(s) 81 com/bumptech/glide/load/engine/SourceGenerator.java, line(s) 89,90 com/bumptech/glide/load/engine/bitmap_recycle/LruArrayPool.java, line(s) 89,143,90,144 com/bumptech/glide/load/engine/bitmap_recycle/LruBitmapPool.java, line(s) 144,174,182,206,89,96,143,153,173,181,195,205,214,90,97,154,220,196 com/bumptech/glide/load/engine/cache/DiskLruCacheWrapper.java, line(s) 52,62,76,82,112,123,53,77,63,83,113,124 com/bumptech/glide/load/engine/cache/MemorySizeCalculator.java, line(s) 64,48 com/bumptech/glide/load/engine/executor/GlideExecutor.java, line(s) 43,40 com/bumptech/glide/load/engine/executor/RuntimeCompat.java, line(s) 37,36 com/bumptech/glide/load/engine/prefill/BitmapPreFillRunner.java, line(s) 69,68 com/bumptech/glide/load/model/ByteBufferEncoder.java, line(s) 20,19 com/bumptech/glide/load/model/ByteBufferFileLoader.java, line(s) 59,58 com/bumptech/glide/load/model/FileLoader.java, line(s) 63,62 com/bumptech/glide/load/model/ResourceLoader.java, line(s) 39,40 com/bumptech/glide/load/model/StreamEncoder.java, line(s) 39,38 com/bumptech/glide/load/resource/ImageDecoderResourceDecoder.java, line(s) 64,65 com/bumptech/glide/load/resource/bitmap/BitmapEncoder.java, line(s) 62,61,78,79 com/bumptech/glide/load/resource/bitmap/BitmapImageDecoderResourceDecoder.java, line(s) 19,20 com/bumptech/glide/load/resource/bitmap/DefaultImageHeaderParser.java, line(s) 116,123,140,147,180,190,202,216,230,236,240,245,251,255,115,122,139,146,179,189,201,215,229,235,239,244,250,254 com/bumptech/glide/load/resource/bitmap/Downsampler.java, line(s) 216,343,376,165,189,215,299,342,375,166,300,402 com/bumptech/glide/load/resource/bitmap/DrawableToBitmapConverter.java, line(s) 44,49,45,50 com/bumptech/glide/load/resource/bitmap/HardwareConfigState.java, line(s) 76,81,86,91,96,103,108,115,174,77,82,87,92,97,104,109,116,175 com/bumptech/glide/load/resource/bitmap/TransformationUtils.java, line(s) 165,109,118,125,142,147,164,110,119,126,127,128,132,143,148 com/bumptech/glide/load/resource/bitmap/VideoDecoder.java, line(s) 136,135 com/bumptech/glide/load/resource/gif/ByteBufferGifDecoder.java, line(s) 81,86,91,100,82,87,92,101 com/bumptech/glide/load/resource/gif/GifDrawableEncoder.java, line(s) 25,26 com/bumptech/glide/load/resource/gif/StreamGifDecoder.java, line(s) 55,56 com/bumptech/glide/manager/DefaultConnectivityMonitor.java, line(s) 22,21,51,69,52,70 com/bumptech/glide/manager/DefaultConnectivityMonitorFactory.java, line(s) 15,14 com/bumptech/glide/manager/RequestManagerFragment.java, line(s) 123,124 com/bumptech/glide/manager/RequestManagerRetriever.java, line(s) 353,354 com/bumptech/glide/manager/RequestTracker.java, line(s) 25,26 com/bumptech/glide/manager/SupportRequestManagerFragment.java, line(s) 130,139,131,140 com/bumptech/glide/module/ManifestParser.java, line(s) 22,29,40,45,21,28,33,39,44,34 com/bumptech/glide/request/SingleRequest.java, line(s) 411,55,526,456 com/bumptech/glide/request/target/CustomViewTarget.java, line(s) 279,280,294,295 com/bumptech/glide/request/target/ViewTarget.java, line(s) 276,277,291,292 com/bumptech/glide/signature/ApplicationVersionSignature.java, line(s) 45 com/bumptech/glide/util/ContentLengthInputStream.java, line(s) 28,27 com/bumptech/glide/util/pool/FactoryPools.java, line(s) 89,90 com/cmic/sso/sdk/d/k.java, line(s) 165,166,167,168,169,171 com/cmic/sso/sdk/d/m.java, line(s) 27,48,18,42,36,54 com/tbruyelle/rxpermissions2/RxPermissionsFragment.java, line(s) 78,43 com/xuexiang/xpage/AutoPageConfiguration.java, line(s) 31 com/xuexiang/xpage/PageConfig.java, line(s) 41,46 com/xuexiang/xpage/base/XPageActivity.java, line(s) 162,194,202,276,295,477,521,524,114,189,227,248,255,261,268,318,324,331,551,612,672 com/xuexiang/xpage/base/XPageFragment.java, line(s) 110,151,158,167,172,209,216,241,264,281,295,365,371,378,385,391,398 com/xuexiang/xpage/core/CorePageManager.java, line(s) 61,71,74,77,128,131,135,145,150,168,188,197,224,233,65,157 com/xuexiang/xpage/logger/LogcatLogger.java, line(s) 57,66,60,54,72,63,69 com/xuexiang/xpage/utils/ClassUtils.java, line(s) 78,100,111,121,63,151,159 com/xuexiang/xqrcode/XQRCode.java, line(s) 28,32 com/xuexiang/xqrcode/camera/AutoFocusCallback.java, line(s) 26 com/xuexiang/xqrcode/camera/CameraConfigurationManager.java, line(s) 34,38,47,50,56,88,109,126,172,183 com/xuexiang/xqrcode/camera/FlashlightManager.java, line(s) 58,70,81,86,90,15,17 com/xuexiang/xqrcode/camera/PreviewCallback.java, line(s) 36 com/xuexiang/xqrcode/decoding/CaptureViewHandler.java, line(s) 46,49,57,61 com/xuexiang/xqrcode/decoding/DecodeHandler.java, line(s) 61 com/xuexiang/xqrcode/logs/LogcatLogger.java, line(s) 57,66,60,54,72,63,69 com/xuexiang/xqrcode/util/QRCodeProduceUtils.java, line(s) 269 com/xuexiang/xui/XUI.java, line(s) 46,50 com/xuexiang/xui/logs/LogcatLogger.java, line(s) 57,66,60,54,72,63,69 com/xuexiang/xui/utils/SnackbarUtils.java, line(s) 210,313,323,328,345,350,415 com/xuexiang/xui/utils/SpanUtils.java, line(s) 1017,1030 com/xuexiang/xui/widget/banner/widget/banner/base/BaseBanner.java, line(s) 495,504,600,607 com/xuexiang/xui/widget/dialog/bottomsheet/BottomSheet.java, line(s) 137 com/xuexiang/xui/widget/dialog/materialdialog/MaterialDialog.java, line(s) 613 com/xuexiang/xui/widget/dialog/materialdialog/internal/MDTintHelper.java, line(s) 140 com/xuexiang/xui/widget/imageview/edit/ImageFilterView.java, line(s) 91 com/xuexiang/xui/widget/imageview/edit/PhotoEditorView.java, line(s) 71,92 com/xuexiang/xui/widget/imageview/edit/ScaleGestureDetector.java, line(s) 208 com/xuexiang/xui/widget/imageview/nine/NineGridImageView.java, line(s) 762 com/xuexiang/xui/widget/imageview/photoview/PhotoViewAttacher.java, line(s) 328,350,384,832,867,884,60,292,413,526 com/xuexiang/xui/widget/imageview/photoview/gestures/CupcakeGestureDetector.java, line(s) 57 com/xuexiang/xui/widget/imageview/preview/view/BezierBannerView.java, line(s) 388,397,405 com/xuexiang/xui/widget/layout/linkage/LinkageScrollLayout.java, line(s) 61,68,75,81,88,95,214,252,278,389,459,465,472,486,498,572 com/xuexiang/xui/widget/layout/linkage/PosIndicator.java, line(s) 244,251 com/xuexiang/xui/widget/picker/wheelview/WheelView.java, line(s) 327 com/xuexiang/xui/widget/picker/widget/utils/LunarCalendarUtils.java, line(s) 150 com/xuexiang/xui/widget/popupwindow/easypopup/EasyPopup.java, line(s) 362,408 com/xuexiang/xui/widget/progress/materialprogressbar/BaseProgressLayerDrawable.java, line(s) 72 com/xuexiang/xui/widget/progress/materialprogressbar/MaterialProgressBar.java, line(s) 120,298,479 com/xuexiang/xui/widget/spinner/materialspinner/MaterialSpinner.java, line(s) 229 com/xuexiang/xui/widget/statelayout/StatusLoader.java, line(s) 142,167,173,176,179,200 com/xuexiang/xui/widget/tabbar/TabSegment.java, line(s) 434 com/xuexiang/xui/widget/textview/BadgeView.java, line(s) 157 com/xuexiang/xutil/common/logger/LogcatLogger.java, line(s) 57,66,60,54,72,63,69 com/zta/android/Application.java, line(s) 121 com/zta/android/BootShutdownReceiver.java, line(s) 35,38 com/zta/android/QuickTileService.java, line(s) 32 com/zta/android/activity/LoginActivity.java, line(s) 140 com/zta/android/activity/ThemeChangeAwareActivity.java, line(s) 40 com/zta/android/activity/TunnelToggleActivity.java, line(s) 49 com/zta/android/activity/ZtaMainActivity.java, line(s) 119,178,182 com/zta/android/backend/GoBackend.java, line(s) 163,227,278,325,171,186,263,182,266 com/zta/android/backend/WgQuickBackend.java, line(s) 108,55 com/zta/android/configStore/FileConfigStore.java, line(s) 30,57,138,157,149 com/zta/android/fragment/BaseFragment.java, line(s) 142 com/zta/android/fragment/TunnelEditorFragment.java, line(s) 47,131,145,159,243,258,260,53,176,249,275 com/zta/android/fragment/TunnelListFragment.java, line(s) 394,406 com/zta/android/news/activity/HomeActivity.java, line(s) 192,835 com/zta/android/news/fragment/AboutFragment.java, line(s) 205,206 com/zta/android/news/fragment/SetGestureFragment.java, line(s) 76,81,82,86 com/zta/android/news/update/dowload/FileDownloadObservable.java, line(s) 56,60,67,73,80,138 com/zta/android/news/update/util/FileUtils.java, line(s) 70 com/zta/android/news/viewmodel/HomeViewModel.java, line(s) 78,108,142,191 com/zta/android/news/viewmodel/LoginDeviceViewModel.java, line(s) 32,65 com/zta/android/news/viewmodel/ModifyPwdViewModel.java, line(s) 32,68 com/zta/android/news/viewmodel/UserCenterViewModel.java, line(s) 30 com/zta/android/preference/LogExporterPreference.java, line(s) 99 com/zta/android/preference/ZipExporterPreference.java, line(s) 113 com/zta/android/util/RootShell.java, line(s) 74,94,108,117,150,158 com/zta/android/util/SharedLibraryLoader.java, line(s) 37,70,86 com/zta/android/util/ToolsInstaller.java, line(s) 75,78 com/zta/android/viewmodel/ForgetPwdViewModel.java, line(s) 61,66,63 com/zta/android/viewmodel/LoginViewModel.java, line(s) 38,113,118,123,125,127,150,152,156,204,209,214,216,226,228,231,115,206 com/zta/util/DeviceTool.java, line(s) 173 com/zta/util/StartVpnHelper.java, line(s) 257,306 com/zta/util/ZtaSDKManager.java, line(s) 176,177 io/github/inflationx/calligraphy3/ReflectionUtils.java, line(s) 30,32 io/github/inflationx/calligraphy3/TypefaceUtils.java, line(s) 28 io/github/inflationx/viewpump/internal/ReflectionUtils.java, line(s) 47,49 me/samlss/broccoli/util/LogUtil.java, line(s) 16,12
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/zta/android/util/ClipboardUtils.java, line(s) 4,20
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/cmic/sso/sdk/b/c/a.java, line(s) 47,43,44,44 com/cmic/sso/sdk/d/g.java, line(s) 188,303 com/zta/android/news/update/RetrofitHelper.java, line(s) 8,8 com/zta/android/news/viewmodel/BaseViewModel.java, line(s) 74,33
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/xuexiang/xutil/app/AppUtils.java, line(s) 89,112,598 com/xuexiang/xutil/system/DeviceUtils.java, line(s) 182 com/zta/util/DeviceTool.java, line(s) 167
已通过安全项 此应用程序没有隐私跟踪程序
此应用程序不包括任何用户或设备跟踪器。在静态分析期间没有找到任何跟踪器。
重点安全关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (onekey1.cmpassport.com) 通信。
{'ip': '120.197.235.28', 'country_short': 'CN', 'country_long': 'China', 'region': 'Guangdong', 'city': 'Guangzhou', 'latitude': '23.127361', 'longitude': '113.264252'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (log1.cmpassport.com) 通信。
{'ip': '36.138.255.61', 'country_short': 'CN', 'country_long': 'China', 'region': 'Gansu', 'city': 'Lanzhou', 'latitude': '36.056389', 'longitude': '103.792221'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (config.cmpassport.com) 通信。
{'ip': '120.232.169.180', 'country_short': 'CN', 'country_long': 'China', 'region': 'Guangdong', 'city': 'Guangzhou', 'latitude': '23.127361', 'longitude': '113.264252'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (www.cmpassport.com) 通信。
{'ip': '120.197.235.28', 'country_short': 'CN', 'country_long': 'China', 'region': 'Guangdong', 'city': 'Guangzhou', 'latitude': '23.127361', 'longitude': '113.264252'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (ip.3322.net) 通信。
{'ip': '118.184.169.32', 'country_short': 'CN', 'country_long': 'China', 'region': 'Jiangsu', 'city': 'Changzhou', 'latitude': '31.783331', 'longitude': '119.966667'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (smsks1.cmpassport.com) 通信。
{'ip': '120.197.235.28', 'country_short': 'CN', 'country_long': 'China', 'region': 'Guangdong', 'city': 'Guangzhou', 'latitude': '23.127361', 'longitude': '113.264252'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (photocdn.sohu.com) 通信。
{'ip': '180.97.228.140', 'country_short': 'CN', 'country_long': 'China', 'region': 'Jiangsu', 'city': 'Suzhou', 'latitude': '31.311390', 'longitude': '120.618057'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (49d2147716ff75a9dc3c984f02381780.dd.cdntips.com) 通信。
{'ip': '124.232.162.21', 'country_short': 'CN', 'country_long': 'China', 'region': 'Hunan', 'city': 'Changsha', 'latitude': '28.200001', 'longitude': '112.966667'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (p6-juejin.byteimg.com) 通信。
{'ip': '42.81.247.47', 'country_short': 'CN', 'country_long': 'China', 'region': 'Tianjin', 'city': 'Tianjin', 'latitude': '39.142220', 'longitude': '117.176666'}