安全分析报告:
安全分数
安全分数 55/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
1
用户/设备跟踪器
调研结果
高危
1
中危
15
信息
3
安全
2
关注
0
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/pichillilorenzo/flutter_inappwebview/InAppWebViewMethodHandler.java, line(s) 1019,6 com/pichillilorenzo/flutter_inappwebview/in_app_browser/InAppBrowserActivity.java, line(s) 138,17,18 com/pichillilorenzo/flutter_inappwebview/in_app_webview/FlutterWebView.java, line(s) 105,10,11
中危 应用程序存在Janus漏洞
应用程序使用了v1签名方案进行签名,如果只使用v1签名方案,那么它就容易受到安卓5.0-8.0上的Janus漏洞的攻击。在安卓5.0-7.0上运行的使用了v1签名方案的应用程序,以及同时使用了v2/v3签名方案的应用程序也同样存在漏洞。
中危 应用程序可以安装在有漏洞的已更新 Android 版本上
Android 5.0-5.0.2, [minSdk=21] 该应用程序可以安装在具有多个未修复漏洞的旧版本 Android 上。这些设备不会从 Google 接收合理的安全更新。支持 Android 版本 => 10、API 29 以接收合理的安全更新。
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Broadcast Receiver (com.at.skysdk.core.TcUploadCoreReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/at/skysdk/constants/NetConfig.java, line(s) 4,5,7 com/at/skysdk/db/DbManager.java, line(s) 9 com/baseflow/permissionhandler/PermissionUtils.java, line(s) 19 com/bumptech/glide/load/Option.java, line(s) 73 com/bumptech/glide/load/engine/DataCacheKey.java, line(s) 33 com/bumptech/glide/load/engine/EngineResource.java, line(s) 90 com/bumptech/glide/load/engine/ResourceCacheKey.java, line(s) 80 com/bumptech/glide/manager/RequestManagerRetriever.java, line(s) 32 com/dexterous/flutterlocalnotifications/FlutterLocalNotificationsPlugin.java, line(s) 141 com/dexterous/flutterlocalnotifications/isolate/IsolatePreferences.java, line(s) 8,9 com/dexterous/flutterlocalnotifications/models/NotificationDetails.java, line(s) 51,65 com/luck/picture/lib/config/PictureConfig.java, line(s) 24 com/pichillilorenzo/flutter_inappwebview/credential_database/URLCredentialContract.java, line(s) 7,9 com/pichillilorenzo/flutter_inappwebview/types/URLCredential.java, line(s) 88 com/tekartik/sqflite/Constant.java, line(s) 54 com/zhy/http/okhttp/builder/PostFormBuilder.java, line(s) 47 freemarker/core/BuiltinVariable.java, line(s) 43 freemarker/core/Configurable.java, line(s) 31,33,35,37,39,44,42,49,52,54,56,58,60,62,64,67,69,71,73,76 freemarker/template/Configuration.java, line(s) 50,53,57,62,71,75,78,85,88,91,94,97,100,111 freemarker/template/utility/StandardCompress.java, line(s) 11,13 io/flutter/app/FlutterActivityDelegate.java, line(s) 32 io/flutter/embedding/android/FlutterActivityAndFragmentDelegate.java, line(s) 27,28 io/flutter/embedding/android/FlutterActivityLaunchConfigs.java, line(s) 16,18,3,4,17 io/flutter/embedding/engine/loader/ApplicationInfoLoader.java, line(s) 14,13 io/flutter/embedding/engine/loader/FlutterLoader.java, line(s) 31,36,34,35,37,39,40,38,41,44 io/flutter/embedding/engine/systemchannels/SettingsChannel.java, line(s) 15 io/flutter/plugin/editing/SpellCheckPlugin.java, line(s) 16,18,19
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/at/skysdk/db/DeviceUserDao.java, line(s) 4,35 com/at/skysdk/db/MigrationHelper.java, line(s) 5,99 com/at/skysdk/db/TcNoteDao.java, line(s) 4,41 com/pichillilorenzo/flutter_inappwebview/credential_database/CredentialDatabaseHelper.java, line(s) 4,5,18 com/tekartik/sqflite/Database.java, line(s) 9,10,11,12,13,460 org/greenrobot/greendao/AbstractDao.java, line(s) 6,7,108 org/greenrobot/greendao/DbUtils.java, line(s) 6,13 org/greenrobot/greendao/database/StandardDatabase.java, line(s) 5,14
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/at/skysdk/util/DeviceUtil.java, line(s) 162 dev/fluttercommunity/plus/packageinfo/PackageInfoPlugin.java, line(s) 164
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/chavesgu/images_picker/FileSaver.java, line(s) 44,90 com/luck/picture/lib/PictureExternalPreviewActivity.java, line(s) 454,537,450,452,533,535 com/luck/picture/lib/compress/Luban.java, line(s) 114 com/luck/picture/lib/manager/PictureCacheManager.java, line(s) 40,76,93,110 com/luck/picture/lib/tools/CameraFileUtils.java, line(s) 65,96,127 com/luck/picture/lib/tools/PictureFileUtils.java, line(s) 95,97,99,160,314,330,338,346,358,363,368,50,51,162,304 com/pichillilorenzo/flutter_inappwebview/in_app_webview/InAppWebViewChromeClient.java, line(s) 1075,1069 com/xuexiang/flutter_xupdate/utils/FileUtils.java, line(s) 227,231,235,239 com/xuexiang/flutter_xupdate/utils/UpdateUtils.java, line(s) 229 com/yalantis/ucrop/PictureMultiCuttingActivity.java, line(s) 127 io/flutter/plugins/pathprovider/Messages.java, line(s) 124,146,202,223 io/flutter/plugins/pathprovider/PathProviderPlugin.java, line(s) 89,206
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/chavesgu/images_picker/ImagesPickerPlugin.java, line(s) 270,290 com/journeyapps/barcodescanner/CaptureManager.java, line(s) 263 com/pichillilorenzo/flutter_inappwebview/in_app_webview/InAppWebViewChromeClient.java, line(s) 1075
中危 IP地址泄露
IP地址泄露 Files: com/ft/movie/project_speed/service/MyVpnService.java, line(s) 21,23,22,25,80,164
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/xuexiang/flutter_xupdate/utils/ColorUtils.java, line(s) 6 freemarker/debug/impl/DebuggerServer.java, line(s) 17 j$/util/concurrent/ThreadLocalRandom.java, line(s) 19 org/greenrobot/greendao/test/DbTest.java, line(s) 7
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/xuexiang/flutter_xupdate/utils/Md5Utils.java, line(s) 20
中危 应用程序包含隐私跟踪程序
此应用程序有多个1隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "library_zxingandroidembedded_authorWebsite" : "https://journeyapps.com/" "library_zxingandroidembedded_author" : "JourneyApps" 5e5398f0546d1d7afd62641edb14d82894f11ddc41bce363a0c8d0dac82c9c5a 16a09e667f3bcc908b2fb1366ea957d3e3adec17512775099da2f590b0667322a
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/at/skysdk/db/DaoMaster.java, line(s) 59,75 com/at/skysdk/presenter/TcNetworkObserver.java, line(s) 42,54 com/at/skysdk/presenter/TcScreenObserver.java, line(s) 47,57 com/at/skysdk/util/LogUtil.java, line(s) 82,85 com/baseflow/permissionhandler/AppSettingsManager.java, line(s) 16 com/baseflow/permissionhandler/PermissionManager.java, line(s) 151,218,221,280,286,289,303 com/baseflow/permissionhandler/PermissionUtils.java, line(s) 607,611,616 com/baseflow/permissionhandler/ServiceManager.java, line(s) 26 com/bumptech/glide/Glide.java, line(s) 214,223,141,140,213,220,252,253 com/bumptech/glide/gifdecoder/GifHeaderParser.java, line(s) 236,275,235,274 com/bumptech/glide/gifdecoder/StandardGifDecoder.java, line(s) 152,170,189,151,169,188,210,219 com/bumptech/glide/load/data/AssetPathFetcher.java, line(s) 36,35 com/bumptech/glide/load/data/HttpUrlFetcher.java, line(s) 53,133,52,56,61,68,132,65,69 com/bumptech/glide/load/data/LocalUriFetcher.java, line(s) 38,37 com/bumptech/glide/load/data/mediastore/ThumbFetcher.java, line(s) 52,51 com/bumptech/glide/load/data/mediastore/ThumbnailStreamOpener.java, line(s) 61,111,60,110 com/bumptech/glide/load/engine/DecodeJob.java, line(s) 341,387,448 com/bumptech/glide/load/engine/DecodePath.java, line(s) 56,57 com/bumptech/glide/load/engine/Engine.java, line(s) 27,111 com/bumptech/glide/load/engine/GlideException.java, line(s) 81 com/bumptech/glide/load/engine/SourceGenerator.java, line(s) 89,90 com/bumptech/glide/load/engine/bitmap_recycle/LruArrayPool.java, line(s) 89,143,90,144 com/bumptech/glide/load/engine/bitmap_recycle/LruBitmapPool.java, line(s) 143,173,181,205,88,95,142,152,172,180,194,204,213,89,96,153,219,195 com/bumptech/glide/load/engine/cache/DiskLruCacheWrapper.java, line(s) 52,62,76,82,112,123,53,77,63,83,113,124 com/bumptech/glide/load/engine/cache/MemorySizeCalculator.java, line(s) 64,48 com/bumptech/glide/load/engine/executor/GlideExecutor.java, line(s) 183,180 com/bumptech/glide/load/engine/executor/RuntimeCompat.java, line(s) 37,36 com/bumptech/glide/load/engine/prefill/BitmapPreFillRunner.java, line(s) 69,68 com/bumptech/glide/load/model/ByteBufferEncoder.java, line(s) 20,19 com/bumptech/glide/load/model/ByteBufferFileLoader.java, line(s) 59,58 com/bumptech/glide/load/model/FileLoader.java, line(s) 64,63 com/bumptech/glide/load/model/ResourceLoader.java, line(s) 39,40 com/bumptech/glide/load/model/StreamEncoder.java, line(s) 39,38 com/bumptech/glide/load/resource/ImageDecoderResourceDecoder.java, line(s) 64,65 com/bumptech/glide/load/resource/bitmap/BitmapEncoder.java, line(s) 62,61,78,79 com/bumptech/glide/load/resource/bitmap/BitmapImageDecoderResourceDecoder.java, line(s) 18,19 com/bumptech/glide/load/resource/bitmap/DefaultImageHeaderParser.java, line(s) 115,122,139,146,179,189,201,215,229,235,239,244,250,254,114,121,138,145,178,188,200,214,228,234,238,243,249,253 com/bumptech/glide/load/resource/bitmap/Downsampler.java, line(s) 212,333,366,164,185,211,295,332,365,165,296,392 com/bumptech/glide/load/resource/bitmap/DrawableToBitmapConverter.java, line(s) 44,49,45,50 com/bumptech/glide/load/resource/bitmap/HardwareConfigState.java, line(s) 133,134 com/bumptech/glide/load/resource/bitmap/TransformationUtils.java, line(s) 169,113,122,129,146,151,168,114,123,130,131,132,136,147,152 com/bumptech/glide/load/resource/bitmap/VideoDecoder.java, line(s) 134,133 com/bumptech/glide/load/resource/gif/ByteBufferGifDecoder.java, line(s) 80,85,90,99,81,86,91,100 com/bumptech/glide/load/resource/gif/GifDrawableEncoder.java, line(s) 25,26 com/bumptech/glide/load/resource/gif/StreamGifDecoder.java, line(s) 55,56 com/bumptech/glide/manager/DefaultConnectivityMonitor.java, line(s) 23,22,52,70,53,71 com/bumptech/glide/manager/DefaultConnectivityMonitorFactory.java, line(s) 15,14 com/bumptech/glide/manager/RequestManagerFragment.java, line(s) 123,124 com/bumptech/glide/manager/RequestManagerRetriever.java, line(s) 319,320,328 com/bumptech/glide/manager/RequestTracker.java, line(s) 24,25 com/bumptech/glide/manager/SupportRequestManagerFragment.java, line(s) 130,139,131,140 com/bumptech/glide/module/ManifestParser.java, line(s) 22,29,40,45,21,28,33,39,44,34 com/bumptech/glide/request/SingleRequest.java, line(s) 406,23,527,453 com/bumptech/glide/request/target/CustomViewTarget.java, line(s) 280,281,295,296 com/bumptech/glide/request/target/ViewTarget.java, line(s) 277,278,292,293 com/bumptech/glide/signature/ApplicationVersionSignature.java, line(s) 46 com/bumptech/glide/util/ContentLengthInputStream.java, line(s) 28,27 com/bumptech/glide/util/pool/FactoryPools.java, line(s) 89,90 com/chavesgu/images_picker/ImagesPickerPlugin.java, line(s) 241,303,308,311 com/chavesgu/scan/QRCodeDecoder.java, line(s) 169 com/chavesgu/scan/ScanDrawView.java, line(s) 113 com/chavesgu/scan/ScanViewNew.java, line(s) 137,140 com/dexterous/flutterlocalnotifications/ActionBroadcastReceiver.java, line(s) 54,63 com/dexterous/flutterlocalnotifications/FlutterLocalNotificationsPlugin.java, line(s) 174,192,995,1472 com/dexterous/flutterlocalnotifications/ScheduledNotificationReceiver.java, line(s) 29 com/ft/movie/project_speed/AndroidBackPlugin.java, line(s) 148 com/ft/movie/project_speed/HelperUtils.java, line(s) 73 com/huawei/hmf/tasks/a/g.java, line(s) 30,40,66 com/journeyapps/barcodescanner/CameraPreview.java, line(s) 633,660,147,242,337,753,492,733 com/journeyapps/barcodescanner/CaptureManager.java, line(s) 95,116,270 com/journeyapps/barcodescanner/DecoderThread.java, line(s) 119 com/journeyapps/barcodescanner/camera/AutoFocusManager.java, line(s) 70,94,111 com/journeyapps/barcodescanner/camera/CameraConfigurationUtils.java, line(s) 44,61,64,79,82,87,96,115,121,124,130,132,136,141,143,147,158,161,165,170,186,189,193,198,214,220,230,231,235,240,201 com/journeyapps/barcodescanner/camera/CameraInstance.java, line(s) 25,37,52,65,212,29,44,57,69 com/journeyapps/barcodescanner/camera/CameraManager.java, line(s) 53,70,345,356,178,208,248,174,180,262,270 com/journeyapps/barcodescanner/camera/CenterCropStrategy.java, line(s) 27 com/journeyapps/barcodescanner/camera/FitCenterStrategy.java, line(s) 27 com/journeyapps/barcodescanner/camera/LegacyPreviewScalingStrategy.java, line(s) 41,42,73 com/journeyapps/barcodescanner/camera/PreviewScalingStrategy.java, line(s) 21,22 com/luck/picture/lib/PictureCustomCameraActivity.java, line(s) 146 com/luck/picture/lib/PictureSelectorPreviewWeChatStyleActivity.java, line(s) 341 com/luck/picture/lib/broadcast/BroadcastManager.java, line(s) 149,155,41,52,63,74,85,96,107,118,129,140 com/luck/picture/lib/compress/Checker.java, line(s) 63,83,89,105,122 com/luck/picture/lib/compress/Luban.java, line(s) 122,121 com/luck/picture/lib/io/LruArrayPool.java, line(s) 84,125,85,126 com/luck/picture/lib/model/LocalMediaPageLoader.java, line(s) 338,495 com/luck/picture/lib/thread/PictureThreadUtils.java, line(s) 114,125,223,284,303,308,349,292 com/luck/picture/lib/tools/PictureFileUtils.java, line(s) 127 com/luck/picture/lib/widget/longimage/SkiaPooledImageRegionDecoder.java, line(s) 372 com/luck/picture/lib/widget/longimage/SubsamplingScaleImageView.java, line(s) 1959,1371,1469,1473,1550,1554,571,872,1641,1650,1679,1684,2360 com/pichillilorenzo/flutter_inappwebview/JavaScriptBridgeInterface.java, line(s) 109 com/pichillilorenzo/flutter_inappwebview/ServiceWorkerManager.java, line(s) 184 com/pichillilorenzo/flutter_inappwebview/Util.java, line(s) 231,132,143,163 com/pichillilorenzo/flutter_inappwebview/chrome_custom_tabs/CustomTabsHelper.java, line(s) 74 com/pichillilorenzo/flutter_inappwebview/content_blocker/ContentBlockerHandler.java, line(s) 187,273 com/pichillilorenzo/flutter_inappwebview/in_app_browser/InAppBrowserActivity.java, line(s) 335,132 com/pichillilorenzo/flutter_inappwebview/in_app_browser/InAppBrowserManager.java, line(s) 82 com/pichillilorenzo/flutter_inappwebview/in_app_webview/DisplayListenerProxy.java, line(s) 80 com/pichillilorenzo/flutter_inappwebview/in_app_webview/FlutterWebView.java, line(s) 95 com/pichillilorenzo/flutter_inappwebview/in_app_webview/InAppWebView.java, line(s) 1172 com/pichillilorenzo/flutter_inappwebview/in_app_webview/InAppWebViewChromeClient.java, line(s) 1037,1125 com/pichillilorenzo/flutter_inappwebview/in_app_webview/InAppWebViewClient.java, line(s) 122,337,401,454,509,552,612,649,718,759 com/pichillilorenzo/flutter_inappwebview/in_app_webview/InAppWebViewRenderProcessClient.java, line(s) 49,81 com/pichillilorenzo/flutter_inappwebview/in_app_webview/InputAwareWebView.java, line(s) 89,113,121,129,49 com/tekartik/sqflite/Database.java, line(s) 97,113,207,292,356,384,466,476,544,130,493,569 com/tekartik/sqflite/SqflitePlugin.java, line(s) 283,289,300,320,325,363,379,405,420,436,461,470,440,465 com/tekartik/sqflite/Utils.java, line(s) 28 com/tekartik/sqflite/dev/Debug.java, line(s) 11 com/xuexiang/flutter_xupdate/OKHttpUpdateHttpService.java, line(s) 30 com/xuexiang/flutter_xupdate/UpdateManager.java, line(s) 82,124,281,295,156,170,204,241,252,267 com/xuexiang/flutter_xupdate/XUpdate.java, line(s) 91,112,116,142,148,154,160,171,176 com/xuexiang/flutter_xupdate/_XUpdate.java, line(s) 156 com/xuexiang/flutter_xupdate/listener/impl/DefaultUpdateFailureListener.java, line(s) 9 com/xuexiang/flutter_xupdate/logs/LogcatLogger.java, line(s) 58,67,61,55,73,64,70 com/xuexiang/flutter_xupdate/proxy/impl/DefaultFileEncryptor.java, line(s) 22 com/xuexiang/flutter_xupdate/proxy/impl/DefaultUpdateParser.java, line(s) 99 com/xuexiang/flutter_xupdate/proxy/impl/DefaultUpdatePrompter.java, line(s) 24,20 com/xuexiang/flutter_xupdate/service/DownloadService.java, line(s) 167,285,136,171 com/xuexiang/flutter_xupdate/utils/UpdateUtils.java, line(s) 274,284,291 com/yalantis/ucrop/UCropActivity.java, line(s) 211 com/yalantis/ucrop/task/BitmapCropTask.java, line(s) 122 com/yalantis/ucrop/task/BitmapLoadTask.java, line(s) 126,160,205,88,91,131,143,148 com/yalantis/ucrop/util/BitmapLoadUtils.java, line(s) 104,51,83 com/yalantis/ucrop/util/EglUtils.java, line(s) 26 com/yalantis/ucrop/util/ImageHeaderParser.java, line(s) 54,61,72,79,112,122,134,148,162,168,172,177,183,187,290,53,60,71,78,111,121,133,147,161,167,171,176,182,186 com/yalantis/ucrop/view/TransformImageView.java, line(s) 215,236,124,78 com/zhy/http/okhttp/cookie/store/PersistentCookieStore.java, line(s) 141,150,153 com/zhy/http/okhttp/log/LoggerInterceptor.java, line(s) 40,43,45,47,50,54,58,61,63,74,76,78,81,86,89,91,94 com/zhy/http/okhttp/utils/L.java, line(s) 9 freemarker/core/CommandLine.java, line(s) 9,10,11,13,14,15,17,19,20,22,23,24,25,26,27,28 freemarker/ext/dom/Transform.java, line(s) 25,167 freemarker/log/Logger.java, line(s) 325,328 freemarker/template/utility/ToCanonical.java, line(s) 19,24,46 io/flutter/Log.java, line(s) 45,49,37,41,53,57 io/flutter/app/FlutterActivityDelegate.java, line(s) 331 io/flutter/embedding/android/FlutterActivity.java, line(s) 261,258,347,584,589 io/flutter/embedding/android/FlutterActivityAndFragmentDelegate.java, line(s) 159,191,219,229,243,255,274,297,342,351,369,379,389,403,425,429,457,467,477,492,502,515,356,461,471,486,496,506 io/flutter/embedding/android/FlutterFragment.java, line(s) 590,700,571,795,800 io/flutter/embedding/android/FlutterFragmentActivity.java, line(s) 173,170,215,233 io/flutter/embedding/android/FlutterImageView.java, line(s) 67 io/flutter/embedding/android/FlutterSurfaceView.java, line(s) 42,51,59,73,112,114,122,132,166,141,152 io/flutter/embedding/android/FlutterTextureView.java, line(s) 36,45,53,80,82,88,97,141,104,115 io/flutter/embedding/android/FlutterView.java, line(s) 808,131,217,281,336,391,424,426,429,432,458,468,512,534,624,640,784,787,790,833,835,910,915,1023 io/flutter/embedding/android/KeyboardManager.java, line(s) 125,137 io/flutter/embedding/engine/FlutterEngine.java, line(s) 107,170,189 io/flutter/embedding/engine/FlutterEngineConnectionRegistry.java, line(s) 248,265,284,298,313,327,341,355,392,451,486,61,74,71 io/flutter/embedding/engine/FlutterJNI.java, line(s) 325,666,685,161,169,177,516,525,534,550 io/flutter/embedding/engine/dart/DartExecutor.java, line(s) 60,65,84,99,79,94 io/flutter/embedding/engine/dart/DartMessenger.java, line(s) 255,329,176,186,221,229,248,260,297,316,320 io/flutter/embedding/engine/deferredcomponents/PlayStoreDeferredComponentManager.java, line(s) 55,59,63,67,71,98,107,111,115,86,146,174,191,235,315 io/flutter/embedding/engine/loader/FlutterLoader.java, line(s) 216,260 io/flutter/embedding/engine/loader/ResourceExtractor.java, line(s) 68,94 io/flutter/embedding/engine/plugins/shim/ShimPluginRegistry.java, line(s) 28 io/flutter/embedding/engine/plugins/shim/ShimRegistrar.java, line(s) 165,171,181,188,194,201 io/flutter/embedding/engine/plugins/util/GeneratedPluginRegister.java, line(s) 12,13 io/flutter/embedding/engine/renderer/FlutterRenderer.java, line(s) 98,106,115,201,242,350 io/flutter/embedding/engine/systemchannels/AccessibilityChannel.java, line(s) 40 io/flutter/embedding/engine/systemchannels/DeferredComponentChannel.java, line(s) 30 io/flutter/embedding/engine/systemchannels/KeyEventChannel.java, line(s) 63 io/flutter/embedding/engine/systemchannels/LifecycleChannel.java, line(s) 57 io/flutter/embedding/engine/systemchannels/LocalizationChannel.java, line(s) 58,61 io/flutter/embedding/engine/systemchannels/MouseCursorChannel.java, line(s) 28 io/flutter/embedding/engine/systemchannels/NavigationChannel.java, line(s) 28,33,38,45 io/flutter/embedding/engine/systemchannels/PlatformChannel.java, line(s) 70,292 io/flutter/embedding/engine/systemchannels/PlatformViewsChannel.java, line(s) 68 io/flutter/embedding/engine/systemchannels/RestorationChannel.java, line(s) 81 io/flutter/embedding/engine/systemchannels/SettingsChannel.java, line(s) 127,130,151,85 io/flutter/embedding/engine/systemchannels/SpellCheckChannel.java, line(s) 25,30 io/flutter/embedding/engine/systemchannels/SystemChannel.java, line(s) 17 io/flutter/embedding/engine/systemchannels/TextInputChannel.java, line(s) 62,250,255,260,270,275,280,285,290,295,300,305,310,345 io/flutter/plugin/common/BasicMessageChannel.java, line(s) 88,110 io/flutter/plugin/common/EventChannel.java, line(s) 79,87,101 io/flutter/plugin/common/MethodChannel.java, line(s) 85,117 io/flutter/plugin/editing/InputConnectionAdaptor.java, line(s) 181,200,232 io/flutter/plugin/editing/ListenableEditingState.java, line(s) 56,71,113,125,138,80,116 io/flutter/plugin/editing/TextEditingDelta.java, line(s) 84 io/flutter/plugin/editing/TextInputPlugin.java, line(s) 346,451 io/flutter/plugin/platform/ImageReaderPlatformViewRenderTarget.java, line(s) 26 io/flutter/plugin/platform/PlatformPlugin.java, line(s) 374 io/flutter/plugin/platform/PlatformViewWrapper.java, line(s) 110 io/flutter/plugin/platform/PlatformViewsController.java, line(s) 110,124,176,199,234,239,257,265,277,285,791,329,334,361,477 io/flutter/plugin/platform/SingleViewPresentation.java, line(s) 89,292,301,309,320 io/flutter/plugin/platform/SurfaceTexturePlatformViewRenderTarget.java, line(s) 102 io/flutter/plugins/GeneratedPluginRegistrant.java, line(s) 29,34,39,44,49,54,59,64,69,74,79,84,89,94,99,104,109 io/flutter/plugins/deviceinfo/DeviceInfoPlugin.java, line(s) 32,35 io/flutter/plugins/pathprovider/PathProviderPlugin.java, line(s) 22 io/flutter/plugins/urllauncher/UrlLauncherPlugin.java, line(s) 28,39,49 io/flutter/plugins/videoplayer/VideoPlayerPlugin.java, line(s) 80,109 io/flutter/view/AccessibilityBridge.java, line(s) 913 io/flutter/view/AccessibilityViewEmbedder.java, line(s) 295,301,308,315,328,357,360,374,376,383,386,389,402,404,412,443,446 io/flutter/view/FlutterNativeView.java, line(s) 147,59 io/flutter/view/FlutterView.java, line(s) 659,264 net/sqlcipher/AbstractCursor.java, line(s) 237 net/sqlcipher/BulkCursorToCursorAdaptor.java, line(s) 48,96,137,163,174,184,202,107,118,222 net/sqlcipher/DatabaseUtils.java, line(s) 64,73,583,650 net/sqlcipher/DefaultDatabaseErrorHandler.java, line(s) 12,14,18,29,34 net/sqlcipher/database/SQLiteCompiledSql.java, line(s) 47,65,72,83,93 net/sqlcipher/database/SQLiteContentHelper.java, line(s) 24 net/sqlcipher/database/SQLiteCursor.java, line(s) 213,228,267,400 net/sqlcipher/database/SQLiteDatabase.java, line(s) 373,375,456,213,226,241,325,394,598,971,984,1043,1164,1248,1391,367,1044,1156,914,922,942,953,1045,1157,1445,1463,1482,1494,1458 net/sqlcipher/database/SQLiteDebug.java, line(s) 7,8,9,10,11,12 net/sqlcipher/database/SQLiteOpenHelper.java, line(s) 126,145 net/sqlcipher/database/SQLiteProgram.java, line(s) 62,68 net/sqlcipher/database/SQLiteQuery.java, line(s) 41 net/sqlcipher/database/SQLiteQueryBuilder.java, line(s) 132,131 net/sqlcipher/database/SqliteWrapper.java, line(s) 33,43,53,63,73 org/greenrobot/greendao/AbstractDao.java, line(s) 315,269,643 org/greenrobot/greendao/DaoException.java, line(s) 27,28 org/greenrobot/greendao/DaoLog.java, line(s) 34,38,66,14,42,46,26,30,50,54,58,62 org/greenrobot/greendao/DbUtils.java, line(s) 86,28 org/greenrobot/greendao/async/AsyncOperationExecutor.java, line(s) 172,182,194,128 org/greenrobot/greendao/generator/DaoGenerator.java, line(s) 26,27,28 org/greenrobot/greendao/internal/LongHashMap.java, line(s) 132 org/greenrobot/greendao/query/QueryBuilder.java, line(s) 243,246 org/greenrobot/greendao/test/AbstractDaoTest.java, line(s) 54,57,46 org/greenrobot/greendao/test/AbstractDaoTestLongPk.java, line(s) 31,34 org/greenrobot/greendao/test/DbTest.java, line(s) 84
信息 此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密
此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密 Files: com/at/skysdk/db/DbManager.java, line(s) 30,6
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: io/flutter/plugin/editing/InputConnectionAdaptor.java, line(s) 4,353,362 io/flutter/plugin/platform/PlatformPlugin.java, line(s) 7,382
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/xuexiang/flutter_xupdate/utils/ApkInstallUtils.java, line(s) 89,133
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/zhy/http/okhttp/https/HttpsUtils.java, line(s) 106,170,41,104,104,168,168