安全分析报告:
安全分数
安全分数 39/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
2
用户/设备跟踪器
调研结果
高危
7
中危
19
信息
2
安全
1
关注
9
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危 基本配置配置为信任用户安装的证书。
Scope: *
高危 应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文
应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode Files: p4/h.java, line(s) 32,47,62 w2/a7.java, line(s) 185
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: w2/a7.java, line(s) 63,118,197,210 w2/b4.java, line(s) 82
高危 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: h9/d.java, line(s) 208,207 v4/d.java, line(s) 180,179
高危 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: h4/c.java, line(s) 31
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/example/wallet/activity/WebViewForDataActivity.java, line(s) 40,5
中危 基本配置配置为信任系统证书。
Scope: *
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 Activity (demo.sample.txcode.addfile.ui.acitivity.SplashActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.tencent.qcloud.tim.demo.main.MainActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (demo.sample.txcode.addfile.ui.acitivity.MainTainActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.tencent.qcloud.tim.demo.main.MainMinimalistActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: b3/d.java, line(s) 17,21,29,33 com/aigpt/sdk/cp.java, line(s) 72,76,84,88 com/luck/lib/camerax/utils/FileUtils.java, line(s) 145,171,171,100,101 com/lxj/xpopup/util/f.java, line(s) 108,131 com/tencent/cloud/tuikit/engine/room/internal/TUIRoomEngineJni.java, line(s) 583 com/tencent/cloud/tuikit/roomkit/view/settingview/AudioSettingView.java, line(s) 67 com/yalantis/ucrop/util/FileUtils.java, line(s) 96 com/zs/easy/imgcompress/util/ImgCompressUtil.java, line(s) 196 d1/d.java, line(s) 8 jc/g.java, line(s) 77,79 k7/i.java, line(s) 388 n4/a.java, line(s) 102 o9/r.java, line(s) 17,21,29,33 p4/h0.java, line(s) 51 w2/a4.java, line(s) 181,182 w2/e.java, line(s) 46 w2/u4.java, line(s) 478 w2/u7.java, line(s) 569,782 w2/w1.java, line(s) 202,207
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: cc/b.java, line(s) 17 com/tencent/qimei/m/a.java, line(s) 11 com/tencent/qimei/r/f.java, line(s) 10 com/tencent/qimei/w/b.java, line(s) 3 fc/c.java, line(s) 4 pb/a.java, line(s) 15 rb/a.java, line(s) 10 w2/i0.java, line(s) 4 w2/n6.java, line(s) 12 w2/u7.java, line(s) 34 wa/a.java, line(s) 3 wa/b.java, line(s) 3 xa/a.java, line(s) 3
中危 IP地址泄露
IP地址泄露 Files: b3/o1.java, line(s) 34 com/tencent/cloud/tuikit/engine/call/TUICallDefine.java, line(s) 14 com/tencent/qimei/e/c.java, line(s) 144 com/tencent/qimei/upload/BuildConfig.java, line(s) 12 pb/c.java, line(s) 78 w2/m6.java, line(s) 147 w2/w1.java, line(s) 116
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/jeremyliao/liveeventbus/ipc/consts/IpcConst.java, line(s) 5 com/tencent/cloud/tuikit/roomkit/imaccess/model/observer/RoomObserver.java, line(s) 127,143,152,30 com/tencent/cloud/tuikit/videoseat/viewmodel/VideoSeatViewModel.java, line(s) 83,412,331,341 demo/sample/txcode/addfile/bean/ForgetPwdReqBean.java, line(s) 155,155 demo/sample/txcode/addfile/bean/LoginReqBean.java, line(s) 152 demo/sample/txcode/addfile/bean/QiniItemResBean.java, line(s) 55 demo/sample/txcode/addfile/bean/RegisterReqBean.java, line(s) 192 e3/g.java, line(s) 76 g3/d.java, line(s) 31 g3/p.java, line(s) 95 g3/x.java, line(s) 68 q2/a.java, line(s) 32
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/tencent/qimei/m/a.java, line(s) 64 com/tencent/qmsp/oaid2/l.java, line(s) 78 h4/v.java, line(s) 166,184 p4/u.java, line(s) 24 w2/c4.java, line(s) 22,114
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: b3/l1.java, line(s) 155 com/aigpt/sdk/bt.java, line(s) 57 com/aigpt/sdk/s.java, line(s) 153 com/tencent/qmsp/oaid2/h0.java, line(s) 62 m9/d.java, line(s) 171 o9/c0.java, line(s) 137 o9/i.java, line(s) 54 pb/a.java, line(s) 86 w2/w3.java, line(s) 84
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/tencent/qimei/ad/k.java, line(s) 31,30 com/tencent/qimei/ad/n.java, line(s) 33,34 h9/d.java, line(s) 375,383 k7/a.java, line(s) 77,60 v4/d.java, line(s) 372,381
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: w2/b5.java, line(s) 3,23,24,25,26,27 w2/d7.java, line(s) 5,179,227 w2/g7.java, line(s) 3,23,24 w2/r5.java, line(s) 3,37
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/tencent/qimei/ad/k.java, line(s) 33,30 com/tencent/qimei/ad/n.java, line(s) 36,34
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: c2/b.java, line(s) 100 com/luck/lib/camerax/CustomCameraView.java, line(s) 183,230,626 s/r.java, line(s) 131
中危 应用程序包含隐私跟踪程序
此应用程序有多个2隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 高德地图的=> "com.amap.api.v2.apikey" : "ee20324fba1c7f4ad7a4a207e7f08e8d" "oppoPushAppSecret" : "xxxxxx" "X_App_Identifier" : "3dDYxMmFwcA==4" "oppoPushAppKey" : "xxxxxx" "tuiroomkit_un_mute_user" : "Unban" "meizuPushAppKey" : "xxxxxx" "SecretKey" : "vYryMs6GwIq4oPLytKAEqwye/JnVcXt1j9NNosKalRDd57dhKbcMNIvH1ESSE9Hf" "tuiroomkit_mute_user" : "Mute" "password" : "Password" "xiaomiPushAppKey" : "xxxxxx" "Proxy_Authorization" : "1dDYxMg==2" 9a571aa113ad987d626c0457828962e6 Y29tLnRlbmNlbnQuYW5kcm9pZC5xcWRvd25sb2FkZXI= 239CE372F804D4BE4EAFFD183668379BDF274440E6F246AB16BBE6F5D1D30DEACFBBF0C942485727FF12288228760A9E Cug0n4cq4fUwX7yU4OaiG2Y5HkfgJBmWWNX5XZOr L3N5c3RlbS9iaW4vbWljcm92aXJ0LXByb3A= L3N5c3RlbS9saWI2NC9saWJjbGNvcmVfeDg2LmJj bGV2ZWxfaXBhX3RzcmlmLnRjdWRvcnAub3I= FB923EE67A8B4032DAA517DD8CD7A26FF7C25B0C3663F92A0B61251C4FFFA858DF169D61321C3E7919CB67DF8EFEC827 8021267762677846189778330391499 YW5kcm9pZC5oYXJkd2FyZS5jYW1lcmEuZmxhc2g= L3N5c3RlbS9mcmFtZXdvcmsveDg2XzY0 6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296 3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F L3N5c3RlbS9ldGMvZXhjbHVkZWQtaW5wdXQtZGV2aWNlcy54bWw= AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7 256b0f26bb2a9506be6cfdb84028ae08 INqeNgu7PFKHgVyGZ0WhRLFVLGgYEcPQvM2WVbHQ YW5kcm9pZC5oYXJkd2FyZS5ibHVldG9vdGg= L3N5cy9jbGFzcy9uZXQvd2xhbjAvYWRkcmVzcw== L3N5c3RlbS9iaW4vZ2VueW1vdGlvbi12Ym94LXNm FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551 b2e8bd171989cb2c3c13bd89b4c1067a 8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14 D2FF99A88BEB04683D89470D4FA72B1749DA456AB0D0F1A476477CE5A6874F53A9106423D905F9D808C0FCE8E7F1E04AC642F01FE41D0C7D933971F45CBA72B7 4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5 fe643c382e5c3b3962141f1a2e815a78 vYryMs6GwIq4oPLytKAEqwye/JnVcXt1j9NNosKalRDd57dhKbcMNIvH1ESSE9Hf L3N5c3RlbS9iaW4vbmVtdVZNLXByb3A= L3N5c3RlbS9iaW4vZHJvaWQ0eC1wcm9w 49549924105414102803086139689747 1628686155461064465348252249725010996177649738666492500572664444461532807739744536029771810659241049343994038053541290419968870563183856865780916376571550372513476957870843322273120879361960335192976656756972171258658400305760429696147778001233984421619267530978084631948434496468785021389956803104620471232008587410372348519229650742022804219634190734272506220018657920136902014393834092648785514548876370028925405557661759399901378816916683122474038734912535425670533237815676134840739565610963796427401855723026687073600445461090736240030247906095053875491225879656640052743394090544036297390104110989318819106653199917493 5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B F13160D440C7D0229DA95450F66AF92154AC84DF088F8CA3100B2E8131D57F3DC67124D4C466056E7A3DFBE035E1B9A4B9DA4DB68AE65A43EDFD92F5C60EF0C9 8UbJH6N2szojnTHONAWzB6K7N1kaj7Y0iUMarxac B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF 668319f11506def6208d6afe320dfd52 L3N5c3RlbS9saWIvbGliY2xjb3JlX3g4Ni5iYw== OXRk6GzfFwVeC9TJuNU0dLH 53E53D46011A6BBAEA4FAE5442E659E0577CDD336F930C28635C322FB3F51C3C63F7FBAC9EAE448DFA2E5E5D716C4807 AF2228680EDC323FBA035362EB7E1E38A0C33E1CF6F6FB805EE553A230CBA754CD9552EB9B546542CBE619E8293151BE a9a9d23668a1a7ea93de9b21d67e436a
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a1/c.java, line(s) 83,92,136,146 a1/m.java, line(s) 40,63 a2/a.java, line(s) 165,170,177,181,197,207 b3/w0.java, line(s) 10,18,14 b4/a.java, line(s) 54,55 c2/a.java, line(s) 97,211,253,255,64,71,73,79,197,199,205,208,242,37,67,75,82,93,103,115,132,178 c2/b.java, line(s) 57,68,70,101,117,177,179,196,208,212,214,219,224,266,288,94,173,181,204,276,292,307 c3/b.java, line(s) 324 c9/b.java, line(s) 10,16 c9/c.java, line(s) 19,31 c9/e.java, line(s) 16 com/aigpt/sdk/du.java, line(s) 10,18,14 com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java, line(s) 637,206,210,386,390,458,789,794,805,814,1515,1712,2036 com/davemorrissey/labs/subscaleview/decoder/SkiaPooledImageRegionDecoder.java, line(s) 118 com/example/wallet/widget/EmptyLayout.java, line(s) 103 com/example/wallet/widget/MyViewPager.java, line(s) 1034 com/jeremyliao/liveeventbus/logger/DefaultLogger.java, line(s) 22,41,12,31,20,39,24,43,16,35 com/just/agentweb/AgentWebView.java, line(s) 68,97,107,50,197 com/lxj/xpopup/core/BasePopupView.java, line(s) 406,413,664,668 com/lxj/xpopup/util/KeyboardUtils.java, line(s) 76 com/lxj/xpopup/util/XPermission.java, line(s) 115 com/lxj/xpopup/widget/SmartDivider.java, line(s) 27 com/tencent/cloud/tuikit/engine/room/internal/TUIRoomEngineJni.java, line(s) 574,624,571,601,621 com/tencent/cloud/tuikit/engine/room/internal/utils/SoLoader.java, line(s) 21,23,25,35,39,42,48,57,61,64 com/tencent/cloud/tuikit/roomkit/imaccess/TUIRoomImAccessService.java, line(s) 51,55,60,100 com/tencent/cloud/tuikit/roomkit/imaccess/model/manager/RoomMsgManager.java, line(s) 35,62,77,86,109,122,145,161,194,65,81,93,115,140,191,170,187 com/tencent/cloud/tuikit/roomkit/imaccess/model/observer/RoomObserver.java, line(s) 30,37,42,47,100,107,113,127,152,169,182,198,118,143 com/tencent/cloud/tuikit/roomkit/imaccess/presenter/RoomPresenterImpl.java, line(s) 55,63,82,143,155,167,187,191,198,205,213,218,229,233,240,246,258,266,272,283,306,318,341,350,361,372,383,389,277,129,146 com/tencent/cloud/tuikit/roomkit/imaccess/presenter/RoomTaskStoreHouse.java, line(s) 12,19,31 com/tencent/cloud/tuikit/roomkit/imaccess/utils/BusinessSceneUtil.java, line(s) 14,19,32,37,42 com/tencent/cloud/tuikit/roomkit/imaccess/view/InviteToJoinRoomActivity.java, line(s) 46,84,104,110,116,122,128,41,64,69,75,56 com/tencent/cloud/tuikit/roomkit/imaccess/view/InvitedToJoinRoomActivity.java, line(s) 36,44,75,91,99,105,111,117,54,59,65 com/tencent/cloud/tuikit/roomkit/imaccess/view/RoomFloatViewService.java, line(s) 98,101,125,150,154,157,205,212,221,128 com/tencent/cloud/tuikit/roomkit/imaccess/view/RoomMessageHolder.java, line(s) 79,102,133,76,99,139,114,119,124,129,172 com/tencent/cloud/tuikit/roomkit/model/TUIRoomKitImpl.java, line(s) 133,138,155,160,131,153,183 com/tencent/cloud/tuikit/roomkit/model/manager/ExtensionSettingManager.java, line(s) 30,51 com/tencent/cloud/tuikit/roomkit/model/manager/RoomEngineManager.java, line(s) 114,146,188,193,198,203,258,287,122,155,254,266,292,302 com/tencent/cloud/tuikit/roomkit/utils/BrandUtils.java, line(s) 19,30,41,53 com/tencent/cloud/tuikit/roomkit/utils/IntentUtils.java, line(s) 14,27,18 com/tencent/cloud/tuikit/roomkit/utils/UserModelManager.java, line(s) 43,52,60,98,107 com/tencent/cloud/tuikit/roomkit/view/component/RoomMainView.java, line(s) 350 com/tencent/cloud/tuikit/roomkit/view/settingview/VideoSettingView.java, line(s) 73,81 com/tencent/cloud/tuikit/roomkit/viewmodel/MoreFunctionViewModel.java, line(s) 118,123,161,52,56,126 com/tencent/cloud/tuikit/roomkit/viewmodel/RaiseHandApplicationListViewModel.java, line(s) 97 com/tencent/cloud/tuikit/roomkit/viewmodel/RoomMainViewModel.java, line(s) 403,411,166,408 com/tencent/cloud/tuikit/roomkit/viewmodel/TransferMasterViewModel.java, line(s) 95,206 com/tencent/cloud/tuikit/roomkit/viewmodel/UserListViewModel.java, line(s) 130,209,214,224,241,255,320,334 com/tencent/cloud/tuikit/videoseat/core/TUIVideoSeatProvider.java, line(s) 30 com/tencent/cloud/tuikit/videoseat/ui/TUIVideoSeatView.java, line(s) 63,226,264,279 com/tencent/cloud/tuikit/videoseat/ui/layout/PageLayoutManager.java, line(s) 407,411,507,511 com/tencent/cloud/tuikit/videoseat/viewmodel/VideoSeatViewModel.java, line(s) 72,83,105,119,154,163,181,185,190,284,314,331,341,348,355,366,379,412,426,439,76,109,115,158,53,224,299,369 com/tencent/live2/impl/V2TXLiveUtils.java, line(s) 159,138,141 com/tencent/live2/impl/a.java, line(s) 114 com/tencent/qimei/n/a.java, line(s) 24,44 com/tencent/qmsp/oaid2/c.java, line(s) 11,17,23 com/tencent/qmsp/oaid2/j.java, line(s) 32,46 com/tencent/qmsp/oaid2/y.java, line(s) 15 com/tencent/tmediacodec/f/a.java, line(s) 17,35,47,23,11,29,41 com/tencent/trtc/TRTCCloud.java, line(s) 92 com/yalantis/ucrop/UCropActivity.java, line(s) 597 com/yalantis/ucrop/task/BitmapCropTask.java, line(s) 173,135 com/yalantis/ucrop/task/BitmapLoadTask.java, line(s) 49,103,109,116,152,155 com/yalantis/ucrop/util/BitmapLoadUtils.java, line(s) 57,145,179,181,205 com/yalantis/ucrop/util/EglUtils.java, line(s) 74 com/yalantis/ucrop/util/FileUtils.java, line(s) 104 com/yalantis/ucrop/util/ImageHeaderParser.java, line(s) 127,177,187,199,211,216,229,234,241,254,261,268,284,300,304,309,318,321,326,339,350,357,364,176,186,198,210,215,228,233,283,299,303,308,317,320,325 com/yalantis/ucrop/view/TransformImageView.java, line(s) 167,222,92,261 com/zs/easy/imgcompress/util/EasyLogUtil.java, line(s) 23,29 d/b.java, line(s) 105 d1/f.java, line(s) 20 d1/j.java, line(s) 32 d3/d.java, line(s) 100,127,99,126 d3/e.java, line(s) 66,87,105,65,86,104 demo/sample/txcode/addfile/ui/acitivity/LoginActivity.java, line(s) 219,229,427,759,762,174,492 demo/sample/txcode/addfile/ui/acitivity/SplashActivity.java, line(s) 78,89,100,204,385,416,126,157,452 f3/c.java, line(s) 100,99 f3/e.java, line(s) 56,55 g3/h.java, line(s) 535,406,420,534,571 g3/i.java, line(s) 55,56 g3/k.java, line(s) 14,153 g3/q.java, line(s) 135 g3/z.java, line(s) 106,107 h/g.java, line(s) 170,217,276 h1/a1.java, line(s) 22,33 h1/b.java, line(s) 65 h1/c1.java, line(s) 13,22,36,56,70,85,99 h1/h1.java, line(s) 700,718,491,503,510,519,47,66,691 h1/j0.java, line(s) 960,819,959 h1/p.java, line(s) 14 h3/i.java, line(s) 137,177,138,178 h3/j.java, line(s) 104,116,188,223,103,115,136,143,169,187,197,212,222,137,144,175,198,213 h4/k.java, line(s) 345 h4/v.java, line(s) 156,151 h5/h.java, line(s) 52 h7/k.java, line(s) 22 h9/d.java, line(s) 258,259,282,471,477,95,154,189,195,225,245 i/c.java, line(s) 276 i1/k.java, line(s) 160 i2/b.java, line(s) 31 i3/e.java, line(s) 37,43,71,81,95,38,72,44,84,96 i3/i.java, line(s) 124,108 j2/i.java, line(s) 54,66,81 j2/t0.java, line(s) 36,77 j3/a.java, line(s) 136,133 jc/a.java, line(s) 54,68,96,104,108 jc/f.java, line(s) 206,205 jc/g.java, line(s) 23 k0/d.java, line(s) 397 k2/h.java, line(s) 265,268 k3/c.java, line(s) 16,15 k3/d.java, line(s) 39,38 k3/f.java, line(s) 96,95 k3/s.java, line(s) 91,94 k3/t.java, line(s) 37,36 k7/e0.java, line(s) 131 k7/k0.java, line(s) 8,13,28,18 kc/h.java, line(s) 112,158,113,159 l0/c.java, line(s) 117 l0/l.java, line(s) 48,49 l0/o.java, line(s) 128 l1/c.java, line(s) 175 m3/a.java, line(s) 79,80 me/dm7/barcodescanner/core/CameraPreview.java, line(s) 189,203,214,219 me/dm7/barcodescanner/zxing/ZXingScannerView.java, line(s) 153 n3/b0.java, line(s) 136,141,186,195,202,137,142,187,196,203,204,205,209 n3/d.java, line(s) 15,16 n3/e0.java, line(s) 180,177 n3/l.java, line(s) 182,200,210,213,216,219,222,249,256,343,353,365,377,382,181,199,209,212,215,218,221,248,255,342,352,364,376,381 n3/n.java, line(s) 104,314,103,184,313,394,418,185,245,395 n3/o.java, line(s) 41,47,42,48 n3/s.java, line(s) 110,119,125,131,137,143,150,156,164,120,126,132,138,144,151,157,165,111 n4/a.java, line(s) 36,42 o9/s2.java, line(s) 9,17,13 p4/d0.java, line(s) 28 p4/g0.java, line(s) 83,99 p4/k.java, line(s) 37,66 p4/s.java, line(s) 17,23,11,29 q0/a.java, line(s) 96,99 q0/c.java, line(s) 76,78 q0/d.java, line(s) 126,128 q0/f.java, line(s) 162,164 r/r1.java, line(s) 13,20,27,34,41,50,68,75 r0/a.java, line(s) 70 r0/e.java, line(s) 90 r0/f.java, line(s) 181,246,305 r0/g.java, line(s) 31,106 r0/h.java, line(s) 121,126 r0/j.java, line(s) 94 r0/k.java, line(s) 94,270,277 r0/l.java, line(s) 247,254 r0/m.java, line(s) 1005 r3/a.java, line(s) 62,82,87,92,63,83,88,93 r3/d.java, line(s) 21,22 r3/j.java, line(s) 39,42 s/l0.java, line(s) 97,99,103,107,112 s0/a.java, line(s) 228,117,273 s0/e.java, line(s) 112 t3/e.java, line(s) 36,35,55,71,56,72 t3/f.java, line(s) 12,11 t3/o.java, line(s) 146,147 t3/q.java, line(s) 181,182,193 t3/s.java, line(s) 92,93 t3/t.java, line(s) 150,157,151,158 t5/d.java, line(s) 158,191 u3/e.java, line(s) 50,57,68,73,49,56,61,67,72,62 u5/b.java, line(s) 69 v1/a.java, line(s) 344,907,1044,1208,1330,1333,1342,1348,1404,1487,1584,1634,1681,1860,1871,1878,1989,2008,2095,2239,2351,2402,2422,2435,2467,2505,2572,2617,2622,2628,137,1263,1575,1594,1602,1836,1846,1940,1948,2264,2326,2585,2589,2593,2772 v1/b.java, line(s) 48 v4/d.java, line(s) 234,235,259,410,416,69,137,157,164,201,221 w0/e.java, line(s) 91,247 w0/m.java, line(s) 27 w0/o0.java, line(s) 68 w2/a0.java, line(s) 309,318,325 w2/c0.java, line(s) 165 w2/e0.java, line(s) 297 w2/f.java, line(s) 161,213 w2/h.java, line(s) 201,241,270,284 w2/h4.java, line(s) 441 w2/j0.java, line(s) 354 w2/u7.java, line(s) 756,757,758,759,760,763,766 w2/w1.java, line(s) 155 w2/y3.java, line(s) 96 w2/z7.java, line(s) 1432,1052,276 w3/j.java, line(s) 535,15,469,493 w4/b.java, line(s) 11 w4/c.java, line(s) 11,18 w4/d.java, line(s) 21,34 w4/g.java, line(s) 18 w5/h.java, line(s) 508 x3/d.java, line(s) 53,133,134,54 x3/k.java, line(s) 56,136,137,57 y/c.java, line(s) 20 y0/a.java, line(s) 43 y0/b.java, line(s) 67 y0/f.java, line(s) 82,91 y1/b.java, line(s) 40,80,88 y7/o.java, line(s) 669 y8/d.java, line(s) 117,125,134,191,201,202,208,211,215,220,242,253,279,288,300,302,356 z0/f.java, line(s) 516,521 z0/h.java, line(s) 70 z0/i.java, line(s) 41,73 z0/j.java, line(s) 57,228 z0/n.java, line(s) 96 z3/b.java, line(s) 20
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/example/wallet/WalletMainActivity.java, line(s) 5,399 com/example/wallet/activity/DepositInformationActivity.java, line(s) 4,239 com/example/wallet/activity/StateActivity.java, line(s) 4,341 com/example/wallet/activity/TopUpActivity.java, line(s) 4,235 com/tencent/cloud/tuikit/roomkit/view/settingview/AudioSettingView.java, line(s) 5,154 com/tencent/cloud/tuikit/roomkit/viewmodel/QRCodeViewModel.java, line(s) 4,34 com/tencent/cloud/tuikit/roomkit/viewmodel/RoomInfoViewModel.java, line(s) 4,39 s4/e.java, line(s) 5,609,612
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: p4/l.java, line(s) 127,78,95,126,115,125,125 w2/b6.java, line(s) 337,107
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (logs.amap.com) 通信。
{'ip': '49.79.227.227', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '南通', 'latitude': '32.030296', 'longitude': '120.874779'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (rs.qiniu.com) 通信。
{'ip': '49.79.227.227', 'country_short': 'CN', 'country_long': '中国', 'region': 'oleon\rNapoleonville\x08Nappanee\x08Napperby\x08Napradea\x07Naprawa\x12Napton on the Hill\x07Naqadeh\x05Naque\x07Naquera\x03Nar\x0cNar Nar Goon', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (web.sdk.qcloud.com) 通信。
{'ip': '49.79.227.227', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (cloud.tencent.com) 通信。
{'ip': '223.247.117.235', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '连云港', 'latitude': '34.600025', 'longitude': '119.166847'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (wb.amap.com) 通信。
{'ip': '49.79.227.227', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '南通', 'latitude': '32.030296', 'longitude': '120.874779'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (gitee.com) 通信。
{'ip': '49.79.227.227', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (grid.amap.com) 通信。
{'ip': '49.79.227.227', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '南通', 'latitude': '32.030296', 'longitude': '120.874779'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (tun-cos-1258344701.file.myqcloud.com) 通信。
{'ip': '49.79.227.227', 'country_short': 'CN', 'country_long': '中国', 'region': '安徽', 'city': '亳州', 'latitude': '33.877220', 'longitude': '115.770279'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (vvt612h7bn.xn--ruqr1p7teyt5b.cn) 通信。
{'ip': '121.62.29.41', 'country_short': 'CN', 'country_long': '中国', 'region': '湖北', 'city': '希扬', 'latitude': '32.566669', 'longitude': '110.783333'}