移动应用安全检测报告:
安全基线评分
安全基线评分 45/100
综合风险等级
风险等级评定
- A
- B
- C
- F
漏洞与安全项分布(%)
隐私风险
11
检测到的第三方跟踪器数量
检测结果分布
高危安全漏洞
10
中危安全漏洞
49
安全提示信息
3
已通过安全项
3
重点安全关注
0
高危安全漏洞 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危安全漏洞 基本配置配置为信任用户安装的证书。
Scope: *
高危安全漏洞 使用弱加密算法
使用弱加密算法 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: ace/dz0.java, line(s) 15,18 ace/ez0.java, line(s) 28 com/jcraft/jsch/jce/ARCFOUR.java, line(s) 41 com/jcraft/jsch/jce/ARCFOUR128.java, line(s) 41 com/jcraft/jsch/jce/ARCFOUR256.java, line(s) 41 com/jcraft/jsch/jce/TripleDESCBC.java, line(s) 48 com/jcraft/jsch/jce/TripleDESCTR.java, line(s) 48 jcifs/pac/kerberos/KerberosEncData.java, line(s) 154,132 jcifs/util/Crypto.java, line(s) 38,51
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/applovin/impl/adview/a.java, line(s) 436,835,15 com/applovin/impl/vm.java, line(s) 96,4 com/mbridge/msdk/advanced/signal/NativeAdvancedExpandDialog.java, line(s) 229,15 com/mbridge/msdk/click/m.java, line(s) 295,15,16 com/mbridge/msdk/mbbanner/common/communication/BannerExpandDialog.java, line(s) 225,15 com/mbridge/msdk/nativex/view/BaseMBMediaView.java, line(s) 1137,1480,25,26 com/mbridge/msdk/splash/signal/SplashExpandDialog.java, line(s) 229,15 com/mbridge/msdk/video/bt/module/MBridgeBTWebView.java, line(s) 361,13 com/mbridge/msdk/video/module/MBridgeAlertWebview.java, line(s) 109,6 com/mbridge/msdk/video/module/MBridgeH5EndCardView.java, line(s) 973,17
高危安全漏洞 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: com/ace/fileexplorer/feature/activity/AceNewDriveAuthActivity.java, line(s) 195,268 com/yandex/mobile/ads/impl/cd0.java, line(s) 63,55 com/yandex/mobile/ads/impl/z2.java, line(s) 85,77
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/applovin/impl/adview/AppLovinWebViewBase.java, line(s) 25,6 com/applovin/impl/adview/l.java, line(s) 26,6 com/jecelyin/editor/v2/widget/text/EditAreaView.java, line(s) 309,28,29
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/ironsource/mediationsdk/utils/IronSourceAES.java, line(s) 76,145
高危安全漏洞 使用弱哈希算法
使用弱哈希算法 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: jcifs/util/Crypto.java, line(s) 65
高危安全漏洞 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/ironsource/mediationsdk/utils/IronSourceUtils.java, line(s) 508
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个11隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 基本配置配置为信任系统证书。
Scope: *
中危安全漏洞 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危安全漏洞 Activity (com.ace.fileexplorer.MainActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity设置了TaskAffinity属性
(com.ace.fileexplorer.feature.activity.AceSelectActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危安全漏洞 Activity (com.ace.fileexplorer.feature.activity.AceSelectActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.ace.fileexplorer.feature.activity.AceZipInternalActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.ace.fileexplorer.feature.activity.AceZipActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.ace.fileexplorer.feature.activity.AceAudioPlayerActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity设置了TaskAffinity属性
(com.ace.fileexplorer.feature.activity.AceRemoteImageActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危安全漏洞 Activity (com.ace.fileexplorer.feature.activity.AceRemoteImageActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (com.ace.fileexplorer.AceStorageReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.ace.fileexplorer.feature.activity.AceAnalyzeActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.ace.fileexplorer.feature.activity.AceUsbActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity设置了TaskAffinity属性
(com.ace.fileexplorer.base.perm.AcePermWrapperActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危安全漏洞 Activity (com.ace.fileexplorer.feature.activity.AceSettingActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.dropbox.core.android.AuthActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.ace.fileexplorer.feature.activity.AceContentSelectActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.ace.fileexplorer.feature.activity.AceSaveNoteActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.ace.fileexplorer.feature.activity.AceSaveActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.ace.fileexplorer.feature.download.AceDownloadActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.github.cleaner.space.AceTrashCleanActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (com.ace.fileexplorer.AceStaticReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (com.github.scene.AceNotificationBroadcast) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Service (com.github.g.AceGService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Activity (com.ace.fileexplorer.feature.activity.AceFileTransferActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Content Provider (com.iadb.IadbProvider) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.INTERACT_ACROSS_USERS_FULL [android:exported=true] 发现一个 Content Provider被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Activity (com.jecelyin.editor.v2.ui.NoteEditorActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity-Alias (com.github.bookreader.ui.book.read.PdfActivity) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity-Alias (com.github.bookreader.ui.association.EbookTransitActivity) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.github.player.M3PlayerActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Content Provider (io.appmetrica.analytics.internal.PreloadInfoContentProvider) 未被保护。
[android:exported=true] 发现 Content Provider与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Broadcast Receiver (com.mbridge.msdk.foundation.same.broadcast.NetWorkChangeReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 高优先级的Intent (1000) - {2} 个命中
[android:priority] 通过设置一个比另一个Intent更高的优先级,应用程序有效地覆盖了其他请求。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: ace/eo0.java, line(s) 15 ace/hq3.java, line(s) 161,184 ace/ie6.java, line(s) 47 ace/in2.java, line(s) 16 ace/oh5.java, line(s) 82 cn/hutool/core/lang/Pair.java, line(s) 46 cn/hutool/core/lang/tree/TreeNodeConfig.java, line(s) 13,9,12,10,11 com/applovin/impl/sdk/AppLovinSdkInitializationConfigurationImpl.java, line(s) 208,154 com/applovin/impl/sdk/j.java, line(s) 1915 com/applovin/mediation/MaxSegment.java, line(s) 37 com/applovin/mediation/ads/MaxAdView.java, line(s) 177,167 com/applovin/mediation/ads/MaxAppOpenAd.java, line(s) 76,66 com/applovin/mediation/ads/MaxInterstitialAd.java, line(s) 96,86 com/applovin/mediation/ads/MaxRewardedAd.java, line(s) 120,110 com/applovin/mediation/ads/MaxRewardedInterstitialAd.java, line(s) 91,81 com/applovin/mediation/nativeAds/MaxNativeAdLoader.java, line(s) 98,93 com/applovin/sdk/AppLovinSdk.java, line(s) 302 com/applovin/sdk/AppLovinSdkSettings.java, line(s) 145 com/applovin/sdk/AppLovinWebViewActivity.java, line(s) 25 com/bykv/vk/openvk/YFl/YFl/Sg/Sg/NjR.java, line(s) 148 com/github/bookreader/data/entities/rule/RowUi.java, line(s) 30 com/github/szbinding/CompressBean.java, line(s) 67 com/github/szbinding/ExtractBean.java, line(s) 57 com/ironsource/a8.java, line(s) 94 com/ironsource/adapters/ironsource/IronSourceAdapter.java, line(s) 78,49,48,325 com/ironsource/adapters/ironsource/IronSourceLoadParameters.java, line(s) 52,55 com/ironsource/ih.java, line(s) 105 com/ironsource/mediationsdk/adquality/AdQualityBridgeKt.java, line(s) 5 com/ironsource/mediationsdk/adunit/adapter/utility/AdOptionsPosition.java, line(s) 12 com/ironsource/mediationsdk/c.java, line(s) 298,399 com/ironsource/mediationsdk/p.java, line(s) 2260,2243 com/ironsource/mediationsdk/server/ServerURL.java, line(s) 31,57 com/ironsource/mediationsdk/utils/IronSourceConstants.java, line(s) 100,113 com/ironsource/mq.java, line(s) 92 com/jcifs/smb/SmbComTreeConnectAndX.java, line(s) 105 com/jeremyliao/liveeventbus/ipc/consts/IpcConst.java, line(s) 5 com/mbridge/msdk/MBridgeConstans.java, line(s) 16,51 com/mbridge/msdk/foundation/download/core/DownloadCommon.java, line(s) 21 com/mbridge/msdk/foundation/download/core/DownloaderReporter.java, line(s) 13 com/mbridge/msdk/foundation/entity/CampaignEx.java, line(s) 39 com/mbridge/msdk/foundation/entity/n.java, line(s) 453 com/mbridge/msdk/newreward/player/MBRewardVideoActivity.java, line(s) 48 com/mbridge/msdk/newreward/player/imodel/IBigTempModel.java, line(s) 10,13 com/mbridge/msdk/newreward/player/imodel/IECModel.java, line(s) 10,37,46,40,25,19,22,43,32 com/mbridge/msdk/newreward/player/imodel/IMoreOfferModel.java, line(s) 6,9,12,15 com/mbridge/msdk/newreward/player/imodel/IPlayModel.java, line(s) 16,42,51,71,84,45,57,74,81,48,36,30,33,68,54,39 com/mbridge/msdk/newreward/player/iview/IBaseWebView.java, line(s) 21,15,18 com/mbridge/msdk/newreward/player/iview/IMetaData.java, line(s) 18 com/mbridge/msdk/newreward/player/iview/IPlayTempleView.java, line(s) 13,16 com/mbridge/msdk/newreward/player/model/BigTemplateModel.java, line(s) 47 com/mbridge/msdk/newreward/player/model/ECTempleModel.java, line(s) 90,123,159,163 com/mbridge/msdk/newreward/player/model/MoreOfferModel.java, line(s) 47,43,39,51 com/mbridge/msdk/newreward/player/model/PlayTempleModel.java, line(s) 195,164,155,251,207 com/mbridge/msdk/newreward/player/model/WebTemplateModel.java, line(s) 253,170,161,209 com/mbridge/msdk/newreward/player/model/WebViewECModel.java, line(s) 99,134,174 com/mbridge/msdk/newreward/player/view/WebViewTemplate.java, line(s) 460,484,510 com/mbridge/msdk/newreward/player/view/ectemplate/WebViewEC.java, line(s) 204,228,252 com/mbridge/msdk/playercommon/exoplayer2/drm/DefaultDrmSessionManager.java, line(s) 36 com/mbridge/msdk/video/dynview/moffer/MOfferModel.java, line(s) 117 com/yandex/mobile/ads/impl/b20.java, line(s) 48 io/appmetrica/analytics/impl/A0.java, line(s) 41 io/appmetrica/analytics/impl/C0089c0.java, line(s) 17 io/appmetrica/analytics/impl/C0168f4.java, line(s) 60 io/appmetrica/analytics/impl/C1739c0.java, line(s) 17 io/appmetrica/analytics/impl/C1818f4.java, line(s) 60 io/appmetrica/analytics/impl/D4.java, line(s) 136 io/appmetrica/analytics/impl/Fg.java, line(s) 182 jcifs/config/BaseConfiguration.java, line(s) 184 jcifs/internal/smb1/com/SmbComTreeConnectAndX.java, line(s) 78 jcifs/pac/PacMac.java, line(s) 17 org/jsoup/helper/W3CDom.java, line(s) 46 org/jsoup/nodes/DocumentType.java, line(s) 12,13,15 org/seimicrawler/xpath/core/Constants.java, line(s) 7,8,9
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: ace/a95.java, line(s) 16,32 ace/bn2.java, line(s) 20,51 ace/d56.java, line(s) 65 ace/gy2.java, line(s) 772 ace/hn7.java, line(s) 81 ace/m08.java, line(s) 104 ace/nb4.java, line(s) 53,267,300,321 ace/q85.java, line(s) 954 ace/qh7.java, line(s) 52 ace/qu6.java, line(s) 55,56 ace/r26.java, line(s) 50 ace/sb4.java, line(s) 42,82,103,127 ace/tq0.java, line(s) 19,37 ace/us0.java, line(s) 37 ace/ut5.java, line(s) 304,305 ace/uu6.java, line(s) 18 ace/vu6.java, line(s) 17,33 ace/yn5.java, line(s) 2419 com/ace/fileexplorer/AceOpenFileProvider.java, line(s) 74,80 com/ace/fileexplorer/App.java, line(s) 340,340 com/ace/fileexplorer/page/FileGridViewPage.java, line(s) 1952 com/apm/insight/entity/d.java, line(s) 19 com/apm/insight/l/v.java, line(s) 33,79,90 com/apm/insight/nativecrash/c.java, line(s) 669 com/ironsource/kd.java, line(s) 263,352 com/ironsource/qa.java, line(s) 634,346,512 com/ironsource/sdk/utils/SDKUtils.java, line(s) 274 com/jecelyin/editor/v2/a.java, line(s) 61 com/mbridge/msdk/foundation/same/report/b/d.java, line(s) 236 com/mbridge/msdk/foundation/tools/ai.java, line(s) 89,104,114 com/pgl/ssdk/ces/c.java, line(s) 171
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: ace/c56.java, line(s) 16 ace/dm6.java, line(s) 4 ace/hh7.java, line(s) 5 ace/ll7.java, line(s) 5 ace/q1.java, line(s) 6 ace/r4.java, line(s) 9 ace/rb2.java, line(s) 50 ace/sg5.java, line(s) 25 ace/ts2.java, line(s) 3 ace/vy4.java, line(s) 7 ace/zm2.java, line(s) 10 ace/zr5.java, line(s) 3 cn/hutool/core/img/ColorUtil.java, line(s) 13 cn/hutool/core/img/ImgUtil.java, line(s) 49 cn/hutool/core/lang/id/NanoId.java, line(s) 5 cn/hutool/core/util/ArrayUtil.java, line(s) 31 cn/hutool/core/util/PrimitiveArrayUtil.java, line(s) 5 cn/hutool/core/util/RandomUtil.java, line(s) 20 com/ace/fileexplorer/ui/drag/a.java, line(s) 35 com/ace/fileprovider/impl/local/adbshell/UserService.java, line(s) 18 com/apm/insight/i.java, line(s) 9 com/applovin/impl/mq.java, line(s) 15 com/applovin/impl/wj.java, line(s) 4 com/applovin/impl/yp.java, line(s) 55 com/github/cleaner/space/TrashCleanView.java, line(s) 19 com/github/superx/banner/BannerAdView.java, line(s) 28 com/ironsource/bb.java, line(s) 5 com/jcifs/smb/NtlmPasswordAuthentication.java, line(s) 16 com/mbridge/msdk/dycreator/baseview/rewardpopview/MBAcquireRewardPopView.java, line(s) 28 com/mbridge/msdk/playercommon/exoplayer2/source/ShuffleOrder.java, line(s) 4 com/mbridge/msdk/playercommon/exoplayer2/trackselection/RandomTrackSelection.java, line(s) 7 com/mbridge/msdk/playercommon/exoplayer2/upstream/cache/CachedContentIndex.java, line(s) 21 com/mbridge/msdk/thrid/okhttp/OkHttpClient.java, line(s) 31 com/mbridge/msdk/thrid/okhttp/internal/ws/RealWebSocket.java, line(s) 27 com/mbridge/msdk/thrid/okhttp/internal/ws/WebSocketWriter.java, line(s) 9 com/yandex/mobile/ads/impl/fs1.java, line(s) 4 com/yandex/mobile/ads/impl/js1.java, line(s) 14 com/yandex/mobile/ads/impl/m32.java, line(s) 8 com/yandex/mobile/ads/impl/tx.java, line(s) 11 jcifs/smb/SmbTreeConnection.java, line(s) 8 org/jsoup/helper/DataUtil.java, line(s) 16
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: ace/cd6.java, line(s) 4,5,125 ace/cs5.java, line(s) 6,7,98 ace/cz0.java, line(s) 6,7,40,41,53,62,71,77,82,83,127,143 ace/e01.java, line(s) 4,24 ace/es5.java, line(s) 3,28,29 ace/f01.java, line(s) 4,5,17,18 ace/gq.java, line(s) 3,39,86 ace/gy1.java, line(s) 4,5,17,18 ace/ib6.java, line(s) 8,9,73,90,366,403,422,431,481,762 ace/je0.java, line(s) 5,28 ace/o11.java, line(s) 7,8,9,10,310,311,312,313,314,315,316,320,321,322,323,324,325,326,327,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,627,628,629,630,631,632,633,634,635 ace/p11.java, line(s) 4,5,140,141,142,143 ace/qv7.java, line(s) 5,6,71,72,73,91,306,364 ace/sb2.java, line(s) 4,5,35,36,41,45,122,134,146,147,241 ace/tg5.java, line(s) 4,5,39,40,41,56,153,165,177,178,186,190,241 ace/us7.java, line(s) 4,5,16,22 ace/xf.java, line(s) 6,7,8,106,108,109 ace/xg7.java, line(s) 5,6,124,172,213,350,386,434,470 ace/yo.java, line(s) 6,7,114 ace/z93.java, line(s) 5,6,83,84,92,97,98 com/ace/fileprovider/impl/netfs/box/a.java, line(s) 4,5,38,39,40,65,150,164,174,187,188,196,200,303 com/apm/insight/e/b/a.java, line(s) 4,39 com/apm/insight/e/b/b.java, line(s) 4,44,45,38 com/bykv/vk/openvk/YFl/YFl/Sg/Sg/Sg/AlY.java, line(s) 4,5,14,20,21,23,25 com/bykv/vk/openvk/preload/geckox/a/b.java, line(s) 6,7,127 com/ironsource/t9.java, line(s) 5,6,98,103 com/ironsource/v9.java, line(s) 6,7,23,93,123,149 com/mbridge/msdk/foundation/db/BatchReportDao.java, line(s) 6,93 com/mbridge/msdk/foundation/db/c.java, line(s) 5,37 com/mbridge/msdk/foundation/db/e.java, line(s) 6,1104,1121,1184 com/mbridge/msdk/foundation/db/g.java, line(s) 4,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77 com/mbridge/msdk/foundation/download/database/DatabaseHelper.java, line(s) 6,92,160,247,255 com/mbridge/msdk/newreward/function/d/c.java, line(s) 3,4,21,28,29 com/mbridge/msdk/tracker/b.java, line(s) 4,5,21,33,34,46,47 com/monetization/ads/exo/offline/a.java, line(s) 5,6,148,149 com/yandex/android/beacon/b.java, line(s) 13,14,166,173 com/yandex/div/state/db/DivStateDaoImpl$deleteAll$1.java, line(s) 5,24 com/yandex/div/state/db/DivStateDaoImpl$deleteAllExcept$1.java, line(s) 8,41 com/yandex/div/state/db/DivStateDaoImpl$deleteByCardId$1.java, line(s) 7,29 com/yandex/div/state/db/DivStateDaoImpl$deleteCardRootState$1.java, line(s) 7,29 com/yandex/div/state/db/DivStateDaoImpl$getRootStateId$1.java, line(s) 8,33 com/yandex/div/state/db/DivStateDaoImpl$getStates$1.java, line(s) 9,35 com/yandex/div/state/db/DivStateDaoImpl.java, line(s) 7,8,72 com/yandex/mobile/ads/impl/aw1.java, line(s) 6,7,28 com/yandex/mobile/ads/impl/il.java, line(s) 6,7,147,148,201,225,226 com/yandex/mobile/ads/impl/j42.java, line(s) 6,39 com/yandex/mobile/ads/impl/zk.java, line(s) 5,51,52 io/appmetrica/analytics/coreutils/internal/db/DBUtils.java, line(s) 5,40 io/appmetrica/analytics/impl/C0543uj.java, line(s) 3,9 io/appmetrica/analytics/impl/C2193uj.java, line(s) 3,9 io/appmetrica/analytics/impl/M6.java, line(s) 7,141,160,293,301 io/appmetrica/analytics/impl/P6.java, line(s) 3,10,11,12,13 io/appmetrica/analytics/impl/Q6.java, line(s) 3,10,11,12,13 io/appmetrica/analytics/impl/R6.java, line(s) 3,10 io/appmetrica/analytics/impl/S6.java, line(s) 3,10 io/appmetrica/analytics/impl/T6.java, line(s) 3,10 io/appmetrica/analytics/impl/U6.java, line(s) 3,10 io/appmetrica/analytics/impl/V6.java, line(s) 3,13,14,15,20 io/appmetrica/analytics/impl/W6.java, line(s) 3,13,14,15,20 io/appmetrica/analytics/impl/X4.java, line(s) 4,51,70,76
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: ace/bq3.java, line(s) 61 cn/hutool/core/util/RandomUtil.java, line(s) 44 com/applovin/impl/sdk/utils/StringUtils.java, line(s) 41 com/applovin/impl/vi.java, line(s) 142 com/jcraft/jsch/jce/PBKDF.java, line(s) 16 com/jcraft/jsch/jce/SHA1.java, line(s) 22 com/jcraft/jsch/jce/SignatureDSA.java, line(s) 38 com/pgl/ssdk/r.java, line(s) 63 io/appmetrica/analytics/impl/E3.java, line(s) 48 jcifs/pac/PacMac.java, line(s) 49
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: ace/y55.java, line(s) 259 ace/zg7.java, line(s) 41 cn/hutool/core/io/FileUtil.java, line(s) 378 cn/hutool/core/io/file/PathUtil.java, line(s) 93,96 cn/hutool/core/net/multipart/UploadFile.java, line(s) 124 com/mbridge/msdk/playercommon/exoplayer2/util/Util.java, line(s) 260 com/yandex/div/core/view2/divs/DivGifImageBinder.java, line(s) 83
中危安全漏洞 IP地址泄露
IP地址泄露 Files: ace/c75.java, line(s) 136 ace/f65.java, line(s) 1357 ace/h54.java, line(s) 317 ace/nm3.java, line(s) 99 ace/yn5.java, line(s) 1878 cn/hutool/core/net/Ipv4Util.java, line(s) 130,130,25,130,130,130,130,130 cn/hutool/core/net/MaskBit.java, line(s) 12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43 cn/hutool/core/net/NetUtil.java, line(s) 51,66 cn/hutool/crypto/asymmetric/Sign.java, line(s) 90 com/applovin/impl/ze.java, line(s) 96,98,93,97,87,102,90,91,95,86,104,99,101,103,100,89,92,106,105,94,88 com/applovin/mediation/adapters/bytedance/BuildConfig.java, line(s) 9 com/applovin/mediation/adapters/facebook/BuildConfig.java, line(s) 9 com/applovin/mediation/adapters/mintegral/BuildConfig.java, line(s) 9 com/github/dns/e.java, line(s) 95,115,119,123 com/jcifs/UniAddress.java, line(s) 88 com/jcifs/netbios/NameServiceClient.java, line(s) 61 com/jcifs/netbios/NbtAddress.java, line(s) 61,73 com/jcraft/jsch/ChannelDirectTCPIP.java, line(s) 8 com/jcraft/jsch/ChannelForwardedTCPIP.java, line(s) 114 com/jcraft/jsch/ChannelX11.java, line(s) 8 com/jcraft/jsch/PortWatcher.java, line(s) 27,116,116 com/jcraft/jsch/Session.java, line(s) 138,139 com/jcraft/jsch/jgss/GSSContextKrb5.java, line(s) 71,70 com/mbridge/msdk/advanced/view/a.java, line(s) 55 jcifs/config/BaseConfiguration.java, line(s) 505 jcifs/netbios/Name.java, line(s) 71 jcifs/netbios/NameServiceClientImpl.java, line(s) 210,225 jcifs/pac/kerberos/KerberosConstants.java, line(s) 15 jcifs/pac/kerberos/KerberosToken.java, line(s) 32 jcifs/smb/Kerb5Authenticator.java, line(s) 38 jcifs/spnego/SpnegoConstants.java, line(s) 5,7,6,4
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/ace/fileexplorer/page/a0.java, line(s) 384,369,511 com/ace/fileexplorer/ui/view/VideoWebView.java, line(s) 68,69,107 com/ironsource/lt.java, line(s) 140,126,128 com/jecelyin/editor/v2/widget/text/EditAreaView.java, line(s) 325,322
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: ace/i9.java, line(s) 170 ace/mf2.java, line(s) 26 ace/sx6.java, line(s) 17 ace/up.java, line(s) 227 ace/xp7.java, line(s) 37 cn/hutool/core/lang/UUID.java, line(s) 71 cn/hutool/core/lang/hash/KetamaHash.java, line(s) 11 com/apm/insight/l/u.java, line(s) 70 com/bykv/vk/openvk/YFl/YFl/YFl/DSW/Sg.java, line(s) 46 com/bykv/vk/openvk/preload/geckox/utils/g.java, line(s) 35 com/ironsource/mediationsdk/utils/IronSourceUtils.java, line(s) 430 com/ironsource/sdk/controller/s.java, line(s) 45 com/ironsource/sdk/utils/SDKUtils.java, line(s) 191 com/jcifs/smb/NtlmPasswordAuthentication.java, line(s) 182 com/jcifs/smb/SigningDigest.java, line(s) 20,58 com/jcifs/util/HMACT64.java, line(s) 38 com/jcraft/jsch/jce/MD5.java, line(s) 23 com/mbridge/msdk/foundation/download/resource/MBResourceManager.java, line(s) 99 com/mbridge/msdk/foundation/tools/ac.java, line(s) 18,33 com/pgl/ssdk/r.java, line(s) 42 com/yandex/div/storage/templates/TemplatesContainer.java, line(s) 51 io/appmetrica/analytics/impl/AbstractC0638yi.java, line(s) 7 io/appmetrica/analytics/impl/AbstractC2288yi.java, line(s) 8 io/appmetrica/analytics/impl/L7.java, line(s) 50 jcifs/pac/PacMac.java, line(s) 28 jcifs/util/Crypto.java, line(s) 73
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/applovin/impl/adview/l.java, line(s) 24,20 com/ironsource/dv.java, line(s) 39,41 com/jecelyin/editor/v2/widget/text/EditAreaView.java, line(s) 316,322 com/mbridge/msdk/foundation/webview/BrowserView.java, line(s) 72,69 com/mbridge/msdk/mbsignalcommon/base/BaseWebView.java, line(s) 94,91 com/mbridge/msdk/newreward/player/view/hybrid/MBWebView.java, line(s) 70,67
中危安全漏洞 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/640168948123/namespaces/firebase:fetch?key=AIzaSyDIfHJXm3URExN9MGuYE7weBx8zI0Uol4k ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"ad_limits": "{\"unit_app_open\":{\"protect_t\":60,\"interval_t\":60},\"unit_home_banner\":{\"protect_t\":60,\"interval_t\":0},\"unit_inters_analysis\":{\"protect_t\":0,\"interval_t\":60,\"parallel_load\":true,\"load_wait_t\":15000},\"unit_inters_cl_pre\":{\"protect_t\":0,\"interval_t\":60,\"parallel_load\":true,\"load_wait_t\":15000},\"unit_inters_cl_after\":{\"protect_t\":0,\"interval_t\":60,\"parallel_load\":true,\"load_wait_t\":10000},\"unit_inters_open\":{\"protect_t\":60,\"interval_t\":60,\"parallel_load\":true,\"load_wait_t\":6000},\"unit_inters_boost\":{\"protect_t\":0,\"interval_t\":0,\"parallel_load\":true,\"load_wait_t\":15000},\"unit_inters_cooling\":{\"protect_t\":0,\"interval_t\":0,\"parallel_load\":true,\"load_wait_t\":15000},\"unit_inters_power_saving\":{\"protect_t\":0,\"interval_t\":0,\"parallel_load\":true,\"load_wait_t\":15000}}",
"ad_priority": "{\"v3\":{\"unit_app_open\":\"pangle#admob#pangle1#admob1#pangle2#admob2\",\"unit_home_banner\":\"admob#pangle#ironsource#superx\",\"unit_banner_exp\":\"pangle#ironsource#superx\",\"unit_inters_analysis\":\"admob#ironsource#pangle\",\"unit_inters_cl_pre\":\"admob#ironsource#pangle\",\"unit_inters_cl_after\":\"admob#ironsource#pangle\",\"unit_inters_boost\":\"admob#ironsource#pangle\",\"unit_inters_cooling\":\"admob#ironsource#pangle\",\"unit_inters_power_saving\":\"admob#ironsource#pangle\",\"unit_inters_open\":\"admob\",\"unit_inters_exp\":\"admob#applovin#pangle\"},\"v4\":{\"unit_app_open\":\"admob#pangle#admob1#pangle1#admob2#pangle2\",\"unit_home_banner\":\"admob#pangle#ironsource#superx\",\"unit_banner_exp\":\"pangle#ironsource#superx\",\"unit_inters_analysis\":\"admob#ironsource#pangle#applovin\",\"unit_inters_cl_pre\":\"admob#ironsource#pangle#applovin\",\"unit_inters_cl_after\":\"admob#ironsource#pangle#applovin\",\"unit_inters_boost\":\"admob#ironsource#pangle#applovin\",\"unit_inters_cooling\":\"admob#ironsource#pangle#applovin\",\"unit_inters_power_saving\":\"admob#ironsource#pangle#applovin\",\"unit_inters_open\":\"admob\",\"unit_inters_exp\":\"admob#applovin#pangle\",\"unit_native_result\":\"admob#applovin\"}}",
"all_ad": "{\"all_inters_interval_t\":5,\"allow_yx\":false,\"unit_app_open\":{\"priority\":\"admob#pangle#admob1#pangle1#admob2#pangle2\",\"limit\":{\"sw\":true,\"protect_t\":60,\"interval_t\":60,\"load_wait_t\":0,\"parallel_load\":false},\"ids\":{\"admob\":[\"ca-app-pub-9810669054828000/8569349374\",\"ca-app-pub-9810669054828000/1009373802\",\"ca-app-pub-9810669054828000/2582525520\"]}},\"unit_home_banner\":{\"priority\":\"admob#pangle#applovin#ironsource#superx\",\"limit\":{\"sw\":true,\"protect_t\":0,\"interval_t\":0,\"load_wait_t\":0,\"parallel_load\":false},\"ids\":{\"admob\":[\"ca-app-pub-9810669054828000/9913883261\"]}},\"unit_inters_analysis\":{\"priority\":\"admob#applovin#ironsource#pangle\",\"limit\":{\"sw\":true,\"protect_t\":0,\"interval_t\":60,\"load_wait_t\":15000,\"parallel_load\":true}},\"unit_inters_cl_pre\":{\"priority\":\"admob#applovin#ironsource#pangle\",\"limit\":{\"sw\":true,\"protect_t\":0,\"interval_t\":60,\"load_wait_t\":15000,\"parallel_load\":true}},\"unit_inters_cl_after\":{\"priority\":\"admob#applovin#ironsource#pangle\",\"limit\":{\"sw\":true,\"protect_t\":0,\"interval_t\":60,\"load_wait_t\":10000,\"parallel_load\":true}},\"unit_banner_exp\":{\"priority\":\"pangle#applovin#ironsource#superx\",\"limit\":{\"sw\":true,\"protect_t\":0,\"interval_t\":0,\"load_wait_t\":0,\"parallel_load\":false}},\"unit_inters_exp\":{\"priority\":\"admob#applovin#pangle\",\"limit\":{\"sw\":true,\"protect_t\":0,\"interval_t\":10,\"load_wait_t\":0,\"parallel_load\":true}},\"unit_inters_open\":{\"priority\":\"admob\",\"limit\":{\"sw\":true,\"protect_t\":60,\"interval_t\":60,\"load_wait_t\":6000,\"parallel_load\":true}},\"unit_native_result\":{\"priority\":\"admob#applovin#pangle\",\"limit\":{\"sw\":true,\"protect_t\":0,\"interval_t\":0,\"load_wait_t\":0,\"parallel_load\":false}},\"unit_native_exit\":{\"priority\":\"admob#applovin#pangle\",\"limit\":{\"sw\":true,\"protect_t\":0,\"interval_t\":0,\"load_wait_t\":0,\"parallel_load\":false}},\"unit_native_file_station\":{\"priority\":\"admob#applovin#pangle\",\"limit\":{\"sw\":true,\"protect_t\":0,\"interval_t\":0,\"load_wait_t\":0,\"parallel_load\":false}},\"ut_app_open\":{\"priority\":\"admob#pangle#admob1#pangle1#admob2#pangle2\",\"limit\":{\"sw\":true,\"protect_t\":60,\"interval_t\":60,\"load_wait_t\":0,\"parallel_load\":false},\"ids\":{\"admob\":[\"ca-app-pub-9810669054828000/8569349374\",\"ca-app-pub-9810669054828000/1009373802\",\"ca-app-pub-9810669054828000/2582525520\"]}},\"ut_home_banner\":{\"priority\":\"admob#pangle#applovin#ironsource#superx\",\"limit\":{\"sw\":true,\"protect_t\":0,\"interval_t\":0,\"load_wait_t\":0,\"parallel_load\":false},\"ids\":{\"admob\":[\"ca-app-pub-9810669054828000/8538429637\"]}},\"ut_inters_analysis\":{\"priority\":\"admob#applovin#ironsource#pangle\",\"limit\":{\"sw\":true,\"protect_t\":0,\"interval_t\":60,\"load_wait_t\":15000,\"parallel_load\":true},\"ids\":{\"admob\":[\"ca-app-pub-9810669054828000/9715779937\"]}},\"ut_inters_cl_pre\":{\"priority\":\"admob#applovin#ironsource#pangle\",\"limit\":{\"sw\":true,\"protect_t\":0,\"interval_t\":60,\"load_wait_t\":15000,\"parallel_load\":true}},\"ut_inters_cl_after\":{\"priority\":\"admob#applovin#ironsource#pangle\",\"limit\":{\"sw\":true,\"protect_t\":0,\"interval_t\":60,\"load_wait_t\":10000,\"parallel_load\":true}},\"ut_inters_open\":{\"priority\":\"admob\",\"limit\":{\"sw\":true,\"protect_t\":60,\"interval_t\":60,\"load_wait_t\":6000,\"parallel_load\":true},\"ids\":{\"admob\":[\"ca-app-pub-9810669054828000/3341943274\"]}},\"ut_native_result\":{\"priority\":\"admob#applovin#pangle\",\"limit\":{\"sw\":true,\"protect_t\":0,\"interval_t\":0,\"load_wait_t\":0,\"parallel_load\":false},\"ids\":{\"admob\":[\"ca-app-pub-9810669054828000/1940429360\"]}},\"ut_native_exit\":{\"priority\":\"admob#applovin#pangle\",\"limit\":{\"sw\":true,\"protect_t\":0,\"interval_t\":0,\"load_wait_t\":0,\"parallel_load\":false}},\"ut_native_file_station\":{\"priority\":\"admob#applovin#pangle\",\"limit\":{\"sw\":true,\"protect_t\":0,\"interval_t\":0,\"load_wait_t\":0,\"parallel_load\":false}},\"ut_banner_gallery\":{\"priority\":\"admob#pangle#applovin#ironsource#superx\",\"limit\":{\"sw\":false,\"protect_t\":99999,\"interval_t\":99999,\"load_wait_t\":0,\"parallel_load\":false}},\"ut_banner_book\":{\"priority\":\"admob#pangle#applovin#ironsource#superx\",\"limit\":{\"sw\":true,\"protect_t\":1440,\"interval_t\":1440,\"load_wait_t\":0,\"parallel_load\":false}},\"ut_banner_pdf\":{\"priority\":\"admob#pangle#applovin#ironsource#superx\",\"limit\":{\"sw\":true,\"protect_t\":240,\"interval_t\":60,\"load_wait_t\":0,\"parallel_load\":false},\"ids\":{\"admob\":[\"ca-app-pub-9810669054828000/3836834504\"]}},\"ut_native_video\":{\"priority\":\"admob\",\"limit\":{\"sw\":false,\"protect_t\":1440,\"interval_t\":1440,\"load_wait_t\":0,\"parallel_load\":false}}}",
"all_ad_debug": "{\"all_inters_interval_t\":2,\"unit_app_open\":{\"priority\":\"pangle#admob#pangle1#admob1#pangle2#admob2\",\"limit\":{\"sw\":true,\"protect_t\":1,\"interval_t\":1,\"load_wait_t\":0,\"parallel_load\":false}},\"unit_home_banner\":{\"priority\":\"pangle#ironsource#superx\",\"limit\":{\"sw\":true,\"protect_t\":1,\"interval_t\":1,\"load_wait_t\":0,\"parallel_load\":false}},\"unit_inters_analysis\":{\"priority\":\"admob#ironsource#pangle\",\"limit\":{\"sw\":true,\"protect_t\":1,\"interval_t\":1,\"load_wait_t\":15000,\"parallel_load\":true}},\"unit_inters_cl_pre\":{\"priority\":\"admob#ironsource#pangle\",\"limit\":{\"sw\":true,\"protect_t\":1,\"interval_t\":1,\"load_wait_t\":15000,\"parallel_load\":true}},\"unit_inters_cl_after\":{\"priority\":\"ironsource#pangle#admob\",\"limit\":{\"sw\":true,\"protect_t\":1,\"interval_t\":1,\"load_wait_t\":10000,\"parallel_load\":true}},\"unit_banner_exp\":{\"priority\":\"pangle#applovin#superx\",\"limit\":{\"sw\":true,\"protect_t\":0,\"interval_t\":0,\"load_wait_t\":0,\"parallel_load\":false}},\"unit_inters_exp\":{\"priority\":\"applovin#pangle\",\"limit\":{\"sw\":true,\"protect_t\":0,\"interval_t\":10,\"load_wait_t\":0,\"parallel_load\":true}},\"unit_inters_open\":{\"priority\":\"admob\",\"limit\":{\"sw\":true,\"protect_t\":1,\"interval_t\":1,\"load_wait_t\":15000,\"parallel_load\":true}},\"unit_native_result\":{\"priority\":\"admob#applovin#pangle\",\"limit\":{\"sw\":true,\"protect_t\":0,\"interval_t\":0,\"load_wait_t\":0,\"parallel_load\":false}},\"unit_native_exit\":{\"priority\":\"admob#applovin#pangle\",\"limit\":{\"sw\":true,\"protect_t\":0,\"interval_t\":0,\"load_wait_t\":0,\"parallel_load\":false}}}",
"clean_path": "{\"report\":false}",
"notify_config": "{\"all_protect_tm\":360,\"all_interval_tm\":360,\"all_show_times\":3,\"s_uninstall\":{\"interval_tm\":60,\"interval_show_times\":3},\"s_install_perm\":{\"interval_tm\":60,\"interval_show_times\":3},\"s_recycle_bin\":{\"interval_tm\":720,\"interval_show_times\":2},\"s_phone_boost\":{\"interval_tm\":240,\"interval_show_times\":2},\"s_cleaner\":{\"interval_tm\":360,\"interval_show_times\":1},\"s_analysis\":{\"interval_tm\":360,\"interval_show_times\":1},\"s_cpu_cooling\":{\"interval_tm\":240,\"interval_show_times\":2},\"s_power_saving\":{\"interval_tm\":240,\"interval_show_times\":2}}",
"partner_ad": "{\"home_top_menu_pkg\":\"com.ekia.android.aiqrcode\"}",
"subscription_config": "{\"subscription_splash_switch\":true,\"subscription_splash_interval_time\":72,\"subscription_first_show_time\":2}"
},
"state": "UPDATE",
"templateVersion": "52"
}
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "ca-app-pub-9810669054828000~7184432166" "com.google.firebase.crashlytics.mapping_file_id" : "665959eaa1584ce68c02f28e64bd67c7" "google_api_key" : "AIzaSyDIfHJXm3URExN9MGuYE7weBx8zI0Uol4k" "google_app_id" : "1:640168948123:android:77b1f3c49424c3f01af13e" "google_crash_reporting_api_key" : "AIzaSyDIfHJXm3URExN9MGuYE7weBx8zI0Uol4k" 9778397bd19801ec9210c9274c920e 4fc742e0-4a10-11cf-8273-00aa004ae673 vh9wGkfK8YmqbsoENP3764SeCX0dVzrgy1HRtpnTaLjJW2xQiZAcBMUFDu5 DkP3hrKuHoPMH+zwL+fALkK/WQc5x5zH+TcincKNNVfWNVJcVM== 97bd07f5307f595b0b0bc920fb0722 97b6b7f0e47f531b0723b0b6fb0722 d1b96e456dadad14b10aa3feda978a91 7f0e397bd097c35b0b6fc9210c8dc2 97bd09801d98082c95f8e1cfcc920f 97bcf7f0e47f531b0b0bb0b6fb0722 0123456789ABCDEFGHJKLMNPQRSTUVWXYZ 8a885d04-1ceb-11c9-9fe8-08002b104860 YkRXhr5AWBPfNgzuH7JQ+2Ha 97b6b97bd19801ec95f8c965cc920e T01YLmJyb2FkY29tLnZpZGVvX2RlY29kZXIudHVubmVsLnNlY3VyZQ== 9778397bd097c36c9210c9274c920e 665f67f0e37f1489801eb072297c35 Y7c14Z2TDbv/Y+xgHFeXDrcshBPUYFT= DFKwWgtuDkKwLZPwD+z8H+N/xj26Vjcdx5KanjKnxVN= T01YLmdvb2dsZS52b3JiaXMuZGVjb2Rlcg== 7f07e7f0e47f531b0723b0b6fb0722 97bd07f1487f595b0b0bc920fb0722 T01YLmFsbHdpbm5lci52aWRlby5kZWNvZGVyLmF2Yw== 8BZkEm8zIV2yXBr06VZwi4Klhwi7JnxgttsNTCFdBpHZxvUygVgUfNiQHiqPWJTbLltyG9U T01YLnF0aS5hdWRpby5kZWNvZGVyLmZsYWM= 7f0e37f0e37f14898082b0723b02d5 7f07e7f0e37f149b0723b0787b0721 7f0e397bd097c36b0b6fc9210c8dc2 97b6b97bd197c36c9210c9274c920e 12345778-1234-abcd-ef00-0123456789ab 977837f0e37f14898082b0723b02d5 c70c963fff7cc1a92bd87ea704d2e56d AADB8D7E-AEEF-4415-AD2B-8204D6CF042E 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 97b6b97bd19801ec95f8c965cc920f 322a737a-a0ca-44e0-bc85-649b1c7c1db6 9778397bd097c36b0b6fc9210c8dc2 9778397bd097c36c9210c9274c91aa 7f07e7f0e47f531b0723b0b6fb0721 T01YLmdvb2dsZS5hYWMuZGVjb2Rlcg== 9778397bd097c36b0b70c9274c91aa 97bcf97c3598082c95f8c965cc920f 977837f0e37f149b0723b0787b0721 97bcf7f1487f531b0b0bb0b6fb0722 977837f0e37f14998082b0723b06bd 16a09e667f3bcc908b2fb1366ea957d3e3adec17512775099da2f590b0667322a T01YLmFtbG9naWMuYXZjLmRlY29kZXIuYXdlc29tZQ== T01YLnFjb20udmlkZW8uZGVjb2Rlci52cDg= 7f0e37f1487f595b0b0bb0b6fb0722 97b6b97bd19801ec9210c965cc920e T01YLlNFQy5NUDMuRGVjb2Rlcg== C38FB23A402222A0C17D34A92F971D1F T01YLmdvb2dsZS5yYXcuZGVjb2Rlcg== 977837f0e37f14998082b0787b06bd h7KsLkfPW+xUhoPwJ7JgY7K0DkeAWrfXYN== 9778397bd097c36b0b6fc9210c91aa 7ec967f0e37f14898082b0723b02d5 665f67f0e37f14898082b0723b02d5 59627784-3BE5-417A-B9EB-8131A7286089 7f07e7f0e37f14998082b0787b0721 7f0e36665b66aa89801e9808297c35 HkzwDFeD4QuyLdx5igfZYcu9xTM9NN== 7f0e37f0e366aa89801eb072297c35 kavVwsKRuhcl1qQofqmbAz8ZbtjwoWXU 97b6b7f0e47f149b0723b0787b0721 7f07e7f0e37f14998083b0787b0721 LdxThdi1WBKUL75ULBPwJ7JgY7K0DkeAWrfXYN== 7f0e397bd097c35b0b6fc920fb0722 92762936dcbdd57fe235fd7cf61c2e93da3c4 97bcf7f1487f595b0b0bb0b6fb0722 629a824d-c717-4ba5-bc0f-3f3968554d01 T01YLmFtbG9naWMuYXZjLmRlY29kZXIuYXdlc29tZS5zZWN1cmU= 7f0e26665b66a449801e9808297c35 936dcbdd57fe235fd7cf61c2e93da3c4 33761B2D-78BB-4A43-8B0B-4F5BEE8AACF3 T01YLnFjb20uYXVkaW8uZGVjb2Rlci5hYWM= b027097bd097c36b0b6fc9274c91aa 977837f0e37f14998082b0787b0721 12345778-1234-ABCD-EF00-0123456789AC T01YLkV4eW5vcy5BVkMuRGVjb2Rlci5zZWN1cmU= 0e5e9c33-f8c3-4568-86c5-2e4f57523f72 7f0e27f0e47f531b0723b0b6fb0722 665f67f0e37f14898082b072297c35 f93a9ece-9904-4b5c-93cc-a904d184c986 97bd0b06bdb0722c965ce1cfcc920f 7f07e7f0e47f149b0723b0787b0721 7f0e27f1487f531b0b0bb0b6fb0722 478cb909-6ad1-4e12-84cc-b3629a789f93 PGh0bWw+PGhlYWQ+CiAgICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEiPgogICAgPHN0eWxlPgogICAgICAgIC5jb250YWluZXIgewogICAgICAgICAgICBmbGV4LWRpcmVjdGlvbjogY29sdW1uOwogICAgICAgIH0KCiAgICAgICAgLmZsZXgtY29udGFpbmVyIHsKICAgICAgICAgICAgZGlzcGxheTogZmxleDsKICAgICAgICAgICAgYWxpZ24taXRlbXM6IGNlbnRlcjsKICAgICAgICAgICAgZmxleC1kaXJlY3Rpb246IGNvbHVtbjsKICAgICAgICAgICAganVzdGlmeS1jb250ZW50OiBmbGV4LWVuZDsKICAgICAgICB9CgogICAgICAgIC5sb2FkaW5nIHsKICAgICAgICAgICAganVzdGlmeS1jb250ZW50OiBzdGFydDsKICAgICAgICB9CgogICAgICAgIC5sZHMtZWxsaXBzaXMgewogICAgICAgICAgICBkaXNwbGF5OiBpbmxpbmUtYmxvY2s7CiAgICAgICAgICAgIHBvc2l0aW9uOiByZWxhdGl2ZTsKICAgICAgICAgICAgd2lkdGg6IDgwcHg7CiAgICAgICAgICAgIGhlaWdodDogODBweDsKICAgICAgICB9CgogICAgICAgIC5sZHMtZWxsaXBzaXMgZGl2IHsKICAgICAgICAgICAgcG9zaXRpb246IGFic29sdXRlOwogICAgICAgICAgICB0b3A6IDMzcHg7CiAgICAgICAgICAgIHdpZHRoOiAxM3B4OwogICAgICAgICAgICBoZWlnaHQ6IDEzcHg7CiAgICAgICAgICAgIGJvcmRlci1yYWRpdXM6IDUwJTsKICAgICAgICAgICAgYmFja2dyb3VuZDogI0E3QTdBNzsKICAgICAgICAgICAgYW5pbWF0aW9uLXRpbWluZy1mdW5jdGlvbjogY3ViaWMtYmV6aWVyKDAsIDEsIDEsIDApOwogICAgICAgIH0KCiAgICAgICAgLmxkcy1lbGxpcHNpcyBkaXY6bnRoLWNoaWxkKDEpIHsKICAgICAgICAgICAgbGVmdDogOHB4OwogICAgICAgICAgICBhbmltYXRpb246IGxkcy1lbGxpcHNpczEgMC42cyBpbmZpbml0ZTsKICAgICAgICB9CgogICAgICAgIC5sZHMtZWxsaXBzaXMgZGl2Om50aC1jaGlsZCgyKSB7CiAgICAgICAgICAgIGxlZnQ6IDhweDsKICAgICAgICAgICAgYW5pbWF0aW9uOiBsZHMtZWxsaXBzaXMyIDAuNnMgaW5maW5pdGU7CiAgICAgICAgfQoKICAgICAgICAubGRzLWVsbGlwc2lzIGRpdjpudGgtY2hpbGQoMykgewogICAgICAgICAgICBsZWZ0OiAzMnB4OwogICAgICAgICAgICBhbmltYXRpb246IGxkcy1lbGxpcHNpczIgMC42cyBpbmZpbml0ZTsKICAgICAgICB9CgogICAgICAgIC5sZHMtZWxsaXBzaXMgZGl2Om50aC1jaGlsZCg0KSB7CiAgICAgICAgICAgIGxlZnQ6IDU2cHg7CiAgICAgICAgICAgIGFuaW1hdGlvbjogbGRzLWVsbGlwc2lzMyAwLjZzIGluZmluaXRlOwogICAgICAgIH0KCiAgICAgICAgQGtleWZyYW1lcyBsZHMtZWxsaXBzaXMxIHsKICAgICAgICAgICAgMCUgewogICAgICAgICAgICAgICAgdHJhbnNmb3JtOiBzY2FsZSgwKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgMTAwJSB7CiAgICAgICAgICAgICAgICB0cmFuc2Zvcm06IHNjYWxlKDEpOwogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBAa2V5ZnJhbWVzIGxkcy1lbGxpcHNpczMgewogICAgICAgICAgICAwJSB7CiAgICAgICAgICAgICAgICB0cmFuc2Zvcm06IHNjYWxlKDEpOwogICAgICAgICAgICB9CgogICAgICAgICAgICAxMDAlIHsKICAgICAgICAgICAgICAgIHRyYW5zZm9ybTogc2NhbGUoMCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIEBrZXlmcmFtZXMgbGRzLWVsbGlwc2lzMiB7CiAgICAgICAgICAgIDAlIHsKICAgICAgICAgICAgICAgIHRyYW5zZm9ybTogdHJhbnNsYXRlKDAsIDApOwogICAgICAgICAgICB9CgogICAgICAgICAgICAxMDAlIHsKICAgICAgICAgICAgICAgIHRyYW5zZm9ybTogdHJhbnNsYXRlKDI0cHgsIDApOwogICAgICAgICAgICB9CiAgICAgICAgfQogICAgPC9zdHlsZT4KPC9oZWFkPgoKPGJvZHk+CiAgICA8ZGl2IGlkPSJsb2FkaW5nX3dyYXBwZXIiIHN0eWxlPSJkaXNwbGF5OiBmbGV4O2ZsZXgtZGlyZWN0aW9uOiBjb2x1bW47anVzdGlmeS1jb250ZW50OiBzcGFjZS1iZXR3ZWVuO2hlaWdodDogMTAwJTsiPgo8ZGl2IGNsYXNzPSJjb250YWluZXIgZmxleC1jb250YWluZXIiIHN0eWxlPSIKICAgIGZsZXg6IDE7CiI+CiAgICAgICAgPGRpdiBjbGFzcz0iZmxleC1jb250YWluZXIiIHN0eWxlPSIKICAgIGZsZXg6IDE7CiI+CiAgICAgICAgICAgIDxzdmcgd2lkdGg9IjIzNiIgaGVpZ2h0PSI0NCIgdmlld0JveD0iMCAwIDIzNiA0NCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KICAgICAgICAgICAgICAgIDxwYXRoIGQ9Ik0zNy44MDYzIDMwLjI4NTRWMTAuNDI4NUwyMC42MTI5IDAuNVY4LjExNjM2TDI3LjM1MDggMTIuMDA5NUMyNy41OTQ1IDEyLjE0NTUgMjcuNjAwMiAxMi41MjUyIDI3LjM1MDggMTIuNjYxMkwxOS4zNDM1IDE3LjI4NTVDMTkuMDk5OCAxNy40MjcxIDE4LjgxNjQgMTcuNDE1OCAxOC41ODk4IDE3LjI4NTVMMTAuNTc2OCAxMi42NjEyQzEwLjMzMzEgMTIuNTI1MiAxMC4zMjc0IDEyLjE0NTUgMTAuNTc2OCAxMi4wMDk1TDE3LjMxNDcgOC4xMjIwMlYwLjUwNTY2OEwwLjExNTY0NiAxMC40Mjg1VjMwLjI4NTRWMzAuMTk0N1YzMC4yODU0TDYuNzExOTMgMjYuNDc3MlYxOC42OTY1QzYuNzA2MjYgMTguNDE4OCA3LjAzNDk0IDE4LjIyMDUgNy4yNzg2MiAxOC4zNzM1TDE1LjI4NiAyMi45OTc3QzE1LjUyOTYgMjMuMTM5NCAxNS42NjU2IDIzLjM4ODcgMTUuNjY1NiAyMy42NDk0VjMyLjg5NzlDMTUuNjcxMyAzMy4xNzU1IDE1LjM0ODMgMzMuMzczOSAxNS4xMDQ2IDMzLjIyNjVMOC4zNjY2NyAyOS4zMzM0TDEuNzcwMzggMzMuMTQxNUwxOC45Njk1IDQzLjA3TDM2LjE2ODUgMzMuMTQxNUwyOS41NjA5IDI5LjMzMzRMMjIuODIyOSAzMy4yMjY1QzIyLjU4NDkgMzMuMzY4MiAyMi4yNTA2IDMzLjE4NjkgMjIuMjU2MyAzMi44OTc5VjIzLjY0OTRDMjIuMjU2MyAyMy4zNzE3IDIyLjQwOTMgMjMuMTI4MSAyMi42MzU5IDIyLjk5NzdMMzAuNjQzMyAxOC4zNzM1QzMwLjg4MTMgMTguMjI2MiAzMS4yMTU2IDE4LjQxMzIgMzEuMjEgMTguNzAyMlYyNi40ODI5TDM3LjgwNjMgMzAuMjg1NFoiIGZpbGw9IiM0RDRENEQiPjwvcGF0aD4KICAgICAgICAgICAgICAgIDxwYXRoIGQ9Ik0xNS4wOTkgMzMuMjI2Mkw4LjM2MTA2IDI5LjMzM0wxLjc2NDc4IDMzLjE0MTJMMTguOTYzOCA0My4wNjk2VjIxLjMwODZMMC4xMTU3MDcgMTAuNDI4MVYzMC4yODVWMzAuMTk0NFYzMC4yODVMNi43MTE5OSAyNi40NzY5VjE4LjY5NjJDNi43MDYzMiAxOC40MTg1IDcuMDM1IDE4LjIyMDEgNy4yNzg2OCAxOC4zNzMxTDE1LjI4NiAyMi45OTc0QzE1LjUyOTcgMjMuMTM5IDE1LjY2NTcgMjMuMzg4NCAxNS42NjU3IDIzLjY0OTFWMzIuODk3NUMxNS42NzE0IDMzLjE3NTIgMTUuMzQyNyAzMy4zNzM1IDE1LjA5OSAzMy4yMjYyWiIgZmlsbD0iIzRDNEM0QyI+PC9wYXRoPgogICAgICAgICAgICAgICAgPHBhdGggZD0iTTE4Ljk2MzcgNDMuMDY5NkwzNi4xNjI4IDMzLjE0MTJMMjkuNTYwOSAyOS4zMzNMMjIuODIyOSAzMy4yMjYyQzIyLjU4NDkgMzMuMzY3OCAyMi4yNTA1IDMzLjE4NjUgMjIuMjU2MiAzMi44OTc1VjIzLjY0OTFDMjIuMjU2MiAyMy4zNzE0IDIyLjQwOTIgMjMuMTI3NyAyMi42MzU5IDIyLjk5NzRMMzAuNjQzMiAxOC4zNzMxQzMwLjg4MTIgMTguMjI1OCAzMS4yMTU2IDE4LjQxMjggMzEuMjA5OSAxOC43MDE4VjI2LjQ4MjVMMzcuODA2MiAzMC4yOTA3VjEwLjQyODFMMTguOTYzNyAyMS4zMDg2VjQzLjA2OTZaIiBmaWxsPSJibGFjayI+PC9wYXRoPgogICAgICAgICAgICAgICAgPHBhdGggZD0iTTIwLjYxMjkgMC41VjguMTE2MzZMMjcuMzUwOCAxMi4wMDk1QzI3LjU5NDUgMTIuMTQ1NSAyNy42MDAyIDEyLjUyNTIgMjcuMzUwOCAxMi42NjEyTDE5LjM0MzUgMTcuMjg1NUMxOS4wOTk4IDE3LjQyNzEgMTguODE2NCAxNy40MTU4IDE4LjU4OTggMTcuMjg1NUwxMC41NzY4IDEyLjY2MTJDMTAuMzMzMSAxMi41MjUyIDEwLjMyNzQgMTIuMTQ1NSAxMC41NzY4IDEyLjAwOTVMMTcuMzE0NyA4LjEyMjAyVjAuNTA1NjY4TDAuMTE1NjQ2IDEwLjQyODVMMTguOTYzOCAyMS4zMDlMMzcuODExOSAxMC40Mjg1TDIwLjYxMjkgMC41WiIgZmlsbD0iIzgwODA4MCI+PC9wYXRoPgogICAgICAgICAgICAgICAgPHBhdGggZD0iTTU5LjY3NDYgMjMuODUyN0M1OS42NzQ2IDI1Ljg1MzIgNTguNTU4MiAyNy4yODEyIDU2LjIxNzggMjcuMjgxMkM1My43MyAyNy4yODEyIDUyLjcwNDMgMjUuOTM4MiA1Mi43MDQzIDIzLjkzNzdWMTEuNzA4NUg0Ny42NDk0VjIzLjc2NzdDNDcuNjQ5NCAyOC41MzkzIDUwLjUwNTUgMzEuMzM4NyA1Ni4yMjM0IDMxLjMzODdDNjEuOTA3NCAzMS4zMzg3IDY0Ljc0MDggMjguNDgyNiA2NC43NDA4IDIzLjc2NzdWMTEuNzA4NUg1OS42ODU5VjIzLjg1MjdINTkuNjc0NloiIGZpbGw9ImJsYWNrIj48L3BhdGg+CiAgICAgICAgICAgICAgICA8cGF0aCBkPSJNNzYuNDcxOSAxNS45MDc4Qzc0LjQ0MzIgMTUuOTA3OCA3My4wNDM1IDE2Ljc2MzUgNzEuOTU1NCAxOC4zMzlINzEuODcwNFYxNi4zMzg1SDY3LjM4MjJWMzAuOTY0OUg3Mi4wNDA0VjIyLjg3ODJDNzIuMDQwNCAyMS4wNzYxIDczLjA3MTggMTkuNzg5NyA3NC42MTMyIDE5Ljc4OTdDNzYuMTI2MyAxOS43ODk3IDc2Ljg5NyAyMC44NDk0IDc2Ljg5NyAyMi4zOTA4VjMwLjk2NDlIODEuNTU1MlYyMS40NTAxQzgxLjU2MDggMTguMTkxNiA3OS42NzM3IDE1LjkwNzggNzYuNDcxOSAxNS45MDc4WiIgZmlsbD0iYmxhY2siPjwvcGF0aD4KICAgICAgICAgICAgICAgIDxwYXRoIGQ9Ik04OC42MjE2IDEwLjUzNjlIODMuOTYzNFYxNC4zMTFIODguNjIxNlYxMC41MzY5WiIgZmlsbD0iYmxhY2siPjwvcGF0aD4KICAgICAgICAgICAgICAgIDxwYXRoIGQ9Ik04OC42MjE1IDE2LjMzOTVIODMuOTYzM1YzMC45NzE1SDg4LjYyMTVWMTYuMzM5NVoiIGZpbGw9ImJsYWNrIj48L3BhdGg+CiAgICAgICAgICAgICAgICA8cGF0aCBkPSJNOTYuODIxNyAxMS43MDg1SDkyLjI3NjhWMTYuMzM4NEg5MC4zMzNWMjAuMTEyNkg5Mi4yNzY4VjI3LjExMTJDOTIuMjc2OCAzMC4yNTY0IDk0LjIyMDYgMzEuMTQwNCA5Ni45MzUgMzEuMTQwNEM5OC4xOTMxIDMxLjE0MDQgOTkuMDc3MSAzMS4wMjcxIDk5LjQ3OTQgMzAuOTEzN1YyNy41MTM2Qzk5LjMwOTQgMjcuNTEzNiA5OC44NTA0IDI3LjU0MTkgOTguNDQ4MSAyNy41NDE5Qzk3LjQ1MDcgMjcuNTQxOSA5Ni44MjE3IDI3LjI1ODYgOTYuODIxNyAyNi4xMTM4VjIwLjExMjZIOTkuNDc5NFYxNi4zMzg0SDk2LjgyMTdWMTEuNzA4NVoiIGZpbGw9ImJsYWNrIj48L3BhdGg+CiAgICAgICAgICAgICAgICA8cGF0aCBkPSJNMTA5LjM5MSAyMi41NjY1QzEwOC45MzIgMjMuOTk0NiAxMDguNTM1IDI1LjkzODMgMTA4LjUzNSAyNS45MzgzSDEwOC40NzlDMTA4LjQ3OSAyNS45MzgzIDEwOC4wMTkgMjMuOTk0NiAxMDcuNTY2IDIyLjU2NjVMMTA1LjU5NCAxNi4zMzg2SDEwMC42ODFMMTA0Ljk5MyAyNy41OTg4QzEwNS41OTQgMjkuMTQwMiAxMDUuODc3IDMwLjAwMTUgMTA1Ljg3NyAzMC42MjQ5QzEwNS44NzcgMzEuNjIyMyAxMDUuMzMzIDMyLjE2NjMgMTAzLjk2MiAzMi4xNjYzSDEwMi4zNjRWMzUuNzkzMUgxMDUuMzlDMTA4LjMzMSAzNS43OTMxIDEwOS43MzEgMzQuNTkxNyAxMTAuOTA0IDMxLjE2MzNMMTE1Ljk1OSAxNi4zMzI5SDExMS4zMDFMMTA5LjM5MSAyMi41NjY1WiIgZmlsbD0iYmxhY2siPjwvcGF0aD4KICAgICAgICAgICAgICAgIDxwYXRoIGQ9Ik0xMjIuNzI1IDMxLjE4MDZWMTIuNjA0MUgxMjUuNTI4VjI4Ljc2NzhIMTMzLjk0NVYzMS4xODA2SDEyMi43MjVaIiBmaWxsPSJibGFjayI+PC9wYXRoPgogICAgICAgICAgICAgICAgPHBhdGggZD0iTTE0Mi45MyAzMS40NjE4QzE0MS41NTcgMzEuNDYxOCAxNDAuMzc1IDMxLjE2ODUgMTM5LjM4MyAzMC41ODE5QzEzOC4zOTcgMjkuOTg5MyAxMzcuNjM1IDI5LjE1NzkgMTM3LjA5NyAyOC4wODc1QzEzNi41NjUgMjcuMDExMiAxMzYuMjk5IDI1Ljc1MDQgMTM2LjI5OSAyNC4zMDUxQzEzNi4yOTkgMjIuODc4IDEzNi41NjUgMjEuNjIwMiAxMzcuMDk3IDIwLjUzMThDMTM3LjYzNSAxOS40NDMzIDEzOC4zODUgMTguNTkzNyAxMzkuMzQ3IDE3Ljk4M0MxNDAuMzE0IDE3LjM3MjIgMTQxLjQ0NSAxNy4wNjY4IDE0Mi43MzkgMTcuMDY2OEMxNDMuNTI1IDE3LjA2NjggMTQ0LjI4NyAxNy4xOTY4IDE0NS4wMjUgMTcuNDU2OUMxNDUuNzYzIDE3LjcxNjkgMTQ2LjQyNSAxOC4xMjUxIDE0Ny4wMTEgMTguNjgxNEMxNDcuNTk4IDE5LjIzNzcgMTQ4LjA2MSAxOS45NjAzIDE0OC4zOTkgMjAuODQ5M0MxNDguNzM4IDIxLjczMjEgMTQ4LjkwNyAyMi44MDU1IDE0OC45MDcgMjQuMDY5M1YyNS4wMzA4SDEzNy44MzJWMjIuOTk5SDE0Ni4yNDlDMTQ2LjI0OSAyMi4yODU0IDE0Ni4xMDQgMjEuNjUzNSAxNDUuODE0IDIxLjEwMzJDMTQ1LjUyNCAyMC41NDY5IDE0NS4xMTYgMjAuMTA4NSAxNDQuNTkgMTkuNzg4QzE0NC4wNjkgMTkuNDY3NSAxNDMuNDU5IDE5LjMwNzMgMTQyLjc1NyAxOS4zMDczQzE0MS45OTUgMTkuMzA3MyAxNDEuMzMgMTkuNDk0NyAxNDAuNzYyIDE5Ljg2OTZDMTQwLjE5OSAyMC4yMzg1IDEzOS43NjQgMjAuNzIyMyAxMzkuNDU2IDIxLjMyMDlDMTM5LjE1MyAyMS45MTM1IDEzOS4wMDIgMjIuNTU3NSAxMzkuMDAyIDIzLjI1MjlWMjQuODQwM0MxMzkuMDAyIDI1Ljc3MTUgMTM5LjE2NSAyNi41NjM3IDEzOS40OTIgMjcuMjE2OEMxMzkuODI0IDI3Ljg2OTkgMTQwLjI4NyAyOC4zNjg3IDE0MC44OCAyOC43MTM0QzE0MS40NzIgMjkuMDUyIDE0Mi4xNjUgMjkuMjIxNCAxNDIuOTU3IDI5LjIyMTRDMTQzLjQ3MSAyOS4yMjE0IDE0My45MzkgMjkuMTQ4OCAxNDQuMzYzIDI5LjAwMzdDMTQ0Ljc4NiAyOC44NTI1IDE0NS4xNTIgMjguNjI4OCAxNDUuNDYgMjguMzMyNUMxNDUuNzY5IDI4LjAzNjEgMTQ2LjAwNSAyNy42NzAzIDE0Ni4xNjggMjcuMjM0OUwxNDguNzM1IDI3LjY5NzVDMTQ4LjUyOSAyOC40NTM0IDE0OC4xNiAyOS4xMTU1IDE0Ny42MjggMjkuNjg0QzE0Ny4xMDIgMzAuMjQ2MyAxNDYuNDQgMzAuNjg0NyAxNDUuNjQyIDMwLjk5OTJDMTQ0Ljg1IDMxLjMwNzYgMTQzLjk0NiAzMS40NjE4IDE0Mi45MyAzMS40NjE4WiIgZmlsbD0iYmxhY2siPjwvcGF0aD4KICAgICAgICAgICAgICAgIDxwYXRoIGQ9Ik0xNjMuNDM2IDE3LjI0ODJMMTU4LjM4MyAzMS4xODA2SDE1NS40ODFMMTUwLjQyIDE3LjI0ODJIMTUzLjMzMUwxNTYuODYgMjcuOTY5NkgxNTcuMDA1TDE2MC41MjQgMTcuMjQ4MkgxNjMuNDM2WiIgZmlsbD0iYmxhY2siPjwvcGF0aD4KICAgICAgICAgICAgICAgIDxwYXRoIGQ9Ik0xNzEuNTE1IDMxLjQ2MThDMTcwLjE0MyAzMS40NjE4IDE2OC45NiAzMS4xNjg1IDE2Ny45NjkgMzAuNTgxOUMxNjYuOTgzIDI5Ljk4OTMgMTY2LjIyMSAyOS4xNTc5IDE2NS42ODMgMjguMDg3NUMxNjUuMTUxIDI3LjAxMTIgMTY0Ljg4NSAyNS43NTA0IDE2NC44ODUgMjQuMzA1MUMxNjQuODg1IDIyLjg3OCAxNjUuMTUxIDIxLjYyMDIgMTY1LjY4MyAyMC41MzE4QzE2Ni4yMjEgMTkuNDQzMyAxNjYuOTcxIDE4LjU5MzcgMTY3LjkzMiAxNy45ODNDMTY4LjkgMTcuMzcyMiAxNzAuMDMxIDE3LjA2NjggMTcxLjMyNSAxNy4wNjY4QzE3Mi4xMTEgMTcuMDY2OCAxNzIuODczIDE3LjE5NjggMTczLjYxMSAxNy40NTY5QzE3NC4zNDggMTcuNzE2OSAxNzUuMDEgMTguMTI1MSAxNzUuNTk3IDE4LjY4MTRDMTc2LjE4NCAxOS4yMzc3IDE3Ni42NDYgMTkuOTYwMyAxNzYuOTg1IDIwLjg0OTNDMTc3LjMyMyAyMS43MzIxIDE3Ny40OTMgMjIuODA1NSAxNzcuNDkzIDI0LjA2OTNWMjUuMDMwOEgxNjYuNDE4VjIyLjk5OUgxNzQuODM1QzE3NC44MzUgMjIuMjg1NCAxNzQuNjkgMjEuNjUzNSAxNzQuNCAyMS4xMDMyQzE3NC4xMDkgMjAuNTQ2OSAxNzMuNzAxIDIwLjEwODUgMTczLjE3NSAxOS43ODhDMTcyLjY1NSAxOS40Njc1IDE3Mi4wNDQgMTkuMzA3MyAxNzEuMzQzIDE5LjMwNzNDMTcwLjU4MSAxOS4zMDczIDE2OS45MTYgMTkuNDk0NyAxNjkuMzQ3IDE5Ljg2OTZDMTY4Ljc4NSAyMC4yMzg1IDE2OC4zNSAyMC43MjIzIDE2OC4wNDEgMjEuMzIwOUMxNjcuNzM5IDIxLjkxMzUgMTY3LjU4OCAyMi41NTc1IDE2Ny41ODggMjMuMjUyOVYyNC44NDAzQzE2Ny41ODggMjUuNzcxNSAxNjcuNzUxIDI2LjU2MzcgMTY4LjA3OCAyNy4yMTY4QzE2OC40MSAyNy44Njk5IDE2OC44NzMgMjguMzY4NyAxNjkuNDY1IDI4LjcxMzRDMTcwLjA1OCAyOS4wNTIgMTcwLjc1IDI5LjIyMTQgMTcxLjU0MyAyOS4yMjE0QzE3Mi4wNTcgMjkuMjIxNCAxNzIuNTI1IDI5LjE0ODggMTcyLjk0OCAyOS4wMDM3QzE3My4zNzIgMjguODUyNSAxNzMuNzM4IDI4LjYyODggMTc0LjA0NiAyOC4zMzI1QzE3NC4zNTQgMjguMDM2MSAxNzQuNTkgMjcuNjcwMyAxNzQuNzUzIDI3LjIzNDlMMTc3LjMyIDI3LjY5NzVDMTc3LjExNSAyOC40NTM0IDE3Ni43NDYgMjkuMTE1NSAxNzYuMjE0IDI5LjY4NEMxNzUuNjg4IDMwLjI0NjMgMTc1LjAyNiAzMC42ODQ3IDE3NC4yMjcgMzAuOTk5MkMxNzMuNDM1IDMxLjMwNzYgMTcyLjUzMSAzMS40NjE4IDE3MS41MTUgMzEuNDYxOFoiIGZpbGw9ImJsYWNrIj48L3BhdGg+CiAgICAgICAgICAgICAgICA8cGF0aCBkPSJNMTgzLjIxNCAxMi42MDQxVjMxLjE4MDZIMTgwLjUwMlYxMi42MDQxSDE4My4yMTRaIiBmaWxsPSJibGFjayI+PC9wYXRoPgogICAgICAgICAgICAgICAgPHBhdGggZD0iTTE4Ny4wOCAzMS4xODA2VjEyLjYwNDFIMTkzLjcwMkMxOTUuMTQ3IDEyLjYwNDEgMTk2LjM0NCAxMi44NjcyIDE5Ny4yOTQgMTMuMzkzM0MxOTguMjQzIDEzLjkxOTQgMTk4Ljk1NCAxNC42MzkgMTk5LjQyNSAxNS41NTIxQzE5OS44OTcgMTYuNDU5MSAyMDAuMTMzIDE3LjQ4MTEgMjAwLjEzMyAxOC42MTc5QzIwMC4xMzMgMTkuNzYwOCAxOTkuODk0IDIwLjc4ODggMTk5LjQxNiAyMS43MDE5QzE5OC45NDUgMjIuNjA4OSAxOTguMjMxIDIzLjMyODUgMTk3LjI3NiAyMy44NjA3QzE5Ni4zMjYgMjQuMzg2OCAxOTUuMTMyIDI0LjY0OTggMTkzLjY5MyAyNC42NDk4SDE4OS4xMzlWMjIuMjczM0gxOTMuNDM5QzE5NC4zNTIgMjIuMjczMyAxOTUuMDkzIDIyLjExNjEgMTk1LjY2MSAyMS44MDE3QzE5Ni4yMjkgMjEuNDgxMiAxOTYuNjQ3IDIxLjA0NTggMTk2LjkxMyAyMC40OTU1QzE5Ny4xNzkgMTkuOTQ1MiAxOTcuMzEyIDE5LjMxOTQgMTk3LjMxMiAxOC42MTc5QzE5Ny4zMTIgMTcuOTE2NCAxOTcuMTc5IDE3LjI5MzYgMTk2LjkxMyAxNi43NDk0QzE5Ni42NDcgMTYuMjA1MSAxOTYuMjI2IDE1Ljc3ODggMTk1LjY1MiAxNS40NzA0QzE5NS4wODQgMTUuMTYyIDE5NC4zMzQgMTUuMDA3OCAxOTMuNDAyIDE1LjAwNzhIMTg5Ljg4M1YzMS4xODA2SDE4Ny4wOFoiIGZpbGw9ImJsYWNrIj48L3BhdGg+CiAgICAgICAgICAgICAgICA8cGF0aCBkPSJNMjA1LjkxMyAxMi42MDQxVjMxLjE4MDZIMjAzLjIwMVYxMi42MDQxSDIwNS45MTNaIiBmaWxsPSJibGFjayI+PC9wYXRoPgogICAgICAgICAgICAgICAgPHBhdGggZD0iTTIxMy42MTYgMzEuNDg5QzIxMi43MzMgMzEuNDg5IDIxMS45MzUgMzEuMzI1NyAyMTEuMjIxIDMwLjk5OTJDMjEwLjUwOCAzMC42NjY2IDIwOS45NDMgMzAuMTg1OSAyMDkuNTI1IDI5LjU1N0MyMDkuMTE0IDI4LjkyODEgMjA4LjkwOSAyOC4xNTcxIDIwOC45MDkgMjcuMjQ0QzIwOC45MDkgMjYuNDU3OSAyMDkuMDYgMjUuODEwOCAyMDkuMzYyIDI1LjMwMjlDMjA5LjY2NCAyNC43OTQ5IDIxMC4wNzMgMjQuMzkyOCAyMTAuNTg3IDI0LjA5NjVDMjExLjEwMSAyMy44MDAyIDIxMS42NzUgMjMuNTc2NSAyMTIuMzEgMjMuNDI1M0MyMTIuOTQ1IDIzLjI3NDEgMjEzLjU5MiAyMy4xNTkyIDIxNC4yNTEgMjMuMDgwNkMyMTUuMDg2IDIyLjk4MzkgMjE1Ljc2MyAyMi45MDUyIDIxNi4yODMgMjIuODQ0OEMyMTYuODAzIDIyLjc3ODMgMjE3LjE4MSAyMi42NzI0IDIxNy40MTcgMjIuNTI3M0MyMTcuNjUyIDIyLjM4MjIgMjE3Ljc3IDIyLjE0NjMgMjE3Ljc3IDIxLjgxOThWMjEuNzU2M0MyMTcuNzcgMjAuOTY0MSAyMTcuNTQ3IDIwLjM1MDQgMjE3LjA5OSAxOS45MTVDMjE2LjY1OCAxOS40Nzk2IDIxNS45OTkgMTkuMjYxOSAyMTUuMTIyIDE5LjI2MTlDMjE0LjIwOSAxOS4yNjE5IDIxMy40ODkgMTkuNDY0NSAyMTIuOTYzIDE5Ljg2OTZDMjEyLjQ0MyAyMC4yNjg3IDIxMi4wODMgMjAuNzEzMiAyMTEuODg0IDIxLjIwM0wyMDkuMzM1IDIwLjYyMjVDMjA5LjYzNyAxOS43NzU5IDIxMC4wNzkgMTkuMDkyNiAyMTAuNjU5IDE4LjU3MjVDMjExLjI0NiAxOC4wNDY1IDIxMS45MiAxNy42NjU1IDIxMi42ODIgMTcuNDI5N0MyMTMuNDQ0IDE3LjE4NzggMjE0LjI0NSAxNy4wNjY4IDIxNS4wODYgMTcuMDY2OEMyMTUuNjQyIDE3LjA2NjggMjE2LjIzMSAxNy4xMzM0IDIxNi44NTQgMTcuMjY2NEMyMTcuNDgzIDE3LjM5MzQgMjE4LjA3IDE3LjYyOTIgMjE4LjYxNCAxNy45NzM5QzIxOS4xNjQgMTguMzE4NiAyMTkuNjE1IDE4LjgxMTQgMjE5Ljk2NSAxOS40NTI0QzIyMC4zMTYgMjAuMDg3MyAyMjAuNDkyIDIwLjkxMjcgMjIwLjQ5MiAyMS45Mjg2VjMxLjE4MDZIMjE3Ljg0M1YyOS4yNzU4SDIxNy43MzRDMjE3LjU1OSAyOS42MjY1IDIxNy4yOTYgMjkuOTcxMiAyMTYuOTQ1IDMwLjMwOThDMjE2LjU5NCAzMC42NDg1IDIxNi4xNDQgMzAuOTI5NyAyMTUuNTkzIDMxLjE1MzRDMjE1LjA0MyAzMS4zNzcxIDIxNC4zODQgMzEuNDg5IDIxMy42MTYgMzEuNDg5Wk0yMTQuMjA2IDI5LjMxMjFDMjE0Ljk1NiAyOS4zMTIxIDIxNS41OTYgMjkuMTYzOSAyMTYuMTI5IDI4Ljg2NzZDMjE2LjY2NyAyOC41NzEzIDIxNy4wNzUgMjguMTg0MyAyMTcuMzUzIDI3LjcwNjZDMjE3LjYzNyAyNy4yMjI4IDIxNy43NzkgMjYuNzA1OCAyMTcuNzc5IDI2LjE1NTVWMjQuMzU5NkMyMTcuNjgzIDI0LjQ1NjMgMjE3LjQ5NSAyNC41NDcgMjE3LjIxNyAyNC42MzE3QzIxNi45NDUgMjQuNzEwMyAyMTYuNjM0IDI0Ljc3OTggMjE2LjI4MyAyNC44NDAzQzIxNS45MzIgMjQuODk0NyAyMTUuNTkgMjQuOTQ2MSAyMTUuMjU4IDI0Ljk5NDVDMjE0LjkyNSAyNS4wMzY4IDIxNC42NDcgMjUuMDczMSAyMTQuNDIzIDI1LjEwMzNDMjEzLjg5NyAyNS4xNjk5IDIxMy40MTcgMjUuMjgxNyAyMTIuOTgxIDI1LjQzODlDMjEyLjU1MiAyNS41OTYyIDIxMi4yMDcgMjUuODIyOSAyMTEuOTQ3IDI2LjExOTJDMjExLjY5MyAyNi40MDk1IDIxMS41NjYgMjYuNzk2NSAyMTEuNTY2IDI3LjI4MDNDMjExLjU2NiAyNy45NTE1IDIxMS44MTQgMjguNDU5NCAyMTIuMzEgMjguODA0MUMyMTIuODA2IDI5LjE0MjggMjEzLjQzOCAyOS4zMTIxIDIxNC4yMDYgMjkuMzEyMVoiIGZpbGw9ImJsYWNrIj48L3BhdGg+CiAgICAgICAgICAgICAgICA8cGF0aCBkPSJNMjI1LjMxOSAzNi40MDUyQzIyNC45MTQgMzYuNDA1MiAyMjQuNTQ1IDM2LjM3MiAyMjQuMjEzIDM2LjMwNTVDMjIzLjg4IDM2LjI0NSAyMjMuNjMyIDM2LjE3ODUgMjIzLjQ2OSAzNi4xMDU5TDIyNC4xMjIgMzMuODgzNkMyMjQuNjE4IDM0LjAxNjcgMjI1LjA1OSAzNC4wNzQxIDIyNS40NDYgMzQuMDU2QzIyNS44MzMgMzQuMDM3OCAyMjYuMTc1IDMzLjg5MjcgMjI2LjQ3MSAzMy42MjA2QzIyNi43NzQgMzMuMzQ4NSAyMjcuMDQgMzIuOTA0IDIyNy4yNjkgMzIuMjg3MkwyMjcuNjA1IDMxLjM2MkwyMjIuNTA3IDE3LjI0ODJIMjI1LjQxTDIyOC45MzggMjguMDYwM0gyMjkuMDg0TDIzMi42MTIgMTcuMjQ4MkgyMzUuNTI0TDIyOS43ODIgMzMuMDQwMUMyMjkuNTE2IDMzLjc2NTcgMjI5LjE3NyAzNC4zNzk1IDIyOC43NjYgMzQuODgxNEMyMjguMzU1IDM1LjM4OTMgMjI3Ljg2NSAzNS43NzAzIDIyNy4yOTcgMzYuMDI0M0MyMjYuNzI4IDM2LjI3ODMgMjI2LjA2OSAzNi40MDUyIDIyNS4zMTkgMzYuNDA1MloiIGZpbGw9ImJsYWNrIj48L3BhdGg+CiAgICAgICAgICAgIDwvc3ZnPgogICAgICAgIDwvZGl2PgogICAgICAgIDxkaXYgY2xhc3M9ImZsZXgtY29udGFpbmVyIGxvYWRpbmciIHN0eWxlPSIKICAgIGZsZXg6IDE7CiI+CiAgICAgICAgICAgIDxkaXYgY2xhc3M9Imxkcy1lbGxpcHNpcyI+CiAgICAgICAgICAgICAgICA8ZGl2PjwvZGl2PgogICAgICAgICAgICAgICAgPGRpdj48L2Rpdj4KICAgICAgICAgICAgICAgIDxkaXY+PC9kaXY+CiAgICAgICAgICAgICAgICA8ZGl2PjwvZGl2PgogICAgICAgICAgICA8L2Rpdj4KICAgICAgICA8L2Rpdj4KICAgIDwvZGl2Pgo8L2Rpdj4KCgo8L2JvZHk+PC9odG1sPg== DFKwWgtuDkKwLZPwD+z8H+N/xjK+n3eyNVx6ZVPn5jcincKZx5f5ncN= 7f0e37f0e37f14898082b072297c35 7ec967f0e37f14998082b0787b06bd 7f0e37f1487f531b0b0bb0b6fb0722 T01YLmJyb2FkY29tLnZpZGVvX2RlY29kZXIudHVubmVs DFK/HrQgJ+zQW+xUhoPBD+QqJk2MWrfXYN== T01YLkV4eW5vcy5BVkMuRGVjb2Rlcg== 7f0e36665b66a449801e9808297c35 97bd097bd097c35b0b6fc920fb0722 T01YLmxnZS5hbGFjLmRlY29kZXI= DFK/HrQgJ+zQW+xUhoPwJ7JgY7K0DkeAWrfXYN== 0000016742C00BDA259000000168CE0F13200000016588840DCE7118A0002FBF1C31C3275D78 20799a27-fa80-4b36-b2db-0f8141f24180 DFKwWgtuDkKwLZPwD+z8H+N/xjQZxVfV+T2SZVe6V2xS5c5n 97b6b97bd19801ec9210c9274c920e 97b6b7f0e47f531b0723b0b6fb0721 7ec967f0e37f14998082b0723b06bd LdxThdi1WBKUL75ULBPBD+QqJk2MWrfXYN== YzIuYW5kcm9pZC5tcDMuZGVjb2Rlcg== 4b324fc8-1670-01d3-1278-5a47bf6ee188 97bcf97c3598082c95f8e1cfcc920f 6b7c5270f02cf5e32e7682df60dc21d6 12345778-1234-abcd-ef00-0123456789ac 97b6b7f0e47f531b0723b0787b0721 H3UM16TDFPSBZJ90CW28QYRE45AXKNGV7L T01YLk52aWRpYS5oMjY0LmRlY29kZS5zZWN1cmU= 9778397bd197c36c9210c9274c91aa 9778397bd19801ec9210c965cc920e 97bcf97c359801ec95f8c965cc920f DFeuWkH0W+xUhoPwJ7JgY7K0DkeAWrfXYN== 97bd097bd07f595b0b6fc920fb0722 7ec967f0e37f14998082b0787b0721 HSrCHRtOan6wp2kwOIGJC1RDtuSrF2mWVbio2aBcMHX9KF3iTJ1lLSzCKP1ZSo5yNolPNw1kCTtWpxELFF4ah1 7f0e397bd07f595b0b0bc920fb0722 0123456789ABCDEFGHJKLMNPQRTUWXY T01YLkV4eW5vcy5BQUMuRGVjb2Rlcg== T01YLkV4eW5vcy5hdmMuZGVjLnNlY3VyZQ== 12345678-1234-abcd-ef00-01234567cffb DFKwWgtuDkKwLZPwD+z8H+N/xj26Vjcdx5KyVj5GxVN= 7f0e397bd07f595b0b6fc920fb0722 T01YLmxnZS5hYzMuZGVjb2Rlcg== 97bd097bd097c36b0b6fc9210c8dc2 7f0e27f1487f595b0b0bb0b6fb0722 44613e39e85bc1e738f85105bba1a9cc564976dd T01YLnFjb20uYXVkaW8uZGVjb2Rlci5tcDM= 9778397bd097c36b0b6fc9274c91aa DkPtYdQTLkfAW+xUhoPwJ7JgY7K0DkeAWrfXYN== h7KsLkfPW+xUhoPBD+QqJk2MWrfXYN== T01YLnJlYWx0ZWsudmlkZW8uZGVjb2Rlci50dW5uZWxlZA== 7f0e37f5307f595b0b0bc920fb0722 7f0e27f0e47f531b0b0bb0b6fb0722 6BFFD098-A112-3610-9833-46C3F87E345A cca47107bfcbdb211d88f3385aeede40 1DA0C57D-6C06-438A-9B27-10BCB3CE0F61
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: ace/a54.java, line(s) 10,17,71 ace/ca6.java, line(s) 8,11 ace/d60.java, line(s) 16 ace/dk4.java, line(s) 49,54,57,65,72 ace/dv6.java, line(s) 36 ace/e60.java, line(s) 47 ace/f60.java, line(s) 88,96,105,116 ace/fe1.java, line(s) 537 ace/ga2.java, line(s) 46,55 ace/gf7.java, line(s) 132,135,145,152,157,286 ace/gv6.java, line(s) 39 ace/hf4.java, line(s) 102,146 ace/hv6.java, line(s) 37 ace/i81.java, line(s) 73 ace/jf4.java, line(s) 81,132,144,171,180,196,210,229,238 ace/kl7.java, line(s) 26,73 ace/kw2.java, line(s) 104 ace/le1.java, line(s) 312 ace/mq6.java, line(s) 132,160,184,200 ace/n76.java, line(s) 82 ace/ne1.java, line(s) 43,53,79,93 ace/ne3.java, line(s) 23 ace/oq0.java, line(s) 12 ace/qd4.java, line(s) 15 ace/qu3.java, line(s) 7,11 ace/r10.java, line(s) 26 ace/r61.java, line(s) 14 ace/sd4.java, line(s) 13,19,25,36,42 ace/su7.java, line(s) 56,99 ace/te3.java, line(s) 75,109 ace/tn2.java, line(s) 61 ace/u66.java, line(s) 90 ace/um3.java, line(s) 22 ace/we3.java, line(s) 157 ace/wy4.java, line(s) 93 ace/y55.java, line(s) 265 cn/hutool/core/lang/Console.java, line(s) 16,66,128 com/ironsource/adapters/ironsource/IronSourceAdapter.java, line(s) 167,160,170,314,317,321,325,449 com/ironsource/av.java, line(s) 165 com/ironsource/bm.java, line(s) 114,100,104 com/ironsource/d6.java, line(s) 240,259,200,237,246,255 com/ironsource/e0.java, line(s) 212 com/ironsource/er.java, line(s) 48,52,59 com/ironsource/f3.java, line(s) 64 com/ironsource/h6.java, line(s) 67,111,60,100,104 com/ironsource/j4.java, line(s) 16,20,28 com/ironsource/j7.java, line(s) 93,177,223,89,165,214 com/ironsource/k7.java, line(s) 412,557,736,858,1034,214,246,254,258,291,402,405,558,733,741,754,756,856,985,991,997,1032 com/ironsource/m5.java, line(s) 149,150 com/ironsource/m9.java, line(s) 23,39 com/ironsource/mediationsdk/AbstractAdapter.java, line(s) 473,479 com/ironsource/mediationsdk/ads/nativead/LevelPlayNativeAd.java, line(s) 66 com/ironsource/mediationsdk/d.java, line(s) 406,411 com/ironsource/mediationsdk/demandOnly/d.java, line(s) 194,290,452,463,133,136,182,210,231,241,248,449,468 com/ironsource/mediationsdk/demandOnly/g.java, line(s) 263,152,155,237 com/ironsource/mediationsdk/demandOnly/l.java, line(s) 261,142,145,235 com/ironsource/mediationsdk/p.java, line(s) 692,697,703,712,719,732,2084,2089,2095,2104,2111,2125,2228,2236,2260,684,2076,2189,2198,2217,496,2243,2247,2251,500,505 com/ironsource/mediationsdk/q.java, line(s) 316,322 com/ironsource/mediationsdk/w.java, line(s) 450,624,728,810,890,917,944,101,113,408,414,416,442,622,715,805,841,863,870,879,898,915,972,1079,844,886,906,922,974 com/ironsource/mediationsdk/x.java, line(s) 157,236,155,228,232,239,291,296,317,412,429,469,422,439,474 com/ironsource/mediationsdk/y.java, line(s) 121,126 com/ironsource/n5.java, line(s) 110,115 com/ironsource/n7.java, line(s) 210,254,267,302,330,337,428,440,189,199,241,263,288,311,403 com/ironsource/os.java, line(s) 163,167 com/ironsource/so.java, line(s) 117 com/ironsource/tu.java, line(s) 39,41,73,79,111,115 com/ironsource/u0.java, line(s) 33,38,43,48,49,50 com/ironsource/u5.java, line(s) 167,150,158 com/ironsource/ul.java, line(s) 58,47,49 com/ironsource/w7.java, line(s) 77 com/ironsource/w8.java, line(s) 28 com/ironsource/x2.java, line(s) 85,91 com/ironsource/xc.java, line(s) 145,137 com/ironsource/xj.java, line(s) 36,38,39,41,92,97 com/ironsource/y.java, line(s) 308,134,141,294 com/ironsource/yo.java, line(s) 42,306 com/jcifs/smb/TestLocking.java, line(s) 17,93,42,53,63,65 com/jcifs/util/DES.java, line(s) 248,267 com/jcraft/jsch/DHECN.java, line(s) 33,70 com/jcraft/jsch/DHGEX.java, line(s) 42,77,103 com/jcraft/jsch/DHGN.java, line(s) 31,64 com/jcraft/jsch/DHXEC.java, line(s) 34,71 com/jcraft/jsch/KeyExchange.java, line(s) 121 com/jcraft/jsch/KeyPair.java, line(s) 548 com/jcraft/jsch/KnownHosts.java, line(s) 156,316,364,74 com/jcraft/jsch/jce/HMAC.java, line(s) 29 com/jcraft/jsch/jce/MD5.java, line(s) 25 com/jcraft/jsch/jce/SHA1.java, line(s) 24 com/jcraft/jsch/jce/SHA224.java, line(s) 24 com/jcraft/jsch/jce/SHA256.java, line(s) 24 com/jcraft/jsch/jce/SHA384.java, line(s) 24 com/jcraft/jsch/jce/SHA512.java, line(s) 24 com/jcraft/jsch/jzlib/Compression.java, line(s) 23,67 com/mbridge/msdk/dycreator/a/a.java, line(s) 273 com/mbridge/msdk/foundation/tools/ac.java, line(s) 20 com/yandex/mobile/ads/impl/kb2.java, line(s) 9 com/yandex/mobile/ads/impl/ok1.java, line(s) 16 com/yandex/mobile/ads/impl/zb.java, line(s) 43,43,57 nz/mega/sdk/megaJNI.java, line(s) 26 org/antlr/v4/runtime/c.java, line(s) 154 org/antlr/v4/runtime/d.java, line(s) 56,61,70,190 org/mozilla/intl/chardet/HtmlCharsetDetector.java, line(s) 30,51,58 org/mozilla/universalchardet/UniversalDetector.java, line(s) 51,57
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: com/ironsource/ts.java, line(s) 20,20
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: ace/lg1.java, line(s) 4,38 ace/us0.java, line(s) 5,170 com/ace/fileexplorer/page/p.java, line(s) 12,329 com/jecelyin/editor/v2/widget/text/EditAreaView.java, line(s) 13,123,134,362,364 com/yandex/div/core/view2/errors/ErrorView.java, line(s) 10,59
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/mbridge/msdk/thrid/okhttp/internal/Util.java, line(s) 446,445,444,444 com/yandex/mobile/ads/impl/a91.java, line(s) 24,23,21,21 com/yandex/mobile/ads/impl/fc1.java, line(s) 128,116,127,126,126 com/yandex/mobile/ads/impl/t02.java, line(s) 56,55,54,54 jcifs/http/NtlmHttpURLConnection.java, line(s) 197,295,301,579,252
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: ace/f65.java, line(s) 474,474,474,474 com/apm/insight/nativecrash/c.java, line(s) 475,475,475,475,475 com/yandex/mobile/ads/impl/wm1.java, line(s) 8,8,8,8,8
已通过安全项 此应用程序具有防止窃听攻击的功能
此应用程序具有防止窃听攻击的功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-for-overlay-attacks-mstg-platform-9 Files: ace/tb6.java, line(s) 15