安全分析报告:
安全分数
安全分数 45/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
2
用户/设备跟踪器
调研结果
高危
5
中危
33
信息
1
安全
1
关注
20
高危 App 链接 assetlinks.json 文件未找到
[android:name=com.thl.thl_advertlibrary.activity.Fhad_WebPageActivity][android:host=https://ssl.ptlogin2.qq.com] App Link 资产验证 URL (https://ssl.ptlogin2.qq.com/.well-known/assetlinks.json) 未找到或配置不正确。(状态代码:302)。应用程序链接允许用户从 Web URL/电子邮件重定向到移动应用程序。如果此文件丢失或为 App Link 主机/域配置不正确,则恶意应用程序可以劫持此类 URL。这可能会导致网络钓鱼攻击,泄露 URI 中的敏感数据,例如 PII、OAuth 令牌、魔术链接/密码重置令牌等。您必须通过托管 assetlinks.json 文件并通过 Activity intent-filter 中的 [android:autoVerify=“true”] 启用验证来验证 App Link 网域。
高危 应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文
应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode Files: apache/rio/kluas_update/AESEncrypUtil.java, line(s) 20,40 cn/gz3create/args/v1/GetXiaomi.java, line(s) 3293
高危 使用弱加密算法
使用弱加密算法 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: cn/gz3create/args/v3/DevicesGetter.java, line(s) 521,533 cn/gz3create/args/v3/DynamicGetterXm.java, line(s) 347,359
高危 WebView域控制不严格漏洞
WebView域控制不严格漏洞 Files: com/rio/photomaster/ui/BeiAnActivity.java, line(s) 62,56 com/rio/photomaster/ui/ListActivity.java, line(s) 62,56 com/rio/photomaster/ui/PrivacyActivity.java, line(s) 62,56 com/rio/photomaster/ui/ThirdActivity.java, line(s) 62,56 com/rio/photomaster/ui/UserPrivacyActivity.java, line(s) 62,56 com/thl/thl_advertlibrary/activity/Fhad_WebPageActivity.java, line(s) 147,133
高危 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: com/thl/thl_advertlibrary/activity/Fhad_WebPageActivity.java, line(s) 219,218
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Activity (com.rio.photomaster.ui.LoginActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.rio.photomaster.ui.MainActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.tendory.screenrec.ScreenShotActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity设置了TaskAffinity属性
(com.michurou.screenrec.wxapi.WXEntryActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity (com.michurou.screenrec.wxapi.WXEntryActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity设置了TaskAffinity属性
(com.michurou.screenrec.wxapi.WXPayEntryActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity (com.michurou.screenrec.wxapi.WXPayEntryActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.tencent.tauth.AuthActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.thl.thl_advertlibrary.activity.Fhad_WebPageActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.mob.id.MobIDSYActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.mob.guard.MobTranPullLockActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.mob.MobACService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.mob.id.MobIDActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.mob.id.MobIDService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.mob.guard.MobTranPullUpActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.mob.guard.MobGuardPullUpService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.alipay.sdk.app.PayResultActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.alipay.sdk.app.AlipayResultActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.bytedance.android.openliveplugin.stub.activity.DouyinAuthorizeActivityProxy) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.bytedance.android.openliveplugin.stub.activity.DouyinAuthorizeActivityLiveProcessProxy) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.mob.tools.MobUIShell) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: org/repackage/a/a/a/a/c.java, line(s) 59
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: apache/rio/kluas_base/utils/CleanDataUtils.java, line(s) 13,21,58 cn/gz3create/args/v1/GetXiaomi.java, line(s) 453 cn/gz3create/args/v3/GetHuaweiV2.java, line(s) 1735 cn/gz3create/args/v3/GetSamsung.java, line(s) 783,880 cn/gz3create/args/v3/GetXiaomiV3.java, line(s) 439 com/danikula/videocache/StorageUtils.java, line(s) 24,41 com/kluas/imagepicker/dbHelper/threadpools/EncodeSingleTask.java, line(s) 149,158 com/kluas/imagepicker/ui/ImageSelectorActivity.java, line(s) 421,503 com/kluas/imagepicker/ui/album/ImagePickerActivity.java, line(s) 460,564 com/kluas/imagepicker/utils/FileUtils.java, line(s) 82,91 com/kluas/imagepicker/utils/PathUtils.java, line(s) 15,16,17,18 com/rio/photomaster/utils/ShareUtils.java, line(s) 439 com/rx/img/manager/CameraHelper.java, line(s) 26,46 com/ss/android/downloadlib/addownload/hi.java, line(s) 396 com/ss/android/downloadlib/addownload/mk.java, line(s) 233,235 com/ss/android/downloadlib/k/a.java, line(s) 367,347,440 com/tendory/water/lib/FileManager.java, line(s) 298 com/tendory/water/lib/MyMadesDBManager.java, line(s) 149 com/tendory/whole/base/utils/FileUtils.java, line(s) 8 com/tendory/whole/base/utils/StaticFinalValues.java, line(s) 39,40 com/tendory/whole/blocks/mediaCodec/bigflake/cameraToMpeg/CameraToMpegActivity.java, line(s) 34 com/tendory/whole/blocks/mediaCodec/bigflake/encodeAndMux/EncodeAndMuxActivity.java, line(s) 28 com/tendory/whole/blocks/mediaCodec/bigflake/extractDecodeEditEncodeMux/ExtractDecodeEditEncodeMuxActivity.java, line(s) 58,142 com/tendory/whole/blocks/mediaCodec/bigflake/extractMpegFrames/ExtractMpegFramesActivity.java, line(s) 29 com/tendory/whole/blocks/mediaCodec/primary/mp3TranslateAAC/Mp3TranslateAACActivity.java, line(s) 21 com/tendory/whole/blocks/mediaCodec/recordBaseCamera/H264Encoder.java, line(s) 49 com/tendory/whole/blocks/mediaCodec/recordCamera/utils/FileUtils.java, line(s) 15,86 com/tendory/whole/blocks/mediaExtractor/MediaExtractorActivity.java, line(s) 42,58,64,99,135 com/tendory/whole/blocks/mediaMuxer/MediaMuxerActivity.java, line(s) 17 com/tendory/whole/blocks/mediaMuxer/functions/CreateVideoAddAudioToMp4.java, line(s) 93,197,319 com/tendory/whole/createVideoByVoice/CreateVideoByAudioDbActivity.java, line(s) 59 com/tendory/whole/pickvideo/VideoPickAdapter.java, line(s) 148 com/thl/thl_advertlibrary/activity/Fhad_WebPageActivity.java, line(s) 399 com/thl/thl_advertlibrary/downloadhelper/DownloadHelper.java, line(s) 315 com/thl/thl_advertlibrary/downloadhelper/DownloadMgr.java, line(s) 53 com/thl/thl_advertlibrary/utils/AdvertUtils.java, line(s) 283 org/litepal/Operator.java, line(s) 95 org/litepal/tablemanager/Connector.java, line(s) 35,37
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: apache/rio/kluas_update/utils/ApplicationUtil.java, line(s) 101 cn/gz3create/args/v1/GetXiaomi.java, line(s) 3380,3395 cn/gz3create/args/v3/DevicesGetter.java, line(s) 408 cn/gz3create/args/v3/DynamicGetterXm.java, line(s) 260 cn/gz3create/args/v3/GetXiaomiV3.java, line(s) 2545,2567 cn/smssdk/net/login/e.java, line(s) 14 com/danikula/videocache/ProxyCacheUtils.java, line(s) 73 com/kluas/imagepicker/dbHelper/encrypt/MD5Utils.java, line(s) 12,31 com/kluas/imagepicker/utils/SimpleUtils.java, line(s) 53 com/miui/analytics/internal/util/h0.java, line(s) 37 com/rio/photomaster/utils/DialogTimer.java, line(s) 53 com/rio/photomaster/utils/SimpleUtils.java, line(s) 55 com/thl/thl_advertlibrary/downloadhelper/DownloadHelper.java, line(s) 412 org/litepal/util/cipher/CipherUtil.java, line(s) 38
中危 IP地址泄露
IP地址泄露 Files: com/danikula/videocache/HttpProxyCacheServer.java, line(s) 30 com/ss/android/download/api/constant/BaseConstants.java, line(s) 36
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: apache/rio/kluas_base/utils/SPUtils.java, line(s) 28 apache/rio/kluas_third/ThirdConfig.java, line(s) 9,6 apache/rio/kluas_third/wx/net/WxMgr.java, line(s) 54 apache/rio/kluas_update/retrofit/FH_CipherUtilWithPHP.java, line(s) 23 com/rio/photomaster/config/RootConfig.java, line(s) 11 com/rio/photomaster/net/aes/FH_CipherUtilWithPHP.java, line(s) 23 com/tendory/floatwindow/impl/FloatLifecycleReceiver.java, line(s) 21,22 com/tendory/screenrec/ScreenSettingActivity.java, line(s) 409 com/tendory/screenrec/ScreenShotSettingActivity.java, line(s) 812 com/zhy/http/okhttp/builder/PostFormBuilder.java, line(s) 48 org/litepal/util/cipher/CipherUtil.java, line(s) 10
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/danikula/videocache/sourcestorage/DatabaseSourceInfoStorage.java, line(s) 6,7,28 com/ss/android/downloadlib/l/lq.java, line(s) 4,5,16 com/tendory/water/lib/MyMadesDBManager.java, line(s) 6,7,168 org/litepal/Operator.java, line(s) 6,507 org/litepal/tablemanager/AssociationCreator.java, line(s) 5,117 org/litepal/tablemanager/Generator.java, line(s) 4,58
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: org/junit/rules/TemporaryFolder.java, line(s) 41,79
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: apache/rio/kluas_third/alipay/OrderInfoUtil2_0.java, line(s) 17 cn/smssdk/gui/ContactsPage.java, line(s) 28 com/tendory/whole/base/utils/ConstantUtils.java, line(s) 3
中危 应用程序包含隐私跟踪程序
此应用程序有多个2隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 友盟统计的=> "UMENG_APPKEY" : "5ea94cce167eddc7430000e4" MobTech(袤博科技) 推送SDK的=> "Mob-AppKey" : "2f06a6fd6d32b" MobTech(袤博科技) 推送SDK的=> "Mob-AppSecret" : "72c92f0ecc5fc823751f10759de7d528" 友盟统计的=> "UMENG_CHANNEL" : "yingyongbao" "smssdk_authorize_dialog_reject" : "Disagree" "smssdk_authorize_dialog_accept" : "Agree" "library_roundedimageview_authorWebsite" : "https://github.com/vinc3m1" 11926ad43ab5c4d777d87a677c61ed22 A2B55680-6F43-11E0-9A3F-0002A5D5C51B c6e3dc12a1154626b3476d9bf3bd7266 6b56c5f0dc31428083757a45764763b0-5287d2089db37e62345123a1be272f8b ba6a81f2c13fb0ba3b96d99619 dedc8bf1514d6c6a5e456fba74 1ef570e1013109c50df8f8c2015faed71e4cf7c53ca9195a99c574ca046aeefdf70bc5fd69f04b0eadf63398698f776cf1ef0db5134efddc3aa4825b69aee94b55356a15d2a50a325ef7bd2d9efe15f3ac5d2303e0bdf5147b3d0fb5fa4fd1d5ea07fe1b45912ff9d7fe472136ff49cb1176f039219bc737ec7ccad132a5ce57 qVyObdyMO0gOhWxU33MfniOGYANgTjRtZrwFaG0YItY= 91d898dfde6fb787ab3d926f9d 72ecd0c6ca96361c7f3bcd7144 9A04F079-9840-4286-AB92-E65BE0885F95 38197ca7950aec7020d516fbb2 2c4a9fef9ffa03e5deb5973ab9 d993f23339944e4de27e4b0a12 38cfad789e9808443d11f2f9be 315fdfa6abc4b17d8c139605de c35aba6cab2ecf11c77c911944e61f32 fa3acdf1b118fc26668bf72a70d60aa024a2667254c5f0bb8f082bc384b38a4e6d3d1b672467a19793c8f770c63f48b409e87f5787371789af40b95eae9867b9 e27eaf3fc3e24047bd5d4ec3a8 0c0731ac543eb71311c482a2e2 o0gr3Zuewf8OpyV42Q9Fnit5MU e6a941cd02e3f29465cd438d16 HW2cvdpQwYWjlUPWCe9XXv2E4YDUhhVfToG3SOkKqDg= 2628761069dd35867eda68fe2a e247e8b45bd557f70ac6dcc0cb edef8ba9-79d6-4ace-a3c8-27dcd51d21ed gfe+XR1rnFAtXlaxB0LzVroP9JsC0tUaMgOfZsYlems= IaAPuAkDREGD4tPYwnUH0tHcYgp2GykATCvSpM2m+Wk= 0520d3554a69ad50a3b87d1760 c15ee2d2f01aba51d33985e6c5 sQdbX+sU0IdnB2wic5nAD5TnVd46A+H/5dqacw20lJU=
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: Jni/FileUtils.java, line(s) 27,29,64 Jni/TrackUtils.java, line(s) 16,29 VideoHandle/EpEditor.java, line(s) 261,290,349,354,365,370,302,483 apache/rio/kluas_base/utils/ApplicationUtil.java, line(s) 46 apache/rio/kluas_base/utils/Lg.java, line(s) 29,39 apache/rio/kluas_base/utils/SPUtils.java, line(s) 61 apache/rio/kluas_base/utils/SizeUtil.java, line(s) 82 apache/rio/kluas_third/Lg.java, line(s) 29,39 apache/rio/kluas_third/alipay/AliPayTask.java, line(s) 24 apache/rio/kluas_third/qq/ui/BaseTencentActivity.java, line(s) 30,34,38,44 apache/rio/kluas_third/qq/ui/TencentLoginActivity.java, line(s) 44,66 apache/rio/kluas_third/qq/ui/TencentShareActivity.java, line(s) 32 apache/rio/kluas_third/wx/net/WxMgr.java, line(s) 23 apache/rio/kluas_third/wx/utils/Util.java, line(s) 88,90,94,98,109,74 apache/rio/kluas_update/AESEncrypUtil.java, line(s) 11,15,32,36,45,49 apache/rio/kluas_update/retrofit/FH_CipherUtilWithPHP.java, line(s) 83 apache/rio/kluas_update/retrofit/UpdateInterceptor.java, line(s) 25 apache/rio/kluas_update/retrofit/UpdateObserver.java, line(s) 21 apache/rio/kluas_update/ui/DownloadActivity.java, line(s) 116,117,118,120,157,169,227,168,182 apache/rio/kluas_update/utils/ApplicationUtil.java, line(s) 54,112,113,42 apache/rio/kluas_update/utils/Lg.java, line(s) 29,39 apache/rio/kluas_update/utils/PackageUtil.java, line(s) 24 apache/rio/kluas_update/utils/SizeUtil.java, line(s) 51 cn/devices/get/permission/UsesPermission.java, line(s) 50 cn/gz3create/args/v1/GetXiaomi.java, line(s) 2496,3310,3444,3447,3451 cn/gz3create/args/v3/DevicesGetter.java, line(s) 150,153,162,171,194,196,208,262,265,278,297,316 cn/gz3create/args/v3/DynamicGetterXm.java, line(s) 157,203 cn/gz3create/args/v3/GetHuaweiV2.java, line(s) 2323 cn/gz3create/args/v3/LoggUtils.java, line(s) 10,16,20,40,46,50,25,31,35 cn/julia/superpermission/PermissionMgr.java, line(s) 298,416,317,241,330,349 cn/julia/superpermission/lifecycler/ActivityLifecycleImpl.java, line(s) 312,351,360,372 cn/julia/superpermission/util/CheckPermissionUtil.java, line(s) 21,25 cn/julia/superpermission/util/LanguageUtil.java, line(s) 59 cn/julia/superpermission/util/SharePerfenceUtil.java, line(s) 19,30 cn/julia/superpermission/util/ThreadUtils.java, line(s) 315,337,432,494,513,518,559,502 cn/smssdk/net/b.java, line(s) 297 cn/smssdk/utils/DHelper.java, line(s) 99 cn/smssdk/utils/SMSLog.java, line(s) 11 com/coremedia/iso/boxes/sampleentry/AudioSampleEntry.java, line(s) 194 com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java, line(s) 1770,1189,1283,1287,1362,1366,579,690,1451,1460,1489,1494,2173 com/davemorrissey/labs/subscaleview/decoder/SkiaPooledImageRegionDecoder.java, line(s) 379 com/kluas/imagepicker/adapter/album/AlbumDecoderAdapter.java, line(s) 108,131 com/kluas/imagepicker/adapter/album/FolderAlbumAdapter.java, line(s) 38 com/kluas/imagepicker/dbHelper/DbHelper.java, line(s) 41,43 com/kluas/imagepicker/dbHelper/encrypt/EncryptUtils.java, line(s) 95,100,103 com/kluas/imagepicker/dbHelper/task/LoadFoldersListTask.java, line(s) 30,40 com/kluas/imagepicker/dbHelper/task/LoadFoldersTask.java, line(s) 60,61 com/kluas/imagepicker/dbHelper/task/LoadSingleFolderTask.java, line(s) 53 com/kluas/imagepicker/dbHelper/threadpools/DecodeSingleTask.java, line(s) 79 com/kluas/imagepicker/dbHelper/threadpools/DecodeTask.java, line(s) 31,45 com/kluas/imagepicker/dbHelper/threadpools/EncodeSingleTask.java, line(s) 47,102,117,153 com/kluas/imagepicker/dbHelper/threadpools/EncodeTask.java, line(s) 31 com/kluas/imagepicker/dbHelper/threadpools/TempDecodeTask.java, line(s) 53 com/kluas/imagepicker/ui/album/ImagePickerActivity.java, line(s) 392,510,538 com/kluas/imagepicker/ui/album/PreviewAlbumActivity.java, line(s) 134,144 com/kluas/imagepicker/utils/FileUtils.java, line(s) 86,141,133 com/kluas/imagepicker/utils/ImageUtil.java, line(s) 109 com/makeramen/roundedimageview/RoundedDrawable.java, line(s) 102 com/makeramen/roundedimageview/RoundedImageView.java, line(s) 267,307 com/michurou/screenrec/wxapi/WXEntryActivity.java, line(s) 32 com/michurou/screenrec/wxapi/WXPayEntryActivity.java, line(s) 40 com/miui/analytics/internal/util/c0.java, line(s) 17,26 com/miui/analytics/internal/util/i.java, line(s) 60,71,78,93,114,205,214,230,248,270,282,293,310,322 com/miui/analytics/internal/util/q.java, line(s) 27,73,39,67,51,71,75,69,89 com/mp4parser/streaming/rawformats/H264TrackAdapter.java, line(s) 39,59 com/rio/photomaster/SplashActivity.java, line(s) 72 com/rio/photomaster/adapter/FolderAdapter.java, line(s) 121,122,166,190 com/rio/photomaster/adapter/PreviewFragmentPagerAdapter.java, line(s) 30 com/rio/photomaster/net/aes/FH_CipherUtilWithPHP.java, line(s) 83 com/rio/photomaster/net/aes/hello.java, line(s) 7,8 com/rio/photomaster/net/retrofit/BaseObserver.java, line(s) 21 com/rio/photomaster/ui/AlbumActivity.java, line(s) 131,136,471,486,739,155,504,513,757,840 com/rio/photomaster/ui/AlbumPreviewActivity.java, line(s) 291 com/rio/photomaster/ui/ChangeFolderActivity.java, line(s) 125,137 com/rio/photomaster/ui/LoginActivity.java, line(s) 232,234,245,253,255 com/rio/photomaster/ui/SetThumbActivity.java, line(s) 165 com/rio/photomaster/ui/VipActivity.java, line(s) 106,234,254,255,306,315,377,397 com/rio/photomaster/ui/fragment/HomeFragment.java, line(s) 145,153 com/rio/photomaster/ui/fragment/MineFragment.java, line(s) 102,661 com/rio/photomaster/ui/fragment/NoteFragment.java, line(s) 96,318 com/rio/photomaster/ui/fragment/PicFragment.java, line(s) 168,227,385 com/rio/photomaster/ui/fragment/PreviewFragment.java, line(s) 76,97,110,127 com/rio/photomaster/ui/fragment/VideoFragment.java, line(s) 173,226,370 com/rio/photomaster/ui/fragment/VipFragment.java, line(s) 123,257,277,278,339,348,407,531,428 com/rio/photomaster/utils/ShareUtils.java, line(s) 440 com/rio/photomaster/widget/dialog/DialogHelper.java, line(s) 670,671 com/rx/img/manager/CameraHelper.java, line(s) 43,45 com/tbruyelle/rxpermissions2/RxPermissionsFragment.java, line(s) 81,46 com/tendory/floatwindow/utils/L.java, line(s) 97,666,986,121,137,995,88,96,104,105,112,120,128,989,89,983,113,129,992,998 com/tendory/screenrec/ScreenSettingActivity.java, line(s) 401 com/tendory/screenrec/ScreenShotSettingActivity.java, line(s) 794,383,407 com/tendory/screenrec/rec/BaseEncoder.java, line(s) 87,98,109 com/tendory/screenrec/rec/MicRecorder.java, line(s) 178,303,310 com/tendory/screenrec/rec/ScreenRecorder.java, line(s) 300,308,334,348,419,163,181 com/tendory/screenrec/shot/Shotter.java, line(s) 93 com/tendory/water/lib/GlUtil.java, line(s) 33,45,46,61,65,76,111,112,113 com/tendory/water/lib/InputSurface.java, line(s) 103 com/tendory/water/lib/OutputSurface.java, line(s) 183 com/tendory/water/lib/TextureBitmapOverlayRender.java, line(s) 220,245,249,263,275,276 com/tendory/water/lib/TextureRender.java, line(s) 115,129,133,147,159,160 com/tendory/whole/blocks/audioRecord/AudioRecordDemo.java, line(s) 37,16,22 com/tendory/whole/blocks/mediaCodec/bigflake/cameraToMpeg/CameraToMpegActivity.java, line(s) 83,100,136,147,255,539,543,556,568,569,579,207,158,260,282 com/tendory/whole/blocks/mediaCodec/bigflake/decodeEditEncode/DecodeEditEncodeActivity.java, line(s) 93,319 com/tendory/whole/blocks/mediaCodec/bigflake/encodeAndMux/EncodeAndMuxActivity.java, line(s) 89,137,157,142,165 com/tendory/whole/blocks/mediaCodec/bigflake/encodeDecode/EncodeDecodeActivity.java, line(s) 377,605,180,237,181,204,217,238,283,302,166,506,543,547,659,723 com/tendory/whole/blocks/mediaCodec/bigflake/encodeDecode/InputSurface.java, line(s) 103 com/tendory/whole/blocks/mediaCodec/bigflake/encodeDecode/OutputSurface.java, line(s) 154 com/tendory/whole/blocks/mediaCodec/bigflake/encodeDecode/TextureRender.java, line(s) 129,133,147,159,160,170 com/tendory/whole/blocks/mediaCodec/bigflake/extractDecodeEditEncodeMux/ExtractDecodeEditEncodeMuxActivity.java, line(s) 300,309,310,316,329,330,332,336,341,343,346,348,352,380,390,391,411,420,421,427,440,441,444,448,470,480,487,488,507,508,509,520,537,541,544,573,577,584,601,605,612,627,638,648,221 com/tendory/whole/blocks/mediaCodec/bigflake/extractMpegFrames/ExtractMpegFramesActivity.java, line(s) 175,457,461,474,486,487,497,121 com/tendory/whole/blocks/mediaCodec/primary/CreatMusicVideoByMediaCodecActivity.java, line(s) 146,154,203,238,241 com/tendory/whole/blocks/mediaCodec/primary/PrimaryMediaCodecActivity.java, line(s) 139,147,195,230,233 com/tendory/whole/blocks/mediaCodec/primary/mp3TranslateAAC/AudioCodec.java, line(s) 116,351 com/tendory/whole/blocks/mediaCodec/primary/mp3TranslateAAC/AudioDecoder.java, line(s) 56,87,95,99,101,113,70,104 com/tendory/whole/blocks/mediaCodec/primary/mp3TranslateAAC/Mp3TranslateAACActivity.java, line(s) 52,57,62,67,81 com/tendory/whole/blocks/mediaCodec/recordBaseCamera/RecordBaseCameraActivity.java, line(s) 110,118 com/tendory/whole/blocks/mediaCodec/recordCamera/thread/AudioEncoderThread.java, line(s) 43,45,70,73,79,113,148,162,174,178,186,203,207,213,251,255,263,54,90,230,238 com/tendory/whole/blocks/mediaCodec/recordCamera/thread/MediaMuxerThread.java, line(s) 38,77,109,113,117,126,161,175,183,192,196,202,206,212,225,227,238,243 com/tendory/whole/blocks/mediaCodec/recordCamera/thread/VideoEncoderThread.java, line(s) 181,187,200,88,116,124,138,143,164,179,217,167,151 com/tendory/whole/blocks/mediaCodec/recordCamera/utils/FileUtils.java, line(s) 71,74 com/tendory/whole/blocks/mediaCodec/show/MediaCodecShowOnGlSurfaceView.java, line(s) 201,207,214,183 com/tendory/whole/blocks/mediaExtractor/MediaExtractorActivity.java, line(s) 122,127,112,117 com/tendory/whole/blocks/mediaExtractor/primary/TransAacHandlerPure.java, line(s) 318,443 com/tendory/whole/blocks/mediaExtractor/primary/decoder/DecoderAudioAAC2PCMPlay.java, line(s) 72,101,145,133,150,27 com/tendory/whole/blocks/mediaExtractor/primary/decoder/DecoderAudioAndGetDb.java, line(s) 81,110,154,164,203,142,158,34 com/tendory/whole/blocks/mediaExtractor/primary/encoder/EncoderAudioAAC.java, line(s) 68,72,29 com/tendory/whole/blocks/mediaExtractor/primary/official/AMediaExtractorOfficial.java, line(s) 31,36,39 com/tendory/whole/blocks/mediaMuxer/functions/CreateVideoAddAudio.java, line(s) 146,154,203,238,241 com/tendory/whole/blocks/mediaMuxer/functions/CreateVideoAddAudioToMp4.java, line(s) 122,127,142,163,209,244,327,331 com/tendory/whole/blocks/mediaMuxer/functions/DecoderAndGetAudioDb.java, line(s) 83,112,159,171,208,241,144,164,38 com/tendory/whole/blocks/mediaMuxer/primary/MuxerVoiceDbToMp4.java, line(s) 118,149,204,243,302,325,328,421,446,449,196,199 com/tendory/whole/createVideoByVoice/CreateVideoByAudioDbActivity.java, line(s) 72,77,97,119,128 com/tendory/whole/createVideoByVoice/EncoderVideo.java, line(s) 67,76,83,154 com/tendory/whole/createVideoByVoice/GetAudioDb.java, line(s) 77,106,153,204,34 com/tendory/whole/createVideoByVoice/localEdit/LocalVideoActivity.java, line(s) 218,241,246,280,290,429,555,610 com/tendory/whole/createVideoByVoice/localEdit/VideoDrawer.java, line(s) 50,69,79,84,102,115 com/tendory/whole/createVideoByVoice/localEdit/VideoPreviewView.java, line(s) 61,90 com/tendory/whole/editVideo/VideoEditActivity.java, line(s) 269,401,449,472,481,482,515,523,677,680,732,757,766,770,773 com/tendory/whole/editVideo/fragment/FilterDialogFragment.java, line(s) 138 com/tendory/whole/editVideo/mediacodec/InputSurface.java, line(s) 103 com/tendory/whole/editVideo/mediacodec/OutputSurface.java, line(s) 220 com/tendory/whole/editVideo/mediacodec/VideoClipper.java, line(s) 158 com/tendory/whole/editVideo/view/BubbleTextView.java, line(s) 729,733,735,738,742,288,712,713,714,715,773 com/tendory/whole/editVideo/view/PopBubbleEditView.java, line(s) 98 com/tendory/whole/editVideo/view/PopPasterView.java, line(s) 36,43,47,51 com/tendory/whole/editVideo/view/StickerView.java, line(s) 409,413,415,418,421,144,395,396,397,398,514 com/tendory/whole/editVideo/view/VideoEditProgressView.java, line(s) 136,140,167,192,218,219,220,304,335,336,337,338,339,342,358,432,450,451,452,467,476,489,494,495 com/tendory/whole/editVideo/view/VideoEditView.java, line(s) 171 com/tendory/whole/jiaozivideo/JZMediaManager.java, line(s) 83,95 com/tendory/whole/jiaozivideo/JZResizeTextureView.java, line(s) 48,52,56,68,69 com/tendory/whole/jiaozivideo/JZUtils.java, line(s) 85 com/tendory/whole/jiaozivideo/JZVideoPlayer.java, line(s) 68,69,79,234,362,365,368,388,396,402,408,427,449,457,473,491,497,549,563,570,626,632,648,654,660,666,674,681,713,729,756,758,769,800,878,884,891,896,923,967,971,1013,1020,1030 com/tendory/whole/jiaozivideo/JZVideoPlayerStandard.java, line(s) 182,183 com/tendory/whole/pickvideo/BaseActivity.java, line(s) 55,60 com/tendory/whole/record/RecorderActivity.java, line(s) 467 com/tendory/whole/record/beans/MediaObject.java, line(s) 76,78,93,169,185 com/tendory/whole/record/camera/CameraController.java, line(s) 64 com/tendory/whole/record/encoder/TextureMovieEncoder.java, line(s) 73,148,203,236,247,209,76,123,198,218 com/tendory/whole/record/encoder/VideoEncoderCore.java, line(s) 255,262,234 com/tendory/whole/record/encoder/gles/EglCore.java, line(s) 68,135,144,184,79,100 com/tendory/whole/record/encoder/gles/EglSurfaceBase.java, line(s) 62 com/tendory/whole/record/filters/AFilter.java, line(s) 212 com/tendory/whole/record/filters/gpuFilters/utils/OpenGlUtils.java, line(s) 132,137,146,163,244 com/tendory/whole/record/ui/CustomRecordImageView.java, line(s) 163 com/tendory/whole/record/ui/ProgressView.java, line(s) 153,185 com/tendory/whole/selCover/SelCoverTimeActivity.java, line(s) 89 com/tendory/whole/videoPlayer/VideoPlayerActivity.java, line(s) 53,59,70,116,128 com/thl/thl_advertlibrary/activity/Fhad_BaseSplashActivity.java, line(s) 134,218,224,293,299,306 com/thl/thl_advertlibrary/config/AdvertConfig.java, line(s) 105,116,184,194 com/thl/thl_advertlibrary/config/TTAdConfigManager.java, line(s) 27 com/thl/thl_advertlibrary/dialog/AppActiveAdvertDialog.java, line(s) 102,115,158,187,192,198,202,207,222,230,234,238,242,246,255,161,260 com/thl/thl_advertlibrary/dialog/CloseAdvertDialog.java, line(s) 95,108,158,183,189,195,199,205,220,228,232,236,240,244,253,161,258 com/thl/thl_advertlibrary/helper/BannerAdvertHelper.java, line(s) 43,72 com/thl/thl_advertlibrary/helper/InterBannerAdvertHelper.java, line(s) 75,148 com/thl/thl_advertlibrary/helper/InterctionAdvertHelper.java, line(s) 124,129,135,139,144,159,167,171,175,179,183 com/thl/thl_advertlibrary/helper/InterctionChuanshanjiaAdvertHelper.java, line(s) 74,78,82,92,100,104,108,112,116,137 com/thl/thl_advertlibrary/helper/NewInterstitialAdvertHelper.java, line(s) 88,121,126,134,138,142,151,155,158,161,169,173,177,181,185,109 com/thl/thl_advertlibrary/helper/TTAdRewardVideoHelper.java, line(s) 44,53,98,102,106,110,114 com/thl/thl_advertlibrary/helper/TTAdVideoHelper.java, line(s) 90,130,134,138,142,146 com/thl/thl_advertlibrary/network/bean/Fhad_BaseCallBack.java, line(s) 27,32,51 com/thl/thl_advertlibrary/utils/AdvertUtils.java, line(s) 124,134,139,165,174,178,181,190,193,202 com/thl/thl_advertlibrary/utils/DateUtils.java, line(s) 23 com/thl/thl_advertlibrary/utils/Fhad_PackageUtil.java, line(s) 16,26,36,51 com/thl/thl_advertlibrary/utils/Lg.java, line(s) 30,21,40,45 com/zhy/http/okhttp/cookie/store/PersistentCookieStore.java, line(s) 141,150,153 com/zhy/http/okhttp/log/LoggerInterceptor.java, line(s) 41,43,44,45,47,50,53,56,58,69,70,71,73,77,79,81,84 com/zhy/http/okhttp/utils/L.java, line(s) 10 junit/runner/BaseTestRunner.java, line(s) 148 junit/runner/Version.java, line(s) 12 junit/textui/TestRunner.java, line(s) 88,112,137 org/greenrobot/eventbus/Logger.java, line(s) 81,86 org/greenrobot/eventbus/util/ErrorDialogConfig.java, line(s) 34 org/greenrobot/eventbus/util/ErrorDialogManager.java, line(s) 185 org/greenrobot/eventbus/util/ExceptionToResourceMapping.java, line(s) 25 org/litepal/crud/SaveHandler.java, line(s) 223 org/litepal/tablemanager/AssociationCreator.java, line(s) 64,101,113,242 org/litepal/tablemanager/AssociationUpdater.java, line(s) 38,92,133,152,231,233,235,237 org/litepal/tablemanager/Upgrader.java, line(s) 25,82,95,128,137,146,160,177,180,182 org/litepal/util/LitePalLog.java, line(s) 12,18 org/litepal/util/cipher/AESCrypt.java, line(s) 83,89,40,67 pub/devrel/easypermissions/EasyPermissions.java, line(s) 158,160,27
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: apache/rio/kluas_update/retrofit/UpdateRetrofit.java, line(s) 11,11 com/rio/photomaster/net/retrofit/RetrofitFactory_AES.java, line(s) 14,14 com/rio/photomaster/net/retrofit/RetrofitFactory_Buss.java, line(s) 14,14 com/rio/photomaster/net/retrofit/RetrofitFactory_image.java, line(s) 11,11 com/thl/thl_advertlibrary/utils/SSLSocketClient.java, line(s) 60,23,58,58 com/zhy/http/okhttp/https/HttpsUtils.java, line(s) 107,171,42,105,105,169,169
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (loving.fanghenet.com) 通信。
{'ip': '221.230.244.93', 'country_short': 'CN', 'country_long': '中国', 'region': '山东', 'city': '青岛', 'latitude': '36.098610', 'longitude': '120.371941'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (download.sdk.mob.com) 通信。
{'ip': '45.113.201.237', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (apps.bytesfield.com) 通信。
{'ip': '221.230.244.93', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (i.snssdk.com) 通信。
{'ip': '52.20.185.129', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (oss.fanghenet.com) 通信。
{'ip': '221.230.244.93', 'country_short': 'CN', 'country_long': '中国', 'region': '河南', 'city': '驻马店', 'latitude': '32.979439', 'longitude': '114.030144'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (identify.verify.mob.com) 通信。
{'ip': '103.143.17.149', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (resource.sqcat.cn) 通信。
{'ip': '221.230.244.93', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.mob.com) 通信。
{'ip': '45.113.201.237', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (wx.tenpay.com) 通信。
{'ip': '221.230.244.93', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (init.sms.mob.com) 通信。
{'ip': '103.143.17.149', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.chengzijianzhan.com) 通信。
{'ip': '221.230.244.93', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.michurou.com) 通信。
{'ip': '47.92.233.19', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (browser.51star.top) 通信。
{'ip': '221.230.244.93', 'country_short': 'CN', 'country_long': '中国', 'region': '山东', 'city': '青岛', 'latitude': '36.098610', 'longitude': '120.371941'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (sf6-ttcdn-tos.pstatp.com) 通信。
{'ip': '52.20.185.129', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '台州', 'latitude': '28.666668', 'longitude': '121.349998'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.toutiaopage.com) 通信。
{'ip': '27.155.113.139', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (beian.miit.gov.cn) 通信。
{'ip': '27.155.113.139', 'country_short': 'CN', 'country_long': '中国', 'region': '福建', 'city': '福州', 'latitude': '26.061390', 'longitude': '119.306107'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (apps.bytesfield-b.com) 通信。
{'ip': '121.228.130.80', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.fangdingtech.cn) 通信。
{'ip': '47.92.233.19', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (apps.oceanengine.com) 通信。
{'ip': '121.228.188.228', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (asoto.top) 通信。
{'ip': '47.92.95.145', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}