安全分析报告:
安全分数
安全分数 45/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
2
用户/设备跟踪器
调研结果
高危
9
中危
47
信息
4
安全
3
关注
2
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危 程序可被任意调试
[android:debuggable=true] 应用可调试标签被开启,这使得逆向工程师更容易将调试器挂接到应用程序上。这允许导出堆栈跟踪和访问调试助手类。
高危 Activity (im.amzwbdfmrh.tel.CallApiAbove29Dialer) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危 App 链接 assetlinks.json 文件未找到
[android:name=im.amzwbdfmrh.ui.LaunchActivity][android:host=http://m12345.cc] App Link 资产验证 URL (http://m12345.cc/.well-known/assetlinks.json) 未找到或配置不正确。(状态代码:None)。应用程序链接允许用户从 Web URL/电子邮件重定向到移动应用程序。如果此文件丢失或为 App Link 主机/域配置不正确,则恶意应用程序可以劫持此类 URL。这可能会导致网络钓鱼攻击,泄露 URI 中的敏感数据,例如 PII、OAuth 令牌、魔术链接/密码重置令牌等。您必须通过托管 assetlinks.json 文件并通过 Activity intent-filter 中的 [android:autoVerify=“true”] 启用验证来验证 App Link 网域。
高危 App 链接 assetlinks.json 文件未找到
[android:name=im.amzwbdfmrh.ui.LaunchActivity][android:host=https://m12345.cc] App Link 资产验证 URL (https://m12345.cc/.well-known/assetlinks.json) 未找到或配置不正确。(状态代码:None)。应用程序链接允许用户从 Web URL/电子邮件重定向到移动应用程序。如果此文件丢失或为 App Link 主机/域配置不正确,则恶意应用程序可以劫持此类 URL。这可能会导致网络钓鱼攻击,泄露 URI 中的敏感数据,例如 PII、OAuth 令牌、魔术链接/密码重置令牌等。您必须通过托管 assetlinks.json 文件并通过 Activity intent-filter 中的 [android:autoVerify=“true”] 启用验证来验证 App Link 网域。
高危 Activity (im.amzwbdfmrh.messenger.OpenChatReceiver) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/alivc/rtc/device/utils/AESUtils.java, line(s) 39,46 im/amzwbdfmrh/ui/hui/friendscircle/okhttphelper/AESHelper.java, line(s) 50 im/amzwbdfmrh/ui/utils/AesUtils.java, line(s) 41,63,72,81 im/amzwbdfmrh/ui/utils/ChiperUtils.java, line(s) 51,73,82
高危 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/litesuits/orm/BuildConfig.java, line(s) 3,4 com/serenegiant/uvccamera/BuildConfig.java, line(s) 3,6 im/amzwbdfmrh/messenger/BuildConfig.java, line(s) 3,6
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: im/amzwbdfmrh/ui/ArticleViewer.java, line(s) 7293,61,62 im/amzwbdfmrh/ui/components/EmbedBottomSheet.java, line(s) 688,33,34
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 Service (im.amzwbdfmrh.messenger.GcmPushListenerService) 未被保护。
存在一个intent-filter。 发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。
中危 Broadcast Receiver (com.google.android.gms.measurement.AppMeasurementReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (im.amzwbdfmrh.tel.IncomingCallReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (im.amzwbdfmrh.tel.CallApiAbove29Dialer) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (im.amzwbdfmrh.tel.CallApiAbove29ScreeningService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_SCREENING_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Activity (im.amzwbdfmrh.ui.ShareActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (im.amzwbdfmrh.ui.ExternalActionActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (im.amzwbdfmrh.messenger.OpenChatReceiver) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (im.amzwbdfmrh.ui.hui.visualcall.VisualCallActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (im.amzwbdfmrh.ui.hui.visualcall.VisualCallReceiveActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity设置了TaskAffinity属性
(im.amzwbdfmrh.ui.VoIPActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity设置了TaskAffinity属性
(im.amzwbdfmrh.ui.VoIPPermissionActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity设置了TaskAffinity属性
(im.amzwbdfmrh.ui.VoIPFeedbackActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Service (im.amzwbdfmrh.messenger.AuthenticatorService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (im.amzwbdfmrh.messenger.ContactsSyncAdapterService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (im.amzwbdfmrh.messenger.AppChooserTargetService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_CHOOSER_TARGET_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (im.amzwbdfmrh.messenger.MusicPlayerService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (im.amzwbdfmrh.messenger.MusicBrowserService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (im.amzwbdfmrh.messenger.WearDataLayerListenerService) 未被保护。
存在一个intent-filter。 发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。
中危 Service (im.amzwbdfmrh.messenger.voip.AppConnectionService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_TELECOM_CONNECTION_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (im.amzwbdfmrh.messenger.MusicPlayerReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (im.amzwbdfmrh.messenger.voip.VoIPMediaButtonReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (im.amzwbdfmrh.messenger.AppStartReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (im.amzwbdfmrh.messenger.RefererReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.INSTALL_PACKAGES [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Content Provider (im.amzwbdfmrh.messenger.voip.CallNotificationSoundProvider) 未被保护。
[android:exported=true] 发现 Content Provider与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (im.amzwbdfmrh.keepalive.ChannelService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (im.amzwbdfmrh.keepalive.DaemonService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (im.amzwbdfmrh.keepalive.ScheduleService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (im.amzwbdfmrh.keepalive.MonitorReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (im.amzwbdfmrh.keepalive.ScreenReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.blankj.utilcode.util.MessengerUtils$ServerService) 未被保护。
存在一个intent-filter。 发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。
中危 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (com.qiniu.android.dns.NetworkReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/bjz/comm/net/utils/MD5Utils.java, line(s) 19 com/danikula/videocache/ProxyCacheUtils.java, line(s) 74 com/litesuits/orm/db/assit/Encrypt.java, line(s) 35 im/amzwbdfmrh/messenger/AndroidUtilities.java, line(s) 2411 im/amzwbdfmrh/messenger/FileUploadOperation.java, line(s) 420 im/amzwbdfmrh/messenger/Utilities.java, line(s) 372 im/amzwbdfmrh/translate/MD5.java, line(s) 21,52 im/amzwbdfmrh/ui/hui/friendscircle/okhttphelper/MD5Utils.java, line(s) 19 im/amzwbdfmrh/ui/utils/ChiperUtils.java, line(s) 17
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/alivc/rtc/device/UTUtdid.java, line(s) 16 com/alivc/rtc/device/utils/PhoneInfoUtils.java, line(s) 7 com/socks/library/klog/FileLog.java, line(s) 12 im/amzwbdfmrh/ui/hui/visualcall/VisualCallReceiveService.java, line(s) 27 im/amzwbdfmrh/ui/utils/NameUtil.java, line(s) 3 im/amzwbdfmrh/ui/utils/number/StringUtils.java, line(s) 4 im/amzwbdfmrh/ui/utils/translate/ssrc/SSRC.java, line(s) 14 im/amzwbdfmrh/utils/VerifyCodeUtils.java, line(s) 7
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/alivc/rtc/device/UTUtdid.java, line(s) 23,24,43 com/bjz/comm/net/bean/AtUserBean.java, line(s) 60 com/bjz/comm/net/bean/FCEntitysRequest.java, line(s) 49 com/bjz/comm/net/bean/FCEntitysResponse.java, line(s) 121 com/bjz/comm/net/bean/FcUserInfoBean.java, line(s) 116 com/bjz/comm/net/bean/MiniGameBean.java, line(s) 113 com/bjz/comm/net/bean/ResponseAccessTokenBean.java, line(s) 60 com/litesuits/orm/db/assit/SQLBuilder.java, line(s) 62 com/litesuits/orm/db/model/EntityTable.java, line(s) 32 com/litesuits/orm/db/model/MapProperty.java, line(s) 7 com/zhy/http/okhttp/builder/PostFormBuilder.java, line(s) 48 im/amzwbdfmrh/javaBean/ShareInstallConfigBean.java, line(s) 46 im/amzwbdfmrh/messenger/BuildVars.java, line(s) 9,8 im/amzwbdfmrh/messenger/ContactsController.java, line(s) 1266,1607 im/amzwbdfmrh/messenger/FileRefController.java, line(s) 131,163,180,195,200,205,212,230,227,233 im/amzwbdfmrh/messenger/ImageLoader.java, line(s) 774 im/amzwbdfmrh/messenger/LocaleController.java, line(s) 726 im/amzwbdfmrh/messenger/NotificationsController.java, line(s) 2182,2227 im/amzwbdfmrh/messenger/SendMessagesHelper.java, line(s) 2488,1700,1708,3250 im/amzwbdfmrh/ui/ArticleViewer.java, line(s) 1805,4717,3971 im/amzwbdfmrh/ui/ChannelCreateActivity.java, line(s) 132 im/amzwbdfmrh/ui/ChatEditTypeActivity.java, line(s) 121 im/amzwbdfmrh/ui/DataAutoDownloadActivity.java, line(s) 300,446,315,456,308,451 im/amzwbdfmrh/ui/DataSettingsActivity.java, line(s) 213,377,225,385,219,381 im/amzwbdfmrh/ui/LaunchActivity.java, line(s) 2012 im/amzwbdfmrh/ui/NotificationsCustomSettingsActivity.java, line(s) 380,378,376 im/amzwbdfmrh/ui/NotificationsSettingsActivity.java, line(s) 377 im/amzwbdfmrh/ui/PassportActivity.java, line(s) 4300,3885,4338,3891,4306,4342,4312,4315,889,4961,4291,4322,884,4953,4303,4297,4326,4294,4324,3899,4336,4309,887,4957,880,4941,3895,4340,3878,4332,3881,4334,892,4945 im/amzwbdfmrh/ui/ProxyListActivity.java, line(s) 126,136,141,148,151 im/amzwbdfmrh/ui/QuickRepliesSettingsActivity.java, line(s) 158,154,150,146 im/amzwbdfmrh/ui/actionbar/Theme.java, line(s) 2774,3204,3272 im/amzwbdfmrh/ui/adapters/MentionsAdapter.java, line(s) 396 im/amzwbdfmrh/ui/components/AlertsCreator.java, line(s) 535,537 im/amzwbdfmrh/ui/components/EmojiView.java, line(s) 3998,4002 im/amzwbdfmrh/ui/components/EmojiViewV2.java, line(s) 3982,3986 im/amzwbdfmrh/ui/components/ScrollSlidingTextTabStrip.java, line(s) 67,122,65,120,68,123,66,121 im/amzwbdfmrh/ui/components/Switch.java, line(s) 68,69,70,71 im/amzwbdfmrh/ui/hui/contacts/CreateGroupingActivity.java, line(s) 545 im/amzwbdfmrh/ui/hui/contacts/PhonebookUsersActivity.java, line(s) 194 im/amzwbdfmrh/ui/hui/friendscircle_v1/view/CommFCArcView.java, line(s) 18,24,30 im/amzwbdfmrh/ui/hui/friendscircle_v1/view/edittext/span/User.java, line(s) 153 im/amzwbdfmrh/ui/hui/login/LoginContronllerActivity.java, line(s) 76 im/amzwbdfmrh/ui/hui/packet/SelecteContactsActivity.java, line(s) 163,167 im/amzwbdfmrh/ui/hviews/MrySwitch.java, line(s) 70,88,71,89,72,73,90,91 im/amzwbdfmrh/ui/settings/AutoDownloadSettingActivity.java, line(s) 78,470,88,485,83,478 im/amzwbdfmrh/ui/settings/DataAndStoreSettingActivity.java, line(s) 286,294,290 im/amzwbdfmrh/ui/settings/ProxySettingActivity.java, line(s) 509,519,524,531,534
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/alivc/rtc/device/core/persistent/PersistentConfiguration.java, line(s) 52,151,326,376 com/danikula/videocache/StorageUtils.java, line(s) 25,44 im/amzwbdfmrh/messenger/AndroidUtilities.java, line(s) 1465,837,1459,1460 im/amzwbdfmrh/messenger/FileLog.java, line(s) 50,83,332 im/amzwbdfmrh/messenger/ImageLoader.java, line(s) 1421,1422 im/amzwbdfmrh/messenger/SharedConfig.java, line(s) 685 im/amzwbdfmrh/messenger/voip/VoIPController.java, line(s) 300 im/amzwbdfmrh/ui/DocumentSelectActivity.java, line(s) 474,572,572,572,575 im/amzwbdfmrh/ui/SettingsActivity.java, line(s) 1136 im/amzwbdfmrh/ui/components/voip/VoIPHelper.java, line(s) 487 im/amzwbdfmrh/ui/dialogs/McShareDialog.java, line(s) 168 im/amzwbdfmrh/ui/fragments/MeFragmentV2.java, line(s) 856 im/amzwbdfmrh/ui/hui/chats/GroupShareActivity.java, line(s) 264 im/amzwbdfmrh/ui/hui/mine/AboutAppActivity.java, line(s) 380 im/amzwbdfmrh/ui/hui/mine/QrCodeActivity.java, line(s) 369 im/amzwbdfmrh/ui/hviews/helper/MryDisplayHelper.java, line(s) 270 im/amzwbdfmrh/ui/utils/DownloadUtils.java, line(s) 152
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: im/amzwbdfmrh/ui/fragments/TabWebFragment.java, line(s) 96,89 im/amzwbdfmrh/ui/hui/discoveryweb/DiscoveryJumpToPage.java, line(s) 263,255,277
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: im/amzwbdfmrh/messenger/utils/PlayerUtils.java, line(s) 1236,1243 im/amzwbdfmrh/ui/ArticleViewer.java, line(s) 7163,7158 im/amzwbdfmrh/ui/WebviewActivity.java, line(s) 271,258 im/amzwbdfmrh/ui/components/EmbedBottomSheet.java, line(s) 664,221 im/amzwbdfmrh/ui/components/WebPlayerView.java, line(s) 1187,1189
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/alivc/rtc/device/UTUtdid.java, line(s) 344 im/amzwbdfmrh/messenger/Utilities.java, line(s) 227,241 im/amzwbdfmrh/ui/PassportActivity.java, line(s) 2780 im/amzwbdfmrh/ui/utils/DeviceIdUtil.java, line(s) 89 im/amzwbdfmrh/utils/DeviceUtils.java, line(s) 96 im/amzwbdfmrh/utils/FingerprintUtil.java, line(s) 155
中危 IP地址泄露
IP地址泄露 Files: com/danikula/videocache/HttpProxyCacheServer.java, line(s) 31 im/amzwbdfmrh/tgnet/NetworkConfig.java, line(s) 210,202,212,200
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: im/amzwbdfmrh/ui/components/paint/Slice.java, line(s) 20 im/amzwbdfmrh/ui/utils/translate/ssrc/SSRC.java, line(s) 780
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/danikula/videocache/sourcestorage/DatabaseSourceInfoStorage.java, line(s) 6,7,28 com/litesuits/orm/db/assit/Querier.java, line(s) 4,14
中危 应用程序包含隐私跟踪程序
此应用程序有多个2隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 百度地图的=> "com.baidu.lbsapi.API_KEY" : "oYnHR3odlaw9KUleHaQP5BrTLivxSCz1" openinstall统计的=> "com.openinstall.APP_KEY" : "gj6dn0" 谷歌地图的=> "com.google.android.maps.v2.API_KEY" : "AIzaSyA-t0jLPjUt2FxrA8VPK2EiYHcYcboIR6k" "LoginByPassword" : "Passwortanmeldung" "UseProxySecret" : "Secret" "LoginPassword" : "Passwort" "key_walletDefaultBackground" : "walletDefaultBackground" "PaymentPasswordTitle" : "Passwort" "RestorePasswordNoEmailTitle" : "Sorry" "baidu_map_key" : "oYnHR3odlaw9KUleHaQP5BrTLivxSCz1" "PayPasswordReset" : "PayPasswordReset" "Sessions" : "Session" "TypePrivate" : "Privado" "TypePrivate" : "Pribadi" "TypePrivateGroup" : "pribadi" "PasswordCode" : "Code" "TypePrivateGroup" : "Private" "TypePrivate" : "Private" "TypePrivate2" : "Private" "PayPasswordSetting" : "PayPasswordSetting" "UserNameOrPhoneNumberSearch" : "Username" "pref_speakerphone_key" : "speakerphone_preference" "YourPasswordSuccess" : "Sucesso!" "LoginPassword" : "Senha" "TypePrivate2" : "Privat" "PasscodePassword" : "Password" "PayPasswordSetting" : "Zahlungskennworteinstellung" "UseProxyPassword" : "Passwort" "UseProxySecret" : "Rahasia" "TypePrivateGroup" : "peribadi" "UseProxyUsername" : "Username" "PasscodePassword" : "Senha" "RestorePasswordNoEmailTitle" : "Desculpe" "UseProxyUsername" : "Benutzername" "UseProxyUsername" : "namapengguna" "key_windowBackgroundGray" : "windowBackgroundGray" "PaymentPasswordEmailTitle" : "Wiederherstellungs-E-Mail" "YourPasswordSuccess" : "Sukses!" "LoginPassword" : "Password" "Sessions" : "Sitzung" "PaymentPasswordTitle" : "Password" "Username" : "Username" "firebase_database_url" : "https://amzwbdfmrh-48b0d.firebaseio.com" "LoginPasswordReset" : "LoginPasswordReset" "UseProxySecret" : "Rahsia" "TypePrivateGroup" : "privado" "Sessions" : "Sessions" "google_api_key" : "AIzaSyC6uk1nvjb5BYzqEzgaWy_iTryf5373Nyw" "google_app_id" : "1:194512522065:android:a3b6ee229cc1efe012e170" "TypePrivateGroup" : "privat" "YourPasswordSuccess" : "Berjaya!" "TypePrivate2" : "Privado" "TypePrivate2" : "Pribadi" "PasscodePassword" : "Passwort" "RestorePasswordNoEmailTitle" : "Maaf" "PaymentPasswordTitle" : "Senha" "UseProxyPassword" : "Senha" "YourPasswordSuccess" : "Erfolg!" "PayPassword" : "Zahlungspasswort" "UseProxySecret" : "Geheimnis" "RestorePasswordNoEmailTitle" : "Entschuldigung" "UseProxyPassword" : "Password" "YourPasswordSuccess" : "Success!" "TypePrivate" : "Privat" "PayPasswordSetReminder" : "Tips" "FindBackPassword" : "FindBack" "key_windowBackgroundWhite" : "windowBackgroundWhite" "yuncheng_app_key" : "-dSPyyHFK-C3oeMlwHTO+pKDObpgxP2MO7Uo2UCH0+AxbvSwOHSK26vswxbHqitmfpzvpr_umcseBVAt1Jhc+ZSpVK2u1Jycd5vGXSkkeksUjEvw7B1ab_L72k9kUie93wo9MKEFb_z5dDVJuy1dmCJ1lkTEoczXTFwV8KDvdhxGgMFuczwD-9Dky82dyNcpoA5r1MQjP9ySfIjUZBsaePOvidufUoObTop+UEXpSPUk0S9Qz8Pt8bxT4nwwFJr18bwcZoeGyMLOYYBtZsWjTSuoCM-evTn1HNr6AjGt9PsQ2REKz14oSNoo4JB7gRopFVzhEnZYwMTBKe3jbvAufn_d4Ur6uhiE34czv+fdJVeUHP" "PayPassword" : "PayPassword" "Sessions" : "Sesi" "UseProxySecret" : "Segredo" "google_crash_reporting_api_key" : "AIzaSyC6uk1nvjb5BYzqEzgaWy_iTryf5373Nyw" "FindBackPassword" : "FindBackPassword" e283aac0-7c0f-4f2e-bcf7-90acc19903ed QrMgt8GGYI6T52ZY5AnhtxkLzb8egpFn3j5JELI8H6wtACbUnZ5cc3aYTsTRbmkAkRJeYbtx92LPBWm7nBO9UIl7y5i5MQNmUZNf5QENurR5tGyo7yJ2G0MBjWvy6iAtlAbacKP0SwOUeUWx5dsBdyhxa7Id1APtybSdDgicBDuNjI0mlZFUzZSS9dmN8lBD0WTVOMz0pRZbR3cysomRXOO1ghqjJdTcyDIxzpNAEszN8RMGjrzyU7Hjbmwi6YNK C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5B 9A04F079-9840-4286-AB92-E65BE0885F95 fb9f0bb7fdd0760c354cc3d80cecb1d9 A2B55680-6F43-11E0-9A3F-0002A5D5C51B aa717156fa6e34325d3d4a7004a6647a f180c508-f49a-40bd-b8ac-50577ce9aff6 pE5eNoBQIFVcd9IEuyIhvopfgS1RSj5C ABVGDE2JZIQKLMNOPRSTUFHC34WXY9678 c06c8400-8e06-11e0-9cb6-0002a5d5c51b bb392ec0-8d4d-11e0-a896-0002a5d5c51b
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: cn/dreamtobe/kpswitch/handler/KPSwitchRootLayoutHandler.java, line(s) 35,46,50,56,60 cn/dreamtobe/kpswitch/util/KeyboardUtil.java, line(s) 44,186,193,233,164,202,219 cn/dreamtobe/kpswitch/util/StatusBarHeightUtil.java, line(s) 21 cn/dreamtobe/kpswitch/util/ViewUtil.java, line(s) 17 com/alivc/component/capture/VideoPusher.java, line(s) 157,305,309,328,333,338,396,411,422,427,450,456,466,582,614,634,639,666,727,757,761,763,770,964,998,1051,368,387,391,648,814,877,924,982,1015,658 com/alivc/component/capture/VideoPusherJNI.java, line(s) 30,41,49,64,72,87,95,105,117,129,140,148,157,166,175,184,186,193,202,211,219,228,236,245,58,81,111,123 com/alivc/rtc/AliRtcEngine.java, line(s) 271,284,301,308 com/alivc/rtc/AliRtcEngineImpl.java, line(s) 1509,1579,1906,1944,2107,3085,304,329,613,874,899,1183,1323,1339,1356,1369,1404,1417,1437,1491,1497,1499,1503,1511,1526,1530,1534,1538,1556,1560,1581,1585,1596,1600,1608,1632,1645,1649,1707,1711,1715,1720,1745,1763,1770,1773,1777,1791,1795,1800,1804,1829,1834,1836,1841,1846,1848,1852,1854,1859,1861,1866,1873,1883,1894,1913,1955,2089,2127,2141,2155,2169,2530,2535,2580,2585,2590,2597,2612,2631,2637,2639,2782,2795,2801,72,74,81,83,96,98,104,106,111,116,144,146,156,159,180,182,199,201,213,215,238,240,262,264,274,276,284,312,314,327,347,351,353,361,363,370,372,378,380,386,393,399,420,422,428,454,456,462,467,474,476,478,480,482,484,490,492,494,500,503,505,507,509,511,513,559,561,611,625,627,633,635,641,643,649,651,657,659,678,714,716,726,729,750,752,769,771,783,785,808,810,832,834,844,846,854,882,884,897,917,921,923,931,933,940,942,948,950,956,963,969,990,992,998,1024,1026,1032,1037,1044,1046,1048,1050,1052,1054,1060,1062,1064,1070,1073,1075,1077,1079,1081,1083,1129,1131,1181,1195,1197,1203,1205,1211,1213,1219,1221,1227,1229,1265,1267,1292,1299,1345,1349,1354,1357,1362,1367,1373,1378,1380,1385,1391,1397,1402,1420,1424,1426,1479,1492,1519,1524,1542,1547,1550,1573,1594,1618,1624,1629,1638,1643,1654,1661,1665,1670,1674,1682,1687,1691,1700,1705,1756,1761,1784,1789,1817,1822,1826,1871,1877,1888,1902,1949,1966,1977,1982,2009,2018,2025,2027,2033,2038,2040,2046,2059,2065,2067,2074,2076,2080,2082,2087,2100,2105,2112,2114,2119,2121,2133,2135,2147,2149,2159,2161,2175,2180,2188,2197,2204,2206,2211,2215,2224,2226,2235,2237,2248,2255,2265,2280,2289,2294,2299,2301,2316,2347,2363,2394,2410,2424,2426,2433,2435,2441,2443,2454,2461,2469,2517,2605,2616,2642,2703,2705,2710,2732,2737,2743,2748,2754,2759,2765,2770,2776,2806,2814,2816,2824,2826,2834,2836,2844,2846,2854,2856,2864,2866,2874,2876,2884,2886,2894,2899,2907,2909,2917,2922,2930,2932,2940,2945,2953,2955,2963,2968,2976,2978,2986,2988,2996,2998,3006,3008,3016,3018,3026,3028,3038,3049,3053,3062,3066,3081,3133,3138,3146,3148,1418 com/alivc/rtc/device/DeviceInfo.java, line(s) 30,57,61 com/alivc/rtc/device/UTUtdid.java, line(s) 132,134,139,141,152,154,159,161,207,212,238,241,246,249 com/bjz/comm/net/factory/ApiFactory.java, line(s) 61,68 com/bjz/comm/net/factory/ApiGameFactory.java, line(s) 59,66 com/bjz/comm/net/mvp/presenter/FcCommonPresenter.java, line(s) 112 com/bjz/comm/net/premission/PermissionActivity.java, line(s) 55,333,345,359 com/bjz/comm/net/premission/PermissionManager.java, line(s) 33 com/bjz/comm/net/receiver/NetworkConnectChangedReceiver.java, line(s) 23,29,39 com/bjz/comm/net/utils/MD5Utils.java, line(s) 21,88,92,93 com/bjz/comm/net/utils/RxHelper.java, line(s) 97,102,124,128,139,185 com/bjz/comm/net/utils/TokenLoader.java, line(s) 49,81,85 com/contrarywind/view/WheelView.java, line(s) 337 com/coremedia/iso/boxes/sampleentry/AudioSampleEntry.java, line(s) 192 com/litesuits/orm/LiteOrm.java, line(s) 81,83,87,117,327 com/litesuits/orm/db/TableManager.java, line(s) 91,132,123,171,249,90,95,96,101,102,119,121,131,138,139,159,160,180,181,182,187,188 com/litesuits/orm/db/assit/Querier.java, line(s) 12,18,21,11,17,20 com/litesuits/orm/db/assit/SQLStatement.java, line(s) 250,280,519,170,285,101,102,126,127,169,183,184,187,188,233,234,249,275,276,279,284,323,359,375,380,422,423,496,506,518,324,360,497,507 com/litesuits/orm/db/assit/Transaction.java, line(s) 15,21,22 com/litesuits/orm/db/utils/DataUtil.java, line(s) 109,110 com/litesuits/orm/log/OrmLog.java, line(s) 41,74,124,157,62,95,145,178,20,27,48,81,131,164,34,67,117,150,55,88,138,171 com/preview/PreviewDialogFragment.java, line(s) 163 com/serenegiant/usb/DeviceFilter.java, line(s) 73,75 com/serenegiant/usb/USBMonitor.java, line(s) 241,248,827,846,424,428,431,843,281,466 com/serenegiant/usb/UVCCamera.java, line(s) 1049,1055,1060,1066,483,1083 com/socks/library/Util.java, line(s) 13,15 com/socks/library/klog/BaseLog.java, line(s) 28,37,31,25,34,40 com/socks/library/klog/FileLog.java, line(s) 18,21 com/socks/library/klog/JsonLog.java, line(s) 29 com/socks/library/klog/XmlLog.java, line(s) 21 com/tablayout/SlidingScaleTabLayout.java, line(s) 676 com/tablayout/transformer/TabScaleTransformer.java, line(s) 28 com/zhy/http/okhttp/cookie/store/PersistentCookieStore.java, line(s) 143,156,159 com/zhy/http/okhttp/log/LoggerInterceptor.java, line(s) 42,45,46,47,49,52,55,58,60,71,72,73,75,79,81,83,86 com/zhy/http/okhttp/utils/L.java, line(s) 10 ezy/assist/compat/RomUtil.java, line(s) 149 ezy/assist/compat/SettingsCompat.java, line(s) 94,114,125 im/amzwbdfmrh/keepalive/ChannelService.java, line(s) 57 im/amzwbdfmrh/keepalive/CheckTopTask.java, line(s) 23,48 im/amzwbdfmrh/keepalive/DaemonService.java, line(s) 139,66,96,110,120,142 im/amzwbdfmrh/keepalive/MonitorReceiver.java, line(s) 11,16 im/amzwbdfmrh/keepalive/OnePxActivity.java, line(s) 34,61,85 im/amzwbdfmrh/keepalive/ScheduleService.java, line(s) 11,20 im/amzwbdfmrh/keepalive/ScreenReceiver.java, line(s) 37 im/amzwbdfmrh/messenger/AndroidUtilities.java, line(s) 760,1463,1473,169,226,353,445,459,721,752,797,810,830,839,848,857,954,957,1075,1090,1105,1150,1168,1172,1239,1260,1358,1373,1428,1450,1510,1573,1614,1626,1667,1828 im/amzwbdfmrh/messenger/AnimatedFileDrawableStream.java, line(s) 56 im/amzwbdfmrh/messenger/AppChooserTargetService.java, line(s) 54,96,178 im/amzwbdfmrh/messenger/ApplicationLoader.java, line(s) 77,126,155,171,182,196,206,243,246,257,260,293,70,129,280,308,322,342,359,407 im/amzwbdfmrh/messenger/ContactsController.java, line(s) 445,462,478,730,783,897,907,931,1082,1087,1118,1195,1212,1774,1931,586,612,853,1419,1428,1665,1674,1680,1698,2010,2496 im/amzwbdfmrh/messenger/ContactsSyncAdapterService.java, line(s) 49,30 im/amzwbdfmrh/messenger/DispatchQueue.java, line(s) 26,35,47,61,85 im/amzwbdfmrh/messenger/DownloadController.java, line(s) 998 im/amzwbdfmrh/messenger/Emoji.java, line(s) 193,105,118,129,357,403,423,492,504,730,742 im/amzwbdfmrh/messenger/FileLoadOperation.java, line(s) 597,793,864,1121,1228,1260,425,438,455,710,716,723,729,736,742,749,755,763,823,825,834,842 im/amzwbdfmrh/messenger/FileLoader.java, line(s) 945,1402,1410,1418,1427 im/amzwbdfmrh/messenger/FileLog.java, line(s) 235,260,102,128,153,178,285,310 im/amzwbdfmrh/messenger/FileRefController.java, line(s) 125,638,976 im/amzwbdfmrh/messenger/FileStreamLoadOperation.java, line(s) 134 im/amzwbdfmrh/messenger/FileUploadOperation.java, line(s) 119,143,209,429,551,692 im/amzwbdfmrh/messenger/GcmPushListenerService.java, line(s) 21,34,80,135 im/amzwbdfmrh/messenger/ImageLoader.java, line(s) 1348,1418,1432,1444,1457,1470,1478,193,201,210,233,237,246,252,302,331,350,370,393,404,423,580,589,598,621,625,635,647,821,839,1187,1193,1408,1414,1436,1448,1461,1474,1482,1527,1532,1540,1548,2068,2080,2107,2272,2278,2388 im/amzwbdfmrh/messenger/ImageReceiver.java, line(s) 513,602,649,681 im/amzwbdfmrh/messenger/KeepAliveJob.java, line(s) 28,44,50,72,84 im/amzwbdfmrh/messenger/LocaleController.java, line(s) 994,2132,2241,2278,461,467,748,887,934,942,948,954,1072,1101,1156,1557,1633,1658,1680,1702,1736,1784,1824,1919,1936,1960,2209,3325 im/amzwbdfmrh/messenger/LocationController.java, line(s) 554,637,701 im/amzwbdfmrh/messenger/MediaController.java, line(s) 693,1173,1211,1254,1259,1279,1298,1310,1320,579,587,647,652,657,662,679,703,712,818,829,895,909,943,954,1529,1559,1674,1801,1816,2126,2132,2217,2320,2452,2474,2590,2599,2703,2783,2847,2875,2883,2906,2912,2920,2943,2949,2957,2975,3008,3015,3035,3041,3045,3050,3057,3198,3343 im/amzwbdfmrh/messenger/MediaDataController.java, line(s) 270,409,465,528,672,728,935,1004,1042,1056,1267,1350,1591,1730,1917,1937,2047,2450,2709,2747,2829,2897,2931,2952,2983,3068,3187,3272,3303,3484,3556,3573,3648,3778,3854,3876,4002,4034,4112,4114,4348,4596,4681,4822,4864,4903,4942,4978,5048 im/amzwbdfmrh/messenger/MessageObject.java, line(s) 256,863,2449,2494,2589,2595 im/amzwbdfmrh/messenger/MessagesController.java, line(s) 2433,2438,2484,2495,2520,2527,2544,2556,3919,3928,5577,5886,5893,5899,5950,5983,6021,8122,8137,8187,8298,8307,8320,8382,8391,8403,8795,8814,9029,10259,1380,3343,3454,3482,3512,5292,5590,6002,6372,6798,7373,7398,8440,8569,9093,9216,9292,9777,10651,10746,11060,11154,11157 im/amzwbdfmrh/messenger/MessagesStorage.java, line(s) 3779,246,282,837,899,935,1041,1078,1121,1194,1288,1347,1359,1443,1482,1538,1578,1612,1614,1660,1718,1747,1845,1921,1966,2000,2082,2219,2295,2364,2424,2468,2470,2552,2632,2672,2702,2869,2924,2955,2978,3005,3034,3095,3182,3251,3390,3444,3521,3580,3644,3659,3706,3749,3790,3841,3903,3924,3960,4001,4067,4096,4168,4227,4273,4313,4419,4475,4496,4532,4653,4756,4797,4877,4911,4949,4971,4998,5015,5077,5088,5104,5113,5167,5207,5272,5375,5408,5527,5567,5596,5670,5709,5749,5807,5820,5897,5959,6031,6060,6092,6207,6260,6325,6365,6405,6638,6692,6769,6825,6868,6889,6910,6932,6952,6963,6978,6993,7021,7044,7078,7113,7147,7181,7218,7252 im/amzwbdfmrh/messenger/MusicBrowserService.java, line(s) 210,302,339,388,517 im/amzwbdfmrh/messenger/MusicPlayerService.java, line(s) 190,392 im/amzwbdfmrh/messenger/NativeLoader.java, line(s) 47,77,83,89,95,100,107 im/amzwbdfmrh/messenger/NotificationBadge.java, line(s) 183,464 im/amzwbdfmrh/messenger/NotificationCenter.java, line(s) 960 im/amzwbdfmrh/messenger/NotificationImageProvider.java, line(s) 107 im/amzwbdfmrh/messenger/NotificationsController.java, line(s) 205,341,2125,180,185,193,216,253,287,308,1357,1371,1972,2049,2062,2077,2104,2108,2117,2131,2189,2221,2329,2363,2367,2376 im/amzwbdfmrh/messenger/ScreenReceiver.java, line(s) 14,23 im/amzwbdfmrh/messenger/SecretChatHelper.java, line(s) 562,1091,634,660,730,1028,1237,1388,1665,1674,1756,1775,1811,1827 im/amzwbdfmrh/messenger/SendMessagesHelper.java, line(s) 127,183,188,197,896,913,1368,2000,3513,3519,3933,3982,4009,4292,4295,4310,4318 im/amzwbdfmrh/messenger/SharedConfig.java, line(s) 734,153,285,306,320,385,707 im/amzwbdfmrh/messenger/SmsReceiver.java, line(s) 43 im/amzwbdfmrh/messenger/UserConfig.java, line(s) 193 im/amzwbdfmrh/messenger/Utilities.java, line(s) 71,231,247,276,289,300,312,331,348,380 im/amzwbdfmrh/messenger/VideoEncodingService.java, line(s) 36,86,53 im/amzwbdfmrh/messenger/WearDataLayerListenerService.java, line(s) 37,44,59,198,205,52,192,209,299 im/amzwbdfmrh/messenger/XiaomiUtilities.java, line(s) 45 im/amzwbdfmrh/messenger/browser/Browser.java, line(s) 84,99 im/amzwbdfmrh/messenger/camera/CameraController.java, line(s) 161,188,508,525,544,302,318,323,374,396,422,434,466,498,551,580,629,657,660,677,683,704,727,741,793,798,804,809,817,840 im/amzwbdfmrh/messenger/camera/CameraSession.java, line(s) 211,215,172,253,268,344,357,373,378,465 im/amzwbdfmrh/messenger/secretmedia/ExtendedDefaultDataSource.java, line(s) 195 im/amzwbdfmrh/messenger/support/JobIntentService$CompatWorkEnqueuer.java, line(s) 60 im/amzwbdfmrh/messenger/support/customtabs/CustomTabsSessionToken.java, line(s) 19,28,37,46 im/amzwbdfmrh/messenger/support/customtabsclient/shared/CustomTabsHelper.java, line(s) 89 im/amzwbdfmrh/messenger/support/fingerprint/FingerprintManagerCompatApi23.java, line(s) 21,30,39 im/amzwbdfmrh/messenger/utils/PlayerUtils.java, line(s) 465,386,445,521,580,635,698,765,1185,1446,1516,1914,1926,1939,1953,1967,1981,1995 im/amzwbdfmrh/messenger/utils/SelectorUtils.java, line(s) 91 im/amzwbdfmrh/messenger/voip/AppConnectionService.java, line(s) 31,68,48,58,16,24 im/amzwbdfmrh/messenger/voip/AudioRecordJNI.java, line(s) 248,66,79,95,114,137,180,203,239,109,211,63,76,92 im/amzwbdfmrh/messenger/voip/AudioTrackJNI.java, line(s) 38,65,111,121,119,32 im/amzwbdfmrh/messenger/voip/JNIUtilities.java, line(s) 80 im/amzwbdfmrh/messenger/voip/VoIPBaseService.java, line(s) 591,684,741,843,885,892,898,1064,1262,1423,1435,1463,1475,1482,173,181,272,525,563,639,732,824,853,999,1015,1173,1340,1351 im/amzwbdfmrh/messenger/voip/VoIPServerConfig.java, line(s) 19 im/amzwbdfmrh/messenger/voip/VoIPService.java, line(s) 358,441,447,454,692,711,740,747,775,791,957,1068,1087,1243,91,278,335,356,389,411,460,511,567,577,684,716,875,1025,1081,1128,105,382,407,557,731,819,826,836,862,890 im/amzwbdfmrh/phoneformat/PhoneFormat.java, line(s) 101,107,128,137,200,239 im/amzwbdfmrh/sqlite/SQLiteCursor.java, line(s) 98,103 im/amzwbdfmrh/sqlite/SQLiteDatabase.java, line(s) 60,77 im/amzwbdfmrh/sqlite/SQLitePreparedStatement.java, line(s) 107,108 im/amzwbdfmrh/tgnet/ConnectionsManager.java, line(s) 229,347,492,500,516,531,543,593,626,634,642,797,804,807,1001,1038,340,358,360,546,610,680,692,716,813,841,894,899,920,934,947,981,1018 im/amzwbdfmrh/tgnet/FCTokenRequestCallback.java, line(s) 44,64,65,117,123,129,137,141 im/amzwbdfmrh/tgnet/NativeByteBuffer.java, line(s) 35,128,143,172,187,207,218,254,290,301,338,390,410,424,440,453,486,513,543,559 im/amzwbdfmrh/tgnet/NetworkConfig.java, line(s) 124,129,147,157,273,87,110 im/amzwbdfmrh/tgnet/SerializedData.java, line(s) 62,70,78,86,117,140,172,187,202,217,253,264,300,311,346,373,388,424,455,471,490,511 im/amzwbdfmrh/tgnet/TLClassStore.java, line(s) 54 im/amzwbdfmrh/tgnet/TLJsonResolve.java, line(s) 85,113 im/amzwbdfmrh/translate/MD5.java, line(s) 34 im/amzwbdfmrh/ui/ArticleViewer.java, line(s) 3721,4336,4413,4600,4774,4823,4844,4983,4993,5020,5033,7131,7141,7252,7273,7299,9663,10092,10494,10685,10756,10762,10789,10842 im/amzwbdfmrh/ui/AudioSelectActivity.java, line(s) 274 im/amzwbdfmrh/ui/CacheControlActivity.java, line(s) 226,400,422 im/amzwbdfmrh/ui/CancelAccountDeletionActivity.java, line(s) 132,255,387,938,1050 im/amzwbdfmrh/ui/ChangeBioActivity.java, line(s) 232,243 im/amzwbdfmrh/ui/ChangePersonalInformationActivity.java, line(s) 505,490,520 im/amzwbdfmrh/ui/ChangePhoneActivity.java, line(s) 128,276,668,678,844,1452,1564 im/amzwbdfmrh/ui/ChangePhoneNumberActivity.java, line(s) 182,192 im/amzwbdfmrh/ui/ChangeSignActivity.java, line(s) 159,170 im/amzwbdfmrh/ui/ChangeUsernameActivity.java, line(s) 87,105,488,503 im/amzwbdfmrh/ui/ChannelAdminLogActivity.java, line(s) 950,1400,2433,2442,2451,2460,2469,2478,2487,2496 im/amzwbdfmrh/ui/ChannelCreateActivity.java, line(s) 744,879,1000,1012 im/amzwbdfmrh/ui/ChatActivity.java, line(s) 9849,9885,828,854,883,903,1193,3578,3720,5036,5244,6867,7193,7313,8184,8550,9962,10734,10773,11227,11575,11748,11753,12719,12770,12785,14330,14391,14605,14614,14623,14632,14641,14650,14659,14668 im/amzwbdfmrh/ui/ChatEditActivity.java, line(s) 401 im/amzwbdfmrh/ui/ChatEditTypeActivity.java, line(s) 429,443,475 im/amzwbdfmrh/ui/ChatRightsEditActivity.java, line(s) 606,633 im/amzwbdfmrh/ui/ChatUsersActivity.java, line(s) 2162 im/amzwbdfmrh/ui/ContactAddActivity.java, line(s) 177 im/amzwbdfmrh/ui/ContactsActivity.java, line(s) 509,615,697 im/amzwbdfmrh/ui/ContentPreviewViewer.java, line(s) 773,820,855,876,888,983 im/amzwbdfmrh/ui/CountrySelectActivity.java, line(s) 399,410 im/amzwbdfmrh/ui/DialogsActivity.java, line(s) 1823,2694 im/amzwbdfmrh/ui/DocumentSelectActivity.java, line(s) 145,165,498,685 im/amzwbdfmrh/ui/ExternalActionActivity.java, line(s) 585,589,67,383,431 im/amzwbdfmrh/ui/GroupCreateFinalActivity.java, line(s) 146 im/amzwbdfmrh/ui/GroupInviteActivity.java, line(s) 137,152 im/amzwbdfmrh/ui/GroupStickersActivity.java, line(s) 711 im/amzwbdfmrh/ui/IdenticonActivity.java, line(s) 66 im/amzwbdfmrh/ui/IndexActivity.java, line(s) 343,348,723,751,339,754 im/amzwbdfmrh/ui/InviteContactsActivity.java, line(s) 563,607,777,803 im/amzwbdfmrh/ui/LanguageSelectActivity.java, line(s) 261,272 im/amzwbdfmrh/ui/LaunchActivity.java, line(s) 554,603,610,640,682,728,2180,2394,2452,2746,2976,3010,3106,3110,260,519,570,1071,1219,1227,1278,1405,1501,1519,1536,1557,1585,1640,1677,1784,1810,1820,2035,2173,2275,2283,2556,2565,2839,3040,3230,3298 im/amzwbdfmrh/ui/LaunchAgDialogActivity.java, line(s) 38 im/amzwbdfmrh/ui/LocationActivity.java, line(s) 212,266,785,964,1075,1125,1170,1182,1384,1466,1522,1538,1547 im/amzwbdfmrh/ui/LoginActivity.java, line(s) 363,419,716,1122,1132,1330,2014,2130,3957 im/amzwbdfmrh/ui/Media1Activity.java, line(s) 2186 im/amzwbdfmrh/ui/MediaActivity.java, line(s) 2222 im/amzwbdfmrh/ui/NewContactActivity.java, line(s) 456,470,581 im/amzwbdfmrh/ui/NotificationsCustomSettingsActivity.java, line(s) 346 im/amzwbdfmrh/ui/NotificationsSettingsActivity.java, line(s) 354 im/amzwbdfmrh/ui/PasscodeActivity.java, line(s) 489,597 im/amzwbdfmrh/ui/PassportActivity.java, line(s) 1053,2784,3260,3547,3653,4582,6770,6832,7010,7081,7240,7962,8074 im/amzwbdfmrh/ui/PeopleNearbyActivity.java, line(s) 429,356,559 im/amzwbdfmrh/ui/PhoneBookSelectActivity.java, line(s) 215 im/amzwbdfmrh/ui/PhonebookShareActivity.java, line(s) 513,569,617 im/amzwbdfmrh/ui/PhotoCropActivity.java, line(s) 346,409,333,338,352 im/amzwbdfmrh/ui/PhotoViewer.java, line(s) 1361,4848,9491,9498,9506,9512,445,643,1914,2527,2539,2846,3061,3701,3759,3788,3846,3874,4277,4284,4504,4526,4616,4675,4688,4934,4941,6573,7325,7789,7826,7906,8136,8228,9518 im/amzwbdfmrh/ui/PopupNotificationActivity.java, line(s) 503,1265 im/amzwbdfmrh/ui/PrivacyControlActivity.java, line(s) 114,681 im/amzwbdfmrh/ui/PrivacySettingsActivity.java, line(s) 434,512 im/amzwbdfmrh/ui/ProfileActivity.java, line(s) 348,823,841,1637,1651,1663,1691,2785 im/amzwbdfmrh/ui/ProfileNotificationsActivity.java, line(s) 502,527 im/amzwbdfmrh/ui/SecretMediaViewer.java, line(s) 478,484,518,567,841,961,1166 im/amzwbdfmrh/ui/SessionsActivity.java, line(s) 308,329 im/amzwbdfmrh/ui/SettingsActivity.java, line(s) 2259 im/amzwbdfmrh/ui/ShareActivity.java, line(s) 72,93 im/amzwbdfmrh/ui/StickersActivity.java, line(s) 387,398,484 im/amzwbdfmrh/ui/TestActivity.java, line(s) 32 im/amzwbdfmrh/ui/ThemeActivity.java, line(s) 950,962,1038,1043,1079,1405,1411,1417,1443 im/amzwbdfmrh/ui/ThemeSetUrlActivity.java, line(s) 102,120,417,432,620,631 im/amzwbdfmrh/ui/TwoStepVerificationActivity.java, line(s) 163,925 im/amzwbdfmrh/ui/TwoStepVerificationActivity2.java, line(s) 174,643,926,1321,1324 im/amzwbdfmrh/ui/TwoStepVerificationActivityNew.java, line(s) 312,322,347,371,382,422,433,483,494,542,571,585 im/amzwbdfmrh/ui/VoIPActivity.java, line(s) 224 im/amzwbdfmrh/ui/WallpaperActivity.java, line(s) 445,454,475,499,518,535 im/amzwbdfmrh/ui/WebviewActivity.java, line(s) 86,183,287,298,475,492 im/amzwbdfmrh/ui/actionbar/ActionBarLayout.java, line(s) 181,1470,1661,2268 im/amzwbdfmrh/ui/actionbar/ActionBarPopupWindow.java, line(s) 101,320,382 im/amzwbdfmrh/ui/actionbar/AlertDialog.java, line(s) 899 im/amzwbdfmrh/ui/actionbar/BaseFragment.java, line(s) 134,146,174,189,289,324,415,434,488,502 im/amzwbdfmrh/ui/actionbar/BottomSheet.java, line(s) 615,1040,1103,1120 im/amzwbdfmrh/ui/actionbar/DrawerLayoutContainer.java, line(s) 318 im/amzwbdfmrh/ui/actionbar/Theme.java, line(s) 2989,3031,1160,1216,1224,2119,2183,2744,2751,2803,3290,3311,3324,3446,3458,4640,4647,4656,4663 im/amzwbdfmrh/ui/actionbar/ThemeDescription.java, line(s) 709 im/amzwbdfmrh/ui/actionbar/XAlertDialog.java, line(s) 939,992 im/amzwbdfmrh/ui/adapters/BaseLocationAdapter.java, line(s) 61,83 im/amzwbdfmrh/ui/adapters/ContactsAdapter.java, line(s) 97 im/amzwbdfmrh/ui/adapters/DialogsAdapter.java, line(s) 231 im/amzwbdfmrh/ui/adapters/DialogsSearchAdapter.java, line(s) 355,399,419 im/amzwbdfmrh/ui/adapters/PhonebookSearchAdapter.java, line(s) 37,53 im/amzwbdfmrh/ui/adapters/SearchAdapter.java, line(s) 86,106 im/amzwbdfmrh/ui/adapters/SearchAdapterHelper.java, line(s) 362,486,488,509,572 im/amzwbdfmrh/ui/bottom/BottomBarLayout.java, line(s) 166 im/amzwbdfmrh/ui/cell/FmtDialogCell.java, line(s) 362 im/amzwbdfmrh/ui/cells/AboutLinkCell.java, line(s) 120,130,147,195 im/amzwbdfmrh/ui/cells/ArchiveHintCell.java, line(s) 49,53 im/amzwbdfmrh/ui/cells/AudioPlayerCell.java, line(s) 67,75 im/amzwbdfmrh/ui/cells/BotHelpCell.java, line(s) 100,133,143,160 im/amzwbdfmrh/ui/cells/ChatActionCell.java, line(s) 331,336 im/amzwbdfmrh/ui/cells/ChatMessageCell.java, line(s) 2357,2456,2491,3289,3950,3960,5591,2917 im/amzwbdfmrh/ui/cells/DialogCell.java, line(s) 357 im/amzwbdfmrh/ui/cells/DialogMeUrlCell.java, line(s) 119 im/amzwbdfmrh/ui/cells/DrawerActionCell.java, line(s) 53 im/amzwbdfmrh/ui/cells/DrawerProfileCell.java, line(s) 109,155 im/amzwbdfmrh/ui/cells/PopMenuCell.java, line(s) 47 im/amzwbdfmrh/ui/cells/SharedAudioCell.java, line(s) 75,80 im/amzwbdfmrh/ui/cells/SharedLinkCell.java, line(s) 230,242 im/amzwbdfmrh/ui/cells/ThemesHorizontalListCell.java, line(s) 624,633,639,728 im/amzwbdfmrh/ui/components/AlertsCreator.java, line(s) 1025,1077,1092 im/amzwbdfmrh/ui/components/AnimatedFileDrawable.java, line(s) 194,225 im/amzwbdfmrh/ui/components/AudioPlayerAlert.java, line(s) 857,1301,1316 im/amzwbdfmrh/ui/components/AvatarDrawable.java, line(s) 220 im/amzwbdfmrh/ui/components/BlockingUpdateView.java, line(s) 254,276,280 im/amzwbdfmrh/ui/components/ChatActivityEnterView.java, line(s) 1605,1643,2604,3707,3753,3935,4082,4097,4111,4125,4148,4158,4212,4699 im/amzwbdfmrh/ui/components/ChatAttachAlert.java, line(s) 1882 im/amzwbdfmrh/ui/components/ChatAvatarContainer.java, line(s) 280 im/amzwbdfmrh/ui/components/ClippingImageView.java, line(s) 75,151 im/amzwbdfmrh/ui/components/EditTextBoldCursor.java, line(s) 179,315,572,580 im/amzwbdfmrh/ui/components/EditTextCaption.java, line(s) 323,345,405 im/amzwbdfmrh/ui/components/EditTextEmoji.java, line(s) 88,489 im/amzwbdfmrh/ui/components/EmbedBottomSheet.java, line(s) 199,303,318,344,372,418,496,503,685,694,713,823,842,920 im/amzwbdfmrh/ui/components/EmojiView.java, line(s) 590,1460,3442 im/amzwbdfmrh/ui/components/EmojiViewV2.java, line(s) 590,1459,3426 im/amzwbdfmrh/ui/components/ForegroundDetector.java, line(s) 59,92,67,100 im/amzwbdfmrh/ui/components/ImageUpdater.java, line(s) 269,297,320,342 im/amzwbdfmrh/ui/components/InstantCameraView.java, line(s) 488,496,502,872,891,913,1047,1292,1315,1562,1611,1618,1622,1631,1643,1683,1763,2009,448,931,946,977,989,1055,1063,1073,1086,1097,1134,1156,1162,1168,1177,1229,1385,1390,1398,1659,1716,1728,1845,1854,1864,1872,1946,2082 im/amzwbdfmrh/ui/components/LetterDrawable.java, line(s) 61 im/amzwbdfmrh/ui/components/PasscodeView.java, line(s) 139,254,926,935,949,1000,1028,1047 im/amzwbdfmrh/ui/components/PhotoFilterView$EGLThread.java, line(s) 172,189,204,212,222,235,500,506,515,714 im/amzwbdfmrh/ui/components/PhotoPaintView.java, line(s) 408,1162,1169,1196 im/amzwbdfmrh/ui/components/PhotoViewerCaptionEnterView.java, line(s) 108,307,341,407,505,535,549,573,654,667 im/amzwbdfmrh/ui/components/PipRoundVideoView.java, line(s) 255 im/amzwbdfmrh/ui/components/PipVideoView.java, line(s) 386 im/amzwbdfmrh/ui/components/RLottieDrawable.java, line(s) 205,345,421 im/amzwbdfmrh/ui/components/RadioButton.java, line(s) 60,159 im/amzwbdfmrh/ui/components/RecyclerListView$2.java, line(s) 26 im/amzwbdfmrh/ui/components/RecyclerListView$RecyclerListViewItemClickListener.java, line(s) 169 im/amzwbdfmrh/ui/components/RecyclerListView.java, line(s) 368,1018,1026 im/amzwbdfmrh/ui/components/ShareAlert.java, line(s) 894 im/amzwbdfmrh/ui/components/SpannableStringLight.java, line(s) 24,41,58 im/amzwbdfmrh/ui/components/StaticLayoutEx.java, line(s) 58,122,155,161,172,177,182,216,249,257 im/amzwbdfmrh/ui/components/StickersAlert.java, line(s) 110,728,763,812 im/amzwbdfmrh/ui/components/TermsOfServiceView.java, line(s) 136 im/amzwbdfmrh/ui/components/ThemeEditorView.java, line(s) 99,107,1103,1438,1526 im/amzwbdfmrh/ui/components/TimerDrawable.java, line(s) 78 im/amzwbdfmrh/ui/components/VideoTimelinePlayView.java, line(s) 299,356,384 im/amzwbdfmrh/ui/components/VideoTimelineView.java, line(s) 219,276,304 im/amzwbdfmrh/ui/components/WallpaperUpdater.java, line(s) 81,97,120,146,177,180,192,208 im/amzwbdfmrh/ui/components/WebPlayerView.java, line(s) 431,357,411,487,546,601,664,731,1136,1372,1418,1774,1786,1799,1813,1827,1841,1855 im/amzwbdfmrh/ui/components/compress/Luban.java, line(s) 86,85 im/amzwbdfmrh/ui/components/paint/RenderView.java, line(s) 307,315,325,338,349,359,378,498 im/amzwbdfmrh/ui/components/paint/Shader.java, line(s) 20,28,82,92 im/amzwbdfmrh/ui/components/paint/Slice.java, line(s) 22,53 im/amzwbdfmrh/ui/components/paint/Utils.java, line(s) 12 im/amzwbdfmrh/ui/components/toast/ToastUtils.java, line(s) 77 im/amzwbdfmrh/ui/components/voip/CallSwipeView.java, line(s) 94 im/amzwbdfmrh/ui/components/voip/DarkTheme.java, line(s) 2381 im/amzwbdfmrh/ui/components/voip/VoIPHelper.java, line(s) 154,569 im/amzwbdfmrh/ui/dialogs/McShareDialog.java, line(s) 198 im/amzwbdfmrh/ui/dialogs/TwoPasswordCheckDialog.java, line(s) 328,342,383 im/amzwbdfmrh/ui/fragments/BaseFmts.java, line(s) 213,268,282,304 im/amzwbdfmrh/ui/fragments/CallRecordsFragment.java, line(s) 593,195 im/amzwbdfmrh/ui/fragments/ContactsFragment.java, line(s) 601 im/amzwbdfmrh/ui/fragments/DialogsFragment.java, line(s) 490,505,1678 im/amzwbdfmrh/ui/fragments/DiscoveryFragment.java, line(s) 146,294 im/amzwbdfmrh/ui/fragments/MeFragmentV2.java, line(s) 486,970,1028,1043 im/amzwbdfmrh/ui/fragments/TabWebFragment.java, line(s) 187,292,329,352,516 im/amzwbdfmrh/ui/fragments/adapter/FmtContactsAdapter.java, line(s) 143 im/amzwbdfmrh/ui/hui/CameraViewActivity.java, line(s) 1724 im/amzwbdfmrh/ui/hui/CharacterParser.java, line(s) 28 im/amzwbdfmrh/ui/hui/WebViewAppCompatActivity.java, line(s) 101,212 im/amzwbdfmrh/ui/hui/adapter/AddNewCallAdapter.java, line(s) 79 im/amzwbdfmrh/ui/hui/adapter/CreateGroupAdapter.java, line(s) 96 im/amzwbdfmrh/ui/hui/adapter/CreateSecureAdapter.java, line(s) 82 im/amzwbdfmrh/ui/hui/adapter/MyDialogsAdapter.java, line(s) 242 im/amzwbdfmrh/ui/hui/adapter/NewChatAdapter.java, line(s) 87 im/amzwbdfmrh/ui/hui/adapter/SelectContactsAdapter.java, line(s) 86 im/amzwbdfmrh/ui/hui/adapter/StartChatAdapter.java, line(s) 87 im/amzwbdfmrh/ui/hui/adapter/grouping/AddGroupingUserAdapter.java, line(s) 85 im/amzwbdfmrh/ui/hui/adapter/pageAdapter/PageSelectionAdapter.java, line(s) 77 im/amzwbdfmrh/ui/hui/adapter/pageAdapter/PageStickerAdapter.java, line(s) 110 im/amzwbdfmrh/ui/hui/chats/CreateGroupFinalActivity.java, line(s) 153 im/amzwbdfmrh/ui/hui/chats/GroupShareActivity.java, line(s) 211 im/amzwbdfmrh/ui/hui/chats/MryDialogsActivity.java, line(s) 1712,2545 im/amzwbdfmrh/ui/hui/chats/NewChatActivity.java, line(s) 396 im/amzwbdfmrh/ui/hui/chats/ProfileGroupActivity.java, line(s) 362,836,854,1049,1599,1613,1625,1653,2776 im/amzwbdfmrh/ui/hui/chats/StartChatActivity.java, line(s) 341 im/amzwbdfmrh/ui/hui/contacts/AddContactsActivity.java, line(s) 190 im/amzwbdfmrh/ui/hui/contacts/PhonebookUsersActivity.java, line(s) 519 im/amzwbdfmrh/ui/hui/discovery/ActionIntroActivity.java, line(s) 380,426,461,506 im/amzwbdfmrh/ui/hui/discovery/NearPersonAndGroupActivity.java, line(s) 481,485,490,493,500,553,417,640 im/amzwbdfmrh/ui/hui/discovery/QrScanActivity.java, line(s) 316,342 im/amzwbdfmrh/ui/hui/discoveryweb/DiscoveryJumpPausedFloatingView.java, line(s) 254,526 im/amzwbdfmrh/ui/hui/discoveryweb/DiscoveryJumpToPage.java, line(s) 113,140,569,582,616,796 im/amzwbdfmrh/ui/hui/friendscircle/fcHelper/OKHttpStreamFetcher.java, line(s) 43,42 im/amzwbdfmrh/ui/hui/friendscircle/okhttphelper/AESHelper.java, line(s) 62,75 im/amzwbdfmrh/ui/hui/friendscircle/okhttphelper/MD5Utils.java, line(s) 21,88,92,93 im/amzwbdfmrh/ui/hui/friendscircle/okhttphelper/OkHttpStringCallBack.java, line(s) 69,61,70 im/amzwbdfmrh/ui/hui/friendscircle_v1/adapter/FcDetailAdapter.java, line(s) 187 im/amzwbdfmrh/ui/hui/friendscircle_v1/adapter/FcHomeAdapter.java, line(s) 179,687 im/amzwbdfmrh/ui/hui/friendscircle_v1/adapter/UserFcListAdapter.java, line(s) 165 im/amzwbdfmrh/ui/hui/friendscircle_v1/base/BaseFcActivity.java, line(s) 286,354,459,203,217,239,320,340,482 im/amzwbdfmrh/ui/hui/friendscircle_v1/base/BaseFcFragment.java, line(s) 378,446,551,251,265,287,412,432,574 im/amzwbdfmrh/ui/hui/friendscircle_v1/base/CommFcListActivity.java, line(s) 159 im/amzwbdfmrh/ui/hui/friendscircle_v1/base/CommFcListFragment.java, line(s) 165,169,180 im/amzwbdfmrh/ui/hui/friendscircle_v1/fragments/FcFollowFragment.java, line(s) 323,909 im/amzwbdfmrh/ui/hui/friendscircle_v1/fragments/FcHomeFragment.java, line(s) 238,790,842 im/amzwbdfmrh/ui/hui/friendscircle_v1/fragments/FcRecommendFragment.java, line(s) 233,764,816 im/amzwbdfmrh/ui/hui/friendscircle_v1/helper/FcDBHelper.java, line(s) 150,156,165,167 im/amzwbdfmrh/ui/hui/friendscircle_v1/player/logger/ExoPlayerLogger.java, line(s) 89,93,111,114,127,134,151,156,173,176,182,190,198,216,221,225,227,231,233,237,241,245,249,253,257,261,265,269,273,287,291,295,311,314,317,320,323,326,329,332,103,303 im/amzwbdfmrh/ui/hui/friendscircle_v1/player/player/AbsBaseVideoPlayer.java, line(s) 36,47,54,63,70,78,90 im/amzwbdfmrh/ui/hui/friendscircle_v1/player/player/VideoPlayerManager.java, line(s) 385 im/amzwbdfmrh/ui/hui/friendscircle_v1/player/utils/Utils.java, line(s) 111,115 im/amzwbdfmrh/ui/hui/friendscircle_v1/ui/FcPageDetailActivity.java, line(s) 148,192,324,343,847 im/amzwbdfmrh/ui/hui/friendscircle_v1/ui/FcPageMineActivity.java, line(s) 962,1011 im/amzwbdfmrh/ui/hui/friendscircle_v1/ui/FcPageOthersActivity.java, line(s) 1028 im/amzwbdfmrh/ui/hui/friendscircle_v1/ui/FcPublishActivity.java, line(s) 742,994,1436,890,1439,1449 im/amzwbdfmrh/ui/hui/friendscircle_v1/ui/FcTopicMainActivity.java, line(s) 835,884 im/amzwbdfmrh/ui/hui/friendscircle_v1/ui/ImagePreSelectorActivity.java, line(s) 1581 im/amzwbdfmrh/ui/hui/friendscircle_v1/ui/ImagePreviewActivity.java, line(s) 1328,8988,8995,9003,9009,546,744,1874,2507,2520,2813,3020,3726,3782,3811,3869,3897,4303,4310,4513,4535,4625,4681,4694,6275,6975,7348,7385,7643,7730,9015 im/amzwbdfmrh/ui/hui/friendscircle_v1/ui/ImageSelectorActivity.java, line(s) 2053 im/amzwbdfmrh/ui/hui/friendscircle_v1/utils/KeyboardUtils.java, line(s) 47,190,197,237,168,206,223 im/amzwbdfmrh/ui/hui/friendscircle_v1/utils/StatusBarHeightUtil.java, line(s) 21 im/amzwbdfmrh/ui/hui/friendscircle_v1/utils/ViewUtil.java, line(s) 17 im/amzwbdfmrh/ui/hui/friendscircle_v1/view/FCIndexBar.java, line(s) 117 im/amzwbdfmrh/ui/hui/friendscircle_v1/view/FcChildReplyListDialog.java, line(s) 204 im/amzwbdfmrh/ui/hui/friendscircle_v1/view/FcDoReplyDialog.java, line(s) 187,379 im/amzwbdfmrh/ui/hui/friendscircle_v1/view/flowLayout/TagAdapter.java, line(s) 84,88 im/amzwbdfmrh/ui/hui/friendscircle_v1/view/flowLayout/TagFlowLayout.java, line(s) 121 im/amzwbdfmrh/ui/hui/friendscircle_v1/view/panel/KPSwitchRootLayoutHandler.java, line(s) 35,46,50,56,60 im/amzwbdfmrh/ui/hui/friendscircle_v1/view/richtext/TextCommonUtils.java, line(s) 246,274,280 im/amzwbdfmrh/ui/hui/friendscircle_v1/view/toast/FcToastUtils.java, line(s) 82 im/amzwbdfmrh/ui/hui/login/ChangePersonalInformationActivity.java, line(s) 539,520,546,573,574,542 im/amzwbdfmrh/ui/hui/login/HloginActivity.java, line(s) 364,420,699,1140,1155,1398,2131,2247,4104 im/amzwbdfmrh/ui/hui/login/LoginContronllerActivity.java, line(s) 860,891,1255,463,1211,1228,1254 im/amzwbdfmrh/ui/hui/login/LoginPasswordContronllerActivity.java, line(s) 185,219,370 im/amzwbdfmrh/ui/hui/mine/AboutAppActivity.java, line(s) 208,293,344,359 im/amzwbdfmrh/ui/hui/mine/DataUsageActivity.java, line(s) 348 im/amzwbdfmrh/ui/hui/mine/MryLanguageSelectActivity.java, line(s) 263,274 im/amzwbdfmrh/ui/hui/mine/MrySessionsActivity.java, line(s) 719,744 im/amzwbdfmrh/ui/hui/mine/MryThemeActivity.java, line(s) 1009,1042,1054,1140,1145,1186,1522,1528,1534,1560 im/amzwbdfmrh/ui/hui/mine/PrivacyAndSafeActivity.java, line(s) 281 im/amzwbdfmrh/ui/hui/mine/QrCodeActivity.java, line(s) 355 im/amzwbdfmrh/ui/hui/packet/RedpktGroupSendActivity.java, line(s) 769,998,1165,1216,1231 im/amzwbdfmrh/ui/hui/packet/RedpktSendActivity.java, line(s) 454,659,840,891,906 im/amzwbdfmrh/ui/hui/packet/pop/RedPacketViewHolder.java, line(s) 229,234,239 im/amzwbdfmrh/ui/hui/transfer/TransferSendActivity.java, line(s) 445,692,890,941,956 im/amzwbdfmrh/ui/hui/transfer/TransferStatusActivity.java, line(s) 321,500 im/amzwbdfmrh/ui/hui/views/SilderRelativeLayout.java, line(s) 93,103 im/amzwbdfmrh/ui/hui/visualcall/AVideoCallInterface.java, line(s) 74,92,107,117,161,179,184,202 im/amzwbdfmrh/ui/hui/visualcall/BaseCallActivity.java, line(s) 229,263,359,421,423,157,218,331 im/amzwbdfmrh/ui/hui/visualcall/FlowService.java, line(s) 261,209 im/amzwbdfmrh/ui/hui/visualcall/PermissionUtils.java, line(s) 66,71,89,93,113,116,136,155,166,203,217,225,77,230,52,60,62,176,178,181,215,82,172 im/amzwbdfmrh/ui/hui/visualcall/RingUtils.java, line(s) 169,65 im/amzwbdfmrh/ui/hui/visualcall/ThreadUtils.java, line(s) 54 im/amzwbdfmrh/ui/hui/visualcall/VisualCallActivity.java, line(s) 312,316,380,411,468,713,817,908,930,957,962,1076,1102,1260,1292,1336,1338,1365,1400,1404,1430,1434,1443,1467,1471,1516,1747,655,1067,1490,793,797 im/amzwbdfmrh/ui/hui/visualcall/VisualCallReceiveActivity.java, line(s) 467,507,589,628,756,862,1002,1030,1079,1083,1181 im/amzwbdfmrh/ui/hui/visualcall/VisualCallReceiveService.java, line(s) 51 im/amzwbdfmrh/ui/hviews/MryCheckBox.java, line(s) 96 im/amzwbdfmrh/ui/hviews/MyScrollView.java, line(s) 480,546 im/amzwbdfmrh/ui/hviews/PasswordEditText.java, line(s) 138,291 im/amzwbdfmrh/ui/hviews/dialogs/XDialog.java, line(s) 672 im/amzwbdfmrh/ui/hviews/dragView/DragCallBack.java, line(s) 241 im/amzwbdfmrh/ui/hviews/dragView/DragHelperFrameLayout.java, line(s) 169 im/amzwbdfmrh/ui/hviews/helper/MryDeviceHelper.java, line(s) 44,53 im/amzwbdfmrh/ui/hviews/helper/MryDrawableHelper.java, line(s) 158 im/amzwbdfmrh/ui/hviews/helper/MryNotchHelper.java, line(s) 48,64,67,368,370,372,45,61 im/amzwbdfmrh/ui/hviews/page/PagerConfig.java, line(s) 44,38 im/amzwbdfmrh/ui/hviews/page/PagerGridLayoutManager.java, line(s) 472,476,510,514 im/amzwbdfmrh/ui/hviews/pop/BasePopup.java, line(s) 150,154 im/amzwbdfmrh/ui/hviews/slidemenu/SwipeLayout.java, line(s) 800,805 im/amzwbdfmrh/ui/hviews/swipelist/reservation/TopWrappedDividerItemDecoration.java, line(s) 28 im/amzwbdfmrh/ui/load/animation/SpriteAnimatorBuilder.java, line(s) 145 im/amzwbdfmrh/ui/newcall/NewCallActivity.java, line(s) 317 im/amzwbdfmrh/ui/settings/CacheControlSettingActivity.java, line(s) 192 im/amzwbdfmrh/ui/settings/NoticeAndSoundSettingActivity.java, line(s) 262,323,384 im/amzwbdfmrh/ui/utils/AesUtils.java, line(s) 78,86 im/amzwbdfmrh/ui/utils/AppUpdater.java, line(s) 76,138,151 im/amzwbdfmrh/ui/utils/ChatActionBarHelper.java, line(s) 294 im/amzwbdfmrh/ui/utils/DownloadUtils.java, line(s) 186,219 im/amzwbdfmrh/ui/utils/OpenInstallUitl.java, line(s) 56,82 im/amzwbdfmrh/ui/utils/QrCodeParseUtil.java, line(s) 138,153,198,235 im/amzwbdfmrh/ui/utils/ThirdPartSdkInitUtil.java, line(s) 42,71,102,99 im/amzwbdfmrh/ui/utils/number/MoneyUtil.java, line(s) 147 im/amzwbdfmrh/ui/utils/picture/PictureUtil.java, line(s) 72 im/amzwbdfmrh/ui/utils/translate/DecodeEngine.java, line(s) 114,118,134,141,169,173,267,289,297,315,323,378,382,417,445 im/amzwbdfmrh/ui/utils/translate/ssrc/SSRC.java, line(s) 56,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,289,293,296,517,531,614,679,680,681,682,687,689,691,693,765,907,1070,1074,1118,1212,1213,1214,1215,1216,1218,1220,1222,1271,1277 im/amzwbdfmrh/ui/utils/translate/utils/AudioFileUtils.java, line(s) 32,35,56,111,113,134,150 im/amzwbdfmrh/ui/wallet/WalletRechargeH5Activity.java, line(s) 129,205 im/amzwbdfmrh/ui/wallet/WalletWithdrawActivity.java, line(s) 302,353,368 im/amzwbdfmrh/ui/wallet/WalletWithdrawAddNewAccountActivity.java, line(s) 420,427,601,627,682 im/amzwbdfmrh/ui/wallet/model/BankCardListResBean.java, line(s) 83 im/amzwbdfmrh/ui/wallet/model/BillRecordDetailBean.java, line(s) 89 im/amzwbdfmrh/ui/wallet/model/BillRecordResBillListBean.java, line(s) 211 im/amzwbdfmrh/ui/wallet/model/WalletPaymentBankCardBean.java, line(s) 77,89 im/amzwbdfmrh/ui/wallet/model/WalletWithdrawTemplateBean.java, line(s) 69 org/webrtc/ali/AliHardwareAudioEncoder.java, line(s) 114,127,176,68 org/webrtc/ali/USBAudioDevice.java, line(s) 67 org/webrtc/alirtcInterface/ALI_RTC_INTERFACE_IMPL.java, line(s) 401,692,712,718,733,739,1269,289,294,304,343,348,353,358,363,368,373,378,383,388,336 org/webrtc/alirtcInterface/SophonEngine.java, line(s) 275 org/webrtc/alirtcInterface/SophonEngineImpl.java, line(s) 82,222,247,256,266,321,333,430,439,449,509,671,99,102,104,197,299,83,122,300,410,414,1211 org/webrtc/audio/AppRTCAudioManager.java, line(s) 258,272,305,347,390,399,95,100,110,113,179,191,202,214,243,255,261,270,293,297,319,329,333,350,392,497,498,528,548,554 org/webrtc/audio/AppRTCBluetoothManager.java, line(s) 61,64,72,78,94,109,113,121,123,127,132,137,142,159,190,191,193,199,214,219,228,234,240,248,255,260,264,266,298,301,303,310,316,322,331,341,344,355,178,183,221,225,118,161,165,174,348 org/webrtc/audio/AppRTCProximitySensor.java, line(s) 26,33,43,71,74,81,126,61 org/webrtc/sdk/SophonSurfaceView.java, line(s) 58,68,77,34 org/webrtc/utils/AppRTCUtils.java, line(s) 21 org/webrtc/utils/CpuMonitor.java, line(s) 100,111,118,125,164,237,178,183,185,283,318,345,351,354,357 org/webrtc/utils/MemoryMonitor.java, line(s) 33,40,63,69 org/webrtc/utils/NetworkMonitor.java, line(s) 49,55 pub/devrel/easypermissions/EasyPermissions.java, line(s) 138,140,34 pub/devrel/easypermissions/helper/ActivityPermissionHelper.java, line(s) 38 pub/devrel/easypermissions/helper/BaseSupportPermissionsHelper.java, line(s) 22
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: im/amzwbdfmrh/messenger/AndroidUtilities.java, line(s) 10,1426 im/amzwbdfmrh/ui/ChangeUsernameActivity.java, line(s) 4,84 im/amzwbdfmrh/ui/ChannelCreateActivity.java, line(s) 8,741 im/amzwbdfmrh/ui/ChatActivity.java, line(s) 10,11568 im/amzwbdfmrh/ui/ChatEditTypeActivity.java, line(s) 4,426,440 im/amzwbdfmrh/ui/GroupInviteActivity.java, line(s) 4,133 im/amzwbdfmrh/ui/PhonebookShareActivity.java, line(s) 4,566,606 im/amzwbdfmrh/ui/ProfileActivity.java, line(s) 11,1634,1659 im/amzwbdfmrh/ui/StickersActivity.java, line(s) 4,395 im/amzwbdfmrh/ui/ThemeSetUrlActivity.java, line(s) 4,99 im/amzwbdfmrh/ui/components/EmbedBottomSheet.java, line(s) 9,821 im/amzwbdfmrh/ui/components/ShareAlert.java, line(s) 8,887 im/amzwbdfmrh/ui/dialogs/McShareDialog.java, line(s) 5,234 im/amzwbdfmrh/ui/hui/chats/ProfileGroupActivity.java, line(s) 11,1596,1621 im/amzwbdfmrh/ui/hui/discovery/QrScanResultActivity.java, line(s) 4,65 im/amzwbdfmrh/ui/hui/packet/BillDetailsActivity.java, line(s) 4,311
信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: com/alivc/rtc/device/core/persistent/TransactionXMLFile.java, line(s) 8
信息 应用与Firebase数据库通信
该应用与位于 https://amzwbdfmrh-48b0d.firebaseio.com 的 Firebase 数据库进行通信
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/bjz/comm/net/factory/ApiFactory.java, line(s) 51,51 com/bjz/comm/net/factory/ApiGameFactory.java, line(s) 49,49 com/bjz/comm/net/factory/ApiHuanHuiFactory.java, line(s) 41,41 com/bjz/comm/net/factory/ApiMPFactory.java, line(s) 47,47 com/bjz/comm/net/factory/ApiTranslateAudioFactory.java, line(s) 40,40 com/zhy/http/okhttp/https/HttpsUtils.java, line(s) 110,174,42,109,135,173,98,108,108,172,172
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: im/amzwbdfmrh/ui/utils/SimulatorUtil.java, line(s) 19
安全 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/194512522065/namespaces/firebase:fetch?key=AIzaSyC6uk1nvjb5BYzqEzgaWy_iTryf5373Nyw ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.ntsc.ac.cn) 通信。
{'ip': '159.226.242.43', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (impyq.gz.bcebos.com) 通信。
{'ip': '121.228.183.252', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}