导航菜单
登录 注册

页面标题

页面副标题

移动应用安全检测报告

应用图标

MacroDroid v5.54.4

Android APK 6be11367...
46
安全评分

安全基线评分

46/100

中风险

综合风险等级

风险等级评定
  1. A
  2. B
  3. C
  4. F

应用存在一定安全风险,建议优化

漏洞与安全项分布

13 高危
125 中危
6 信息
3 安全

隐私风险评估

6
第三方跟踪器

高隐私风险
检测到大量第三方跟踪器


检测结果分布

高危安全漏洞 13
中危安全漏洞 125
安全提示信息 6
已通过安全项 3
重点安全关注 0

高危安全漏洞 基本配置不安全地配置为允许到所有域的明文流量。 

Scope:
*

高危安全漏洞 基本配置配置为信任用户安装的证书。 

Scope:
*

高危安全漏洞 域配置不安全地配置为允许明文流量到达范围内的这些域。 

Scope:
samplicio.us
cint.com
qualtrics.com
spectrumsurveys.com
decipherinc.com
ssisurveys.com
lucidhq.com
paradigmsample.com
focusvision.com
vi.ga
opinionetwork.com
surveyrouter.com
opinionbar.com
prsrvy.com
ptrack1.com
globaltestmarket.com
eocucom.com
prodegemr.com
swagbucks.com
sgizmo.com
surveygizmo.com
reviewrobin.com
questmindshare.com
peanutlabs.com
marketknowledgesurveys.com
dubinterviewer.com
confirmit.com
survia.com
insights.supply
roirocket.com
yunosurveys.com

高危安全漏洞 App 链接 assetlinks.json 文件未找到 

[android:name=com.arlosoft.macrodroid.templatestore.ui.search.TemplateSearchActivity][android:host=http://www.macrodroid.com]
App Link 资产验证 URL(http://www.macrodroid.com/.well-known/assetlinks.json)未找到或配置不正确。(状态码:301)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。

高危安全漏洞 App 链接 assetlinks.json 文件未找到 

[android:name=com.arlosoft.macrodroid.templatestore.ui.search.TemplateSearchActivity][android:host=https://www.macrodroid.com]
App Link 资产验证 URL(https://www.macrodroid.com/.well-known/assetlinks.json)未找到或配置不正确。(状态码:301)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。

高危安全漏洞 App 链接 assetlinks.json 文件未找到 

[android:name=com.arlosoft.macrodroid.templatestore.ui.search.TemplateSearchActivity][android:host=http://macrodroid.com]
App Link 资产验证 URL(http://macrodroid.com/.well-known/assetlinks.json)未找到或配置不正确。(状态码:301)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。

高危安全漏洞 App 链接 assetlinks.json 文件未找到 

[android:name=com.arlosoft.macrodroid.templatestore.ui.search.TemplateSearchActivity][android:host=https://macrodroid.com]
App Link 资产验证 URL(https://macrodroid.com/.well-known/assetlinks.json)未找到或配置不正确。(状态码:301)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。

高危安全漏洞 使用弱加密算法 

使用弱加密算法
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
com/arlosoft/macrodroid/common/SimpleEncryption.java, line(s) 23,30
com/sun/mail/auth/Ntlm.java, line(s) 168

高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 

应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
com/arlosoft/macrodroid/utils/encryption/ExtrasEncryption.java, line(s) 51,83
com/github/javiersantos/licensing/AESObfuscator.java, line(s) 25,29
dev/skomlach/biometric/compat/crypto/CryptographyManagerInterfaceMarshmallowImpl.java, line(s) 40
dev/skomlach/biometric/compat/utils/hardware/BiometricPromptHardware.java, line(s) 67

高危安全漏洞 应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文 

应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode

Files:
com/arlosoft/macrodroid/utils/encryption/Encryptor.java, line(s) 44,68

高危安全漏洞 启用了调试配置。生产版本不能是可调试的 

启用了调试配置。生产版本不能是可调试的
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing

Files:
xyz/kumaraswamy/autostart/BuildConfig.java, line(s) 3,5

高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 

如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7

Files:
com/arlosoft/macrodroid/HelpActivity.java, line(s) 40,5
com/arlosoft/macrodroid/action/activities/HtmlPreviewActivity.java, line(s) 72,8

高危安全漏洞 应用程序包含隐私跟踪程序 

此应用程序有多个6隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。

中危安全漏洞 基本配置配置为信任系统证书。 

Scope:
*

中危安全漏洞 Activity (com.arlosoft.macrodroid.LauncherActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.bubble.BubbleActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.transparentdialog.TransparentDialogActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.PasswordPromptActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.ShortcutDispatchActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity (com.arlosoft.macrodroid.ShortcutDispatchActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.quicksettings.QuickSettingsLongPressActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity (com.arlosoft.macrodroid.quicksettings.QuickSettingsLongPressActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.googleassistant.GoogleAssistantDispatchActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity (com.arlosoft.macrodroid.googleassistant.GoogleAssistantDispatchActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.arlosoft.macrodroid.extras.stopclub.StopClubActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.arlosoft.macrodroid.homescreen.quickrun.QuickRunMacroDialogActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.templatestore.ui.comments.TemplateCommentsActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.templatestore.reportmacro.ReportMacroActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity (com.arlosoft.macrodroid.templatestore.ui.search.TemplateSearchActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.arlosoft.macrodroid.homescreen.quickrun.QuickRunAddMacrosActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.arlosoft.macrodroid.filehandler.FileHandlerProxy) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.arlosoft.macrodroid.editscreen.EditMacroActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.arlosoft.macrodroid.editscreen.favourites.ConfigureFavouritesActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.arlosoft.macrodroid.actionblock.edit.ActionBlockEditActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.arlosoft.macrodroid.triggers.activities.ScanTagActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.action.activities.TakePictureActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.action.activities.OcrPictureActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.action.activities.TorchActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.scene.display.SceneDisplayActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.scene.display.SceneDialogActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.action.activities.UpdateBrightnessActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.action.activities.SetVolumeActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.action.activities.AcceptCallActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity (com.arlosoft.macrodroid.triggers.activities.NFCTriggeredActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.SelectModeActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.SelectForceRunMacroActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.action.activities.MessageDialogActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.triggers.activities.NotificationButtonNotAssignedActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.action.activities.VariableValuePrompt)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.action.activities.ConfirmDialogActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.action.activities.IfThenConfirmDialogActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.action.activities.OptionDialogActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.action.activities.SelectionDialogActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.DummyActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.action.activities.SetKeyboardPieActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.action.activities.VoiceInputActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.drawer.ui.DrawerOptionsActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.drawer.ui.DrawerUpdateVariableActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.action.activities.ScreenOnActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.action.activities.AuthenticateUserActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.clipboard.ClipboardReadActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.action.activities.PopUpActionActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.utils.CategoryPasswordPromptActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.action.activities.DisableMacroDroidPasswordPromptActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.triggers.activities.MediaButtonLongPressActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity (com.arlosoft.macrodroid.triggers.activities.MediaButtonLongPressActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.utils.AccessibilityInfoActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity (com.arlosoft.macrodroid.triggers.activities.ShareTextTriggerActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidOnOffTileService) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService1) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService2) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService3) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService4) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService5) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService6) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService7) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService8) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService9) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService10) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService11) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService12) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService13) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService14) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService15) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService16) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.MacroDroidAccessibilityServiceJellyBean) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_ACCESSIBILITY_SERVICE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.action.services.UIInteractionAccessibilityService) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_ACCESSIBILITY_SERVICE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.DataLayerListenerService) 未受保护。 

[android:exported=true]
检测到  Service 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.NotificationService) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_NOTIFICATION_LISTENER_SERVICE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.NotificationServiceOreo) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_NOTIFICATION_LISTENER_SERVICE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.voiceservice.MacroDroidVoiceService) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_VOICE_INTERACTION [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.voiceservice.MacroDroidVoiceSessionService) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_VOICE_INTERACTION [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.powermenu.PowerMenuService) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_CONTROLS [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (com.arlosoft.macrodroid.voiceservice.RecognitionServiceTrampoline) 未受保护。 

[android:exported=true]
检测到  Service 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.arlosoft.macrodroid.triggers.receivers.widget.MacroDroidWidgetConfigureActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.arlosoft.macrodroid.action.activities.PendingIntentActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.triggers.receivers.widget.WidgetProviderCustom) 未受保护。 

[android:exported=true]
检测到  Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.triggers.receivers.widget.WidgetProviderGreen) 未受保护。 

[android:exported=true]
检测到  Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.triggers.receivers.widget.WidgetProviderBlue) 未受保护。 

[android:exported=true]
检测到  Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.triggers.receivers.widget.WidgetProviderRed) 未受保护。 

[android:exported=true]
检测到  Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.triggers.receivers.widget.WidgetProviderYellow) 未受保护。 

[android:exported=true]
检测到  Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.triggers.receivers.widget.WidgetProviderBar) 未受保护。 

[android:exported=true]
检测到  Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.arlosoft.macrodroid.ShortcutActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.StartupReceiver) 未受保护。 

[android:exported=true]
检测到  Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.variables.SetVariableReceiver) 未受保护。 

[android:exported=true]
检测到  Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.PackageReplacedReceiver) 未受保护。 

[android:exported=true]
检测到  Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.macro.ContinuePausedActionsHandler) 未受保护。 

[android:exported=true]
检测到  Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.action.receivers.AndroidWearActionReceiver) 未受保护。 

[android:exported=true]
检测到  Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.triggers.receivers.ShortcutTriggerReceiver) 未受保护。 

[android:exported=true]
检测到  Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.action.receivers.LocaleTaskerSettingCompleteReceiver) 未受保护。 

[android:exported=true]
检测到  Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.triggers.receivers.SleepReceiver) 未受保护。 

[android:exported=true]
检测到  Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.helper.receiver.HelperResultsReceiver) 未受保护。 

[android:exported=true]
检测到  Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.triggers.receivers.MacroDroidDeviceAdminReceiver) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_DEVICE_ADMIN [android:exported=true]
检测到  Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.logging.helper.HelperLogMessageBroadcaseReceiver) 未受保护。 

[android:exported=true]
检测到  Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.app.EnableMacroDroidReceiver) 未受保护。 

[android:exported=true]
检测到  Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Content Provider (rikka.shizuku.ShizukuProvider) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.INTERACT_ACROSS_USERS_FULL [android:exported=true]
检测到  Content Provider 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.DUMP [android:exported=true]
检测到  Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (dev.skomlach.biometric.compat.utils.DeviceUnlockedReceiver) 未受保护。 

[android:exported=true]
检测到  Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。 

Permission: com.google.android.c2dm.permission.SEND [android:exported=true]
检测到  Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Activity (com.google.firebase.auth.internal.GenericIdpActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.google.firebase.auth.internal.RecaptchaActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。 

Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.DUMP [android:exported=true]
检测到  Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 高优先级 Intent(2147483647) - {1} 个命中 

[android:priority]
通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。

中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 

文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10

Files:
bsh/engine/BshScriptEngine.java, line(s) 33
com/amazonaws/auth/policy/conditions/ConditionFactory.java, line(s) 8,9,10,11,12,13,14
com/amazonaws/internal/keyvaluestore/AWSKeyValueStore.java, line(s) 260,257
com/arlosoft/macrodroid/action/CustomEntry.java, line(s) 189
com/arlosoft/macrodroid/action/HttpRequestConfig.java, line(s) 783
com/arlosoft/macrodroid/action/SetWallpaperAction.java, line(s) 83
com/arlosoft/macrodroid/action/activities/SelectionDialogActivity.java, line(s) 124
com/arlosoft/macrodroid/categories/Category.java, line(s) 18
com/arlosoft/macrodroid/common/SystemSettingOption.java, line(s) 98
com/arlosoft/macrodroid/data/HomeScreenTileConfig.java, line(s) 23
com/arlosoft/macrodroid/data/SmtpServerConfig.java, line(s) 185
com/arlosoft/macrodroid/data/UserSubscription.java, line(s) 75
com/arlosoft/macrodroid/database/room/BlockedUser.java, line(s) 80
com/arlosoft/macrodroid/database/room/SubscriptionUpdateItem.java, line(s) 169
com/arlosoft/macrodroid/database/room/UserSubscription.java, line(s) 98
com/arlosoft/macrodroid/emailservice/EmailServiceKt.java, line(s) 16,10,13
com/arlosoft/macrodroid/geofences/GeofenceInfo.java, line(s) 30
com/arlosoft/macrodroid/helper/HelperCommandsKt.java, line(s) 70
com/arlosoft/macrodroid/magictext/data/MagicTextConstants.java, line(s) 543
com/arlosoft/macrodroid/plugins/data/PluginDetail.java, line(s) 347
com/arlosoft/macrodroid/quicksettings/QuickSettingsData.java, line(s) 25,28
com/arlosoft/macrodroid/scene/components/SceneEditTextConfig.java, line(s) 222
com/arlosoft/macrodroid/settings/Settings.java, line(s) 86,87
com/arlosoft/macrodroid/templatestore/model/Comment.java, line(s) 189
com/arlosoft/macrodroid/templatestore/model/MacroTemplate.java, line(s) 405
com/arlosoft/macrodroid/templatestore/model/User.java, line(s) 216
com/arlosoft/macrodroid/translations/api/LocaliseApi.java, line(s) 14,23
com/arlosoft/macrodroid/translations/api/MacroDroidTranslationsApi.java, line(s) 15,24
com/arlosoft/macrodroid/translations/api/OneSkyAppApi.java, line(s) 16,25
com/arlosoft/macrodroid/triggers/BluetoothBeaconTrigger.java, line(s) 78
com/arlosoft/macrodroid/triggers/services/SignalOnOffTriggerServiceKt.java, line(s) 10
com/arlosoft/macrodroid/variables/VariableValue.java, line(s) 1256
com/firebase/ui/auth/IdpResponse.java, line(s) 276
com/firebase/ui/auth/data/remote/GenericIdpSignInHandler.java, line(s) 204
com/giphy/sdk/core/network/api/GPHApiClient.java, line(s) 47
com/giphy/sdk/ui/views/GiphyDialogFragment.java, line(s) 51,54
com/giphy/sdk/ui/views/dialogview/GiphyDialogView.java, line(s) 45,51
com/twofortyfouram/locale/sdk/host/TaskerPlugin.java, line(s) 42
dev/skomlach/biometric/compat/engine/internal/face/lava/FaceVerifyManager.java, line(s) 31
dev/skomlach/biometric/compat/impl/credentials/CredentialsRequestFragment.java, line(s) 31
dev/skomlach/biometric/compat/impl/dialogs/UntrustedAccessibilityFragment.java, line(s) 38
dev/skomlach/biometric/compat/utils/LockType.java, line(s) 35,32
dev/skomlach/biometric/compat/utils/appstate/HomeWatcher.java, line(s) 42,33
io/grpc/internal/TransportFrameUtil.java, line(s) 82
net/dinglisch/android/tasker/TaskerPlugin.java, line(s) 39
org/jsoup/nodes/DocumentType.java, line(s) 9,10
org/osmdroid/tileprovider/modules/DatabaseFileArchive.java, line(s) 59,17

中危安全漏洞 IP地址泄露 

IP地址泄露


Files:
com/afollestad/materialdialogs/BuildConfig.java, line(s) 9
com/afollestad/materialdialogs/commons/BuildConfig.java, line(s) 9
com/koushikdutta/async/AsyncSSLSocketWrapper.java, line(s) 64
com/koushikdutta/async/dns/Dns.java, line(s) 123,131,126
com/tencent/soter/core/model/CertUtil.java, line(s) 15
dev/skomlach/common/network/PingConfig.java, line(s) 26
dev/skomlach/common/protection/HookDetection.java, line(s) 201
fi/iki/elonen/NanoHTTPD.java, line(s) 402
io/grpc/okhttp/u.java, line(s) 371,379,388,384

中危安全漏洞 此应用程序可能会请求root(超级用户)权限 

此应用程序可能会请求root(超级用户)权限
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1

Files:
com/stericson/RootTools/internal/RootToolsInternalMethods.java, line(s) 810,817,810,817
dev/skomlach/common/protection/HookDetection.java, line(s) 114,140,176

中危安全漏洞 应用程序使用不安全的随机数生成器 

应用程序使用不安全的随机数生成器
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators

Files:
com/amazonaws/retry/PredefinedRetryPolicies.java, line(s) 6
com/arlosoft/macrodroid/action/SetVariableAction.java, line(s) 69
com/arlosoft/macrodroid/action/screenshot/CaptureService.java, line(s) 11
com/arlosoft/macrodroid/advert/AdvertActivity.java, line(s) 21
com/arlosoft/macrodroid/settings/Settings.java, line(s) 50
com/firebase/ui/auth/util/data/SessionUtils.java, line(s) 4
com/giphy/sdk/ui/ConstantsKt.java, line(s) 6
com/github/javiersantos/piracychecker/utils/SaltUtils.java, line(s) 9
com/hanks/htextview/typer/TyperTextView.java, line(s) 10
com/koushikdutta/async/dns/Dns.java, line(s) 20
com/koushikdutta/async/util/FileCache.java, line(s) 18
com/sun/mail/auth/Ntlm.java, line(s) 12
io/github/rosemoe/sora/widget/CodeEditor.java, line(s) 137
io/github/rosemoe/sora/widget/snippet/variable/RandomBasedSnippetVariableResolver.java, line(s) 4
io/grpc/internal/DnsNameResolver.java, line(s) 32
io/grpc/internal/ExponentialBackoffPolicy.java, line(s) 5
io/grpc/internal/PickFirstLeafLoadBalancer.java, line(s) 23
io/grpc/internal/PickFirstLoadBalancer.java, line(s) 13
io/grpc/internal/j0.java, line(s) 23
io/grpc/okhttp/f.java, line(s) 70
io/grpc/util/OutlierDetectionLoadBalancer.java, line(s) 27
io/grpc/util/RoundRobinLoadBalancer.java, line(s) 16
j$/util/concurrent/ThreadLocalRandom.java, line(s) 10
org/jsoup/helper/DataUtil.java, line(s) 17
org/osmdroid/tileprovider/tilesource/BitmapTileSourceBase.java, line(s) 9

中危安全漏洞 MD5是已知存在哈希冲突的弱哈希 

MD5是已知存在哈希冲突的弱哈希
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
com/amazonaws/util/Md5Utils.java, line(s) 22,53
com/arlosoft/macrodroid/common/SerialCalculator.java, line(s) 10
com/arlosoft/macrodroid/extensions/StringExtensionsKt.java, line(s) 130
com/koushikdutta/async/http/spdy/b.java, line(s) 164
com/koushikdutta/async/util/FileCache.java, line(s) 100
com/stericson/RootTools/internal/a.java, line(s) 49
com/sun/mail/auth/Ntlm.java, line(s) 141
com/sun/mail/pop3/b.java, line(s) 487
com/sun/mail/smtp/DigestMD5.java, line(s) 86
com/tencent/soter/core/model/SoterCoreUtil.java, line(s) 14
crashguard/android/library/h2.java, line(s) 77
dev/skomlach/biometric/compat/engine/internal/AbstractBiometricModule.java, line(s) 202
dev/skomlach/biometric/compat/engine/internal/face/hihonor/impl/HihonorFaceRecognizeManager.java, line(s) 91
dev/skomlach/biometric/compat/engine/internal/face/huawei/impl/HuaweiFaceRecognizeManager.java, line(s) 91

中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 

应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2

Files:
com/arlosoft/macrodroid/database/Database.java, line(s) 6,7,8,9,512
com/arlosoft/macrodroid/database/a.java, line(s) 4,5,14,15,16,17,18,19,26,27,29,31,33,35,36,38,40,42,44,45,47,49,51,53,54,55,57,59,60,62,63,65,67
crashguard/android/library/e0.java, line(s) 5,112
crashguard/android/library/j2.java, line(s) 5,89
crashguard/android/library/k.java, line(s) 5,51,56
crashguard/android/library/l.java, line(s) 5,53
crashguard/android/library/o4.java, line(s) 5,6,41
crashguard/android/library/q1.java, line(s) 5,105,106,110
crashguard/android/library/s5.java, line(s) 5,71,76,80,84
crashguard/android/library/u.java, line(s) 5,96,101,105
crashguard/android/library/y0.java, line(s) 5,107,108,112
crashguard/android/library/y4.java, line(s) 5,109
dev/skomlach/biometric/compat/engine/internal/face/miui/impl/Miui3DFaceManagerImpl.java, line(s) 8,1331
org/osmdroid/tileprovider/modules/DatabaseFileArchive.java, line(s) 4,5,96
org/osmdroid/tileprovider/modules/SqlTileWriter.java, line(s) 5,6,7,228,497
org/osmdroid/tileprovider/modules/SqliteArchiveTileWriter.java, line(s) 5,31

中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 

应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage

Files:
bin/mt/signature/KillerApplication.java, line(s) 77
com/afollestad/materialdialogs/folderselector/FileChooserDialog.java, line(s) 45,323
com/afollestad/materialdialogs/folderselector/FolderChooserDialog.java, line(s) 52,332
com/arlosoft/macrodroid/action/RecordMicrophoneAction.java, line(s) 175
com/arlosoft/macrodroid/action/TakePictureAction.java, line(s) 117
com/arlosoft/macrodroid/action/TakeScreenshotAction.java, line(s) 193,251
com/arlosoft/macrodroid/action/activities/TakePictureActivity.java, line(s) 144
com/arlosoft/macrodroid/app/MacroDroidApplication.java, line(s) 653
com/arlosoft/macrodroid/autobackup/ui/local/AutoBackupLocalPresenter.java, line(s) 263,383,453
com/arlosoft/macrodroid/autobackup/worker/AutoBackupWorker.java, line(s) 162
com/arlosoft/macrodroid/common/EventLogging.java, line(s) 42
com/arlosoft/macrodroid/common/PebbleHelper.java, line(s) 65
com/arlosoft/macrodroid/magictext/MagicTextMemoryHelper.java, line(s) 29,81,97,141,154
com/arlosoft/macrodroid/magictext/MagicTextOptions.java, line(s) 502,503,644,645
com/arlosoft/macrodroid/settings/PreferencesFragment.java, line(s) 395,420,424
com/arlosoft/macrodroid/settings/Settings.java, line(s) 810
com/arlosoft/macrodroid/templatestore/ui/profile/ProfileActivity.java, line(s) 648
com/arlosoft/macrodroid/triggers/activities/selecticon/IconSelectFragment.java, line(s) 174,170
com/arlosoft/macrodroid/triggers/services/MacroDroidAccessibilityServiceJellyBean.java, line(s) 626,632
com/arlosoft/macrodroid/utils/FileUtils.java, line(s) 268
com/miguelbcr/ui/rx_paparazzo2/interactors/GetPath.java, line(s) 142
com/miguelbcr/ui/rx_paparazzo2/interactors/ImageUtils.java, line(s) 185,188,188
com/stericson/RootTools/internal/RootToolsInternalMethods.java, line(s) 659,662
com/yalantis/ucrop/util/FileUtils.java, line(s) 68
org/osmdroid/config/DefaultConfigurationProvider.java, line(s) 163
org/osmdroid/tileprovider/util/StorageUtils.java, line(s) 102,103,120,121,140,189,204,205,233,289

中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件 

应用程序创建临时文件。敏感信息永远不应该被写进临时文件


Files:
com/arlosoft/macrodroid/action/services/UploadPhotoService.java, line(s) 93
com/arlosoft/macrodroid/bugreporting/ReportBugActivity.java, line(s) 551
com/arlosoft/macrodroid/firebase/FirestoreHelper.java, line(s) 467
com/sun/mail/pop3/e.java, line(s) 11
fi/iki/elonen/NanoHTTPD.java, line(s) 315,659,675
org/zeroturnaround/zip/ZipUtil.java, line(s) 1644
org/zeroturnaround/zip/Zips.java, line(s) 158,167
org/zeroturnaround/zip/transform/FileZipEntryTransformer.java, line(s) 32,34

中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希 

SHA-1是已知存在哈希冲突的弱哈希
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
com/arlosoft/macrodroid/common/SerialCalculator.java, line(s) 43
com/arlosoft/macrodroid/upgrade/Security.java, line(s) 30
com/arlosoft/macrodroid/upgrade/billing/b.java, line(s) 33
com/arlosoft/macrodroid/utils/encryption/Encryptor.java, line(s) 28
com/koushikdutta/async/http/WebSocketImpl.java, line(s) 107

中危安全漏洞 向Firebase上传文件 

向Firebase上传文件


Files:
com/arlosoft/macrodroid/firebase/FirestoreHelper.java, line(s) 297,26

中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞 

不安全的Web视图实现。可能存在WebView任意代码执行漏洞
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5

Files:
com/evgenii/jsevaluator/WebViewWrapper.java, line(s) 24,22

中危安全漏洞 此应用可能包含硬编码机密信息 

从应用程序中识别出以下机密确保这些不是机密或私人信息
凭证信息=> "com.google.android.geo.API_KEY" : "AIzaSyDU4fIr2GnhelGsvqYf0QVwEhKe_bulo20"
"twitter_consumer_secret" : "cvxTiGth538SF0jqOSXPd3wEGY8WFdmPTaI4QNVggjvIvnHH1f"
"android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Parol"
"username" : "Benutzername"
"select_icons_user" : "Usuari"
"android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Wagwoord"
"variable_dictionary_key" : "Klucz"
"variable_dictionary_key" : "Sleutel"
"variable_dictionary_key" : "Nyckel"
"http_request_basic_authorization_title" : "Basis-authentificatie"
"animation_name_paws" : "Mancsok"
"select_icons_user" : "Utilisateur"
"android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Iphasiwedi"
"webhook_caller_ip_address" : "Webhook-Anrufer-IP-Adresse"
"android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Contrasinal"
"androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Nyckel"
"androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Sarbide-gakoa"
"androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Avainkoodi"
"android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Password"
"android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Salasana"
"variable_dictionary_key" : "Clave"
"android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Palavra-passe"
"android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Passord"
"password" : "Wachtwoord"
"firebase_database_url" : "https://macrodroid-production.firebaseio.com"
"select_icons_user" : "Gebruiker"
"library_piracychecker_authorWebsite" : "https://github.com/javiersantos"
"animation_name_paws" : "Tassar"
"username" : "Username"
"select_icons_user" : "Utilizzatore"
"google_crash_reporting_api_key" : "AIzaSyDld0rmBm4u9kufAY0m7i6aBaINVvod58M"
"android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Adgangskode"
"smtp_username" : "Username"
"username" : "Gebruikersnaam"
"android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Geslo"
"maps_key_v2_universal" : "AIzaSyD54agSH4WJI0Tdaf4JJlknfoaebgyUY3o"
"password" : "Passwort"
"animation_name_paws" : "Cakar"
"facebook_app_id" : "276514135752339"
"password" : "Senha"
"android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Heslo"
"androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Kod"
"http_request_basic_authorization_title" : "Basisberechtigung"
"quick_keyboard_change" : "Snabbtangentbordsbyte"
"variable_dictionary_key" : "Kulcs"
"androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Passkey"
"androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Klucz"
"password" : "Heslo"
"maps_key" : "0ju_Q-Lkk9NVNwh8kye1-4jLmLRHiiQsWzrRY0Q"
"android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Lozinka"
"android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Nenosiri"
"animation_name_paws" : "Zampe"
"variable_dictionary_key" : "Key"
"password" : "Password"
"variable_dictionary_key" : "Chave"
"variable_dictionary_key" : "Anahtar"
"android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Contrasenya"
"androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Toegangssleutel"
"android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Parool"
"variable_dictionary_key" : "Kunci"
"select_icons_user" : "Usuario"
"select_icons_user" : "Vartotojas"
"quick_keyboard_change" : "Tastaturwechsel"
"animation_name_paws" : "Patas"
"twitter_consumer_key" : "trfRjDyxtteiIGveHUmMAFoyt"
"variable_dictionary_key" : "Chiave"
"variable_dictionary_key" : "cheie"
"google_app_id" : "1:1032558389409:android:35e9bc7e7fe70c0f"
"password_protection" : "Passwortschutz"
"android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Wachtwoord"
"animation_name_paws" : "Pattes"
"animation_name_paws" : "Pootjes"
"password" : "Contrasenya"
"compass" : "Compass"
"androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Wagwoordsleutel"
"android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Pasahitza"
"smtp_username" : "Gebruikersnaam"
"password" : "Sandi"
"com.google.firebase.crashlytics.mapping_file_id" : "0d8926354fae4954abb224e9f298609a"
"android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Sandi"
"android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Senha"
"maps_key_v2" : "AIzaSyDLR21Jhr2YbjBFJFS_XVEhKt2Y00iAhNI"
"google_api_key" : "AIzaSyDld0rmBm4u9kufAY0m7i6aBaINVvod58M"
"variable_dictionary_key" : "Pagrindinis"
"select_icons_user" : "Pengguna"
"select_icons_user" : "User"
"email_password" : "E-mail-wachtwoord"
"select_icons_user" : "Benutzer"
"smtp_username" : "Benutzername"
"select_icons_user" : "Utilizator"
"firebase_web_host" : "CHANGE-ME"
"animation_name_paws" : "Tlapky"
"animation_name_paws" : "Pfoten"
"android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Passwort"
"android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Zaporka"
"android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Parole"
"animation_name_paws" : "Paws"
258EAFA5-E914-47DA-95CA-C5AB0DC85B11
yHTAZeApn5rh6Uzfx06Gv6eHdM34YL
1tlElroQgRxbbHOVXlvZ3WRJneeupimg
nCBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjERMA8GA1UEChMIQXJsb3NvZnQxEDAOBgNVBAsT
308201dd30820146020101300d06092a864886f70d010105050030373116301406035504030c0d416e64726f69642044656275673110300e060355040a0c07416e64726f6964310b3009060355040613025553301e170d3138303331383036333030365a170d3438303331303036333030365a30373116301406035504030c0d416e64726f69642044656275673110300e060355040a0c07416e64726f6964310b300906035504061302555330819f300d06092a864886f70d010101050003818d003081890281810086912f222f6b68d99c49efd92ece90934d8f371720a9152f81668d5a9ff7aa72e35d026dadecc529023a946cf3f01231250ab272bd7f94f863efd3df697b80db143f42a01f9d27899e4d893fd63ff8db65232e44152dd96cf70369fd8cd1de83e3b505328248b57b47ef6dcaa9892a6c4367728c1b1f09526858dd628a5c6cbd0203010001300d06092a864886f70d0101050500038181000496ccc7b1517cc0dbaf6d95b939d9eefe63e4f8edc3792f72f906401456eba658d8f229ad8107dc4636b43eb8e549d727bde2eef0e75ad0f7d73945d4b03b41c697047a9bfd7786d7a2ddd7c63e2755efad4f38b1526ff5cf56f06bc636b2a18ab34416aab560d484fa8cf600834c6643eaf98fca26d46e15008c00411043ce
308201dd30820146020101300d06092a864886f70d010105050030373116301406035504030c0d416e64726f69642044656275673110300e060355040a0c07416e64726f6964310b3009060355040613025553301e170d3136303932333230333735305a170d3436303931363230333735305a30373116301406035504030c0d416e64726f69642044656275673110300e060355040a0c07416e64726f6964310b300906035504061302555330819f300d06092a864886f70d010101050003818d00308189028181008a2ee13707155166313e78ccc314621c061d717a2f11dd2a2505c7c903ed9e89ccfc4769d953a866039ef1212a6cd923dcb5d77d5b43920cf6f84505c68a2e8de9e76647b7b4771c1f9e01468228e42deac8d4676c12f792e708f9452e205267fed553ba65a93abe48a019bf20f5b35f875dc26bbb87575a533f30d74d7e8cad0203010001300d06092a864886f70d010105050003818100470bd7e3b5b40e639326b241c9005fb3d24cc4180e2e04cc34b54db42b737b401847a5d499cd822e3d85360baa320d16d1ac97f4dc9b86eeab9ae62f019dec13dc707ea41ff11e47e2e2a71e05d7be65235d11574e50cbb165db568466abb5d00a60370b29dd59b47ac6140a12957f85c8eb087adf53c54560300f598545db19
m683OutlinedTextDisplayoYZfOzg
W1zcp5YuPDw8mIQDVCH2uQY7qs2ejdZj5LIgIz4CbQ0wg53rlwE7DDQM6MNUgZLnzNmMSMfFrpE7
nB1Vua25vd24xFjAUBgNVBAMTDUphbWllIEhpZ2dpbnMwIBcNMTExMDA0MTExODA1WhgPMjI4NTA3
70d1d4c1-5ea3-4bd5-a7eb-3eb685e7bb2d
nMTkxMTE4MDVaMG4xCzAJBgNVBAYTAlVLMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtu
0273a52eb7f9dc18f1f886eb0af21ec7
740EE8B0-C879-4D02-82DD-5B9B5C62A29B
b45c8a48e8cde42df7af076dbfbe12fb
cf1e816a-9db0-4511-bbb8-f60c48ca8fac
CTajhLNE6Y2t3JZypo7ioiAmjv1GtGbzGlia50p5N7V5mQJNUjH5WKpqEuEh+jCA
nUOanh7NrvojiaV2brx7Wxp4HszXvjXTsBZp4ucRyiVEauRbKkBCmfWFYWoTNtEm7SdIjufY41XJF
adb97ac6-f780-4a41-8475-ce661b574999
d8cabbe23fb9ee0f252a4c87380216c8
I8pYnZE07/TjxFlB1bTJ4OmI62zRNH4u
nTzzkWOVIUXIdmbdeIp3E+3XCRfs+YXD5UxT7NCqUAqQSdS78Jz0ArWWMkryVcQnfeFWSb8fpxIcf
eyJhbGciOiJSUzI1NiIsIng1YyI6WyJNSUlDNlRDQ0FkRUNBU293RFFZSktvWklodmNOQVFFTEJRQXdEekVOTUFzR0ExVUVBd3dFVW05dmREQWVGdzB4TkRFeE1UZ3hOalUwTUROYUZ3MHpOREV4TVRNeE5qVTBNRE5hTUdZeEN6QUpCZ05WQkFZVEFsVlRNUk13RVFZRFZRUUlEQXBEWVd4cFptOXlibWxoTVJZd0ZBWURWUVFIREExTmIzVnVkR0ZwYmlCV2FXVjNNUlF3RWdZRFZRUUtEQXRIYjI5bmJHVWdTVzVqTGpFVU1CSUdBMVVFQXd3TFptOXZMbUpoY2k1amIyMHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDekZWS0pPa3FUbXl5ak1IV0JPckxkcFltYzBFY3ZHM01vaGFWK1VKclZySTJTRHlrWThZV1NrVEt6OUJLbUY4SFAvR2pQUERzMzE4NENlajliMVdleXZWQjhSajNndUgzb0wrc0pUM3U5VjJ5NHp5bzV4TzZGV01CWUVRNlg4RGtHbFl0VHA1dGhlWWJSclhORUx1bDRsRitMdEhUQ2FBQU5STWtPbDBORW9MYTZCUmhPRzY4Z0ZmSUF4eDVsVDhSRUU5dXR2UHV5K3JDYUJIbmZIT1BmOHBuMExTdmNlQmlqU0lGb1MzWTVjcmpQVmp5aVBBWlVIV25IVEZBaWxmSG5wTEJsR3hwQ3lsZVBRaE1LclBjZ3ZEb0Q5bmQwTEE2eFlMRjdEUFhYU2E4RkxPK2ZQVjhDTkpDQXNGdXE5UmxmMlR0M1NqTHRXUll1aDVMdWN0UDdBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFFc01BQlpsKzhSbGswaHFCa3RzRHVycmk0bkYvMDdDblNCZS96VWJUaVloTXByN1ZSSURsSExvZTVsc2xMaWxmWHp2YXltY01GZUgxdUJ4TndoZjdJTzdXdkl3UWVVSFNWK3JIeU55Z1RUaWVPMEpuOEh3KzRTQ29oSEFkTXZENXVXRXduM0x2K1c0eTdPaGFTYnpsaFZDVkNuRkxWS2ljQmF5VVhIdGRKWEpJQ29rUjQraC9XTk03ZzBpS1RoYWtaT3lmYjhoMXBoeTdUTVRWbFBGS3JjVkRvNW05K0dodFBDNFBOakdMb2s2ci9qeDlDSU9DYXBJcWk4ZlhKRU94S3ZpbFllQVlxZmpXdmh4MDBqdUVVQkhycENROHdUNFRBK0xsSTAyY1J6NXJ4VzRGUUF6MU5kb0c5SFpEWldhK05ORlRaZEFtdFdQSk1MZCs4TDhzbDQ9IiwiTUlJQzhUQ0NBZG1nQXdJQkFnSUpBTU5JMTVIckd5bGtNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1BOHhEVEFMQmdOVkJBTU1CRkp2YjNRd0hoY05NVFF4TVRFNE1UWTFOREF6V2hjTk16UXhNVEV6TVRZMU5EQXpXakFQTVEwd0N3WURWUVFEREFSU2IyOTBNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXplVU5jNGJTV0hoT1RVKzVNUS9sT21talFXcGZCaStGSnV4dm9lT21Rd2k2ZnJQS0tzYUtLWUdmQ1RQbEtFMGRtckVQOTVibmkvcUw1eEFwUDE3b3JqVWU2S1J0SkF3Rk5JNUVaYWRJZmpiaC9xKzg1QzFDcDJCUzJZbXVaUXpYWkhQNjN5eUJwMDVZY2JNS3dDQkhYYUFnWWJtVFRrKzQrMXBqTnBIUDZZaUYyZ0NQdlNmem9rR3loYnZCcW5QYm5UZEk5dzZmak5CWUFici91Qk9UVTB2SzRrdHpsV2s1bHZzbTUxZTh2c0xTcVdob0hBRHEwQXJpQWVsVTRTSHNTQUNrUlVRU3hXVjBLNWh6VHY0ZWN2Q2JHOWRza2lEQ3dXZyt1VFJTb0FGZVpPaE9OTDAwMHE3VmV5M0RaVGNMbDgvTzROUVZhWlI1aUFnVldsV2Nzd0lEQVFBQm8xQXdUakFkQmdOVkhRNEVGZ1FVc2ltbElSRGNKUjBvZlI3b004S3dIRk9IK3NJd0h3WURWUjBqQkJnd0ZvQVVzaW1sSVJEY0pSMG9mUjdvTThLd0hGT0grc0l3REFZRFZSMFRCQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFXUWw4U21iUW9CVjN0ak9KOHpNbGNOMHhPUHBTU05ieDBnN0VML2RRZ0pwZXQwTWNXNjJSSGxnUUFPS2JTM1BSZW8ybnNSQi9aUnlZRHU0aTEzWkhaOGJNc0dPRVM0QlFwejEzbXRtWGc5UmhzWHFMMGVEWWZCY2pqdGxydVVieGhuQUxwNFZOMXpWZHlXQVBDajBldTNNeHBnTVdjeW41MFFtaUpTai9FcXUvbExodmUvd0t2akc1V2huVjh1UktSdUZiRmN0MERIQUhNblpxRkhjR1M1U28wY1luU2ZLNWZiQlJOZWxHZmxocGJiUHAwVjBhWGlxaW5xRDBZZTNPYVpkRnErMnJQMW9DL2E1L091NExzcFkzYjVvRDlyRU5keTdicTBLZXdQRnRnUHZVa0pySjNUemJpd3ZwZ2haN3pHMjZibko1STd1YzR5MVZ1anFhT0E9PSJdfQ
D/NWBiug1Nkcs0NvDDo2HUdZ+Kp+WkyiaMsY63gBZtF7j7iWc7lRl5hGk9kqzGo9
7fc56270e7a70fa81a5935b72eacbe29
eWzIsJF4PExQap9HK6Vlz8DGlgGwoiLCtyOEK0Bfu
nyoNVGo1GFUqzlTAmdnGBKSVzUVxrnqfWnV4ja9oG2mfED47i2C1uu/+cQM+U+LGZlsiprIsIx71P
ncJbvHsusjXA6iG3/kioIUjk4bEG6dFDX4DugPWCqTHnEmUNYpvQfif+Hufagc7VVifO1WmNrurxl
aa45bc25-0261-4de3-a2b7-981406097d47
MIIDWjCCAkKgAwIBAgIETorrbTANBgkqhkiG9w0BAQUFADBuMQswCQYDVQQGEwJVSzEQMA4GA1UE
1415926535897932384626433832795028841971693993751058209749445923078164062862089986280348253421170679
nb3duMREwDwYDVQQKEwhBcmxvc29mdDEQMA4GA1UECxMHVW5rbm93bjEWMBQGA1UEAxMNSmFtaWUg
71828182845904523536028747135266249775724709369995957496696762772407663
Y29tLmFuZHJvaWQudmVuZGluZy5saWNlbnNpbmcuSUxpY2Vuc2luZ1NlcnZpY2U=
u+XPLmq9KMEe4KeJgXXecQ/OyABmZxDClVTNXYyjrwFooJRqWU8AfWnZxEnntge2K6LRxlYts74=
nyZBMVi2gAEXaRxECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEARyhsaYiFhkTWVJ+ZryrjzYOTvPX8
4dab81a6-d2fc-458a-992c-7a1f3b96a970
308201e53082014ea003020102020451dc007d300d06092a864886f70d01010505003037310b30090603550406130255533110300e060355040a1307416e64726f6964311630140603550403130d416e64726f6964204465627567301e170d3133303730393132323232315a170d3433303730323132323232315a3037310b30090603550406130255533110300e060355040a1307416e64726f6964311630140603550403130d416e64726f696420446562756730819f300d06092a864886f70d010101050003818d0030818902818100850e2bc667b811cf3b4aad9ab181aeb761507f0110fb345089ce452651c98580d8fcb0da8af6cf2d51d245c4ebd509cf832b42ee084e10ff8706714ee0def21fcf936b4ff9a14a3c99b944f69158a150718f5c32d66665b7c287742ccba2c7b266250fddcdf5b8f7b3c20e5b4a0c0721143143a2763c54802de3ef5d949701750203010001300d06092a864886f70d010105050003818100498928c82f0ec0cfce4ae49ce76ba65127066880a2780e3617ed7a3258c5e9d3dcc789441afde78a4a62e50c8c46c3043c7260774522f3bdb8226c83ec2964477b93451a3434c03b989c2259e886aa1517d64e1fe9b32785d74d3ac9b8e39993b18f75186c7cd26cf22b2228e0e4d9d650bbae4fcefcbe2abb89ef6ffb00d71a
3082035a30820242a00302010202044e8aeb6d300d06092a864886f70d0101050500306e310b300906035504061302554b3110300e06035504081307556e6b6e6f776e3110300e06035504071307556e6b6e6f776e3111300f060355040a130841726c6f736f66743110300e060355040b1307556e6b6e6f776e311630140603550403130d4a616d69652048696767696e733020170d3131313030343131313830355a180f32323835303731393131313830355a306e310b300906035504061302554b3110300e06035504081307556e6b6e6f776e3110300e06035504071307556e6b6e6f776e3111300f060355040a130841726c6f736f66743110300e060355040b1307556e6b6e6f776e311630140603550403130d4a616d69652048696767696e7330820122300d06092a864886f70d01010105000382010f003082010a0282010100b3bf1433e9b0aa40caff86c949de86bff550e6a787b36bbe88e2695d9baf1ed6c69e07b335ef8d74ec059a78b9c47289511ab916ca9010a67d61585a84cdb449bb49d223b9f638d57245d49253a92a56082bae5cbf7461ed36040ccfe2e1889d6a7a756433fdb8199ff066e66e09b45d6a2a3096678e03b1e00f7f5769f9923388eb94479f77e225cf9ca0bd0d4c04390c639fdcd0f32fc19117067d6b5ede4d4ddb3466fc73fde545a8e73714f976d5747784a1fd9441b7d8e514924f3ce458e54851721d99b75e229dc4fb75c245fb3e6170f95314fb342a9402a412752efc273d00ad658c92bc957109df7855926fc7e9c4871fc9904c562da00045da47110203010001300d06092a864886f70d0101050500038201010047286c6988858644d6549f99af2ae3cd8393bcf5fcca83551a8d46154ab3953026767181292573515c6b9ea7d69d5e236bda06da67c40f8ee2d82d6ebbff9c40cf94f8b19996c8a9ac8b08c7bd4f11494325ef08e2f7a04824b1bf2aa0827ed02158f399d245d5d47ad34dcecc27bf505068cf2430784a6c9f2669d0d1d0921b632c32a84a397f7096ef1ecbac8d703a886dff922a085239386c41ba7450d7e03ba03d60aa4c79c4994358a6f41f89ff87b9f6a073b55589f3b55a636bbabc65777691142940d5367dbb1f3629eff7c6d00abc44392d79264c834525b261f7c958712171ff6c94dce6df90b24bf810cc28e4d8939b5988cbcbd92174f9202f8e
tgLRb4bjuZVA8xvQ9uHNs8UtpBIOiUcagzvtKyyfCofk5U5sNb54GgVVYxa6p4A1ObdJv1jjlUOnzR8keX5LsAM4Ia7xeqiFh0GER4l0ulVChy
1b341ffe23b5298676d535fcabd3d0d7
308201e53082014ea00302010202044f173620300d06092a864886f70d01010505003037310b30090603550406130255533110300e060355040a1307416e64726f6964311630140603550403130d416e64726f6964204465627567301e170d3132303131383231313430385a170d3432303131303231313430385a3037310b30090603550406130255533110300e060355040a1307416e64726f6964311630140603550403130d416e64726f696420446562756730819f300d06092a864886f70d010101050003818d0030818902818100b0270c96325dcb34ce75c5f27e58a6e39750d3fb81baa35e920ad1410f7471386b7f3a546e15a6d16069544c0af8cb3c6ad267d67c15c3b979329d782c54e6fa4ada9d47155c934f95bcf744f87f1a917971d401540c7fd5d29540bace27d494d2b2ec92170510544c0219ad444ce5561b7cc7ecd1a654b5ae5340b18ba6b9c90203010001300d06092a864886f70d01010505000381810099f61c4c0f7b738b8ee284dbe794f316d0621f5573fdf1252aad4f601fa2a88452a9a3666d8d9932b67d19188f8dcf0e9c6a85c80c5a410891f56b692b20db6c521b852ca90b76f77a9bb568743b3e16bd4927b65d6f6ff01aaff584d829a165a51e100613f3e0efe54618eef4ee484e8428f8008563dab9e2ce2ea5abf04dbe

安全提示信息 应用程序记录日志信息,不得记录敏感信息 

应用程序记录日志信息,不得记录敏感信息
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs

Files:
bin/mt/signature/KillerApplication.java, line(s) 116,126,161
bsh/CommandLineReader.java, line(s) 21
bsh/Console.java, line(s) 11,18,8
bsh/Interpreter.java, line(s) 187,197,199,201,233,266,268,270
bsh/Parser.java, line(s) 3008
bsh/Remote.java, line(s) 43,47,29,40,74,83,85,87,89,126
bsh/SimpleNode.java, line(s) 32
bsh/classpath/BshClassPath.java, line(s) 436,450,459,662
bsh/classpath/ClassManagerImpl.java, line(s) 205
bsh/util/ClassBrowser.java, line(s) 449,459
bsh/util/Httpd.java, line(s) 23
bsh/util/HttpdConnection.java, line(s) 77,109
bsh/util/JConsole.java, line(s) 275
bsh/util/JDemoApplet.java, line(s) 26,29
bsh/util/Sessiond.java, line(s) 22
bsh/util/SessiondConnection.java, line(s) 29
com/afollestad/materialdialogs/MaterialDialog.java, line(s) 1888
com/amazonaws/logging/AndroidLog.java, line(s) 35,42,49,56,62,67,72,77,82,107,114
com/araujo/jordan/excuseme/AutoPermissionHandler.java, line(s) 162
com/araujo/jordan/excuseme/ExcuseMe.java, line(s) 237,249
com/arlosoft/macrodroid/action/AndroidWearAction.java, line(s) 171,191
com/arlosoft/macrodroid/action/ForwardSMSAction.java, line(s) 120
com/arlosoft/macrodroid/action/LaunchAppActivityAction.java, line(s) 165
com/arlosoft/macrodroid/action/MakeCallAction.java, line(s) 287
com/arlosoft/macrodroid/action/RecordMicrophoneAction.java, line(s) 340
com/arlosoft/macrodroid/action/SetBluetoothAction.java, line(s) 311
com/arlosoft/macrodroid/action/SetWallpaperAction.java, line(s) 572
com/arlosoft/macrodroid/action/hotspot/MyOreoWifiManager.java, line(s) 72
com/arlosoft/macrodroid/action/services/AndroidWearService.java, line(s) 158
com/arlosoft/macrodroid/action/services/UploadLocationService.java, line(s) 56
com/arlosoft/macrodroid/action/services/UploadMessageService.java, line(s) 56
com/arlosoft/macrodroid/action/services/UploadPhotoService.java, line(s) 54
com/arlosoft/macrodroid/celltowers/CellTowerGroupStore.java, line(s) 76
com/arlosoft/macrodroid/common/MacroDroidVariableStore.java, line(s) 304
com/arlosoft/macrodroid/drawer/ui/DrawerLogViewHolder.java, line(s) 436,480
com/arlosoft/macrodroid/drawer/ui/DrawerOptionsActivity.java, line(s) 823,825
com/arlosoft/macrodroid/scene/display/SceneDesignerActivity.java, line(s) 2310
com/arlosoft/macrodroid/scene/display/SceneOverlayDisplayService.java, line(s) 810
com/arlosoft/macrodroid/triggers/activities/LocationChooserActivity.java, line(s) 283
com/arlosoft/macrodroid/triggers/activities/LocationChooserOSMActivity.java, line(s) 273
com/arlosoft/macrodroid/triggers/activities/ScanTagActivity.java, line(s) 94,55
com/arlosoft/macrodroid/triggers/services/NFCTriggeredService.java, line(s) 52
com/arlosoft/macrodroid/uicomponent/htmltextview/HtmlAssetsImageGetter.java, line(s) 28
com/arlosoft/macrodroid/uicomponent/htmltextview/HtmlHttpImageGetter.java, line(s) 131
com/arlosoft/macrodroid/uicomponent/htmltextview/HtmlResImageGetter.java, line(s) 27
com/arlosoft/macrodroid/upgrade/billing/BillingDataSource.java, line(s) 500,520,875,890,895,922,933,983,994,1001,1452,1504,879,898,1489,1501,867,901
com/arlosoft/macrodroid/upgrade/billing/b.java, line(s) 42,47,61,24,39,51,65
com/arlosoft/macrodroid/utils/FileUtils.java, line(s) 143
com/arlosoft/macrodroid/utils/RootHelper.java, line(s) 30
com/arlosoft/macrodroid/utils/SingleLiveEvent.java, line(s) 40
com/arlosoft/macrodroid/widget/DragLinearLayout.java, line(s) 604
com/fingerprints/service/FingerprintManager.java, line(s) 391,111,426,444,456,515,542,544,572,606
com/firebase/ui/auth/AuthUI.java, line(s) 865,193,282,644,700,922,925,997
com/firebase/ui/auth/data/remote/GoogleSignInHandler.java, line(s) 94
com/firebase/ui/auth/ui/email/EmailLinkFragment.java, line(s) 58
com/firebase/ui/auth/util/CredentialUtils.java, line(s) 20,24
com/firebase/ui/auth/util/data/TaskFailureLogger.java, line(s) 17
com/firebase/ui/auth/viewmodel/ResourceObserver.java, line(s) 69
com/firebase/ui/auth/viewmodel/email/EmailProviderResponseHandler.java, line(s) 56,92
com/firebase/ui/auth/viewmodel/smartlock/SmartLockHandler.java, line(s) 58,37
com/getpebble/android/kit/PebbleKit.java, line(s) 70
com/giphy/sdk/core/network/engine/DefaultNetworkSession.java, line(s) 137
com/giphy/sdk/core/threading/ApiTask.java, line(s) 119
com/github/javiersantos/licensing/APKExpansionPolicy.java, line(s) 41,57,75,88
com/github/javiersantos/licensing/LibraryChecker.java, line(s) 106,131,136,145,194,53,64,69,77,170,183,188,174,252
com/github/javiersantos/licensing/PreferenceObfuscator.java, line(s) 31
com/github/javiersantos/licensing/ServerManagedPolicy.java, line(s) 35,51,69,82
com/github/javiersantos/licensing/util/URIQueryDecoder.java, line(s) 29
com/github/javiersantos/piracychecker/PiracyChecker.java, line(s) 659
com/h6ah4i/android/widget/advrecyclerview/draggable/RecyclerViewDragDropManager.java, line(s) 354
com/h6ah4i/android/widget/advrecyclerview/draggable/c.java, line(s) 177
com/hihonor/android/facerecognition/HwFaceManagerFactory.java, line(s) 30,36,40,44,47
com/huawei/facerecognition/HwFaceManagerFactory.java, line(s) 20,25,29,33,36
com/iab/omid/library/giphy/d/c.java, line(s) 11
com/jaredrummler/android/colorpicker/ColorPickerDialog.java, line(s) 454,467
com/koushikdutta/async/AsyncNetworkSocket.java, line(s) 184
com/koushikdutta/async/AsyncServer.java, line(s) 83,111,300,1022,162,165,168,185,657,691,732,798
com/koushikdutta/async/ByteBufferList.java, line(s) 509
com/koushikdutta/async/PushParser.java, line(s) 223
com/koushikdutta/async/Util.java, line(s) 208
com/koushikdutta/async/http/AsyncHttpRequest.java, line(s) 184,191,192,199,212
com/koushikdutta/async/http/HybiParser.java, line(s) 374
com/koushikdutta/async/http/cache/b.java, line(s) 62
com/koushikdutta/async/http/server/AsyncHttpServerRequestImpl.java, line(s) 79
com/koushikdutta/ion/Ion.java, line(s) 467,468,470
com/koushikdutta/ion/bitmap/IonBitmapCache.java, line(s) 164,165,181,182,183
com/koushikdutta/ion/conscrypt/ConscryptMiddleware.java, line(s) 57
com/koushikdutta/ion/cookie/CookieMiddleware.java, line(s) 109
com/koushikdutta/ion/gif/GifDecoder.java, line(s) 402
com/koushikdutta/ion/k.java, line(s) 7
com/koushikdutta/ion/l.java, line(s) 556
com/miguelbcr/ui/rx_paparazzo2/entities/FileData.java, line(s) 47,50
com/miguelbcr/ui/rx_paparazzo2/interactors/GetPath.java, line(s) 90
com/miguelbcr/ui/rx_paparazzo2/interactors/ImageUtils.java, line(s) 62,225
com/miguelbcr/ui/rx_paparazzo2/interactors/SaveFile.java, line(s) 58
com/samsung/android/sdk/pass/Spass.java, line(s) 53
com/samsung/android/sdk/pass/SpassFingerprint.java, line(s) 210,215,231,322,357,628,151,186,367,378,569,650
com/samsung/android/sdk/pass/support/SdkSupporter.java, line(s) 32
com/samsung/android/sdk/pass/support/v1/FingerprintManagerProxyFactory.java, line(s) 73
com/stericson/RootShell/RootShell.java, line(s) 326,331
com/stericson/RootShell/containers/RootClass.java, line(s) 230,143,227,296
com/stericson/RootTools/RootTools.java, line(s) 246
com/stericson/RootTools/internal/RootToolsInternalMethods.java, line(s) 314,319,324
com/stericson/RootTools/internal/Runner.java, line(s) 41
com/stericson/RootTools/internal/a.java, line(s) 32,41,72,79
com/sun/activation/registries/LogSupport.java, line(s) 25,32
com/sun/mail/imap/protocol/BODYSTRUCTURE.java, line(s) 40,44,52,65,69,75,80,88,93,100,105,109,117,123,131,138,151,155,160,168,172,176,182,191,195,203,216,221,227,239,247,256,260,270,276,284,291,299,326,336,343,347
com/sun/mail/imap/protocol/ENVELOPE.java, line(s) 31,50,54,57,61,65,69,73,77,82,86,110
com/tbruyelle/rxpermissions2/RxPermissionsFragment.java, line(s) 49
com/tencent/soter/core/model/SLogger.java, line(s) 24,33,56
com/twofortyfouram/locale/sdk/host/TaskerPlugin.java, line(s) 299,183,204,208,219,240,253,273,278
com/twofortyfouram/log/Lumberjack.java, line(s) 140,134,137,143
com/yalantis/ucrop/UCropActivity.java, line(s) 534
com/yalantis/ucrop/task/BitmapCropTask.java, line(s) 95
com/yalantis/ucrop/task/BitmapLoadTask.java, line(s) 177,191,198,230
com/yalantis/ucrop/util/BitmapLoadUtils.java, line(s) 102,112
com/yalantis/ucrop/util/FileUtils.java, line(s) 76
com/yalantis/ucrop/util/ImageHeaderParser.java, line(s) 160,172,182,202,220,222,240,245,252,258,274,277,294,297
com/yalantis/ucrop/view/TransformImageView.java, line(s) 63,236
crashguard/android/library/e5.java, line(s) 45,44
crashguard/android/library/n0.java, line(s) 43,125
curtains/view/WindowManagerSpy.java, line(s) 64,125
dagger/android/AndroidInjection.java, line(s) 47
de/greenrobot/event/EventBus.java, line(s) 124,133,135,477
de/greenrobot/event/b.java, line(s) 47
de/greenrobot/event/util/AsyncExecutor.java, line(s) 88
de/greenrobot/event/util/ErrorDialogManager.java, line(s) 163
dev/skomlach/biometric/compat/engine/internal/face/lava/FaceVerifyManager.java, line(s) 112,118,133,150,154,203,209
dev/skomlach/biometric/compat/utils/logging/BiometricLoggerImpl.java, line(s) 72,87
dev/skomlach/common/logging/LogCat.java, line(s) 77,98
eu/davidea/fastscroller/FastScroller.java, line(s) 391
eu/davidea/flexibleadapter/SelectableAdapter.java, line(s) 93
eu/davidea/flexibleadapter/common/FlexibleItemAnimator.java, line(s) 465,473
eu/davidea/flexibleadapter/helpers/ActionModeHelper.java, line(s) 120,129
eu/davidea/flexibleadapter/helpers/StickyHeaderHelper.java, line(s) 86,217,322,289,165,168,62
eu/davidea/flexibleadapter/helpers/UndoHelper.java, line(s) 123,150,156,163,47,92,109
eu/davidea/flexibleadapter/utils/Log.java, line(s) 56,62,68,74,120,126,132,138
eu/davidea/flexibleadapter/utils/Logger.java, line(s) 19,25,12,18,24,30,31,36,42,48,54,60,43,49,55,61
eu/davidea/viewholders/FlexibleViewHolder.java, line(s) 86,99,118,128,131,164,177,174
fi/iki/elonen/util/ServerRunner.java, line(s) 15,18,24
io/github/rosemoe/sora/graphics/GraphicTextRow.java, line(s) 341
io/github/rosemoe/sora/lang/analysis/AsyncIncrementalAnalyzeManager.java, line(s) 419
io/github/rosemoe/sora/lang/analysis/SimpleAnalyzeManager.java, line(s) 90
io/github/rosemoe/sora/lang/format/AsyncFormatter.java, line(s) 51
io/github/rosemoe/sora/lang/styling/StylesUtils.java, line(s) 23,44,51,60,65
io/github/rosemoe/sora/text/SpanRecycler.java, line(s) 32,40,37
io/github/rosemoe/sora/util/Logger.java, line(s) 36,40,44,48,52,56,67,71,75,79
io/github/rosemoe/sora/util/ViewUtils.java, line(s) 30
io/github/rosemoe/sora/widget/CodeEditor.java, line(s) 430,658,696,793,2063,2326,2456,2793,3105,768
io/github/rosemoe/sora/widget/EditorRenderer.java, line(s) 1653,1660
io/github/rosemoe/sora/widget/component/EditorAutoCompletion.java, line(s) 126
io/github/rosemoe/sora/widget/component/Magnifier.java, line(s) 62
io/github/rosemoe/sora/widget/snippet/SnippetController.java, line(s) 511
io/grpc/android/AndroidChannelBuilder.java, line(s) 116,223,226,230
io/grpc/internal/z.java, line(s) 1747
io/grpc/okhttp/internal/Platform.java, line(s) 461
me/drakeet/support/toast/a.java, line(s) 44,39
me/weishu/reflection/BootstrapClass.java, line(s) 21
me/zhanghai/android/materialprogressbar/BaseProgressLayerDrawable.java, line(s) 80
me/zhanghai/android/materialprogressbar/MaterialProgressBar.java, line(s) 267,271,406
net/dinglisch/android/tasker/TaskerPlugin.java, line(s) 319,180,201,205,216,237,250,270,275
org/altbeacon/beacon/logging/c.java, line(s) 19,24,29,34,47,52
org/altbeacon/beacon/logging/d.java, line(s) 21,26,31,36,51,56
org/altbeacon/beacon/logging/e.java, line(s) 19,24,45,50
org/joni/WarnCallback.java, line(s) 13
org/joni/bench/AbstractBench.java, line(s) 13,20,28,39,41
org/joni/f.java, line(s) 496,590
org/lsposed/hiddenapibypass/HiddenApiBypass.java, line(s) 90,363
org/metalev/multitouch/controller/MultiTouchController.java, line(s) 373
org/osmdroid/config/DefaultConfigurationProvider.java, line(s) 164
org/osmdroid/tileprovider/MapTileCache.java, line(s) 127
org/osmdroid/tileprovider/MapTileProviderBase.java, line(s) 87,304,311
org/osmdroid/tileprovider/cachemanager/CacheManager.java, line(s) 353,208
org/osmdroid/tileprovider/modules/ArchiveFileFactory.java, line(s) 39,42,45
org/osmdroid/tileprovider/modules/DatabaseFileArchive.java, line(s) 69,84,102
org/osmdroid/tileprovider/modules/GEMFFileArchive.java, line(s) 46
org/osmdroid/tileprovider/modules/MBTilesFileArchive.java, line(s) 52
org/osmdroid/tileprovider/modules/MapTileFilesystemProvider.java, line(s) 44,40
org/osmdroid/tileprovider/modules/MapTileModuleProviderBase.java, line(s) 170,247
org/osmdroid/tileprovider/modules/MapTileSqlCacheProvider.java, line(s) 44,40
org/osmdroid/tileprovider/modules/OfflineTileProvider.java, line(s) 22
org/osmdroid/tileprovider/modules/SqlTileWriter.java, line(s) 145,234,441,528,579,587,389,404
org/osmdroid/tileprovider/modules/SqliteArchiveTileWriter.java, line(s) 48,148,63,72
org/osmdroid/tileprovider/modules/TileDownloader.java, line(s) 102,275,409,487,621,164,134,185,202,226,249,329,346,365,383,427,443,461,479,549,568,589,609
org/osmdroid/tileprovider/modules/TileWriter.java, line(s) 222
org/osmdroid/tileprovider/modules/ZipFileArchive.java, line(s) 65,82
org/osmdroid/tileprovider/tilesource/BitmapTileSourceBase.java, line(s) 81,115,119,124,79
org/osmdroid/tileprovider/tilesource/CloudmadeTileSource.java, line(s) 24,48
org/osmdroid/tileprovider/util/ManifestUtil.java, line(s) 15,22,25
org/osmdroid/tileprovider/util/StorageUtils.java, line(s) 300,310
org/osmdroid/views/MapView.java, line(s) 459,346,355,357,361,349
org/osmdroid/views/overlay/DefaultOverlayManager.java, line(s) 108,388
org/osmdroid/views/overlay/NonAcceleratedOverlay.java, line(s) 51
org/osmdroid/views/overlay/TilesOverlay.java, line(s) 213,216
org/osmdroid/views/overlay/gridlines/LatLonGridlineOverlay.java, line(s) 150,156,185,190,206,218,250,385
org/osmdroid/views/overlay/infowindow/BasicInfoWindow.java, line(s) 48,65
org/osmdroid/views/overlay/infowindow/InfoWindow.java, line(s) 129
org/osmdroid/views/overlay/infowindow/MarkerInfoWindow.java, line(s) 33
org/osmdroid/views/overlay/mylocation/GpsMyLocationProvider.java, line(s) 112,68,128
rikka/shizuku/Shizuku.java, line(s) 450,456,458
rikka/shizuku/ShizukuProvider.java, line(s) 42,101,126
rikka/shizuku/SystemServiceHelper.java, line(s) 25,35
rx/android/app/a.java, line(s) 29
rx/internal/util/IndexedRingBuffer.java, line(s) 76
rx/internal/util/RxRingBuffer.java, line(s) 49
rx/plugins/RxJavaHooks.java, line(s) 439
splitties/toast/a.java, line(s) 35
timber/log/Timber.java, line(s) 44,62
xyz/kumaraswamy/autostart/Autostart.java, line(s) 75,42

安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密 

应用程序可以写入应用程序目录。敏感信息应加密


Files:
com/giphy/sdk/analytics/GiphyPingbacks.java, line(s) 57,57
com/giphy/sdk/ui/GPHRecentSearches.java, line(s) 32,32
com/giphy/sdk/ui/GiphyRecents.java, line(s) 36,36
splitties/preferences/PreferencesStorageKt.java, line(s) 55,55

安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 

此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard

Files:
com/giphy/sdk/ui/views/GPHMediaActionsView.java, line(s) 4,176,177
io/github/rosemoe/sora/widget/CodeEditor.java, line(s) 6,2058

安全提示信息 邮件服务器 

邮件服务器


Files:
com/arlosoft/macrodroid/action/email/withpassword/GMailSender.java, line(s) 28,109

安全提示信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 

此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard

Files:
com/arlosoft/macrodroid/triggers/ClipboardChangeTrigger.java, line(s) 81,5

安全提示信息 应用与Firebase数据库通信 

该应用与位于 https://macrodroid-production.firebaseio.com 的 Firebase 数据库进行通信

已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 

此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4

Files:
com/arlosoft/macrodroid/app/di/NetworkingModule.java, line(s) 89,121,132,143,154,165,176,187,197,208,219,230,241,252
com/koushikdutta/async/AsyncSSLSocketWrapper.java, line(s) 262,212,261,260,260
com/koushikdutta/ion/Ion.java, line(s) 105,110,172,243,283
com/sun/mail/util/MailSSLSocketFactory.java, line(s) 38,37,79,36
crashguard/android/library/q.java, line(s) 33,29,31,33,27,19,30,30
fi/iki/elonen/NanoHTTPD.java, line(s) 1510,1488,1508,1510,1507,1507
io/grpc/okhttp/OkHttpChannelBuilder.java, line(s) 395,478,479,368,394,492,391,393,393
io/grpc/okhttp/OkHttpServerBuilder.java, line(s) 235,236,249
io/grpc/util/AdvancedTlsX509TrustManager.java, line(s) 167,166,244,165,165,183

已通过安全项 此应用程序可能具有Root检测功能 

此应用程序可能具有Root检测功能
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1

Files:
com/arlosoft/macrodroid/accessibility/AccessibilityServiceMonitor.java, line(s) 112
com/arlosoft/macrodroid/action/CloseApplicationAction.java, line(s) 384
com/arlosoft/macrodroid/action/ConfigureAppNotificationsAction.java, line(s) 236
com/arlosoft/macrodroid/root/RootToolsHelper.java, line(s) 46
com/stericson/RootTools/SanityCheckRootTools.java, line(s) 184,354

已通过安全项 Firebase远程配置已禁用 

Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/1032558389409/namespaces/firebase:fetch?key=AIzaSyDld0rmBm4u9kufAY0m7i6aBaINVvod58M ) 已禁用。响应内容如下所示:

响应码是 403

综合安全基线评分总结

应用图标

MacroDroid v5.54.4

Android APK
46
综合安全评分
中风险