导航菜单
登录 注册

应用安全检测报告

应用安全检测报告,支持文件搜索、内容检索和AI代码分析

移动应用安全检测报告

应用图标

보안프로그램 v3.5.2

Android APK 6bfccb19...
47
安全评分

安全基线评分

47/100

中风险

综合风险等级

风险等级评定
  1. A
  2. B
  3. C
  4. F

应用存在一定安全风险,建议优化

漏洞与安全项分布

1 高危
17 中危
2 信息
0 安全

隐私风险评估

2
第三方跟踪器

中等隐私风险
检测到少量第三方跟踪器


检测结果分布

高危安全漏洞 1
中危安全漏洞 17
安全提示信息 2
已通过安全项 0
重点安全关注 0

高危安全漏洞 应用可被调试 

[android:debuggable=true]
应用开启了可调试标志,攻击者可轻易附加调试器进行逆向分析,导出堆栈信息或访问调试相关类,极大提升被攻击风险。

中危安全漏洞 应用已启用明文网络流量 

[android:usesCleartextTraffic=true]
应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。

中危安全漏洞 Service (com.yaowan.code.phone.CallService) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_INCALL_SERVICE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Activity (com.yaowan.code.phone.CallActivity) 未受保护。 

存在 intent-filter。
检测到  Activity 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Activity 被显式导出,存在安全风险。

中危安全漏洞 Activity (com.yaowan.code.activity.MainNActivity) 未受保护。 

存在 intent-filter。
检测到  Activity 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Activity 被显式导出,存在安全风险。

中危安全漏洞 Service (com.yaowan.code.service.RecorderService) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_ACCESSIBILITY_SERVICE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (com.yaowan.code.service.MyAccessService) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_ACCESSIBILITY_SERVICE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 高优先级 Intent(1000) - {2} 个命中 

[android:priority]
通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。

中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 

应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2

Files:
com/yaowan/code/db/RecorderFileLoader.java, line(s) 6,154
com/yaowan/code/db/RecordingDB.java, line(s) 4,58,59,63,64,68,69,73,74,78,83
com/yaowan/code/helper/SQLiteCacheHelper.java, line(s) 6,7,8,9,25
com/yaowan/code/utils/SQLiteCacheHelper.java, line(s) 6,7,8,9,28

中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 

应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage

Files:
com/pedro/encoder/utils/YUVUtil.java, line(s) 505
com/yaowan/code/album/compress/Luban.java, line(s) 489
com/yaowan/code/album/tools/PictureFileUtils.java, line(s) 234,242,250,270,330,382,420,431,431,435,564,171,172,337,422
com/yaowan/code/base/BaseActivity.java, line(s) 165
com/yaowan/code/helper/LogHelper.java, line(s) 91
com/yaowan/code/helper/RecorderHelper.java, line(s) 63,65
com/yaowan/code/helper/RecorderShortHelper.java, line(s) 123,125
com/yaowan/code/receiver/PhoneCallReceiver.java, line(s) 134
com/yaowan/code/utils/MyCrashHandler.java, line(s) 62,63
m33s/ra03/bsrdr.java, line(s) 332

中危安全漏洞 应用程序使用不安全的随机数生成器 

应用程序使用不安全的随机数生成器
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators

Files:
com/github/faucamp/simplertmp/io/RtmpConnection.java, line(s) 33
com/github/faucamp/simplertmp/packets/Handshake.java, line(s) 10
com/lm/keeplive/config/NotificationUtils.java, line(s) 14
com/pedro/rtsp/rtp/packets/BasePacket.java, line(s) 10
com/yaowan/code/utils/NotificationUtils.java, line(s) 13

中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 

文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10

Files:
com/yaowan/code/BuildConfig.java, line(s) 18
com/yaowan/code/album/config/PictureConfig.java, line(s) 25
com/yaowan/code/common/Constants.java, line(s) 25
com/yaowan/code/phone/TelecomAdapter.java, line(s) 10

中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件 

应用程序创建临时文件。敏感信息永远不应该被写进临时文件


Files:
com/yaowan/code/helper/RecorderHelper.java, line(s) 77
com/yaowan/code/helper/RecorderShortHelper.java, line(s) 137

中危安全漏洞 IP地址泄露 

IP地址泄露


Files:
com/yaowan/code/BuildConfig.java, line(s) 10,15
com/yaowan/code/common/URL.java, line(s) 17

中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞 

不安全的Web视图实现。可能存在WebView任意代码执行漏洞
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5

Files:
m33s/ra03/bsrdr.java, line(s) 199,203

中危安全漏洞 应用程序包含隐私跟踪程序 

此应用程序有多个2隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。

中危安全漏洞 此应用可能包含硬编码机密信息 

从应用程序中识别出以下机密确保这些不是机密或私人信息
高德地图的=> "com.amap.api.v2.apikey" : "6e6cd3e4c854fcca8b3bdebadfd49b19"
eXBbeHR2Y354eUJnc3ZjcmQ7N3ByY1t2ZGNceXhgeVt4dHZjfnh5
fmRTcnF2YntjU352e3JlOzd6VHh5Y3JvYzd
dHh5Y3JvYzs3RTlldmA5ZHJnfnZIcWV2cHpyeWM
e3I3ZXJ2c355cDdlcnp2fnlzcmU3eHE3RCU7N3JvZ3J0Y3JzNyYiJS83dW5jcmQ7N3ViYzd4eXtuN2VydnM3
enI3XllDUlBSRTs3YmdzdmNyY356cjdeWUNSUFJFOzdkY3ZjYmQ3Q1JPQzdZWEM3WUJbWzc7N0dFXlpWRU43XFJONz9
UmVleGU3dHh5cX5wYmVyN2RjZXJ2ejs3Z2J1e35kfzdncmV6fmNjcnM3cXZ
dHh5Y3JvYzs3RTlldmA5dXJ2YmNuSHFldnB6cnljPg
Ymd7eHZzRXJ0eGVzfnlwUX57cjdzcntyY3JUeHp6dnlzRXJ0eGVzfnlwVW5eczdlcmMt
dHh6OXZ5c2V4fnM5cm9jcmV5dntkY3hldnByOXN4dGJ6cnljZA
VHh7eGVFfnlwQ39lcnZzOWVieTdyb3RyZ2N
cnB7VGVydmNyVHh5Y3JvYzdFUFUvLy88ZXJ0eGVzdnV7cjdSRCU
f3Z5c3tyRW9HdnR8cmNbeHhnPz4tN0RjZXJ2ejdSWFE3ZXJ2dH9yczs3dHt4ZH55cDdFQ1pHN2BlfmNyZTk5OQ
UVpbUjgkOSc3P3R4emd2Y351e3IsN1t2YXEiIDkiITkmJyY
dHh5Y3JvYzs3RTlldmA5Z35vcnt2Y3JzSHFldnB6cnljPg
czlkcmNjfnlwZDlFUkZCUkRDSF5QWVhFUkhVVkNDUkVOSFhHQ15aXk1WQ15YWUQ
dHh5Y3JvYzs3RTlldmA5YHZjcmV6dmV8SGFyZWNybz4
czlncmV6fmRkfnh5OURORENSWkhWW1JFQ0hAXllTWEA
dHh5Y3JvYzs3RTlldmA5YHZjcmV6dmV8SHFldnB6cnljPg
eWM3enZ7cXhlenJzOzdkf3hie3M3dXItN2VjZGctODh
VEVSVkNSN0NWVVtSN15RN1lYQzdST15EQ0Q3e356fmNIZ394eXJIeWJ6dXJlNz9
eHlUdnt7RGN2Y3JUf3Z5cHJzOzfxmbL
YHI3dmVyN3RiZWVyeWN7bjdgZX5jfnlwNzo3YHZ
dHh5Y3JvYzs3RTlldmA5cGVybkhkdHZ7ckhxZXZwenJ5Yz4
eXA3YXJ0JDdhSGNyb1R4eGVzZCx2Y2NlfnViY3I3YXJ0JDd2SGNyb1R4eGVzZCxheH5zN3p2fnk
eXBbeHR2Y354eUJnc3ZjcmQ7N2VyZmJyZGNbeHR2Y354eUJnc3ZjcmQ3Z3hkYzdjeDd
czljcntydHh6OXZ0Y354eTlUX1ZZUFJIU1JRVkJbQ0hTXlZbUkU
dHI5eHlUdnt7RXJ6eGFyczs3VHZ7e1VuXnM3fmQ3cnpnY24
VEVSVkNSN0NWVVtSN15RN1lYQzdST15EQ0Q3dHh6enZ5c0hlcnR4ZXN
VHZicH9jN15YUm90cmdjfnh5N3NiZX55cDdgZX5jcjd7eHhnOzdkf2JjY355cDdzeGB5LTc
W1NIW15VRVZFTkhHVkNfKjhhcnlzeGU4e351LThkbmRjcno4e351Nw
cyomIiw3enhzcipWVlQ6f3VlLDd0eHlxfnAq
cTdRW1ZQSEBeWVNYQEhSU1BSSFteWl5DREhSWVZVW1I3eGU3UVtWUEhAXllTWEBIUlNQUkhDXltSSFJZVlVbUjd
YmdzdmNyVHh6enZ5c0VydHhlc355cERjdmNiZDdxfntyWXZ6cjd
c3JlOXRlbmdjeDlEX1YmR0VZUEhEcnRiZXJFdnlzeHpeemd7
ZFp2b0Rye3J0Y1J5dnV7cnNadmR8Kg
cHJjVGJlZXJ5Y1t4dHZjfnh5OzdZeDd7eHR2Y354eTdlcnRyfmFyczducmM5
eXA3P35zN15ZQ1JQUkU3OzdjbmdyN0NST0M3WVhDN1lCW1s7N2d
eHk3XllDUlBSRTdZWEM3WUJbWzdTUlFWQltDNyc7N2d2Y383Q1JPQzc7N3RlcnZjcmN
dHhnbn55cDdzfnByZGM3eHFxZHJjN3VuY3JkN355N2d2ZWNVcnF4ZXJTfnByZGM
eXBbeHR2Y354eUJnc3ZjcmQ7N3F2fns3Y3g3ZXJmYnJkYzd7eHR2Y354eTdiZ3N2Y3I
GblfGBuvKZiPKMtz47N3R2YmRyLTc
eHlyWWJ6dXJlN0NST0M3WVhDN1lCW1s7N3NiZXZjfnh5N15ZQ1JQUkU3WVhDN1lCW1s3U1JRVkJbQzcnOzdndmN
JyYlJCMiISAvLlZVVFNSUVBfXl1cW1pZWEdGRURDQkFAT05NdnV0c3JxcH9
cm9ydGJjckJnc3ZjclR2e3tbeHA7N3pUdnt7W3hwW35kY0R
cHJjVnNzZXJkZFFleHpbeHR2Y354eTs3UmVleGUtNw
eXBbeHR2Y354eUJnc3ZjcmQ7N3pWdGN
Qnlyb2dydGNyczdSWFE3ZXJ2dH9yczd1cnF4ZXI3ZXJ2czd1YnFxcmU3YHZkN3F
eXVTeyN7cEMhInlmdnsub1lcLkB1W2NwXGB7IG4jU34
eHk5Q39yN3l4Y35xfnR2Y354eTdnZXJhcnljZDdWeXNleH5zcWV4ejd8fnt7fnlwN254YmU3ZHJlYX50cjd
OzdUVltbSFFYRUBWRVNeWVA7N35kRH94YC03
N254YmU3YX5yYDdjeDdjf3I3cH5hcnk3cWV2enI3fnk3dGVydmNyVnlzVmNjdnR
eXBbeHR2Y354eUJnc3ZjcmQ7N3ljZ1J5dnV7ci03
OzdjfnpyZGN2emc3Ojdkf3hgRGN2eXNYYmNAfnlzeGBDfnpyZGN2emctNw
Vnk3cmVleGU3eHR0YmVyczdgf357cjdlcmNlfnJhfnlwN3N2Y3Y3cWV4ejddRFhZVmVldm4
cy1mYnJlbjp2ZXA6ZGZ7OmR4ZWM6eGVzcmU
RXJ0eGVzfnlwVHhieWNTeGB5Q356cmU3eHlRfnl
dHh5Y3JvYzs3RTlldmA5ZH56Z3tySHFldnB6cnljPg
ZXJ2e3oqNT85PD41O0tkPHl4eXRyKjU
Vnk3cmVleGU3eHR0YmVyczdgf357cjdlcmNlfnJhfnlwN3N2Y3Y3cWV4ejddRFhZQ3h8cnlyZQ
dHh5Y3JvYzs3RTlldmA5cnZle251fmVzSHFldnB6cnljPg
VHZ6cmV2JlZnflp2eXZwcmU3eXJyczd1cjdnZXJndmVyczs3VHZ6cmV2JlZnflp2eXZwcmU3eXhjN3J5dnV7cnM
e3I3ZXJ2c355cDdEJjs3cm9ncnRjcnM3JiIkITd1bmNyZDs3dWJjN3h5e243ZXJ2czc
cm90cmdjfnh5OzdnZXJndmVyRXJ0eGVzcmU7N1pyc352RXJ0eGVzcmU3Z2VyZ3ZlcjdeWFJvdHJnY354eTctNw
Qnl8eXhgeTd6cmRkdnByN2NuZ3I3dW5jci03
dHh5Y3JvYzs3RTlldmA5dHZ6cmV2SHFldnB6cnljPg
eHlyN0NST0M3WVhDN1lCW1s7N2NuZ3I3Q1JPQzdZWEM3WUJbWzs3R0VeWlZFTjdcUk43P35zPjc
Y2V2eWRneGVjN3l4Yzd4Z3J5Nzo3c3JxcmVlfnlwN3R7eGRy
U0VYRzdDVlVbUjdeUTdST15EQ0Q3dHh6enZ5c0hlcnR4ZXN
dHh6OXZ5c2V4fnM5Z2V4YX5zcmVkOXN4YHl7eHZzZDlzeHRienJ5Y2Q
dHI5eHlUdnt7RXJ6eGFyczs3fmRTfmR0eHl5cnRjLTc
VCU3dHZ5eXhjN3VyN2BlfmNjcnk3YH5jf3hiYzdEJjd1cn55cDdlcnZzN3F
dHh5Y3JvYzs3RTlldmA5ZX5nZ3tySHFldnB6cnljPg
N0NST0M3Ozd0ZXJ2Y3JjfnpyN15ZQ1JQUkU7N2Jnc3ZjcmN
Qnl8eXhgeThieX56Z3tyenJ5Y3JzN1ZaUTdzdmN2N2NuZ3ItNw
eXA3dHZ7ezd5eGM3Z2VyYX54YmR7bjdzfmR0eHl5cnRjcnM3
eWRjdnl0cjd4cTdEY3Z5c1hiY1t2bnhiY0d2ZXZ6ZDk
eHk3YXZ7YnI3YnlkYmdneGVjcnM7N2Rye3J0YzdhdnticjcnOzcuJzs3Ji8nN3hlNyUgJw
Ymd7eHZzU3JhfnRyXnlxeDs3ZXJjemRwLQ
VmJzfnhSeXR4c3JlN3lycnM3dXI3Z2VyZ3ZlcnM7N1Zic354Unl0eHNyZTd5eGM3cnl2dXtycw
dHh5Y3JvYzs3RTlldmA5cm9neGRiZXJIcWV2cHpyeWM
OzdUVltbSFVbVlRcW15EQzs3ZHZhcnNZYnp1cmVFcnZ7LTc
Vnk3cmVleGU3eHR0YmVyczdgf357cjdlcmNlfnJhfnlwN3N2Y3Y3cWV4ejddRFhZWHV9cnRj
irU7N3R4ejlkdnpkYnlwOXZ5c2V4fnM5c352e3Jl
VHh7eGVFfnlwQ39lcnZzOzdeWFJvdHJnY354eS03
TnhiN3piZGM3YmRyN3R4eWNyb2M3fnk3Y39yN3R4eWRjZWJ0Y3hlN2N4N3ByYzdkdHZ7cg
dWJjcjdhcnQkN3ZIeXhlenZ7LGJ5fnF4ZXo3enZjIzdiSEFHWnZjZX5vLGJ5fnF4ZXo3YXJ0JDdiSFt
ZHJ5c1xycmdfcnZlY1pkcEN4RHJlYXJlOzd6cmRkdnByLTc
dHh5Y3JvYzs3RTlldmA5dHh5Y2V2ZGNIcWV2cHpyeWM
Q3ZkfDd0dnk3eHl7bjd1cjdyb3J0YmNyczd4eXRyOQ
YHJ1ZHh0fHJjN3R7eGRyczd1cnF4ZXI3YHI3dHhie3M3YGV
fkBGUHUvIllNIUd0e3FQIyNdVkFufVJ6eVhzISVjcVw
WnJzfnZFcnR4ZXNyZTdkY3ZlYzdFYnljfnpyUm90cmdjfnh5LQ
Ymd7eHZzRXJ0eGVzfnlwUX57cjdlcmN6ZHAt
U0VYRzdDVlVbUjdeUTdST15EQ0Q3dHh7eGVIZX55cA
dHh5Y3JvYzs3RTlldmA5dXZkfnRIc3JxeGV6dmN
UmVleGU3dHh5cX5wYmVyN2RjZXJ2ejs3dnR0cmRkN3NyeX5ycw
cXhlejdkdnpne3JlVGJ1cjdiSGNyb15zLGF2ZW5
eHlUdnt7RGN2Y3JUf3Z5cHJzOzfxm5Xxgbo3dXJwfnk7Nw
RUNaRzdAfnlzeGA3VnR8eXhge3JzcHpyeWM3RH5tcg
enI3XllDUlBSRTs3ZGN2Y2JkN0NST0M3WVhDN1lCW1s3OzdHRV5aVkVON1xSTjc
Z09Dek18ZUYifCcibllHXlZPYSMnYkdHVUdYc3Ine0c
TnhiN3piZGM3YmRyN3R4eWNyb2M3fnk3Y39yN3R4eWRjZWJ0Y3hlN2N4N2RyYzd2N2d4ZH5jfnh5
dnk3cmVleGU3eHR0YmVyczdgf3J5N3R4e3tydGM3Z3Z0fHZwcjd
W2NCbl9veXlWYSUjZHN4QSJUQUFVWHNZYm8gW1Nhcnw
czljcntydHh6OXJvY2V2OVRfVllQUkhTUlFWQltDSFNeVltSRUhHVlRcVlBSSFlWWlI
cmFyeWNIZXJxZXJkf0hiZ3t4dnNIfnlxeEhjeEhkcmVhcmU
YnlNfmdWZGRyY2RReHtzcmU7N3JlZXhlLTc
U0VYRzdDVlVbUjdeUTdST15EQ0Q3dHZ7e0hlcnR4ZXN
ZXJkcmNeeX5jRGN2Y3I7N3peZFZic354RGdydnxyZVh5LTc
QH55c3hgQ3hidH9eeXF4N2w3cX5lZGNPKjJzOzdxfmVkY04qMnM7e3ZkY08qMnM7N3t2ZGNOKjJzOzdxfmVkY0B
eXt2dTlhJHp4dX57cmRydGJlfmNuOWR4c3Y
e3h2c1Z7e1pyc352Ozd4eVR4emdlcmRkRXJkYntjOzdkfm1yLTc
N15ZN15HIzcmJSA5JzknOSYaHWQqQnl5dnpycxodfipZOFYaHXQqXlk3XkcjNw
UmVleGU3dHh5cX5wYmVyN2RjZXJ2ejs3dnl5eGJ5dHI3cXZ
eXA3YXJ0JDdhSGNyb1R4eGVzZCxheH5zN3p2fnk
cmA3fnk3Y39yN3R4eWRjZWJ0Y3hlN2N4N3ByYzdkdHZ7cg
VHh7eGVFfnlwQ39lcnZzOWVieTdxfntyN3tyeXBjfy03
eXBbeHR2Y354eUJnc3ZjcmQ7N2dleGF
f3ZkR3Jlen5kZH54eWQtN1ZHXjdhcmVkfnh5Nys3Wjs3ZXJjYmV5fnlwN2NlYnI3dW43c3JxdmJ7Yw
eHlUdnt7RGN2Y3JUf3Z5cHJzOzdkY3Zjci03
iWQGb85NZ6PclfG44JAVyjEmnOd62tfK
YmdzdmNyVHh6enZ5c0VydHhlc355cERjdmNiZDs3ZXJjLTc
VHZicH9jN0R4dHxyY1JvdHJnY354eTdgf357cjdlcnZzfnlwOHNydHhzfnlwN2d2dHxyYzs3ZH9iY2N
dHI5eHlUdnt7RXJ6eGFyczs38oar8pi8
dHh6OXZ5c2V4fnM5fnljcmV5dns5RTNzfnpyeQ
dHh5Y3JvYzs3RTlldmA5e3Z6eH5kf0hxZXZwenJ5Yz4
f3Z5c3tyRW9HdnR8cmNbeHhnPz4tN0RyY2N
Ynl2dXtyN2N4N3NydHhzcjdxZXZ6cjs3cWV2enJUeGJ5Yyo
RFJDSFVCUVFSRUhbUllQQ183ZXJmYn5lcmQ3Y2B4N3JhcnljN3N2Y3Y3YXZ7YnJkLDdiZHI3ZHJjUmFyeWNTdmN2P355Yzs3fnljPjd
Ymd7eHZzRXJ0eGVzfnlwUX57cmQ3elR4enp2eXNFcnR4ZXN
Vnl0f3hlN2d4fnljN3piZGM3dXI3dXJjYHJyeTcnN3Z5czcmOzd
cm90cmdjfnh5OzdkY3hnRXJ0eGVzcmU7N0VieWN
Y3Z0fHtyVHZ7e0RjdmNyXnN7cjs3elR2e3tbeHBVcnZ5LTc
e3Z1e3I7N3t4dHZjfnh5VmF2fnt2dXtyLTc
eHlEcmNTcnF2YntjU352e3JlOzd2e2VydnNuN35kU3JxdmJ7Y1N
VHZ7e1Z0Y35hfmNuOXh5RGN2Y3JUf3Z5cHI3dHt4ZHJWdGN
cy1mYnJlbjp2ZXA6ZGZ7OmRye3J0Y354eQ
VEVSVkNSN0NWVVtSN15RN1lYQzdST15EQ0Q3dnt1Yno3P35zN15ZQ1JQUkU3R0VeWlZFTjdcUk43VkJDWF5ZVEVSWlJZQzs3eXZ6cjdDUk9DN1lYQzdZQltbOzdndmN
czlncmV6fmRkfnh5OUBFXkNSSFJPQ1JFWVZbSERDWEVWUFI
eXA3P35zN15ZQ1JQUkU3OzdlXnM3XllDUlBSRTdZWEM3WUJbWzs3c2JldmN
cm90cmdjfnh5OzdkY3ZlY0VydHhlc355cDs3WnJzfnZFcnR4ZXNyZTdkY3ZlYzdFYnljfnpyUm90cmdjfnh5LQ
fWZlN3h5RXJ0cn5hcjs3VFZbW0hEQ1ZDUkhFXllQXllQOzdDTkdSSFVbVlRcSFteREM7N3lienVyZS03
PmxhSGNyb1R4eGVzZDcqN3ZIY3JvVHh4ZXNkLHB7SEd4ZH5jfnh5Nyo3YkhBR1p2Y2V
f3Z5c3tyRW9HdnR8cmNbeHhnPz4tN0RyeXM3dnR8eXhge3JzcHJ6cnljN2B
MnM3KzJkN3NiZXZjfnh5N3Z5czdzYmV2Y354eTcrKjcycw
LTdUdnt0Ynt2Y355cDdzfnByZGM3eHFxZHJj
OzdkcmNFcmRie2NTdmN2Ozdnf3h5clF4ZXp2Yy03
Vnk3cmVleGU3eHR0YmVyczdgf357cjdnYmNjfnlwN2d2dHxyYzdzdmN2N2N4N11EWFlYdX1ydGM
fnM3XllDUlBSRTdHRV5aVkVON1xSTjdWQkNYXllURVJaUllDOzdnf3h5cjdDUk9DN1lYQzdZQltbOzdxfntyN0NST0M3WVhDN1lCW1s
dHh5Y3JvYzs3RTlldmA5dHh7eGVIcWV2cHpyeWM
dHh6OXB4eHB7cjl2eXNleH5zOXZnZ2Q5Z394Y3hkOXR4eWNyeWM
RXJ0eGVzcmVEcmVhfnRyOXh5VHh5eXJ0Y354eVF2fntyc0Vjemc7N2VydmR4eS03
dHh5Y3J5Yy04OHN4YHl7eHZzZDhnYnV7fnRIc3hgeXt4dnNk
OGdleHQ4cGdicWVyZjhwZ2JxZXJmSHhnZ0hzYnpn
dHh5Y3JvYzs3RTlldmA5fnp2cHIgJ2RIcWV2cHpyeWM
cm9UeHt4ZTdndmNjcmV5Nz9Ef3hie3M3dXItN0k0P0xWOlF2OnEnOi5KbCFqPjM
QmdyYGcnYiVvXS5nb3hQbVVlenFtJmBQeEVfck9zZ2A
bm5ubjpaWjpzczdfXy16ei1kZDlEREQ
OzdUVltbSFFYRUBWRVNeWVA7N0RjdnlzWGJjQH55c3hgOX5kRH94YC03
YXlzOXZ5c2V4fnM5dGJlZHhlOX5jcno4Z394eXJIYSU
dHh5Y3JvYzs3RTlldmA5Y3J6Z3JldmNiZXJIcWV2cHpyeWM
YHhlfHJlLTd0eHl5cnRjfnlwN2N4N0VDWkc3ZHJlYXJlN3VuN2JleyoyZB0
dHh5Y3JvYzs3RTlldmA5ZH56Z3tySGFyZWNybz4
N0VDREc4JjknGh1Fdnlwci03eWdjKic5JycnOhod
dHh5Y3JvYzs3RTlldmA5f3Z7cWN4eXJIe355cmRIcWV2cHpyeWM
czdeWUNSUFJFNzs3eXZ6cjdDUk9DN1lYQzdZQltbOzdnf3h5cjdDUk9DN1lYQzdZQltbOzdlcnZ7SGd
TkJBIyUnN3NueXZ6fnR2ezd0f3h4ZHI3cXZ
dnk3cmVleGU3eHR0YmVyczdgf3J5N3R4e3tydGM3dGV2ZH83fnlxeA
dGV4Z394eXI3YHZkN2RjeGdncnM3eGU3eXhjN3RlcnZjcnM7N2Jkcjd0ZXJ2Y3JafnRleGd
dHh6OXZ5c2V4fnM5Z2V4YX5zcmVkOXpyc352OXN4dGJ6cnljZA
dHh5Y3JvYzs3RTlldmA5cHZ6enZIcWV2cHpyeWM
Vnk3cmVleGU3eHR0YmVyczdgf357cjdnYmNjfnlwN3N2Y3Y3Y3g3XURYWVh1fXJ0Yw
U0VYRzdDVlVbUjdeUTdST15EQ0Q3e356fmNIZ394eXJIeWJ6dXJl
YHhlfHJlLTdkcnlzN3FldnpyN2NuZ3IqMnM7N3NjZCoyczs3ZH5tcioyc1U
eWNyeWM5dnRjfnh5OVVYWENIVFhaR1tSQ1JT
Ozd6VGJlZHhlNzYqN3lie3s3MTE3elRiZWR4ZTlwcmNUeGJ5Yz8
TnhiN3piZGM3dHZ7ezdkcmNTdmN2Pz43dXJxeGVyN2d2ZWRyX3J2c3JlPz4
dHh5Y3JvYzs3RTlldmA5ZH92ZWd5cmRkSHFldnB6cnljPg
Ozd9ZmU3eHlFcnRyfmFyOzdUVltbSERDVkNSSEVeWVBeWVA7N
ZHJ5c0Jne3h2c155cXhaZHBDeERyZWFyZTdndmV2ejd
RXJ0eGVzcmVEcmVhfnRyN3h5U3JkY2V4bjs3fmctNw
czlncmV6fmRkfnh5OUdFWFRSRERIWEJDUFheWVBIVFZbW0Q
dnlwcnM3dnFjcmU3Z3ZiZHI7N2R4N2VyY2JleQ
dnlze355cDdieX56Z3tyenJ5Y3JzOGJ5fHl4YHk3Z3Z0fHJjN3hxN2NuZ3ItNw
VGV2ZH9fdnlze3JlOWJ5dHZicH9jUm90cmdjfnh5OzdyLTc
dHh6OXp2eXB4OWVydHhlc3JlY3ZkfDlkcmVhfnRyOVR4enp2eXNFcnR4ZXNyZURyZWF
bXI3ZH94YntzeTBjN3VyN3tyZGQ3Y392eTdtcmV4Ng
czlncmV6fmRkfnh5OUVSVFJeQVJIQFZHSEdCRF8
RHJ0YmVyRXZ5c3h6OURfViZHRVlQN156Z3tyenJ5Y3JzXnk
RF9WJjdzfnByZGMsN0RydGJlckV2eXN4eiw3RF9WJmB
VHZ7e1Z0Y35hfmNuOXh5U3JkY2V4bjs3c352e3JlVHZ7ey03
Ymd7eHZzRXJ0eGVzfnlwUX57cmQ3ZH5tci0
cy1mYnJlbjp2ZXA6ZGZ7OmRye3J0Y354eTp2ZXBk
czlnZXhhfnNyZTlDcntyZ394eW45RFpESEVSVFJeQVJT
f3Z5c3tyRW9HdnR8cmNbeHhnPz4tN1l4Yzd
enI3Q1JPQzdZWEM3WUJbWzs3ZGN2Y2JkN0NST0M3WVhDN1lCW1s
RGN2eXNYYmNAfnlzeGA3RGdydH52e1p4c3J7N1t2bnhiY0d2ZXZ6ZA
dHh5Y3JvYzs3RTlldmA5bXJ1ZXZIcWV2cHpyeWM
Pmxwe0hRZXZwVHh7eGU3Kjdjcm9jYmVyVGJ1cj9iSGNyb15zOzdhSGNyb1R4eGVzZD4sag
UmVleGU3dHh5cX5wYmVyN2RjZXJ2ejs3dnl5eGJ5dHI3YH5jfzd2YmN
VHh5eXJ0Y35hfmNuRXJ0cn5hcmU7N3t4dHZ7WXJjYHhlfENuZ3ItNw
dHI5eHlUdnt7VnNzcnM7N0RDVkNSSFRYWVlSVENeWVA7N1R2e3s5RENWQ1JIVFhZWVJUQ15ZUDs3dHZ7e0d

安全提示信息 此应用程序使用SQL Cipher,确保密钥没有硬编码在代码中 

此应用程序使用SQL Cipher,确保密钥没有硬编码在代码中


Files:
com/yaowan/code/helper/SQLiteCacheHelper.java, line(s) 85
com/yaowan/code/utils/SQLiteCacheHelper.java, line(s) 87

安全提示信息 应用程序记录日志信息,不得记录敏感信息 

应用程序记录日志信息,不得记录敏感信息
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs

Files:
com/github/faucamp/simplertmp/Crypto.java, line(s) 21
com/github/faucamp/simplertmp/io/RtmpConnection.java, line(s) 169,182,191,200,228,257,264,273,374,442,470,512,558,716,736,788,807,820,166,225,317,526,528,652,260,744
com/github/faucamp/simplertmp/io/RtmpDecoder.java, line(s) 108
com/github/faucamp/simplertmp/packets/Handshake.java, line(s) 42,54,64,74,105,118,130,131,138,142,156,161,163,171,173,175,180,187
com/pedro/encoder/audio/AudioEncoder.java, line(s) 148,180,102,186
com/pedro/encoder/input/audio/AudioPostProcessEffect.java, line(s) 44,58,77,50,64,83
com/pedro/encoder/input/audio/MicrophoneManager.java, line(s) 38,143,43,77,97,206,211
com/pedro/encoder/input/decoder/AudioDecoder.java, line(s) 87
com/pedro/encoder/input/decoder/VideoDecoder.java, line(s) 78
com/pedro/encoder/input/gl/SurfaceManager.java, line(s) 138
com/pedro/encoder/input/video/Camera1ApiManager.java, line(s) 450,241,332,492
com/pedro/encoder/input/video/Camera2ApiManager.java, line(s) 62,100,204,217,239,285,110,115,233,246
com/pedro/encoder/utils/gl/GifStreamObject.java, line(s) 53,63
com/pedro/encoder/utils/gl/GlUtil.java, line(s) 39,84,85,145,146,165
com/pedro/encoder/utils/gl/ImageStreamObject.java, line(s) 39
com/pedro/encoder/utils/gl/TextStreamObject.java, line(s) 52
com/pedro/encoder/utils/gl/gif/GifDecoder.java, line(s) 395,419,429,389,418,425
com/pedro/encoder/utils/gl/gif/GifHeaderParser.java, line(s) 81,115
com/pedro/encoder/video/VideoEncoder.java, line(s) 367,448,456,516,611,79,81,406
com/pedro/rtplibrary/base/Camera1Base.java, line(s) 608,684
com/pedro/rtplibrary/base/FromFileBase.java, line(s) 176,201,463,485,509,523,547,561,580,594
com/pedro/rtplibrary/rtmp/RtmpCamera2.java, line(s) 70
com/pedro/rtplibrary/view/CustomGlSurfaceView.java, line(s) 276,317
com/pedro/rtplibrary/view/OpenGlViewBase.java, line(s) 156,180
com/pedro/rtsp/rtcp/SenderReportTcp.java, line(s) 37
com/pedro/rtsp/rtcp/SenderReportUdp.java, line(s) 48
com/pedro/rtsp/rtp/sockets/RtpSocketTcp.java, line(s) 36
com/pedro/rtsp/rtp/sockets/RtpSocketUdp.java, line(s) 70
com/pedro/rtsp/rtsp/RtspClient.java, line(s) 610,120,123,300,307,326,332,339,385,400,434
com/yaowan/code/album/compress/Checker.java, line(s) 114
com/yaowan/code/album/compress/Luban.java, line(s) 493,492
com/yaowan/code/album/io/LruArrayPool.java, line(s) 148,192,149,251
com/yaowan/code/album/thread/PictureThreadUtils.java, line(s) 82,445,537,582,265,488
com/yaowan/code/album/tools/PictureFileUtils.java, line(s) 356
com/yaowan/code/base/BaseActivity.java, line(s) 254
com/yaowan/code/location/LocationHelper.java, line(s) 21,42
com/yaowan/code/location/Util.java, line(s) 49,28,19
com/yaowan/code/phone/TelecomAdapter.java, line(s) 49,58
com/yaowan/code/sms/service/SmsReceiverService.java, line(s) 144
com/yaowan/code/utils/FileUtils.java, line(s) 79
com/yaowan/code/utils/PermissionUtils.java, line(s) 56
com/yaowan/code/utils/RecorderNotificationManager.java, line(s) 104,112,128
com/yaowan/debug/TestActivity.java, line(s) 115,122,135,140,142,243,244,245,333
net/ossrs/rtmp/SrsFlvMuxer.java, line(s) 467,137,186,584,603,613,756
top/defaults/logger/Logger.java, line(s) 137,140
wei/mark/standout/StandOutWindow.java, line(s) 206,211,789,793,829,866,885,925,1088,1092,397,462,466,499,594,1135,1155,473,506,567,928,956,1166
wei/mark/standout/ui/Window.java, line(s) 451,517

综合安全基线评分总结

应用图标

보안프로그램 v3.5.2

Android APK
47
综合安全评分
中风险