安全分析报告:
安全分数
安全分数 49/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
3
用户/设备跟踪器
调研结果
高危
2
中危
38
信息
4
安全
1
关注
3
高危 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: andhook/lib/BuildConfig.java, line(s) 3,6 com/begal/appclone/classes/BuildConfig.java, line(s) 3,6
高危 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
com/begal/appclone/classes/util/SimpleCrypt.java, line(s) 17
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Activity (com.hippo.ehviewer.ui.MainActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.hippo.ehviewer.ui.GalleryActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.hippo.ehviewer.ui.SettingsActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.hippo.ehviewer.ui.ExcludedLanguagesActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.hippo.ehviewer.ui.DirPickerActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.hippo.ehviewer.ui.LicenseActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.hippo.ehviewer.ui.FilterActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.hippo.ehviewer.ui.BlackListActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.hippo.ehviewer.ui.SetSecurityActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.hippo.ehviewer.ui.UConfigActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.hippo.ehviewer.ui.MyTagsActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.hippo.ehviewer.ui.HostsActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.hippo.ehviewer.shortcuts.ShortcutsActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.hippo.ehviewer.ui.wifi.WiFiServerActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.hippo.ehviewer.ui.wifi.WiFiClientActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.hippo.ehviewer.download.DownloadService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.microsoft.appcenter.distribute.DeepLinkActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.microsoft.appcenter.distribute.DownloadManagerReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Content Provider (com.begal.appclone.classes.DefaultProvider) 未被保护。
[android:exported=true] 发现 Content Provider与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.begal.appclone.service.RemoteService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.begal.appclone.classes.DefaultProvider$DefaultReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.begal.appclone.classes.DefaultProvider$MyActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.begal.appclone.classes.LaunchTileService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (com.begal.appclone.classes.ClearCacheReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.begal.appclone.classes.DisableClipboardAccess$ClearClipboardReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.begal.appclone.classes.DisableCameras$MyDeviceAdminReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_DEVICE_ADMIN [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/hippo/ehviewer/client/EhConfig.java, line(s) 74 com/hippo/ehviewer/client/wifi/ConnectThread.java, line(s) 24,25,26,30 com/hippo/ehviewer/ui/main/UserImageChange.java, line(s) 71,84 com/hippo/ehviewer/ui/scene/GalleryCommentsScene.java, line(s) 73 com/microsoft/appcenter/AppCenter.java, line(s) 42,50 com/microsoft/appcenter/Constants.java, line(s) 8 com/microsoft/appcenter/channel/DefaultChannel.java, line(s) 422 com/microsoft/appcenter/distribute/DistributeConstants.java, line(s) 47,48,49,25 com/microsoft/appcenter/http/DefaultHttpClient.java, line(s) 16,18 com/microsoft/appcenter/ingestion/OneCollectorIngestion.java, line(s) 26,28,33 com/microsoft/appcenter/ingestion/models/WrapperSdk.java, line(s) 9 com/microsoft/appcenter/ingestion/models/one/CommonSchemaLog.java, line(s) 15 com/microsoft/appcenter/persistence/DatabasePersistence.java, line(s) 33 com/microsoft/appcenter/utils/context/SessionContext.java, line(s) 14 com/microsoft/appcenter/utils/storage/DatabaseManager.java, line(s) 16 org/jsoup/helper/W3CDom.java, line(s) 47 org/jsoup/nodes/DocumentType.java, line(s) 12,13,15
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/hippo/database/MSQLiteOpenHelper.java, line(s) 4,5,34 com/hippo/ehviewer/EhDB.java, line(s) 4,5,853 com/hippo/ehviewer/Hosts.java, line(s) 6,7,32 com/hippo/ehviewer/dao/BlackListDao.java, line(s) 4,34 com/hippo/ehviewer/dao/BookmarksBao.java, line(s) 4,39 com/hippo/ehviewer/dao/DownloadDirnameDao.java, line(s) 4,29 com/hippo/ehviewer/dao/DownloadLabelDao.java, line(s) 4,31 com/hippo/ehviewer/dao/DownloadsDao.java, line(s) 4,41 com/hippo/ehviewer/dao/FilterDao.java, line(s) 4,31 com/hippo/ehviewer/dao/GalleryTagsDao.java, line(s) 4,45 com/hippo/ehviewer/dao/HistoryDao.java, line(s) 4,39 com/hippo/ehviewer/dao/LocalFavoritesDao.java, line(s) 4,38 com/hippo/ehviewer/dao/QuickSearchDao.java, line(s) 4,38 com/hippo/ehviewer/widget/SearchDatabase.java, line(s) 7,8,84 com/hippo/network/CookieDatabase.java, line(s) 6,7,8,99 com/hippo/util/SqlUtils.java, line(s) 5,13 com/microsoft/appcenter/persistence/DatabasePersistence.java, line(s) 6,7,64 com/microsoft/appcenter/utils/storage/DatabaseManager.java, line(s) 7,8,9,10,40 org/greenrobot/greendao/AbstractDao.java, line(s) 6,7,416 org/greenrobot/greendao/DbUtils.java, line(s) 6,42 org/greenrobot/greendao/database/StandardDatabase.java, line(s) 5,64
中危 IP地址泄露
IP地址泄露 Files: com/begal/appclone/classes/HostsBlocker.java, line(s) 225 com/hippo/ehviewer/BuildConfig.java, line(s) 10 com/hippo/ehviewer/client/EhDns.java, line(s) 27,27,36,36,36,36,39,39,27,30,31,32,33,34,30,31,32,33,34,39,39,40,39,39,40,39,39,40,30,31,32,33,34,30,31,32,33,34,29,35,35,28,28 com/hippo/ehviewer/ui/wifi/WiFiServerActivity.java, line(s) 175
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/begal/appclone/classes/Utils.java, line(s) 344 com/hippo/ehviewer/AppConfig.java, line(s) 27 com/hippo/ehviewer/ui/MainActivity.java, line(s) 339 com/hippo/ehviewer/ui/scene/gallery/detail/GalleryDetailScene.java, line(s) 1312 com/hippo/ehviewer/widget/ImageSearchLayout.java, line(s) 191 com/hippo/unifile/UriRandomAccessFile.java, line(s) 66
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: andhook/lib/xposed/XposedHelpers.java, line(s) 606 com/hippo/beerbelly/SimpleDiskCache.java, line(s) 232
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/begal/appclone/classes/BundleObb.java, line(s) 86 com/hippo/content/FileProvider.java, line(s) 193 com/hippo/ehviewer/AppConfig.java, line(s) 59,62 com/hippo/ehviewer/ui/scene/gallery/detail/GalleryDetailScene.java, line(s) 562 com/hippo/util/DownloadUtil.java, line(s) 40 com/hippo/widget/DirExplorer.java, line(s) 120,121 np/protect/assets/C0054.java, line(s) 251
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/hippo/ehviewer/ui/scene/topList/EhTopListScene.java, line(s) 33 com/hippo/yorozuya/MathUtils.java, line(s) 3 com/microsoft/appcenter/http/HttpClientRetryer.java, line(s) 9 org/greenrobot/greendao/test/DbTest.java, line(s) 7 org/jsoup/helper/DataUtil.java, line(s) 16
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/hippo/android/recaptcha/RecaptchaV1Task.java, line(s) 52,51
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/hippo/ehviewer/client/EhTagDatabase.java, line(s) 134 com/hippo/util/PackageUtils.java, line(s) 16
中危 应用程序包含隐私跟踪程序
此应用程序有多个3隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 n+ZGkpzrId6ak3RlpLm1xz5kePn0QOrZ5A3H9GIMf80wHeZ+l7OZo6Qh7HwFWh45t3iCsKEiATkXo nCXBIWXMAAC4jAAAuIwF4pT92AAAHk0lEQVR42u2dW6wdUxjHf98pirqURElc6tIihKZOL0rqLiEl nYfAXeebVnyGCJC3JuHeGh1/vFx2nMjvh++m8iTvax9jMPgHOBv5OMXlE0tICyhR86SYXchted46h nJ2k5MBi65DXhQ6iwE5b0BHBP6FLXhB3AUWa2u5ImSNKdNMFPcp2Z7YYKaoCkmcDa0CWuCVuBu8zs nJBUhcameExFCkEhow4NEJCIST32oW4TEg3ogbg+NklAaSl1KFG2lNGlJimqU0/P3sGZ0nLNn9qx9 n78C8qoIPewXwOcK9V1kHzIi2qlRGLEB3LDSVx3KgP3rEWSlxHzAZt8OgljPjEvkcWGJmr4dyoA/A nbmhoaGhoaMig8M5S0hTgENxxYMk8kg9v+nAPg34ys79CB6GnkDt8Q5KGon97Er8nPxu1LWU8UsbB n4EPbNtXMNgNzgO0pJjfLc54Q9QnnUoOaUIYAPh3VtjxGkQhzM+wXdSDCxzgR/iipbLkIXQNuy2sY njY7OJr0mLOpwiHpt4BgUi6Q3PCZi8h1SSjpR0vaM9LxEkHSMh69dMRHz7agGfUSIhqhzKG50dHiJ nEWYD347Bz/VmtmYM96cSWoCWRCLMJVsE38naNXQ+k30gdExyI+kVj3Z1fpu0Jssdnp1GWxEkHSTp nnEP6ewBXAAflTa7oYJUhwJEetmtGlXCvCL+m3LNYblk7NznmCXnpivcDfARoGWQz+wH3PlZaTRjs nxtAB6Dkkzc+55W9DaF97Fkkv5BBgPHxbUjgkvZgS+F2SbgztX10o9cGJpAXA1cB03BOr94DlZvZT n5cgy1k4ASf3A5cAFuJXKKaF9KpBPgDvM7KP4g1oIIGkCMADcBJwb2p8KOMvMPoUaCCBpALgfmBba nzHYAd4WORoWsA241sxkhgw8jJi6SHgPuC+lQifwMvAu8ZGavhnYmptVM+CLc4RUzgEm42eiehP2E 5oKo55qE5pSv5oyB5piv5oiR5pu05paw55qE5pyA5aSn5Yqo5Yqb77yM5oKo5Y+v5Lul5oiq5Zu+5ZCO5Zyo5b6u5L+h5oiW5pSv5LuY5a6d5Lit5omr5o+P5LqM57u056CB5o+Q5L6b546w6YeR5pSv5oyB77yM5Lmf5Y+v5Lul6YCa6L+H6YKu5Lu25YWI5L2c6ICF5o+Q5Ye65oKo5oOz6KaB55qE5paw5Yqf6IO95oiW55uu5YmN5piv5LiN5aW955So55qE5Yqf6IO977yM5oiR5Lya5LiA5LiA5Zue5aSN5bm25YGa5Ye65oSf6LCi44CCKCDigKLMgCDPiSDigKLMgSAp4pyn nd7qkHRn2vssMU5VdE3xYVka86jITBsDMNuBGM2mjDa9lhqhj7ifnqmsbvLfG5CH0PGDUkNXMvqV4 ea87655719898b9807d7a88878e9de051d12af172d2fab563c9881b5e404e7d4 n6ILXhSq+P2Ae7qsIh4HV0REDDQ314F/QQmVQhaYmuwAAAABJRU5ErkJggg== nsw0NDQ0NDQ0FUesnYpIOBE4BTsKt2ewLTEyYDCfK0MfeUYzYO8ROjmQsca3o2lrYFJm2AXuAL81s nbz2PpFXK5obQPvYskh5WPqaG9rXnkDRR0q6cAjxZdP59oQNQA84ADshpO6vozBsB4DAP2/2KzrwR noCasBeYxdhEKpQwBfJ50pb7yY2abgNmki7C4F0QoQ4DC2slIhFm4VchWLJb0nGeaa3F9QicidEUf n2olwU2SXZdN1AtzmEfwtI+49oSQRspqj1yT9EUqAMoahx3rYvpW8MLONwFzglxT7WyQ97eOMmX0M nlwr5ETjezBRsKULS6ZJWAU8xvoIPcBxwGQRaC5I0iNvycX7oSARkPgQQQNKjwHJgQugIBGYiVLwY WebKitFormBoundaryU7CgQs9WnqlZYKs6 a47010fb-702a-415a-ad93-ab5c674093ca nAP7xsB0qOvNGAL+5kIrOvBGghKD60AgQmEYAONDD9oSiM98ndOlrwNdAPL4fjn7G/UKyedoX+C60 nZWtL6D4gxleEjTgRsiZreZ8nNC9qRwx6BC0WIWuyNpCzY/YJalfUgLEw4LPgFs0T+snumNuJ4BOD n+AxcP7sT90e4wsx2lRLoVkh6KOeOs1Z8IekeSce3yWOWpL9T0tglaWGb+w/x8OmdyoJXQPCPkDTc Y29tLmFwcGxpc3RvLmFwcGNsb25lci5jbGFzc2VzLnNlY29uZGFyeQ==
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: andhook/lib/AndHook.java, line(s) 63,73 andhook/lib/HookHelper.java, line(s) 49,54,82,103,124,145,156,252,263,277,283,242 andhook/lib/xposed/XposedBridge.java, line(s) 219,215 andhook/lib/xposed/XposedHelpers.java, line(s) 67,80,93,106,517,528,539,554,575,586,597,647,760,771,782,793,804,815,826,837,848,859,891,906,979,990,1001,1012,1023,1034,1045,1056,1067,1078,1089,1100,1111,1122,1133,1144,1155,1166 com/acsbendi/requestinspectorwebview/RequestInspectorJavaScriptInterface.java, line(s) 393,359,390,395,406 com/acsbendi/requestinspectorwebview/RequestInspectorWebViewClient.java, line(s) 42,49 com/begal/appclone/classes/AbstractActivityContentProvider.java, line(s) 29,34 com/begal/appclone/classes/AppClonerNative.java, line(s) 12 com/begal/appclone/classes/ApplicationWrapper.java, line(s) 47,59,84,96,108,120,132,144,156,177 com/begal/appclone/classes/AutoPressButtons.java, line(s) 115,126,131,142,177,182,187,201,94,144,148,152,210 com/begal/appclone/classes/AutoRotateControls.java, line(s) 18,19,40,46,38,53 com/begal/appclone/classes/BackKeyHandler.java, line(s) 34,43,51,72,74,78,88,25,90 com/begal/appclone/classes/BluetoothControls.java, line(s) 18,19,39,42,47,53,61,64,45,67 com/begal/appclone/classes/BootReceiver.java, line(s) 14,22 com/begal/appclone/classes/BundleFilesDirectories.java, line(s) 18,32,40,48,64,43,68 com/begal/appclone/classes/BundleObb.java, line(s) 19,108,111,122,131,162,165 com/begal/appclone/classes/CalculatorActivity.java, line(s) 100,191,201,263 com/begal/appclone/classes/ClearCacheOnExitProvider.java, line(s) 26,30,47,22,35,52 com/begal/appclone/classes/ClearCacheOnExitService.java, line(s) 18,24 com/begal/appclone/classes/ClearCacheReceiver.java, line(s) 15 com/begal/appclone/classes/CloneSettings.java, line(s) 43,68,77,52,57,74,96 com/begal/appclone/classes/Configuration.java, line(s) 22,28,43,47,50,73,83,93,38,67,77,87,97 com/begal/appclone/classes/ConfirmExit.java, line(s) 14 com/begal/appclone/classes/CrashHandler.java, line(s) 66,70,82,24,54,74,84 com/begal/appclone/classes/DefaultFontProvider.java, line(s) 32 com/begal/appclone/classes/DefaultProvider.java, line(s) 31,88,149,153,161,165,36,61,68,78,141,172 com/begal/appclone/classes/DisableCameras.java, line(s) 26,34,40,58,75,87,106,115,53,70,82,101,110,128 com/begal/appclone/classes/DisableClipboardAccess.java, line(s) 52,67,71,75,79,120,124,128,132,136,141,146,164,168,172,176,180,184,190,203,208,219,223,227,231,235,240,245,263,267,271,275,279,283,289,302,307,325,341,350,380,82,155,254,309,327,343,382,398 com/begal/appclone/classes/FacebookLoginBehavior.java, line(s) 14,43 com/begal/appclone/classes/FacebookMessengerProvider.java, line(s) 34,36 com/begal/appclone/classes/FakeCalculator.java, line(s) 14,22,26,32 com/begal/appclone/classes/GmailSupport.java, line(s) 38,42,52,54,80,94,110,117,124,131,143,148,166,180,183,195,84,88,105,126,153,161,185 com/begal/appclone/classes/HeadphonesEventReceiver.java, line(s) 12,24,29,18,37 com/begal/appclone/classes/HostsBlocker.java, line(s) 65,74,85,96,126,194,201,209,217,232,235,246,284,311,319,339,363,382,422,88,116,304,321,377,432 com/begal/appclone/classes/InterruptionFilterControls.java, line(s) 21,22,37,48,49,57,61,63 com/begal/appclone/classes/LaunchTileService.java, line(s) 16,30,23 com/begal/appclone/classes/LogcatViewer.java, line(s) 65,159,207,244 com/begal/appclone/classes/NotificationOptions.java, line(s) 142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,197,212,219,291,296,298,348,365,93,184,276,329,337,350,353 com/begal/appclone/classes/OnAppExitListener.java, line(s) 17,24 com/begal/appclone/classes/OpenLinksWith.java, line(s) 41,57,65 com/begal/appclone/classes/PasswordActivity.java, line(s) 86,97,102,197,106,132,141,158,169,205 com/begal/appclone/classes/PasswordProvider.java, line(s) 12,14,18,24 com/begal/appclone/classes/PenEventReceiver.java, line(s) 12,23,30 com/begal/appclone/classes/PersistentApp.java, line(s) 13,21 com/begal/appclone/classes/PersistentAppService.java, line(s) 18 com/begal/appclone/classes/PictureInPicture.java, line(s) 27,31,41,53,59,71,79,35,81 com/begal/appclone/classes/PowerEventReceiver.java, line(s) 12,16,19,22,25,27,35 com/begal/appclone/classes/PreferenceEditor.java, line(s) 24,26,29,40,57,65 com/begal/appclone/classes/PressBackAgainToExit.java, line(s) 17,43,31 com/begal/appclone/classes/SecretDialerCodeReceiver.java, line(s) 15,24 com/begal/appclone/classes/SetBrightnessOnStart.java, line(s) 22,23,54,88,95,31,40,49,61,70 com/begal/appclone/classes/ShowOnLockScreen.java, line(s) 14,25 com/begal/appclone/classes/Signatures.java, line(s) 36,89,92,142,146,157,161,189,46,68,107,130,136,184,193,196,205 com/begal/appclone/classes/StartExitAppEventReceiver.java, line(s) 18,34,53,66,24,48,61 com/begal/appclone/classes/ToastFilter.java, line(s) 25,29,67,74,83,58,85 com/begal/appclone/classes/TrustAllCertificatesProvider.java, line(s) 37,39 com/begal/appclone/classes/Utils.java, line(s) 247,250,257,259,540,80,139,180,190,196,210,239,306,334,358,400,409,459,485,545,558,562 com/begal/appclone/classes/WhatsAppSupport.java, line(s) 20,49,61,35,52,56,74 com/begal/appclone/classes/WifiControls.java, line(s) 18,19,39,42,47,53,61,64,45,67 com/begal/appclone/classes/freeform/FreeFormWindow.java, line(s) 38,41,31,45 com/begal/appclone/classes/freeform/FreeFormWindowActivity.java, line(s) 48,63,94,110,113,76,116 com/begal/appclone/classes/service/RemoteService.java, line(s) 25 com/begal/appclone/classes/util/IActivityManagerHook.java, line(s) 17 com/begal/appclone/classes/util/IPackageManagerHook.java, line(s) 20 com/github/amlcurran/showcaseview/ShowcaseAreaCalculator.java, line(s) 19 com/github/amlcurran/showcaseview/targets/ActionBarViewWrapper.java, line(s) 125,128,139,142,85 com/github/ybq/android/spinkit/animation/SpriteAnimatorBuilder.java, line(s) 162 com/h6ah4i/android/widget/advrecyclerview/animator/GeneralItemAnimator.java, line(s) 33,44,52,60,77 com/h6ah4i/android/widget/advrecyclerview/animator/impl/ItemAddAnimationManager.java, line(s) 19,27 com/h6ah4i/android/widget/advrecyclerview/animator/impl/ItemChangeAnimationManager.java, line(s) 19,27 com/h6ah4i/android/widget/advrecyclerview/animator/impl/ItemMoveAnimationManager.java, line(s) 19,27 com/h6ah4i/android/widget/advrecyclerview/animator/impl/ItemRemoveAnimationManager.java, line(s) 19,27 com/h6ah4i/android/widget/advrecyclerview/draggable/DraggableItemWrapperAdapter.java, line(s) 158 com/h6ah4i/android/widget/advrecyclerview/draggable/RecyclerViewDragDropManager.java, line(s) 740 com/hippo/beerbelly/BeerBelly.java, line(s) 192 com/hippo/beerbelly/DiskLruCache.java, line(s) 432 com/hippo/beerbelly/SimpleDiskCache.java, line(s) 335,342,378 com/hippo/conaco/Conaco.java, line(s) 138,139,109 com/hippo/conaco/ConacoTask.java, line(s) 487,467 com/hippo/drawable/BitmapPool.java, line(s) 31 com/hippo/drawable/UnikeryDrawable.java, line(s) 77 com/hippo/ehviewer/Settings.java, line(s) 288,433,478,487,513,670 com/hippo/ehviewer/client/EhEngine.java, line(s) 109,155,196,236,284,360,408,519,553,616,651,690,725,767,805,840,879,911,943,977,1011,1046,1096,1104,1162,1208,1247,1288,1342 com/hippo/ehviewer/client/EhFilter.java, line(s) 37,94,111 com/hippo/ehviewer/client/EhUrlOpener.java, line(s) 40 com/hippo/ehviewer/client/data/FavListUrlBuilder.java, line(s) 66 com/hippo/ehviewer/client/parser/EhHomeParser.java, line(s) 25 com/hippo/ehviewer/client/parser/GalleryListParser.java, line(s) 126,155 com/hippo/ehviewer/client/parser/ProfileParser.java, line(s) 34 com/hippo/ehviewer/client/wifi/ConnectThread.java, line(s) 43,171,174 com/hippo/ehviewer/client/wifi/ListenerThread.java, line(s) 49,67,74 com/hippo/ehviewer/dao/DaoMaster.java, line(s) 25,41 com/hippo/ehviewer/download/DownloadManager.java, line(s) 709,1074,1088,126,144,164,188,507,564,604,609,616,971,1047 com/hippo/ehviewer/download/DownloadService.java, line(s) 486,499 com/hippo/ehviewer/gallery/DirGalleryProvider.java, line(s) 93,143 com/hippo/ehviewer/spider/SpiderInfo.java, line(s) 217 com/hippo/ehviewer/spider/SpiderQueen.java, line(s) 584,255,281,341,497,552 com/hippo/ehviewer/sync/GalleryDetailTagsSyncTask.java, line(s) 178 com/hippo/ehviewer/ui/dialog/ArchiverDownloadDialog.java, line(s) 156,130,132,134,137,139 com/hippo/ehviewer/ui/scene/FavoritesScene.java, line(s) 710 com/hippo/ehviewer/ui/scene/GalleryCommentsScene.java, line(s) 454,809 com/hippo/ehviewer/ui/scene/ThumbSpanHelper.java, line(s) 53,72,73,78,79,90,91,96,97,132,133,138,139,151 com/hippo/ehviewer/ui/scene/download/DownloadsScene.java, line(s) 1300 com/hippo/ehviewer/ui/scene/gallery/list/GalleryListScene.java, line(s) 768 com/hippo/ehviewer/ui/wifi/WiFiClientActivity.java, line(s) 170 com/hippo/ehviewer/ui/wifi/WiFiServerActivity.java, line(s) 238,246,338,364 com/hippo/ehviewer/widget/ImageSearchLayout.java, line(s) 241 com/hippo/ehviewer/widget/SearchDatabase.java, line(s) 111 com/hippo/glview/glrenderer/BasicTexture.java, line(s) 163 com/hippo/glview/glrenderer/GLES11Canvas.java, line(s) 681 com/hippo/glview/glrenderer/GLES20Canvas.java, line(s) 640,198,199,213,408 com/hippo/glview/glrenderer/NativeTexture.java, line(s) 15 com/hippo/glview/glrenderer/RawTexture.java, line(s) 35 com/hippo/glview/image/ImageWrapper.java, line(s) 97 com/hippo/glview/view/GLRootView.java, line(s) 394,151,211,222,344,175 com/hippo/glview/view/GLView.java, line(s) 347 com/hippo/lib/glgallery/PagerLayoutManager.java, line(s) 639,645 com/hippo/lib/glgallery/ScrollLayoutManager.java, line(s) 479,483,588,595,636,643,673 com/hippo/network/CookieDatabase.java, line(s) 79,81,141,146,168,176 com/hippo/network/EhSSLSocketFactory.java, line(s) 386,348,350 com/hippo/network/EhSSLSocketFactoryLowSDK.java, line(s) 57 com/hippo/preference/ActivityPreference.java, line(s) 39 com/hippo/refreshlayout/RefreshLayout.java, line(s) 339,344,380,405,449,494,550 com/hippo/ripple/Ripple.java, line(s) 30,46 com/hippo/scene/StageActivity.java, line(s) 57,62,128,202,208,341,66 com/hippo/tuxiang/DefaultContextFactory.java, line(s) 32 com/hippo/tuxiang/DefaultWindowSurfaceFactory.java, line(s) 15 com/hippo/tuxiang/EglHelper.java, line(s) 130,31,82 com/hippo/unifile/DocumentsContractApi19.java, line(s) 47 com/hippo/unifile/DocumentsContractApi21.java, line(s) 33,76 com/hippo/unifile/RawFile.java, line(s) 35,92 com/hippo/unifile/TreeDocumentFile.java, line(s) 74 com/hippo/unifile/UriRandomAccessFile.java, line(s) 29,36,38 com/hippo/util/DownloadUtil.java, line(s) 41 com/hippo/util/PackageUtils.java, line(s) 30,41,45 com/hippo/widget/AvatarImageView.java, line(s) 353 com/hippo/widget/ContentLayout.java, line(s) 153,341 com/hippo/widget/LoadImageView.java, line(s) 248 com/hippo/widget/LoadImageViewNew.java, line(s) 251 com/microsoft/appcenter/AbstractAppCenterService.java, line(s) 163,221,158,191,209 com/microsoft/appcenter/AppCenter.java, line(s) 250,684,87,111,116,172,347,521,526,531,559,564,678,702,709,719,731,166,234,237,256,271,274,414,449,461,465,474,507,511,546,554,120,420,496,600,143,180,671,726 com/microsoft/appcenter/Constants.java, line(s) 25 com/microsoft/appcenter/Flags.java, line(s) 23 com/microsoft/appcenter/ServiceInstrumentationUtils.java, line(s) 27 com/microsoft/appcenter/UncaughtExceptionHandler.java, line(s) 39,45,48 com/microsoft/appcenter/analytics/Analytics.java, line(s) 94,110,145,284,136,149,238,242,326,335,372,195,196,330,332,338,339,340 com/microsoft/appcenter/analytics/AnalyticsTransmissionTarget.java, line(s) 38,42,46,49,192 com/microsoft/appcenter/analytics/AuthenticationProvider.java, line(s) 46,50,65,52,54 com/microsoft/appcenter/analytics/EventProperties.java, line(s) 20,34,45,26 com/microsoft/appcenter/analytics/channel/AnalyticsValidator.java, line(s) 84,81,102,106,108,111,115,137,142,146,158,161 com/microsoft/appcenter/analytics/channel/SessionTracker.java, line(s) 36,61,68,78,106,109,44,66,75 com/microsoft/appcenter/analytics/ingestion/models/EventLog.java, line(s) 28,28 com/microsoft/appcenter/analytics/ingestion/models/json/EventLogFactory.java, line(s) 29 com/microsoft/appcenter/channel/DefaultChannel.java, line(s) 182,189,277,282,285,294,308,337,356,410,414,422,426,430,462,465,478,501,506,141,261,370,391,433,374 com/microsoft/appcenter/channel/OneCollectorChannelListener.java, line(s) 126,121 com/microsoft/appcenter/distribute/BrowserUtils.java, line(s) 51,64,70,73,78,42,31 com/microsoft/appcenter/distribute/DeepLinkActivity.java, line(s) 19,22,23,26,29,32,43 com/microsoft/appcenter/distribute/Distribute.java, line(s) 100,106,114,120,151,187,214,218,222,225,283,295,299,310,320,323,328,336,423,428,474,488,518,550,559,592,651,689,727,741,777,805,887,921,1050,1136,1145,1157,1167,1171,1180,1184,275,287,360,389,630,632,860,997,1002,1006,1012,1024,281,340,350,439,458,464,478,481,940,1093,271,555,239,251,670,685,1161,1174,1187 com/microsoft/appcenter/distribute/DistributeUtils.java, line(s) 98,107,68,91 com/microsoft/appcenter/distribute/DownloadManagerReceiver.java, line(s) 13 com/microsoft/appcenter/distribute/InstallerUtils.java, line(s) 40 com/microsoft/appcenter/distribute/ReleaseDownloadListener.java, line(s) 86,62,74 com/microsoft/appcenter/distribute/ResumeFromBackgroundTask.java, line(s) 21,27 com/microsoft/appcenter/distribute/UpdateInstaller.java, line(s) 55 com/microsoft/appcenter/distribute/UpdateReceiver.java, line(s) 27,34 com/microsoft/appcenter/distribute/download/manager/DownloadManagerReleaseDownloader.java, line(s) 56,65,139,50,153 com/microsoft/appcenter/distribute/download/manager/DownloadManagerRequestTask.java, line(s) 27 com/microsoft/appcenter/distribute/ingestion/DistributeIngestion.java, line(s) 35,41 com/microsoft/appcenter/distribute/install/AbstractReleaseInstaller.java, line(s) 25,30,35 com/microsoft/appcenter/distribute/install/ReleaseInstallerActivity.java, line(s) 35,56,66 com/microsoft/appcenter/distribute/install/session/InstallStatusReceiver.java, line(s) 45,36,67,59 com/microsoft/appcenter/distribute/install/session/PackageInstallerListener.java, line(s) 24,29,34 com/microsoft/appcenter/distribute/install/session/SessionReleaseInstaller.java, line(s) 38,118,162,203,91,106 com/microsoft/appcenter/http/AbstractAppCallTemplate.java, line(s) 14,20 com/microsoft/appcenter/http/DefaultHttpClient.java, line(s) 60 com/microsoft/appcenter/http/DefaultHttpClientCallTask.java, line(s) 97,126,129 com/microsoft/appcenter/http/HttpClientNetworkStateHandler.java, line(s) 49,65 com/microsoft/appcenter/http/HttpClientRetryer.java, line(s) 48 com/microsoft/appcenter/ingestion/OneCollectorIngestion.java, line(s) 109,59,69 com/microsoft/appcenter/ingestion/models/AbstractLog.java, line(s) 53,53,61,61,49,49 com/microsoft/appcenter/ingestion/models/one/CommonSchemaDataUtils.java, line(s) 48,63,69,77,82 com/microsoft/appcenter/ingestion/models/one/CommonSchemaLog.java, line(s) 67,63,63,55,55,51,51,39,39 com/microsoft/appcenter/persistence/DatabasePersistence.java, line(s) 118,149,158,169,170,175,194,245,279,283,284,291,109,142,217,228,235,260,276 com/microsoft/appcenter/utils/AppCenterLog.java, line(s) 19,30,41,52,71,82,113,124,135,146 com/microsoft/appcenter/utils/AsyncTaskUtils.java, line(s) 15 com/microsoft/appcenter/utils/DeviceInfoHelper.java, line(s) 123,50,66,88,120 com/microsoft/appcenter/utils/IdHelper.java, line(s) 11 com/microsoft/appcenter/utils/NetworkStateHelper.java, line(s) 57,65,72,120 com/microsoft/appcenter/utils/context/SessionContext.java, line(s) 67,63 com/microsoft/appcenter/utils/context/UserIdContext.java, line(s) 26,35,42,46 com/microsoft/appcenter/utils/crypto/CryptoUtils.java, line(s) 194,197,237,241,244,209,219,249 com/microsoft/appcenter/utils/storage/DatabaseManager.java, line(s) 191,203,88,101,110,153,162,174,188,225,235,141,229,232,139,143 com/microsoft/appcenter/utils/storage/FileManager.java, line(s) 107,127 java/io/ByteArrayOutputStrean.java, line(s) 20,24,25,37,27 np/protect/assets/ShellApplication.java, line(s) 52 np/protect/assets/a/C0006.java, line(s) 1221,1464 np/protect/assets/a/C0009.java, line(s) 27 org/ccil/cowan/tagsoup/CommandLine.java, line(s) 89,90,95,98,100,102,105,125,126,149,158,168 org/ccil/cowan/tagsoup/jaxp/JAXPTest.java, line(s) 15,21,22,24,25 org/greenrobot/eventbus/Logger.java, line(s) 78,83 org/greenrobot/eventbus/util/ErrorDialogConfig.java, line(s) 43 org/greenrobot/eventbus/util/ErrorDialogManager.java, line(s) 162 org/greenrobot/eventbus/util/ExceptionToResourceMapping.java, line(s) 30 org/greenrobot/greendao/AbstractDao.java, line(s) 607,662 org/greenrobot/greendao/DaoException.java, line(s) 28,29 org/greenrobot/greendao/DaoLog.java, line(s) 15,19,27,35,39,43,51,55,23,59,63,67 org/greenrobot/greendao/DbUtils.java, line(s) 63,33 org/greenrobot/greendao/async/AsyncOperationExecutor.java, line(s) 289,299,311,387 org/greenrobot/greendao/internal/LongHashMap.java, line(s) 65 org/greenrobot/greendao/query/QueryBuilder.java, line(s) 98,101 org/greenrobot/greendao/test/AbstractDaoTest.java, line(s) 29,32,61 org/greenrobot/greendao/test/AbstractDaoTestLongPk.java, line(s) 18,23 org/greenrobot/greendao/test/DbTest.java, line(s) 63
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/begal/appclone/classes/DisableClipboardAccess.java, line(s) 9,76,396 com/hippo/ehviewer/preference/IdentityCookiePreference.java, line(s) 4,35 com/hippo/ehviewer/ui/fragment/AboutFragment.java, line(s) 4,44 com/hippo/ehviewer/ui/scene/GalleryCommentsScene.java, line(s) 5,529 com/hippo/ehviewer/ui/scene/GalleryInfoScene.java, line(s) 4,192 com/hippo/ehviewer/ui/scene/gallery/detail/GalleryDetailScene.java, line(s) 5,897 com/hippo/ehviewer/ui/scene/gallery/list/GalleryListSecenDialog.java, line(s) 5,27 com/hippo/ehviewer/util/ClipboardUtil.java, line(s) 4,36,52,60 com/hippo/util/AppHelper.java, line(s) 6,32
信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/begal/appclone/classes/DisableClipboardAccess.java, line(s) 46,137,142,153,236,241,252,9
信息 此应用程序使用SQL Cipher,确保密钥没有硬编码在代码中
此应用程序使用SQL Cipher,确保密钥没有硬编码在代码中 Files: com/microsoft/appcenter/utils/storage/DatabaseManager.java, line(s) 137,145
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/hippo/ehviewer/EhApplication.java, line(s) 253,271,321,339,252,251,251,269,269,319,319,337,337
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (firebase-settings.crashlytics.com) 通信。
{'ip': '180.163.151.162', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (app-measurement.com) 通信。
{'ip': '180.163.151.161', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (pagead2.googlesyndication.com) 通信。
{'ip': '180.163.150.38', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}