安全分析报告: iBaby Care v2.11.2

安全分数


安全分数 40/100

风险评级


等级

  1. A
  2. B
  3. C
  4. F

严重性分布 (%)


隐私风险

3

用户/设备跟踪器


调研结果

高危 11
中危 31
信息 1
安全 2
关注 12

高危 基本配置不安全地配置为允许到所有域的明文流量。 

Scope:
*

高危 Activity (com.ibaby.Ui.SOSActivity) 的启动模式不是standard模式 

Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。

高危 Activity (com.braintreepayments.api.BraintreeBrowserSwitchActivity) 的启动模式不是standard模式 

Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。

高危 Activity (com.alipay.sdk.app.PayResultActivity) 的启动模式不是standard模式 

Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。

高危 Activity (com.alipay.sdk.app.AlipayResultActivity) 的启动模式不是standard模式 

Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。

高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 

应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
com/jncryptor/AES256JNCryptorInputStream.java, line(s) 76
com/jncryptor/AES256JNCryptorOutputStream.java, line(s) 56

高危 使用弱加密算法 

使用弱加密算法
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
com/paypal/android/sdk/eg.java, line(s) 38,54

高危 该文件是World Readable。任何应用程序都可以读取文件 

该文件是World Readable。任何应用程序都可以读取文件
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2

Files:
com/ibaby/Common/PreferenceData.java, line(s) 274,284,174,204,194

高危 已启用远程WebView调试 

已启用远程WebView调试
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing

Files:
com/github/lzyzsd/jsbridge/BridgeWebView.java, line(s) 74,9

高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 

如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7

Files:
com/zendesk/sdk/support/ViewArticleActivity.java, line(s) 260,14,15
com/zopim/android/sdk/api/WebBinder.java, line(s) 60,7

高危 启用了调试配置。生产版本不能是可调试的 

启用了调试配置。生产版本不能是可调试的
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing

Files:
com/example/hellojni/BuildConfig.java, line(s) 3,6
com/slidingmenu/lib/BuildConfig.java, line(s) 3,4
com/ximalaya/ting/android/opensdk/BuildConfig.java, line(s) 3,6
com/ximalaya/ting/android/opensdk/model/BuildConfig.java, line(s) 3,6
com/ximalaya/ting/android/sdkdownloader/BuildConfig.java, line(s) 3,6

中危 Broadcast Receiver (com.ibaby.AlarmReceiver) 未被保护。 

存在一个intent-filter。
发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。

中危 Service (com.ibaby.AlarmService) 未被保护。 

存在一个intent-filter。
发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。

中危 Activity (com.ibaby.Ui.Install.InstallActivity) 未被保护。 

存在一个intent-filter。
发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。

中危 Activity (com.mob.tools.MobUIShell) 未被保护。 

存在一个intent-filter。
发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。

中危 Activity (com.ibaby.wxapi.WXPayEntryActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (com.ibaby.Fn.FCM.MyFirebaseMessagingService) 未被保护。 

存在一个intent-filter。
发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。

中危 Service (com.ibaby.Fn.FCM.MyFirebaseInstanceIDService) 未被保护。 

存在一个intent-filter。
发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。

中危 Activity (com.braintreepayments.api.BraintreeBrowserSwitchActivity) 未被保护。 

存在一个intent-filter。
发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。

中危 Broadcast Receiver (com.zendesk.sdk.power.BatteryStateBroadcastReceiver) 未被保护。 

存在一个intent-filter。
发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。

中危 Activity (com.zopim.android.sdk.prechat.ZopimChatActivity) 未被保护。 

存在一个intent-filter。
发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。

中危 Service (com.google.firebase.messaging.FirebaseMessagingService) 未被保护。 

[android:exported=true]
发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (com.firebase.jobdispatcher.GooglePlayReceiver) 受权限保护, 但是应该检查权限的保护级别。 

Permission: com.google.android.gms.permission.BIND_NETWORK_TASK_SERVICE [android:exported=true]
发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Activity (com.alipay.sdk.app.PayResultActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.alipay.sdk.app.AlipayResultActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Broadcast Receiver (com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver) 受权限保护, 但是应该检查权限的保护级别。 

Permission: android.permission.INSTALL_PACKAGES [android:exported=true]
发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。 

Permission: com.google.android.c2dm.permission.SEND [android:exported=true]
发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Service (com.google.firebase.iid.FirebaseInstanceIdService) 未被保护。 

[android:exported=true]
发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (cn.sharesdk.kakao.talk.ReceiveActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity-Alias (com.ibaby.wxapi.WXEntryActivity) 未被保护。 

[android:exported=true]
发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 高优先级的Intent (1000) 

[android:priority]
通过设置一个比另一个Intent更高的优先级,应用程序有效地覆盖了其他请求。

中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 

文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10

Files:
com/actionbarsherlock/internal/view/menu/MenuBuilder.java, line(s) 31,33
com/amazonaws/auth/CognitoCachingCredentialsProvider.java, line(s) 16,17,18,19,20
com/amazonaws/auth/policy/conditions/ConditionFactory.java, line(s) 8,9,10,11,12,13,14
com/amazonaws/auth/policy/conditions/S3ConditionFactory.java, line(s) 10,11,12,14,15,8,9,13
com/amazonaws/auth/policy/conditions/SNSConditionFactory.java, line(s) 7,8
com/amazonaws/mobileconnectors/s3/transferutility/TransferTable.java, line(s) 28
com/amazonaws/services/s3/Headers.java, line(s) 18,23,54
com/braintreepayments/api/DataCollector.java, line(s) 23,24,25
com/braintreepayments/api/PayPal.java, line(s) 50,51,52,57,53,72,65,66,67,68,55,56,58,59,60,61,63,64,69,71,73
com/braintreepayments/api/UnionPay.java, line(s) 17,16
com/braintreepayments/api/Venmo.java, line(s) 36,39,35
com/braintreepayments/api/exceptions/BraintreeError.java, line(s) 26,25,27
com/braintreepayments/api/exceptions/ErrorWithResponse.java, line(s) 24,25,26
com/braintreepayments/api/internal/AnalyticsEvent.java, line(s) 14,15,16,17,18,19
com/braintreepayments/api/internal/AnalyticsSender.java, line(s) 31,19,20,21,22,23,24,25,26,27,28,29,30,32,33,34,35,36
com/braintreepayments/api/internal/BraintreeHttpClient.java, line(s) 19,20
com/braintreepayments/api/internal/UUIDHelper.java, line(s) 8
com/braintreepayments/api/models/AmericanExpressRewardsBalance.java, line(s) 24,10,22,23,25,26,27,28,29
com/braintreepayments/api/models/AnalyticsConfiguration.java, line(s) 9
com/braintreepayments/api/models/AndroidPayCardNonce.java, line(s) 13,15,14,27
com/braintreepayments/api/models/AndroidPayConfiguration.java, line(s) 12,13,14,15,16
com/braintreepayments/api/models/BaseCardBuilder.java, line(s) 10,11,12,15,13,14,16,17,18,19,20,21,22,23,24,25,26,27,28,29
com/braintreepayments/api/models/BinData.java, line(s) 9,10,11,23,24,25,26,28,29,30
com/braintreepayments/api/models/BraintreeApiConfiguration.java, line(s) 8,9
com/braintreepayments/api/models/CardConfiguration.java, line(s) 10,11
com/braintreepayments/api/models/CardNonce.java, line(s) 26,14,27,12,13,28,30,31,32,29
com/braintreepayments/api/models/ClientToken.java, line(s) 12,14
com/braintreepayments/api/models/Configuration.java, line(s) 11,12,13,14,16,17,15,18,19,20,21,22,23,25,24,26,27,28,29,30
com/braintreepayments/api/models/GooglePaymentCardNonce.java, line(s) 11,13,12,25,26
com/braintreepayments/api/models/IdealBank.java, line(s) 15,27,28,29,30,31
com/braintreepayments/api/models/IdealConfiguration.java, line(s) 8,9
com/braintreepayments/api/models/IdealRequest.java, line(s) 8,9,10,11,12,13
com/braintreepayments/api/models/KountConfiguration.java, line(s) 8
com/braintreepayments/api/models/LocalPaymentRequest.java, line(s) 7,8,17,9,10,12,15,14,16,25,24,13,18,19,11,20,21,23,22
com/braintreepayments/api/models/LocalPaymentResult.java, line(s) 10,12,13,25,26,27,28,29,30,11,31,32,34
com/braintreepayments/api/models/MetadataBuilder.java, line(s) 8,7,9,10,11,12
com/braintreepayments/api/models/PayPalAccountBuilder.java, line(s) 10,11,12,13
com/braintreepayments/api/models/PayPalAccountNonce.java, line(s) 11,13,14,26,27,28,29,30,31,32,12,33,34
com/braintreepayments/api/models/PayPalConfiguration.java, line(s) 8,9,10,11,12,13,14,15,16
com/braintreepayments/api/models/PayPalCreditFinancing.java, line(s) 9,21,22,23,24,25
com/braintreepayments/api/models/PayPalCreditFinancingAmount.java, line(s) 20,21
com/braintreepayments/api/models/PayPalPaymentResource.java, line(s) 8,9,10,11
com/braintreepayments/api/models/PaymentMethodBuilder.java, line(s) 12,13,14,15
com/braintreepayments/api/models/PaymentMethodNonce.java, line(s) 13,15,14,17,16,19,18
com/braintreepayments/api/models/PostalAddress.java, line(s) 27,10,12,11,25,26,29,28,31,30,32,33,24
com/braintreepayments/api/models/SamsungPayConfiguration.java, line(s) 12,14,16,17
com/braintreepayments/api/models/ThreeDSecureAuthenticationResponse.java, line(s) 20,21
com/braintreepayments/api/models/ThreeDSecureInfo.java, line(s) 19,20
com/braintreepayments/api/models/ThreeDSecureLookup.java, line(s) 9,22,23,24,10,25
com/braintreepayments/api/models/ThreeDSecurePostalAddress.java, line(s) 24,9,22,23,28,21,25,26,27
com/braintreepayments/api/models/ThreeDSecureRequest.java, line(s) 9,10,22,23,24,25
com/braintreepayments/api/models/UnionPayCapabilities.java, line(s) 20,21,22,23,24
com/braintreepayments/api/models/UnionPayCardBuilder.java, line(s) 28,23,24,25,26,27
com/braintreepayments/api/models/VenmoAccountBuilder.java, line(s) 11,10
com/braintreepayments/api/models/VenmoAccountNonce.java, line(s) 22,23,9
com/braintreepayments/api/models/VenmoConfiguration.java, line(s) 11,12,13
com/braintreepayments/api/models/VisaCheckoutBuilder.java, line(s) 10,12
com/braintreepayments/api/models/VisaCheckoutNonce.java, line(s) 11,12,14,13,26,27,29,10
com/ibaby/Air/Ui/Settings/Alarm/AirSettingChangeAlarmActivity.java, line(s) 446
com/ibaby/Air/Ui/Settings/Alarm/AirSettingCheckTonesActivity.java, line(s) 93,79,128,152
com/ibaby/Common/Constants.java, line(s) 26
com/ibaby/GeTuiReceiver.java, line(s) 16,17
com/ibaby/Pack/NetBasePack.java, line(s) 11,14
com/ibaby/System/IBabyApplication.java, line(s) 43,63,51
com/ibaby/System/IBabyMapCore.java, line(s) 16
com/ibaby/System/IBabyMqttCore.java, line(s) 20,19
com/ibaby/Tk/AES256Util.java, line(s) 7,8
com/ibaby/Tk/ExampleRequest.java, line(s) 35,36
com/ibaby/Tk/WiFiControl.java, line(s) 233,246
com/ibaby/Ui/Audio/AudioBasicActivity.java, line(s) 136
com/ibaby/Ui/Install/M7L/WiFi/WifiConnectManager.java, line(s) 86
com/ibaby/Ui/Install/M7L/WiFi/WifiHotManager.java, line(s) 111
com/ibaby/Ui/Music/MusicPlayActivity.java, line(s) 129
com/ibaby/Ui/Set/ContactUsActivity.java, line(s) 69
com/ibaby/Ui/Set/FragmentContactSelect.java, line(s) 57
com/ibaby/Ui/Set/FragmentMusicPlay.java, line(s) 114
com/ibaby/Ui/Set/FragmentMusicPlayE.java, line(s) 111
com/ibaby/Ui/Show/FragmentFunShow.java, line(s) 264
com/ibaby/Ui/Toolkit/IBabyPreference.java, line(s) 13,14,18,19,22,23,25,27,28,29,30,31,32,50,61,58,62,63,56,57,64,65,66,78,79,81,84,90,91
com/ibaby/zxing/decoding/Intents.java, line(s) 45
com/kakao/kakaolink/internal/KakaoTalkLinkProtocol.java, line(s) 31,11,37
com/kakao/network/ServerProtocol.java, line(s) 15,20
com/kakao/util/helper/CommonProtocol.java, line(s) 8,9,11,12,14
com/p2p/pppp_thread/ThreadSYunStartDev.java, line(s) 95
com/starxnet/Thread/ThreadSYunAgentConnectDev.java, line(s) 14,22,15
com/ximalaya/ting/android/opensdk/auth/constants/XmlyConstants.java, line(s) 21
com/ximalaya/ting/android/opensdk/constants/DTransferConstants.java, line(s) 22,144,126,23
com/ximalaya/ting/android/opensdk/constants/PreferenceConstantsInOpenSdk.java, line(s) 46
com/ximalaya/ting/android/opensdk/model/ranks/Rank.java, line(s) 164
com/ximalaya/ting/android/opensdk/player/appnotification/XmNotificationCreater.java, line(s) 58
com/ximalaya/ting/android/player/cdn/CdnConstants.java, line(s) 8
com/ximalaya/ting/android/player/liveflv/FlvAacParser.java, line(s) 145
com/ximalaya/ting/android/sdkdownloader/http/KeyValue.java, line(s) 41
com/zendesk/sdk/model/request/CreateRequest.java, line(s) 8
com/zendesk/sdk/storage/IdentityStorage.java, line(s) 23,24,19,20
com/zendesk/sdk/storage/RequestStorage.java, line(s) 19
com/zendesk/sdk/storage/SdkSettingsStorage.java, line(s) 13,14
com/zhy/http/okhttp/builder/PostFormBuilder.java, line(s) 48
com/zopim/android/sdk/api/ChatService.java, line(s) 53
com/zopim/android/sdk/store/MachineIdPrefsStorage.java, line(s) 8
com/zopim/android/sdk/store/VisitorInfoPrefsStorage.java, line(s) 9,11,12
net/oauth/OAuth.java, line(s) 32,19,25
net/oauth/OAuthConsumer.java, line(s) 8
net/oauth/signature/RSA_SHA1.java, line(s) 18,19

中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 

应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage

Files:
com/danikula/videocache/StorageUtils.java, line(s) 21,38
com/github/mikephil/charting/charts/Chart.java, line(s) 762,777
com/github/mikephil/charting/utils/FileUtils.java, line(s) 23,118
com/ibaby/Fn/FnVideoSave.java, line(s) 12
com/ibaby/System/IBabyAppUpgradeCore$3.java, line(s) 30
com/ibaby/System/IBabyAppUpgradeCore.java, line(s) 128
com/ibaby/System/IBabyApplication.java, line(s) 362
com/ibaby/Tk/DownloadUtils.java, line(s) 33
com/ibaby/Tk/GetPathFromUri4kitkat.java, line(s) 20
com/ibaby/Tk/ImageUtil.java, line(s) 149,254,344,348,357,361,370
com/ibaby/Tk/TkIBabyUtil.java, line(s) 36,114,121
com/ibaby/Ui/Audio/AudioRecordActivity.java, line(s) 136,138
com/ibaby/Ui/Audio/AudioUpLoadActivity.java, line(s) 112
com/ibaby/Ui/FragmentMainM6.java, line(s) 2202
com/ibaby/Ui/Install/BabyInfoActivity.java, line(s) 111,112
com/ibaby/Ui/Loader/AsyncImageLoader.java, line(s) 143
com/ibaby/Ui/Loader/FileCache.java, line(s) 24,29
com/ibaby/Ui/Media/StatusExpandAdapter.java, line(s) 408
com/ibaby/Ui/MySelPictureActivity.java, line(s) 29
com/ibaby/Ui/Photo/GalleryViewerActivity.java, line(s) 149,189,240
com/ibaby/Ui/Set/Update/UpdateMainActivity.java, line(s) 219
com/ibaby/Ui/Show/FragmentFunShow.java, line(s) 98,273
com/ibaby/Ui/Show/PostShowImageActivity.java, line(s) 150
com/ibaby/Ui/Show/imagepickers/MediaLibraryActivity.java, line(s) 89
com/ibaby/Ui/Show/imagepickers/MediaLibraryPickerActivity.java, line(s) 92,133
com/ibaby/Ui/Show/imagepickers/data/ImageContants.java, line(s) 40
com/ibaby/Ui/Show/imagepickers/utils/ImagePickerComUtils.java, line(s) 56,60
com/ibaby/Ui/Show/widgets/SmallVideoView/SurfaceVideoViewCreator.java, line(s) 99,103
com/ibaby/Ui/Timeline/FragmentTimeline.java, line(s) 127,128
com/ibaby/Ui/Timeline/NewChildTimelineActivity.java, line(s) 81,82
com/ibaby/Ui/Timeline/PostTimelineActivity.java, line(s) 244,388,390
com/ibaby/Ui/Timeline/TimelineActivity.java, line(s) 115,116
com/ibaby/Ui/UserCenter/SettingUserInfoActivity.java, line(s) 73,74
com/ibaby/Utils/LogUtil.java, line(s) 78
com/ibaby/Utils/ViewHolder.java, line(s) 95
com/kakao/util/helper/FileUtils.java, line(s) 39
com/mapbox/mapboxsdk/offline/OfflineManager.java, line(s) 71,80
com/nostra13/universalimageloader/utils/StorageUtils.java, line(s) 22,48,48,53,53,58
com/p2p/pppp_thread/ThreadSYunRecvAudio.java, line(s) 271
com/paypal/android/sdk/aw.java, line(s) 109,340
com/paypal/android/sdk/ay.java, line(s) 21,44
com/paypal/android/sdk/d.java, line(s) 104
com/ximalaya/ting/android/opensdk/player/advertis/XmAdsManager.java, line(s) 57,58
com/ximalaya/ting/android/opensdk/util/FileUtilBase.java, line(s) 262,71,72
com/ximalaya/ting/android/opensdk/util/Logger.java, line(s) 39,40,187,190
com/ximalaya/ting/android/player/Logger.java, line(s) 47
com/ximalaya/ting/android/player/PlayerUtil.java, line(s) 107,117,318,318
com/ximalaya/ting/android/player/XMediaPlayerConstants.java, line(s) 33,35,19
com/ximalaya/ting/android/sdkdownloader/XmDownloadManager.java, line(s) 876
com/ximalaya/ting/android/sdkdownloader/util/FileUtil.java, line(s) 22,43,48
com/zlw/main/recorderlib/recorder/RecordConfig.java, line(s) 19,27,36
com/zlw/main/recorderlib/recorder/RecordHelper.java, line(s) 457
lib/android/paypal/com/magnessdk/a/a.java, line(s) 17,22
lib/android/paypal/com/magnessdk/e.java, line(s) 86,167
lib/android/paypal/com/magnessdk/f.java, line(s) 361

中危 MD5是已知存在哈希冲突的弱哈希 

MD5是已知存在哈希冲突的弱哈希
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
com/amazonaws/services/s3/AmazonS3Client.java, line(s) 668
com/amazonaws/services/s3/internal/MD5DigestCalculatingInputStream.java, line(s) 16
com/amazonaws/util/Md5Utils.java, line(s) 20,55
com/danikula/videocache/ProxyCacheUtils.java, line(s) 70
com/ibaby/Fn/FnBmpSave.java, line(s) 41
com/ibaby/Fn/FnMedia.java, line(s) 136,127
com/ibaby/Tk/MD5Util.java, line(s) 13,33
com/ibaby/Ui/Loader/AsyncImageLoader.java, line(s) 162
com/ximalaya/ting/android/opensdk/auth/utils/b.java, line(s) 11
com/ximalaya/ting/android/player/MD5.java, line(s) 13,29

中危 SHA-1是已知存在哈希冲突的弱哈希 

SHA-1是已知存在哈希冲突的弱哈希
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
com/ibaby/Utils/DeviceIdUtil.java, line(s) 87
com/jg/ids/e/d.java, line(s) 82
com/mapbox/mapboxsdk/telemetry/MapboxEventManager.java, line(s) 82
com/paypal/android/sdk/dh.java, line(s) 24
com/ximalaya/ting/android/opensdk/httputil/util/CrypterUtil.java, line(s) 17
net/oauth/signature/RSA_SHA1.java, line(s) 128,138

中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 

应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2

Files:
com/amazonaws/mobileconnectors/s3/transferutility/TransferTable.java, line(s) 3,45
com/braintreepayments/api/internal/AnalyticsDatabase.java, line(s) 6,7,8,41
com/danikula/videocache/sourcestorage/DatabaseSourceInfoStorage.java, line(s) 6,7,28
com/tutk/P2PCam264/DatabaseManager.java, line(s) 6,7,456
com/ximalaya/ting/android/sdkdownloader/db/XmSqLiteHelper.java, line(s) 5,6,25

中危 IP地址泄露 

IP地址泄露


Files:
com/danikula/videocache/HttpProxyCacheServer.java, line(s) 29
com/ibaby/Tk/TkIPv4Util.java, line(s) 100
com/ibaby/Ui/Install/I2/i2softap/I2SoftApInstall3Activity.java, line(s) 313
com/ibaby/Ui/Install/M2C/M2CLInstall3Activity.java, line(s) 373
com/ibaby/Ui/Install/M7L/Install/M7LInstall2Activity.java, line(s) 376
com/ibaby/Ui/Install/i2pro/i2prosoftap/I2ProSoftApInstall3Activity.java, line(s) 328
com/ibaby/Ui/Install/m8_2/m8_2softap/m8_2SoftApInstall3Activity.java, line(s) 315
com/ibaby/Ui/Install/m8l/m8lsoftap/m8lSoftApInstall3Activity.java, line(s) 314
com/ibaby/Utils/IpScanner.java, line(s) 20
com/paypal/android/sdk/az.java, line(s) 10
com/starxnet/Thread/ThreadSYunAgentRecvAudio.java, line(s) 76
com/starxnet/Thread/ThreadSYunAgentRecvIOCtrl.java, line(s) 55
com/starxnet/Thread/ThreadSYunAgentRecvVideo2.java, line(s) 64
com/starxnet/Thread/ThreadSYunAgentSendAudio.java, line(s) 82
com/tutk/IOTC/BuildConfig.java, line(s) 12
com/tutk/IOTC/p2p/P2PTunnelAgent.java, line(s) 20
com/ximalaya/ting/android/opensdk/httputil/HttpDNSUtilForOpenSDK.java, line(s) 43,43,41,42
com/zendesk/belvedere/BuildConfig.java, line(s) 9
com/zendesk/sdk/BuildConfig.java, line(s) 9
com/zendesk/sdk/network/impl/ZendeskService.java, line(s) 47
com/zendesk/sdk/providers/BuildConfig.java, line(s) 9
lib/android/paypal/com/magnessdk/a/b.java, line(s) 11

中危 应用程序使用不安全的随机数生成器 

应用程序使用不安全的随机数生成器
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators

Files:
com/amazonaws/retry/PredefinedRetryPolicies.java, line(s) 8
com/ibaby/Ui/Timeline/image/SingleImageActivity.java, line(s) 19
com/ibaby/Ui/View/RadarView.java, line(s) 13
com/kakao/network/multipart/MultipartRequestEntity.java, line(s) 7
com/paypal/android/sdk/cm.java, line(s) 8
com/paypal/android/sdk/eb.java, line(s) 5
com/paypal/android/sdk/ey.java, line(s) 5
com/paypal/android/sdk/onetouch/core/fpti/FptiManager.java, line(s) 17
com/paypal/android/sdk/onetouch/core/fpti/FptiToken.java, line(s) 3
com/ximalaya/ting/android/opensdk/datatrasfer/AccessTokenManager.java, line(s) 16
net/oauth/signature/RSA_SHA1SignatureTest.java, line(s) 14
q/rorbin/badgeview/BadgeAnimator.java, line(s) 12

中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞 

不安全的Web视图实现。可能存在WebView任意代码执行漏洞
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5

Files:
com/ximalaya/ting/android/opensdk/auth/component/XmlyBrowserComponent.java, line(s) 231,230
com/zopim/android/sdk/api/WebBinder.java, line(s) 43,41

中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件 

应用程序创建临时文件。敏感信息永远不应该被写进临时文件


Files:
com/ibaby/Tk/ImageUtil.java, line(s) 260

中危 应用程序包含隐私跟踪程序 

此应用程序有多个3隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。

中危 此应用可能包含硬编码机密信息 

从应用程序中识别出以下机密确保这些不是机密或私人信息
凭证信息=> "app_key" : "dd223c30f096e7dea2c15286e765c2a6"
MobTech(袤博科技) 推送SDK的=> "Mob-AppKey" : "3d828500c108"
MobTech(袤博科技) 推送SDK的=> "Mob-AppSecret" : "58ce9fd52cbbe52171da753c5f7515f0"
凭证信息=> "com.kakao.sdk.AppKey" : "bd26130fc03f719edbfa197d1defaada"
"firebase_database_url" : "https://ibabylabs-e179e.firebaseio.com"
"google_crash_reporting_api_key" : "AIzaSyAg5PGFMzYdUoh2vCut3esqIvT3bm2QK2U"
"mobcommon_authorize_dialog_reject" : "Reject"
"mobcommon_authorize_dialog_accept" : "Accept"
"frogot_pwd_send" : "Send"
"ssdk_weibo_oauth_regiseter" : "Authorization"
"frogot_pwd_send" : "Envoyer"
"google_api_key" : "AIzaSyAg5PGFMzYdUoh2vCut3esqIvT3bm2QK2U"
"frogot_pwd_cancel" : "Annuler"
"frogot_pwd_cancel" : "Cancel"
"ssdk_instapaper_pwd" : "Password"
"frogot_pwd_send" : "senden"
"air_user" : "Benutzerliste"
"frogot_pwd_cancel" : "abbrechen"
"Password" : "Password"
"Password" : "Passwort"
Ir6u2LUVVdyLKonwTtdFw9qhBaMb4NZuZHKS0bGxdZlRAB3
5ef2f0ecdbc2ec08212b3369
22a001357629de32518a24508149689f
308201db30820144a00302010202044c707197300d06092a864886f70d01010505003031310b3009060355040613026b6f310e300c060355040a13056b616b616f31123010060355040b13096b616b616f7465616d3020170d3130303832323030333834375a180f32313130303732393030333834375a3031310b3009060355040613026b6f310e300c060355040a13056b616b616f31123010060355040b13096b616b616f7465616d30819f300d06092a864886f70d010101050003818d0030818902818100aef387bc86e022a87e66b8c42153284f18e0c468cf9c87a241b989729dfdad3dd9e1847546d01a2819ba77f3974a47b473c926acae173fd90c7e635000721feeef6705da7ae949a35b82900a0f67d9464d73ed8a98c37f4ac70729494a17469bc40d4ee06d043b09147ebadc55fa1020968d7036c5fb9b8c148cba1d8e9d9fc10203010001300d06092a864886f70d0101050500038181005569be704c68cff6221c1e04dd8a131110f9f5cd2138042286337fd6014a1b1d2d3eeb266ae1630afe56bf63c07dd0b5c8fad46dcb9f802f9a7802fb89eb3b4777b9665bb1ed9feaf1dc7cac4f91abedfc81187ff6d2f471dbd12335d2c0ef0e2ee719df6e763f814b9ac91f8be37fd11d40686700d66be6de22a1836f060f01
308201e53082014ea00302010202044f4ae542300d06092a864886f70d01010505003037310b30090603550406130255533110300e060355040a1307416e64726f6964311630140603550403130d416e64726f6964204465627567301e170d3132303232373032303635385a170d3432303231393032303635385a3037310b30090603550406130255533110300e060355040a1307416e64726f6964311630140603550403130d416e64726f696420446562756730819f300d06092a864886f70d010101050003818d0030818902818100c0b41c25ef21a39a13ce89c82dc3a14bf9ef0c3094aa2ac1bf755c9699535e79119e8b980c0ecdcc51f259eb0d8b2077d41de8fcfdeaac3f386c05e2a684ecb5504b660ad7d5a01cce35899f96bcbd099c9dcb274c6eb41fef861616a12fb45bc57a19683a8a97ab1a33d9c70128878b67dd1b3a388ad5121d1d66ff04c065ff0203010001300d06092a864886f70d0101050500038181000418a7dacb6d13eb61c8270fe1fdd006eb66d0ff9f58f475defd8dc1fb11c41e34ce924531d1fd8ad26d9479d64f54851bf57b8dfe3a5d6f0a01dcad5b8c36ac4ac48caeff37888c36483c26b09aaa9689dbb896938d5afe40135bf7d9f12643046301867165d28be0baa3513a5084e182f7f9c044d5baa58bdce55fa1845241
dj0yJmk9MThNeWFSNFN6VUdvJmQ9WVdrOVMyRktlRTFKTm1zbWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmc3Y9MCZ4PWRi
6bzXGvSlP76ZiHOudKaAvoxrW8Cg5pA6EjIPpiz4zlw
6d41f62485a077baa5b25d91bdfd42fe
VZVjXceV7JgPq/dOTnNmEfO0Fv8=
m3u8ParsedNewMediaItemInfoFuncCallBackT
eyJ1IjoiZ2F2aW4xOCIsImEiOiJjaXl0cWI3MzIwMDJpMzJrOXQzNm5jaHRlIn0
7d45a99b7d75d7d7076070494cf39f36
1a7e871dcf53336f7cfae76159130efc
45615cf6-09cf-11e5-8dc5-12314305
9e4161440638510dcce7
EOTHbvqh0vwM2ldM2QIXbjVw0hZNuZEJLqdWmfTBLLSvGfqgyy9GKvjGybIxyGMd7gHXCXVtymqFQHS
bd26130fc03f719edbfa197d1defaada
eyAiY29uZl92ZXJzaW9uIjogIjMuMCIsImFzeW5jX3VwZGF0ZV90aW1lX2ludGVydmFsIjogMzYwMCwgImZvcmNlZF9mdWxsX3VwZGF0ZV90aW1lX2ludGVydmFsIjogMTgwMCwgImNvbmZfcmVmcmVzaF90aW1lX2ludGVydmFsIjogODY0MDAsICJhbmRyb2lkX2FwcHNfdG9fY2hlY2siOiBbICJjb20uZWJheS5jbGFzc2lmaWVkcy9jb20uZWJheS5hcHAuTWFpblRhYkFjdGl2aXR5IiwgImNvbS5lYmF5Lm1vYmlsZS9jb20uZWJheS5tb2JpbGUuYWN0aXZpdGllcy5lQmF5IiwgImNvbS5lYmF5LnJlZGxhc2VyL2NvbS5lYmF5LnJlZGxhc2VyLlNjYW5uZWRJdGVtc0FjdGl2aXR5IiwgImNvbS5taWxvLmFuZHJvaWQvY29tLm1pbG8uYW5kcm9pZC5hY3Rpdml0eS5Ib21lQWN0aXZpdHkiLCAiY29tLnBheXBhbC5hbmRyb2lkLnAycG1vYmlsZS9jb20ucGF5cGFsLmFuZHJvaWQucDJwbW9iaWxlLmFjdGl2aXR5LlNlbmRNb25leUFjdGl2aXR5IiwgImNvbS5yZW50L2NvbS5yZW50LmFjdGl2aXRpZXMuc2Vzc2lvbi5BY3Rpdml0eUhvbWUiLCAiY29tLnN0dWJodWIvY29tLnN0dWJodWIuQWJvdXQiLCAiY29tLnVsb2NhdGUvY29tLnVsb2NhdGUuYWN0aXZpdGllcy5TZXR0aW5ncyIsICJjb20ubm9zaHVmb3UuYW5kcm9pZC5zdS9jb20ubm9zaHVmb3UuYW5kcm9pZC5zdS5TdSIsICJzdGVyaWNzb24uYnVzeWJveC9zdGVyaWNzb24uYnVzeWJveC5BY3Rpdml0eS5NYWluQWN0aXZpdHkiLCAib3JnLnByb3h5ZHJvaWQvb3JnLnByb3h5ZHJvaWQuUHJveHlEcm9pZCIsICJjb20uYWVkLmRyb2lkdnBuL2NvbS5hZWQuZHJvaWR2cG4uTWFpbkdVSSIsICJuZXQub3BlbnZwbi5vcGVudnBuL25ldC5vcGVudnBuLm9wZW52cG4uT3BlblZQTkNsaWVudCIsICJjb20ucGhvbmVhcHBzOTkuYWFiaXByb3h5L2NvbS5waG9uZWFwcHM5OS5hYWJpcHJveHkuT3Jib3QiLCAiY29tLmV2YW5oZS5wcm94eW1hbmFnZXIucHJvL2NvbS5ldmFuaGUucHJveHltYW5hZ2VyLk1haW5BY3Rpdml0eSIsICJjb20uZXZhbmhlLnByb3h5bWFuYWdlci9jb20uZXZhbmhlLnByb3h5bWFuYWdlci5NYWluQWN0aXZpdHkiLCAiY29tLmFuZHJvbW8uZGV2MzA5MzYuYXBwNzYxOTgvY29tLmFuZHJvbW8uZGV2MzA5MzYuYXBwNzYxOTguQW5kcm9tb0Rhc2hib2FyZEFjdGl2aXR5IiwgImNvbS5tZ3JhbmphLmF1dG9wcm94eV9saXRlL2NvbS5tZ3JhbmphLmF1dG9wcm94eV9saXRlLlByb3h5TGlzdEFjdGl2aXR5IiwgImNvbS52cG5vbmVjbGljay5hbmRyb2lkL2NvbS52cG5vbmVjbGljay5hbmRyb2lkLk1haW5BY3Rpdml0eSIsICJuZXQuaGlkZW1hbi9uZXQuaGlkZW1hbi5TdGFydGVyQWN0aXZpdHkiLCAiY29tLmRvZW50ZXIuYW5kcm9pZC52cG4uZml2ZXZwbi9jb20uZG9lbnRlci5hbmRyb2lkLnZwbi5maXZldnBuLkZpdmVWcG4iLCAiY29tLnRpZ2VydnBucy5hbmRyb2lkL2NvbS50aWdlcnZwbnMuYW5kcm9pZC5NYWluQWN0aXZpdHkiLCAiY29tLnBhbmRhcG93LnZwbi9jb20ucGFuZGFwb3cudnBuLlBhbmRhUG93IiwgImNvbS5leHByZXNzdnBuLnZwbi9jb20uZXhwcmVzc3Zwbi52cG4uTWFpbkFjdGl2aXR5IiwgImNvbS5sb25kb250cnVzdG1lZGlhLnZwbi9jb20ubG9uZG9udHJ1c3RtZWRpYS52cG4uVnBuU2VydmljZUFjdGl2aXR5IiwgImZyLm1lbGVjb20uVlBOUFBUUC52MTAxL2ZyLm1lbGVjb20uVlBOUFBUUC52MTAxLlNwbGFzaFNjcmVlbiIsICJjb20uY2hlY2twb2ludC5WUE4vY29tLmNoZWNrcG9pbnQuVlBOLk1haW5IYW5kbGVyIiwgImNvbS50dW5uZWxiZWFyLmFuZHJvaWQvY29tLnR1bm5lbGJlYXIuYW5kcm9pZC5UYmVhck1haW5BY3Rpdml0eSIsICJkZS5ibGlua3Qub3BlbnZwbi9kZS5ibGlua3Qub3BlbnZwbi5NYWluQWN0aXZpdHkiLCAib3JnLmFqZWplLmZha2Vsb2NhdGlvbi9vcmcuYWplamUuZmFrZWxvY2F0aW9uLkZha2UiLCAiY29tLmxleGEuZmFrZWdwcy9jb20ubGV4YS5mYWtlZ3BzLlBpY2tQb2ludCIsICJjb20uZm9yZ290dGVucHJvamVjdHMubW9ja2xvY2F0aW9ucy9jb20uZm9yZ290dGVucHJvamVjdHMubW9ja2xvY2F0aW9ucy5NYWluIiwgImtyLndvb3QwcGlhLmdwcy9rci53b290MHBpYS5ncHMuQ2F0Y2hNZUlmVUNhbiIsICJjb20ubXkuZmFrZS5sb2NhdGlvbi9jb20ubXkuZmFrZS5sb2NhdGlvbi5jb20ubXkuZmFrZS5sb2NhdGlvbiIsICJqcC5uZXRhcnQuYXJzdGFsa2luZy9qcC5uZXRhcnQuYXJzdGFsa2luZy5NeVByZWZlcmVuY2VBY3Rpdml0eSIsICJsb2NhdGlvblBsYXkuR1BTQ2hlYXRGcmVlL2xvY2F0aW9uUGxheS5HUFNDaGVhdEZyZWUuQWN0aXZpdHlTbWFydExvY2F0aW9uIiwgIm9yZy5nb29kZXYubGF0aXR1ZGUvb3JnLmdvb2Rldi5sYXRpdHVkZS5MYXRpdHVkZUFjdGl2aXR5IiwgImNvbS5zY2hlZmZzYmxlbmQuZGV2aWNlc3Bvb2YvY29tLnNjaGVmZnNibGVuZC5kZXZpY2VzcG9vZi5EZXZpY2VTcG9vZkFjdGl2aXR5IiwgImNvbS5wcm94eUJyb3dzZXIvY29tLnByb3h5QnJvd3Nlci5OZXdQcm94eUJyb3dzZXJBY3Rpdml0eSIsICJjb20uaWNlY29sZGFwcHMucHJveHlzZXJ2ZXJwcm8vY29tLmljZWNvbGRhcHBzLnByb3h5c2VydmVycHJvLnZpZXdTdGFydCIsICJob3RzcG90c2hpZWxkLmFuZHJvaWQudnBuL2NvbS5hbmNob3JmcmVlLnVpLkhvdFNwb3RTaGllbGQiLCAiY29tLmRvZW50ZXIub25ldnBuL2NvbS5kb2VudGVyLm9uZXZwbi5WcG5TZXR0aW5ncyIsICJjb20ueWVzdnBuLmVuL2NvbS55ZXN2cG4uTWFpblRhYiIsICJjb20ub2ZmaWNld3l6ZS5wbHV0b3Zwbi9jb20ub2ZmaWNld3l6ZS5wbHV0b3Zwbi5Ib21lQWN0aXZpdHkiLCAib3JnLmFqZWplLmxvY2F0aW9uc3Bvb2ZlcnByby9vcmcuYWplamUubG9jYXRpb25zcG9vZmVycHJvLkZha2UiLCAibG9jYXRpb25QbGF5LkdQU0NoZWF0L2xvY2F0aW9uUGxheS5HUFNDaGVhdC5BY3Rpdml0eVNtYXJ0TG9jYXRpb24iIF0sICJsb2NhdGlvbl9taW5fYWNjdXJhY3kiOiA1MDAsICJsb2NhdGlvbl9tYXhfY2FjaGVfYWdlIjogMTgwMCwgInNlbmRfb25fYXBwX3N0YXJ0IjogMSwgImVuZHBvaW50X3VybCI6ICJodHRwczovL3N2Y3MucGF5cGFsLmNvbS9BY2Nlc3NDb250cm9sL0xvZ1Jpc2tNZXRhZGF0YSIsICJpbnRlcm5hbF9jYWNoZV9tYXhfYWdlIjogMzAsICJjb21wX3RpbWVvdXQiOiA2MDAgfQ==
fMBCvM6SjhiDEoLgtQbjivPzqe2cWXo20mQUCDrw9mYO
EJhi9jOPswug9TDOv93qg4Y28xIlqPDpAoqd7biDLpeGCPvORHjP1Fh4CbFPgKMGCHejdDwe9w1uDWnjPCp1lkaFBjVmjvjpFtnr6z1YeBbmfZYqa9faQT
3f7c6d6c-8d13-11e5-b614-d4ae52ccba32
4ifCxlDZUWyUJq75Y4pbOC4oxZnIY3rd
0c6bb86ed382d6a0d2e28afa9d024a10e7a129b5
30820303308201eba003020102020452441f49300d06092a864886f70d01010b05003031310b3009060355040613026b6f310e300c060355040a13056b616b616f31123010060355040b13096b616b616f7465616d3020170d3137303631393039353135315a180f33303135313032313039353135315a3031310b3009060355040613026b6f310e300c060355040a13056b616b616f31123010060355040b13096b616b616f7465616d30820122300d06092a864886f70d01010105000382010f003082010a0282010100c2867a4e6fb76eaa00d5ecac63c897ebd924bb40d3f7dd90f73599a2049ae40abc4c7b1dce10dafbfdabbebf3653d7c6a18a3ade469dbe5bd0590748aae4151491001eadd8b02f7469646530595c028ed70feeacd7184fc5b0fd0ceb95addd03b7d18097a32a4afc830e209e25c65656587d891282c610429965cc44f3d63ea249d4df41453ac30ca1b3eaf4b1f8fc5cf41af4964f66f611b799f6246fcb1d6b42fff8cff202a433a90ccd25385c4d015ac770dedf8914d86c53b0eebdd4c5c5e3a509e360785fc38ee075b6d7faad19f7c876ff3949a85f601158f99c67ee14c20ff759d3057dc258146f579a5e3d90457d9996f004808f4aa625ab9a67dfc30203010001a321301f301d0603551d0e041604141487897f76c0e76161888c86336325b6e58fce5d300d06092a864886f70d01010b050003820101007bf867fa1b4ef0ea4d6de127238319c84dcae79398e60f960ab71a8bdf488b0aa07888e994bba531f4419037cd006b7d9a64860a6591b96534967444b8854bef6a6eff3161dbcbebfe5e6c979650c9d51f76676b217b8285992f4a172d4a857775c42dc3875796434b13b78d6cfb174bfaa0c59976fb7a1cd4d26527881cfd39a61cd35843dd2cd49afd7d3966947b2662fc44dbff3704094687ce70ccabeb8a9d93f39974bd11fdb1dcb9404d8a6408cae45c315ced013f088c5264ce9c8738715ecf83bc991d4e3971e4a2cc39bcd11be426d793638981455d083cfd7bfd3b88ecd11e581260ae7fbf27b8c9cdf0da49a467e375f4273d6e01d7114ac7126f
f6a34d2c1349b7240e7fcb52c5f48a7122ce6906
25a6942f207c0f56c90d43615d74483f3c0b39a00edd3346
040ab2e8c70038d853755e848c5a2577

信息 应用程序记录日志信息,不得记录敏感信息 

应用程序记录日志信息,不得记录敏感信息
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs

Files:
cn/jzvd/JZTextureView.java, line(s) 53,80,81
cn/jzvd/JZUtils.java, line(s) 84
cn/jzvd/Jzvd.java, line(s) 94,101,172,337,363,465,599,660,603,242,320,355,375,383,399,417,423,474,526,536,573,579,585,591,630,642,672,684,759,768,778,790
com/actionbarsherlock/internal/ActionBarSherlockCompat.java, line(s) 451,763
com/actionbarsherlock/internal/nineoldandroids/animation/PropertyValuesHolder.java, line(s) 103,124,170,172,185,187,217,219,319,321,378,380
com/actionbarsherlock/internal/view/menu/MenuItemImpl.java, line(s) 86
com/actionbarsherlock/internal/widget/ActionBarView.java, line(s) 148,163
com/actionbarsherlock/view/MenuInflater.java, line(s) 203,248,277
com/actionbarsherlock/widget/ActivityChooserModel.java, line(s) 417,422,528,534,539,558
com/actionbarsherlock/widget/SearchView.java, line(s) 889,771,982
com/actionbarsherlock/widget/SuggestionsAdapter.java, line(s) 154,350,457,94,136,294,318,354,357,438,441
com/amazonaws/auth/CognitoCachingCredentialsProvider.java, line(s) 36,54,72,90,108,126,144,162,180,262,275,281,289,296,228,308
com/amazonaws/http/AmazonHttpClient.java, line(s) 203,224,202
com/amazonaws/mobileconnectors/s3/transferutility/TransferDBBase.java, line(s) 133
com/amazonaws/mobileconnectors/s3/transferutility/TransferProgress.java, line(s) 39
com/amazonaws/mobileconnectors/s3/transferutility/TransferService.java, line(s) 63,99
com/amazonaws/mobileconnectors/s3/transferutility/TransferState.java, line(s) 57
com/amazonaws/mobileconnectors/s3/transferutility/UploadPartTask.java, line(s) 39
com/amazonaws/mobileconnectors/s3/transferutility/UploadTask.java, line(s) 59,121,133
com/contrarywind/view/WheelView.java, line(s) 322
com/danikula/videocache/HttpProxyCacheDebuger.java, line(s) 50,57,63,28,39
com/decoder/util/DecADPCM.java, line(s) 12
com/decoder/util/DecG711.java, line(s) 10
com/decoder/util/DecG726.java, line(s) 23
com/decoder/util/DecH264.java, line(s) 34
com/decoder/util/DecH26X.java, line(s) 34
com/decoder/util/DecMp3.java, line(s) 14
com/decoder/util/DecMpeg4.java, line(s) 14
com/decoder/util/DecSpeex.java, line(s) 14
com/encoder/util/EncAAC.java, line(s) 16
com/encoder/util/EncADPCM.java, line(s) 12
com/encoder/util/EncG711.java, line(s) 10
com/encoder/util/EncG726.java, line(s) 23
com/encoder/util/EncSpeex.java, line(s) 14
com/firebase/jobdispatcher/DefaultJobValidator.java, line(s) 136
com/firebase/jobdispatcher/ExecutionDelegator.java, line(s) 66,22
com/firebase/jobdispatcher/GooglePlayCallbackExtractor.java, line(s) 22,33,37,47,51,75,95
com/firebase/jobdispatcher/GooglePlayMessageHandler.java, line(s) 53,64,40,43,52,63
com/firebase/jobdispatcher/GooglePlayReceiver.java, line(s) 51,89,155,169,160,205,206,60
com/firebase/jobdispatcher/JobCoder.java, line(s) 113,47,110
com/firebase/jobdispatcher/JobService.java, line(s) 89,107,175,88,34,44,66
com/firebase/jobdispatcher/JobServiceConnection.java, line(s) 42,84,119,31,76,96,113
com/github/mikephil/charting/charts/BarChart.java, line(s) 71
com/github/mikephil/charting/charts/BarLineChartBase.java, line(s) 551,606,626,274,285,300,306,470,474
com/github/mikephil/charting/charts/Chart.java, line(s) 388,902,206,227,364,883,888
com/github/mikephil/charting/charts/HorizontalBarChart.java, line(s) 151,92,96
com/github/mikephil/charting/components/AxisBase.java, line(s) 154
com/github/mikephil/charting/data/ChartData.java, line(s) 259
com/github/mikephil/charting/data/CombinedData.java, line(s) 195,202,209
com/github/mikephil/charting/listener/BarLineChartTouchListener.java, line(s) 281
com/github/mikephil/charting/utils/FileUtils.java, line(s) 45,69,95,109,123,134,150,169,182
com/github/mikephil/charting/utils/Utils.java, line(s) 45,63,71
com/haibin/calendarview/CalendarLayout.java, line(s) 356,426,476,484,534,550
com/ibaby/Air/Ui/AddLocation/LocationUtil.java, line(s) 65
com/ibaby/Air/Ui/FnAirNetProcMng.java, line(s) 315,322,329,208,209,210
com/ibaby/Air/Ui/FragmentMainAir.java, line(s) 269,309,528,595,655,1127,1131
com/ibaby/Air/Ui/FragmentMainBell.java, line(s) 130
com/ibaby/Air/Ui/FragmentMainHome.java, line(s) 150,154,232,422,483,518,428
com/ibaby/Air/Ui/FragmentMainLocation.java, line(s) 145
com/ibaby/Air/Ui/Graph/BaseFragment.java, line(s) 53
com/ibaby/Air/Ui/Graph/GraphChart.java, line(s) 159
com/ibaby/Air/Ui/Graph/GraphFragment.java, line(s) 85
com/ibaby/Air/Ui/Graph/MonthFragment.java, line(s) 79
com/ibaby/Air/Ui/Graph/TodayFragment.java, line(s) 77,112,115,305,315
com/ibaby/Air/Ui/Graph/WeekFragment.java, line(s) 51,81
com/ibaby/Air/Ui/Install/InstallAir3Activity.java, line(s) 179,234
com/ibaby/Air/Ui/Install/InstallAir4Activity.java, line(s) 71
com/ibaby/Air/Ui/Location/AirMapCommentActivity.java, line(s) 89,146
com/ibaby/Air/Ui/Location/FacouritesFragment.java, line(s) 47,158,159,188
com/ibaby/Air/Ui/Location/ListViewFragment.java, line(s) 54,177,178,215
com/ibaby/Air/Ui/Location/MapViewFragment.java, line(s) 135,149,174,592
com/ibaby/Air/Ui/MusicFragmenr/AirChildrenSongFragment.java, line(s) 126,175
com/ibaby/Air/Ui/MusicFragmenr/AirPoetryFragment.java, line(s) 125
com/ibaby/Air/Ui/MusicFragmenr/AirSleepFragment.java, line(s) 155,157,161,183
com/ibaby/Air/Ui/MusicFragmenr/AirStoryFragment.java, line(s) 126
com/ibaby/Air/Ui/MusicFragmentE/AirLullabiesFragment.java, line(s) 160
com/ibaby/Air/Ui/MusicFragmentE/AirNoiseFragment.java, line(s) 129,150,152,156,178
com/ibaby/Air/Ui/MusicFragmentE/AirPlayListFragment.java, line(s) 560,564
com/ibaby/Air/Ui/ReadingGuide/CircleIndicator.java, line(s) 131,188,239
com/ibaby/Air/Ui/Settings/AirSettingAlertActivity.java, line(s) 457
com/ibaby/Air/Ui/Settings/AirSettingLocationActivity.java, line(s) 102
com/ibaby/Air/Ui/Settings/Alarm/AirSettingChangeAlarmActivity.java, line(s) 446
com/ibaby/Air/Ui/Settings/Alarm/AirSettingCheckTonesActivity.java, line(s) 79,93,128,134,152
com/ibaby/Fn/FCM/MyJobService.java, line(s) 15
com/ibaby/Gif/GifView.java, line(s) 274
com/ibaby/Jni/webrtc.java, line(s) 22
com/ibaby/Mqtt/MqttSubscribe.java, line(s) 31
com/ibaby/Net/NetWorkStateReceiver.java, line(s) 18,38
com/ibaby/Pack/AnsChangeCameraNamePack.java, line(s) 16
com/ibaby/Pack/AnsDevicesPack.java, line(s) 90
com/ibaby/Pack/AnsShareUsersPack.java, line(s) 47
com/ibaby/Pack/B2/AnsEventVideoPack.java, line(s) 48
com/ibaby/Pack/Member/AnsGetMemberPack.java, line(s) 34,38
com/ibaby/Pack/Member/AnsGetMyProductsPack.java, line(s) 28
com/ibaby/Pack/Member/AnsGetOrderPack.java, line(s) 23,27,30
com/ibaby/Pack/Member/AnsGetOrdersPack.java, line(s) 30,34,39
com/ibaby/Pack/Member/AnsGetProductsPack.java, line(s) 36
com/ibaby/Pack/Member/AnsMemberPayPack.java, line(s) 19,22
com/ibaby/Pack/Member/AnsMemberPrepayAntPack.java, line(s) 21
com/ibaby/Pack/Member/AnsMemberPrepayPack.java, line(s) 21
com/ibaby/Pack/Member/AnsMemberPrepayWechatPack.java, line(s) 27
com/ibaby/Pack/Member/ReqMemberPrepayPack.java, line(s) 47
com/ibaby/Pack/Music/ReqRemoveBuiltInMusicPack.java, line(s) 28
com/ibaby/Pack/NetSYunBasePack.java, line(s) 178,202
com/ibaby/Pack/NetSYunMediaBasePack.java, line(s) 78,101
com/ibaby/Pack/Popup/AnsGetPopupPack.java, line(s) 23
com/ibaby/Pack/SoftAp/AnsBroadcastDataPack.java, line(s) 64
com/ibaby/Pack/SoftAp/ReqSoftAPDataPack.java, line(s) 35,45,47
com/ibaby/Pack/Usb/AnsCameraIDPack.java, line(s) 21
com/ibaby/Pack/Usb/AnsFirmwareVersionPack.java, line(s) 22
com/ibaby/Pack/Usb/AnsKeyPack.java, line(s) 20
com/ibaby/Pack/Usb/AnsP2PUIDPWDPack.java, line(s) 23
com/ibaby/Pack/Usb/AnsP2PUIDPack.java, line(s) 26
com/ibaby/Pack/Usb/AnsWiFiMacPack.java, line(s) 21
com/ibaby/Pack/Usb/AnsWiFiPack.java, line(s) 20
com/ibaby/Pack/Usb/NetBasePack.java, line(s) 69,96
com/ibaby/Pack/Usb/RWCameraIDPack.java, line(s) 29
com/ibaby/Pack/Usb/RWKeyPack.java, line(s) 29
com/ibaby/Pack/Usb/RWP2PUIDPWDPack.java, line(s) 33
com/ibaby/Pack/Usb/RWP2PUIDPack.java, line(s) 33
com/ibaby/Pack/Usb/ReqVersionPack.java, line(s) 29
com/ibaby/Pack/UserDestroy/AnsDestroyEnsurePack.java, line(s) 17
com/ibaby/Pack/UserDestroy/AnsGetDestroyCodePack.java, line(s) 17
com/ibaby/Service/MqttService.java, line(s) 37,42,107,117,145,160
com/ibaby/Service/MqttThread.java, line(s) 22,46,63,73
com/ibaby/Socket/CdiNetBroadcastListener.java, line(s) 67,76,83,85,100,112,124,51
com/ibaby/SoftAp/SoftAPNotifyType.java, line(s) 23,37
com/ibaby/SoftAp/SoftAPTCPListener.java, line(s) 44,52,62,73,107
com/ibaby/System/IBabyAppUpgradeCore.java, line(s) 112,113
com/ibaby/System/IBabyApplication.java, line(s) 466,472
com/ibaby/System/IBabyEventVideoCore.java, line(s) 29
com/ibaby/System/IBabyMqttCore.java, line(s) 45
com/ibaby/System/IBabyStartScRoot.java, line(s) 19,24
com/ibaby/Thread/Air/EditAlarmThread.java, line(s) 42
com/ibaby/Thread/Air/GetAirChartThread.java, line(s) 47
com/ibaby/Thread/Air/PostAlarmThread.java, line(s) 43
com/ibaby/Thread/Air/SenAirFeedbackThead.java, line(s) 27
com/ibaby/Thread/Member/GetMemberThread.java, line(s) 24
com/ibaby/Thread/PostShowThread.java, line(s) 30
com/ibaby/Thread/PushDevicesInfoThread.java, line(s) 40
com/ibaby/Thread/Timeline/PostTimelineThread.java, line(s) 44
com/ibaby/Tk/DensityUtil.java, line(s) 50,53
com/ibaby/Tk/DownloadService.java, line(s) 120,61,89,110
com/ibaby/Tk/GradientDrawables.java, line(s) 10
com/ibaby/Tk/HttpUtil.java, line(s) 59,80,84
com/ibaby/Tk/JSONUtil.java, line(s) 48,87,111,128,143,164
com/ibaby/Tk/MD5Util.java, line(s) 50
com/ibaby/Tk/NetWorkSpeedUtils.java, line(s) 26,28,43
com/ibaby/Tk/PermissionChecker.java, line(s) 56
com/ibaby/Tk/PostTimelineUtil.java, line(s) 56,70,101
com/ibaby/Tk/TkNetSocketOpt.java, line(s) 15
com/ibaby/Tk/UploadImageUtil.java, line(s) 57,64
com/ibaby/Ui/Audio/AudioPlayActivity.java, line(s) 150,155,737
com/ibaby/Ui/Control/MultiGraphChart.java, line(s) 126
com/ibaby/Ui/Control/MusicPopupWindow.java, line(s) 91,92,93,101
com/ibaby/Ui/Control/PirRaiseView.java, line(s) 84,88,96,100,109,113,121,125,174,178,186,190,199,203,211,215,264,268,276,280,289,293,301,305,448
com/ibaby/Ui/Control/Ruler/RulerView.java, line(s) 530
com/ibaby/Ui/Control/SoundView.java, line(s) 72
com/ibaby/Ui/Install/B2/B2LiveViewActivity.java, line(s) 409,806
com/ibaby/Ui/Install/B2/B2PirRaiseActivity.java, line(s) 36,38,42,106,115,121,126
com/ibaby/Ui/Install/B2/FragmentMainB2.java, line(s) 40
com/ibaby/Ui/Install/I2/i2softap/I2SoftApInstall2Activity.java, line(s) 377
com/ibaby/Ui/Install/I2/i2softap/I2SoftApInstall3Activity.java, line(s) 380
com/ibaby/Ui/Install/InstallActivity.java, line(s) 529
com/ibaby/Ui/Install/M2C/M2CInstall2Activity.java, line(s) 419
com/ibaby/Ui/Install/M2C/M2CInstall2NewActivity.java, line(s) 185,498,500,504,509,525
com/ibaby/Ui/Install/M2C/M2CInstall2SFAPActivity.java, line(s) 328
com/ibaby/Ui/Install/M2Pro/Install/InstallM2Pro2Activity.java, line(s) 201,256,495
com/ibaby/Ui/Install/M2Pro/Install/InstallM2ProNew1Activity.java, line(s) 145
com/ibaby/Ui/Install/M2Pro/Install/InstallM2ProNew2Activity.java, line(s) 325,391
com/ibaby/Ui/Install/M2Pro/Install/InstallM2ProNewActivity.java, line(s) 293,423
com/ibaby/Ui/Install/M6s/Air/Graph/M6sBaseFragment.java, line(s) 61
com/ibaby/Ui/Install/M6s/Air/M6sAirGraphActivity.java, line(s) 107,138,144
com/ibaby/Ui/Install/M6s/Air/M6sSettingAlertActivity.java, line(s) 556,2141,2162
com/ibaby/Ui/Install/M6s/InstallM6s/InstallM6s5Activity.java, line(s) 237,373
com/ibaby/Ui/Install/M6s/InstallM6s/InstallM6sNew1Activity.java, line(s) 139
com/ibaby/Ui/Install/M6s/InstallM6s/InstallM6sNew2Activity.java, line(s) 341
com/ibaby/Ui/Install/M6s/Thread/GetPackDataThread.java, line(s) 35
com/ibaby/Ui/Install/M7/Install/InstallM7New1Activity.java, line(s) 121
com/ibaby/Ui/Install/M7/Install/InstallM7New2Activity.java, line(s) 320
com/ibaby/Ui/Install/M7L/WiFi/WifiConnectBroadCast.java, line(s) 31,35,38,41,44,47
com/ibaby/Ui/Install/M7L/WiFi/WifiHotManager.java, line(s) 111,29,32
com/ibaby/Ui/Install/M7L/WiFi/WifiScanRsultBroadCast.java, line(s) 26
com/ibaby/Ui/Install/M7L/WiFi/WifiStateBroadCast.java, line(s) 62,66,69,72,75,78
com/ibaby/Ui/Install/M8/M8CaptureActivity.java, line(s) 239
com/ibaby/Ui/Install/M8/M8InstallScanActivity.java, line(s) 192
com/ibaby/Ui/Install/Setup2Activity.java, line(s) 72,288
com/ibaby/Ui/Install/i2pro/i2prosoftap/I2ProSoftApInstall2Activity.java, line(s) 359
com/ibaby/Ui/Install/m8_2/m8_2softap/m8_2SoftApInstall2Activity.java, line(s) 372
com/ibaby/Ui/Install/m8_2/m8_2softap/m8_2SoftApInstall3Activity.java, line(s) 382
com/ibaby/Ui/Install/m8l/m8lsoftap/m8lSoftApInstall2Activity.java, line(s) 372
com/ibaby/Ui/Install/m8l/m8lsoftap/m8lSoftApInstall3Activity.java, line(s) 381
com/ibaby/Ui/Loader/AsyncImageLoader.java, line(s) 78,83
com/ibaby/Ui/Loader/MemoryCache.java, line(s) 29,57,67
com/ibaby/Ui/MainActivity.java, line(s) 1829
com/ibaby/Ui/Media/StatusExpandAdapter.java, line(s) 516
com/ibaby/Ui/Member/Adapter/BenefitAdapter.java, line(s) 44
com/ibaby/Ui/Member/Adapter/ServiceAdapter.java, line(s) 44
com/ibaby/Ui/Member/FragmentMember.java, line(s) 84,94,96,271
com/ibaby/Ui/Member/ServiceActivity.java, line(s) 136
com/ibaby/Ui/Multi/MultiActivity.java, line(s) 1434
com/ibaby/Ui/Multi/MultiListAdapter.java, line(s) 76,95,101
com/ibaby/Ui/Music/FragmentMusic/ChildrenSongFragment.java, line(s) 111
com/ibaby/Ui/Music/FragmentMusic/PlayListCFragment.java, line(s) 564,568
com/ibaby/Ui/Music/FragmentMusic/PoetryFragment.java, line(s) 110
com/ibaby/Ui/Music/FragmentMusic/SleepFragment.java, line(s) 114,159,161,165,187
com/ibaby/Ui/Music/FragmentMusic/StoryFragment.java, line(s) 111
com/ibaby/Ui/Music/FragmentMusicE/LullabiesFragment.java, line(s) 227
com/ibaby/Ui/Music/FragmentMusicE/NoiseFragment.java, line(s) 129,149,151,155,177
com/ibaby/Ui/Music/FragmentMusicE/PlayListFragment.java, line(s) 565,569
com/ibaby/Ui/Music/MusicAgeActivity.java, line(s) 895
com/ibaby/Ui/Music/MusicPlayEActivity.java, line(s) 222,258,295,1197
com/ibaby/Ui/Music/MusicSearchActivity.java, line(s) 220,258,581,627,1190,1195,1200,1210
com/ibaby/Ui/Music/MusicTrackActivity.java, line(s) 226,264,572
com/ibaby/Ui/Music/SceneActivity.java, line(s) 87,187,285,348
com/ibaby/Ui/Music/SceneSetActivity.java, line(s) 231,324,466
com/ibaby/Ui/Photo/GalleryViewerActivity.java, line(s) 186,237,556,560
com/ibaby/Ui/PlayBackVideo/B2PlayBackVideoActivity.java, line(s) 169,176
com/ibaby/Ui/PlayBackVideo/B2PlayBackVideoExActivity.java, line(s) 73,181,188
com/ibaby/Ui/Set/ContactUsActivity.java, line(s) 69,77
com/ibaby/Ui/Set/FragmentAudioPlay.java, line(s) 155,731
com/ibaby/Ui/Set/FragmentContactSelect.java, line(s) 57,65
com/ibaby/Ui/Set/FragmentMusicPlayE.java, line(s) 207
com/ibaby/Ui/Set/FragmentSettingAlert.java, line(s) 493,1577,1581,2814
com/ibaby/Ui/Set/FragmentSettingContact.java, line(s) 134
com/ibaby/Ui/Set/SettingCameraPowerActivity.java, line(s) 124
com/ibaby/Ui/Set/SettingCryAlertActivity.java, line(s) 86,90,487,495
com/ibaby/Ui/Set/SettingDisplay.java, line(s) 145
com/ibaby/Ui/Set/SettingSleepModeActivity.java, line(s) 79,91,272,407,506,511
com/ibaby/Ui/Set/SettingTimelapseActivity.java, line(s) 72
com/ibaby/Ui/Set/Update/UpdateMainActivity.java, line(s) 228,661
com/ibaby/Ui/Set/ZendeskDialog.java, line(s) 62,79,202,90,195,205
com/ibaby/Ui/Show/PostShowImageActivity.java, line(s) 99,289,320,351,266
com/ibaby/Ui/Show/PostShowWordActivity.java, line(s) 33
com/ibaby/Ui/Show/ReportActivity.java, line(s) 108
com/ibaby/Ui/Show/SmallVideoActivity.java, line(s) 49,88
com/ibaby/Ui/Show/imagepickers/data/ImageDataModel.java, line(s) 292,381,468
com/ibaby/Ui/Show/imagepickers/data/VideoDataModel.java, line(s) 175
com/ibaby/Ui/Show/imagepickers/ui/grid/presenter/ImageDataPresenter.java, line(s) 74
com/ibaby/Ui/Show/imagepickers/ui/grid/view/ImageDataActivity.java, line(s) 289,286,296
com/ibaby/Ui/Show/imagepickers/ui/pager/adapter/ImagePagerAdapter.java, line(s) 57
com/ibaby/Ui/Show/widgets/SmallVideoView/SurfaceVideoView.java, line(s) 84,181,278
com/ibaby/Ui/Show/widgets/SmallVideoView/SurfaceVideoViewCreator.java, line(s) 129,193,208
com/ibaby/Ui/Store/StoreServiceActivity.java, line(s) 199
com/ibaby/Ui/Store/adapter/FragmentStoreAdapter.java, line(s) 57
com/ibaby/Ui/Store/adapter/OrderAdapter.java, line(s) 55
com/ibaby/Ui/Store/adapter/StoreServiceAdapter.java, line(s) 58
com/ibaby/Ui/Timeline/Adapter/RecyclerViewAdapter.java, line(s) 169,174,182,305
com/ibaby/Ui/Timeline/FragmentTimeline.java, line(s) 275
com/ibaby/Ui/Timeline/NewGrowthActivity.java, line(s) 70,116,138,146,184,192,265
com/ibaby/Ui/Timeline/PostTimelineActivity.java, line(s) 117,180,278,297,303,412,418,424,549,601,642,507
com/ibaby/Ui/Timeline/TimelineInfoActivity.java, line(s) 261,266,281,434
com/ibaby/Ui/Timeline/TimelineSearchActivity.java, line(s) 376
com/ibaby/Ui/Timeline/image/ImagesActivity.java, line(s) 96,102,103,104,105,109,110
com/ibaby/Ui/Timeline/video/VideoPlayActivity.java, line(s) 82,281
com/ibaby/Ui/Timeline/video/VideoPlayExActivity.java, line(s) 37
com/ibaby/Ui/UnCeHandler.java, line(s) 35
com/ibaby/Ui/View/FlingCardListener.java, line(s) 107,112,113,114,120
com/ibaby/Usb/USBAccessoryManager.java, line(s) 55,73,128,132,136,298,370
com/ibaby/Usb/USBAccessoryNotifyType.java, line(s) 23,37
com/ibaby/Utils/LogUtil.java, line(s) 45,33,53,59,61,67,27,73,39
com/ibaby/rxhttp/https_glide/OkHttpStreamFetcher.java, line(s) 41,40
com/ibaby/wxapi/WXPayEntryActivity.java, line(s) 35,37,50
com/ibaby/zxing/activity/CaptureActivity.java, line(s) 222
com/ibaby/zxing/camera/AutoFocusCallback.java, line(s) 26
com/ibaby/zxing/camera/CameraConfigurationManager.java, line(s) 36,39,48,53,84,104,121,171,182
com/ibaby/zxing/camera/FlashlightManager.java, line(s) 18,20,60,71,80,83,86
com/ibaby/zxing/camera/PreviewCallback.java, line(s) 36
com/ibaby/zxing/decoding/CaptureActivityHandler.java, line(s) 54,60,66,70
com/ibaby/zxing/decoding/DecodeHandler.java, line(s) 67
com/ibaby/zxing/decoding/M8CaptureActivityHandler.java, line(s) 54,60,66,70
com/ibaby/zxing/decoding/M8DecodeHandler.java, line(s) 67
com/kakao/message/template/TextTemplate.java, line(s) 50
com/kakao/util/helper/Utility.java, line(s) 123,154
com/kakao/util/helper/log/Logger.java, line(s) 64,70,81,73,67,76
com/mapbox/mapboxsdk/http/HTTPRequest.java, line(s) 92,126,128,90,130
com/mapbox/mapboxsdk/location/LocationServices.java, line(s) 39,94
com/mapbox/mapboxsdk/maps/MapView.java, line(s) 1294,1298,1314,1318,387,802,805,820,822,833,835
com/mapbox/mapboxsdk/maps/MapboxMap.java, line(s) 167,196,223,242,970,789
com/mapbox/mapboxsdk/maps/NativeMapView.java, line(s) 281,285
com/mapbox/mapboxsdk/net/ConnectivityReceiver.java, line(s) 40
com/mapbox/mapboxsdk/offline/OfflineManager.java, line(s) 97,64,66,73,100,84
com/mapbox/mapboxsdk/offline/OfflineRegion.java, line(s) 220
com/mapbox/mapboxsdk/style/layers/PropertyValue.java, line(s) 29,37
com/mapbox/mapboxsdk/telemetry/GzipRequestInterceptor.java, line(s) 20,23
com/mapbox/mapboxsdk/telemetry/MapboxEventManager.java, line(s) 107,161,165,195,222,299,121,73,75,88,159,168,173,179,186,212,84,145,285,315,416
com/mapbox/mapboxsdk/telemetry/TelemetryService.java, line(s) 49,54,40
com/mapzen/android/lost/internal/FusionEngine.java, line(s) 94,102,110
com/nineoldandroids/animation/PropertyValuesHolder.java, line(s) 148,176,222,240,242,259,261,297,299,425,427,515,517
com/nostra13/universalimageloader/cache/disc/impl/ext/DiskLruCache.java, line(s) 116
com/p2p/pppp_api/PPCS_APIs.java, line(s) 81,83,85
com/p2p/pppp_thread/ThreadSYunConnectDev.java, line(s) 36
com/p2p/pppp_thread/ThreadSYunRecvAudio.java, line(s) 78,153,167,186,190,203,206,210,216,88,120,147
com/p2p/pppp_thread/ThreadSYunRecvVideo2.java, line(s) 176
com/p2p/pppp_thread/ThreadSYunSendAudio.java, line(s) 68,103,192,106,109
com/p2p/pppp_thread/ThreadSYunStartDev.java, line(s) 95
com/paypal/android/sdk/a.java, line(s) 57
com/paypal/android/sdk/ax.java, line(s) 111
com/paypal/android/sdk/ci.java, line(s) 14,25
com/paypal/android/sdk/cm.java, line(s) 68,79,156,160
com/paypal/android/sdk/cq.java, line(s) 49,82,45,62,74
com/paypal/android/sdk/cw.java, line(s) 54,55,56
com/paypal/android/sdk/d.java, line(s) 131,135
com/paypal/android/sdk/e.java, line(s) 29
com/paypal/android/sdk/eg.java, line(s) 26
com/paypal/android/sdk/eh.java, line(s) 34
com/paypal/android/sdk/ek.java, line(s) 150
com/paypal/android/sdk/em.java, line(s) 28
com/paypal/android/sdk/er.java, line(s) 20
com/paypal/android/sdk/gc.java, line(s) 30,41
com/paypal/android/sdk/gl.java, line(s) 46
com/paypal/android/sdk/onetouch/core/Result.java, line(s) 80,111
com/paypal/android/sdk/onetouch/core/encryption/PRNGFixes.java, line(s) 82
com/paypal/android/sdk/payments/PayPalAuthorization.java, line(s) 66
com/paypal/android/sdk/payments/PayPalConfiguration.java, line(s) 63,91
com/paypal/android/sdk/payments/PayPalFuturePaymentActivity.java, line(s) 40,47,51,98,100
com/paypal/android/sdk/payments/PayPalItem.java, line(s) 29,156
com/paypal/android/sdk/payments/PayPalPayment.java, line(s) 77,84,258
com/paypal/android/sdk/payments/PayPalPaymentDetails.java, line(s) 81
com/paypal/android/sdk/payments/PayPalProfileSharingActivity.java, line(s) 66,68
com/paypal/android/sdk/payments/PayPalService.java, line(s) 190,256,262,466
com/paypal/android/sdk/payments/PaymentActivity.java, line(s) 41,48,53,103,105
com/paypal/android/sdk/payments/PaymentConfirmActivity.java, line(s) 356,137,288
com/paypal/android/sdk/payments/PaymentConfirmation.java, line(s) 63
com/paypal/android/sdk/payments/ProofOfPayment.java, line(s) 85
com/paypal/android/sdk/payments/ShippingAddress.java, line(s) 41,131
com/paypal/android/sdk/payments/bu.java, line(s) 39,49,56
com/paypal/android/sdk/payments/ca.java, line(s) 19
com/paypal/android/sdk/payments/cg.java, line(s) 116,238,252,275,289,304,331
com/paypal/android/sdk/payments/d.java, line(s) 179
com/paypal/android/sdk/payments/m.java, line(s) 389,164
com/paypal/android/sdk/payments/z.java, line(s) 25,32,16
com/sebchlan/picassocompat/PicassoBridge.java, line(s) 56
com/slidingmenu/lib/CustomViewBehind.java, line(s) 248
com/slidingmenu/lib/SlidingMenu.java, line(s) 526,543
com/starxnet/Thread/AppExecutors.java, line(s) 75,89,111
com/starxnet/Thread/ThreadSYunAgentRecvIOCtrl.java, line(s) 88
com/tutk/IOTC/AVAPIs.java, line(s) 102
com/tutk/IOTC/AVFrameQueue.java, line(s) 20,22,30
com/tutk/IOTC/AVIOCTRLDEFs.java, line(s) 761,762
com/tutk/IOTC/AoNiGLRender.java, line(s) 291,316,335
com/tutk/IOTC/AoNiGLRender1.java, line(s) 157,185,233,65
com/tutk/IOTC/Camera.java, line(s) 274,279,284,289,294,299,304,309,314,319,343,349,538
com/tutk/IOTC/GLProgram.java, line(s) 174,175,192,193,218
com/tutk/IOTC/IOTCAPIs.java, line(s) 129,134,138
com/tutk/IOTC/Monitor.java, line(s) 117,224,296,345
com/tutk/IOTC/MyRenderer.java, line(s) 75,93,119,193,218,219
com/tutk/IOTC/TkPcBuffer.java, line(s) 42
com/tutk/P2PCam264/MyTutkCamera.java, line(s) 102,113,146,152
com/tutk/Thread/ThreadConnectDev.java, line(s) 39,50,66,77,84,87,101
com/tutk/Thread/ThreadRecvIOCtrl.java, line(s) 51,57,63,65,67,74,81
com/tutk/Thread/ThreadStartDev.java, line(s) 37,56,63,75,85,114
com/ximalaya/ting/android/opensdk/auth/utils/Logger.java, line(s) 19,33,26,47,40
com/ximalaya/ting/android/opensdk/player/advertis/XmAdsRecord.java, line(s) 145
com/ximalaya/ting/android/opensdk/player/appnotification/XmNotificationCreater.java, line(s) 323
com/ximalaya/ting/android/opensdk/player/service/MyRemoteCallbackList.java, line(s) 17
com/ximalaya/ting/android/opensdk/util/Logger.java, line(s) 236,257,264,310,317,128,271,278,243,250,285,292,299
com/ximalaya/ting/android/player/Logger.java, line(s) 102,110,156,163,20,78,117,124,85,92,131,138,145,18,167
com/ximalaya/ting/android/player/PlayerUtil.java, line(s) 45,49,78
com/ximalaya/ting/android/player/XMediaplayerJNI.java, line(s) 474,477
com/ximalaya/ting/android/player/cdn/CdnUtil.java, line(s) 90
com/ximalaya/ting/android/player/liveflv/FlvAacParser.java, line(s) 145,165,171
com/ximalaya/ting/android/sdkdownloader/DownloadCallback.java, line(s) 49,62,78,92,105,120
com/ximalaya/ting/android/sdkdownloader/downloadutil/viewholder/AbstractAdapter.java, line(s) 145
com/zendesk/belvedere/BelvedereDialog.java, line(s) 154
com/zendesk/belvedere/BelvedereFileProvider.java, line(s) 16
com/zendesk/belvedere/BelvedereStorage.java, line(s) 55
com/zendesk/belvedere/DefaultLogger.java, line(s) 11,25,32,18
com/zendesk/logger/Logger.java, line(s) 178
com/zendesk/sdk/support/SupportActivity.java, line(s) 154
com/zhy/http/okhttp/cookie/store/PersistentCookieStore.java, line(s) 141,150,153
com/zhy/http/okhttp/log/LoggerInterceptor.java, line(s) 41,43,44,45,47,50,53,56,58,69,70,71,73,77,79,81,84
com/zhy/http/okhttp/utils/L.java, line(s) 10
com/zlw/main/recorderlib/utils/Logger.java, line(s) 55,64,109,118,73,82,37,46,91,100
com/zopim/android/sdk/api/ChatService.java, line(s) 102,118,119,126,127,136,138,139,141,142,170,171,180,181,612
com/zopim/android/sdk/api/WebBinder.java, line(s) 251
com/zopim/android/sdk/data/LivechatChatLogPath.java, line(s) 222,223
com/zopim/android/sdk/data/observers/ViewModelFactory.java, line(s) 152,152,153,153
fftlib/FFT.java, line(s) 112,113,115,117,142
lib/android/paypal/com/magnessdk/b/a.java, line(s) 20,41,32,53,24,45,28,49
net/oauth/client/OAuthClientTest.java, line(s) 148,138,139,144,147
retrofit/Platform.java, line(s) 111
retrofit/android/AndroidLog.java, line(s) 26
uk/co/chrisjenx/calligraphy/ReflectionUtils.java, line(s) 56
uk/co/chrisjenx/calligraphy/TypefaceUtils.java, line(s) 24

安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 

此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4

Files:
com/amazonaws/http/HttpClientFactory.java, line(s) 115,58,65
com/amazonaws/http/UrlHttpClient.java, line(s) 120,126
com/braintreepayments/api/internal/TLSSocketFactory.java, line(s) 48,28,45,45
com/danikula/videocache/HttpUrlSource.java, line(s) 163,141,165
com/ibaby/rxhttp/IMRetrofitHelper.java, line(s) 59,59
com/ibaby/rxhttp/RetrofitHelper.java, line(s) 82,82
com/ibaby/rxhttp/SSLSocketUtils.java, line(s) 58,51,56,56
com/kakao/network/KakaoNetworkImpl.java, line(s) 168,49
com/paypal/android/sdk/bq.java, line(s) 62,29,60,60
com/paypal/android/sdk/ce.java, line(s) 46,68,45,44,44,66,66
com/sebchlan/picassocompat/PicassoCompat252.java, line(s) 332,136
com/sebchlan/picassocompat/PicassoCompat271828.java, line(s) 332,136
com/zendesk/sdk/network/impl/ZendeskPicassoProvider.java, line(s) 26,26
com/zhy/http/okhttp/https/HttpsUtils.java, line(s) 108,172,43,106,106,170,170
lib/android/paypal/com/magnessdk/network/k.java, line(s) 63,30,61,61

安全 此应用程序可能具有Root检测功能 

此应用程序可能具有Root检测功能
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1

Files:
com/braintreepayments/api/internal/AnalyticsSender.java, line(s) 111,105,107,74,100
com/paypal/android/sdk/at.java, line(s) 10
com/paypal/android/sdk/az.java, line(s) 10,10
lib/android/paypal/com/magnessdk/a/b.java, line(s) 11,11
lib/android/paypal/com/magnessdk/e.java, line(s) 123

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (checkout.paypal.com) 通信。 

{'ip': '192.229.232.89', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.paypalobjects.com) 通信。 

{'ip': '192.229.232.89', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (m.ximalaya.com) 通信。 

{'ip': '114.80.99.89', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (restapi.amap.com) 通信。 

{'ip': '59.82.34.102', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (fdfs.xmcdn.com) 通信。 

{'ip': '114.230.213.88', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (play.ximalaya.com) 通信。 

{'ip': '58.222.30.203', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api.ximalaya.com) 通信。 

{'ip': '61.172.194.186', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (adse.ximalaya.com) 通信。 

{'ip': '180.153.250.236', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (xdcs-collector.ximalaya.com) 通信。 

{'ip': '180.153.250.234', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.paypal.com) 通信。 

{'ip': '192.229.232.89', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.mob.com) 通信。 

{'ip': '45.113.201.237', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api.mapbox.com) 通信。 

{'ip': '54.192.18.5', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}

安全评分: ( iBaby Care 2.11.2)