安全分析报告:
安全分数
安全分数 46/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
0
用户/设备跟踪器
调研结果
高危
6
中危
16
信息
2
安全
3
关注
15
高危 WebView域控制不严格漏洞
WebView域控制不严格漏洞 Files: com/iapp/app/Aid_YuCodeX.java, line(s) 1747,1747,1748,1749,1750,1751,1752,1753,1754,1755,1756,1758,1759,1760,1761,1763,1764,1779,1780,1781,1782,1783,1784,1785,1786,1787,1788,1790,1791,1792,1793,1795,1796,3570,3571,3572,3573,3574,3575,3576,3577,3578,3579,3580,3581 com/iapp/app/Aid_javaCode.java, line(s) 1143,1143,1144,1145,1146,1147,1148,1149,1150,1151,1152,1154,1155,1156,1157,1159,1160,2073,2074,2075,2076,2077,2078,2079,2080,2081,2082,2083,2084,2182,2183,2184,2185,2186,2187,2188,2189,2190,2191,2192,2193 com/iapp/app/Aid_jsCode.java, line(s) 1774,1774,1775,1776,1777,1778,1779,1780,1781,1782,1783,1785,1786,1787,1788,1790,1791,2640,2641,2642,2643,2644,2645,2646,2647,2648,2649,2650,2651,2749,2750,2751,2752,2753,2754,2755,2756,2757,2758,2759,2760 com/iapp/app/Aid_luaCode.java, line(s) 1683,1683,1684,1685,1686,1687,1688,1689,1690,1691,1692,1694,1695,1696,1697,1699,1700,2632,2633,2634,2635,2636,2637,2638,2639,2640,2641,2642,2643,2748,2749,2750,2751,2752,2753,2754,2755,2756,2757,2758,2759 com/iapp/app/c.java, line(s) 46,46,47,48,49,50,51,52,53,54,55,56,57,71,72,73,74,75,76,77,78,79,80,81,82,94,105 com/iapp/app/run/main.java, line(s) 722,722,723,724,725,726,727,728,729,730,731,733,734,735,736,738,739 com/iapp/app/run/main2.java, line(s) 455,455,456,457,458,459,460,461,462,463,464,466,467,468,469,471,472 com/iapp/app/run/main3.java, line(s) 703,703,704,705,706,707,708,709,710,711,712,714,715,716,717,719,720 com/iapp/app/run/mian.java, line(s) 1115,1115,1116,1117,1118,1119,1120,1121,1122,1123,1124,1126,1127,1128,1129,1131,1132,1147,1148,1149,1150,1151,1152,1153,1154,1155,1156,1158,1159,1160,1161,1163,1164
高危 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/ak/torch/base/BuildConfig.java, line(s) 3,6
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/ubix/ssp/ad/e/n/a.java, line(s) 14,25 com/wangmai/common/utils/AesUtil.java, line(s) 25,42,59,75,119,159
高危 该文件是World Readable。任何应用程序都可以读取文件
该文件是World Readable。任何应用程序都可以读取文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/ubix/ssp/ad/e/n/r.java, line(s) 63
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/iapp/app/c.java, line(s) 101,106,10
高危 应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文
应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode Files: com/ubix/ssp/ad/e/n/f.java, line(s) 40
中危 应用程序数据存在被泄露的风险
未设置[android:allowBackup]标志 这个标志 [android:allowBackup]应该设置为false。默认情况下它被设置为true,允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Activity (com.stub.stub01.StartActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Content Provider (com.ubix.ssp.ad.core.monitor.data.UbixDataContentProvider) 如果应用程序在API级别低于17的设备上运行,则不会受到保护。
[Content Provider, targetSdkVersion >= 17] 如果应用程序运行在一个API级别低于17的设备上,内容提供者( Content Provider)就会被导出。在这种情况下,它会被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。
中危 Content Provider (com.ubix.ssp.open.comm.UBiXFileProvider) 如果应用程序在API级别低于17的设备上运行,则不会受到保护。
[Content Provider, targetSdkVersion >= 17] 如果应用程序运行在一个API级别低于17的设备上,内容提供者( Content Provider)就会被导出。在这种情况下,它会被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。
中危 Content Provider (com.qihoo.ak.factory.provider.TorchProvider) 如果应用程序在API级别低于17的设备上运行,则不会受到保护。
[Content Provider, targetSdkVersion >= 17] 如果应用程序运行在一个API级别低于17的设备上,内容提供者( Content Provider)就会被导出。在这种情况下,它会被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。
中危 Content Provider (androidx.core.content.FileProvider) 如果应用程序在API级别低于17的设备上运行,则不会受到保护。
[Content Provider, targetSdkVersion >= 17] 如果应用程序运行在一个API级别低于17的设备上,内容提供者( Content Provider)就会被导出。在这种情况下,它会被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。
中危 Content Provider (arm.FileProvider) 如果应用程序在API级别低于17的设备上运行,则不会受到保护。
[Content Provider, targetSdkVersion >= 17] 如果应用程序运行在一个API级别低于17的设备上,内容提供者( Content Provider)就会被导出。在这种情况下,它会被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。
中危 IP地址泄露
IP地址泄露 Files: com/beizi/ads/BeiZis.java, line(s) 25 com/beizi/ads/d/b.java, line(s) 86 com/beizi/ads/f/n.java, line(s) 70 com/beizi/ads/f/u.java, line(s) 196,249,314 com/beizi/ads/model/RequestInfo.java, line(s) 139 com/ubix/ssp/ad/e/j/m.java, line(s) 131 com/ubix/ssp/ad/e/n/c.java, line(s) 1376,1378 com/ubix/ssp/ad/e/o/h/f.java, line(s) 112,236,240,246
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: arm/ui/MultiWaveHeader.java, line(s) 16 c/b/a/a/g.java, line(s) 28 com/beizi/ads/model/DevInfo.java, line(s) 15 com/qihoo/ak/view/splash/content/SplashAdLargeContentView.java, line(s) 30 com/ubix/ssp/ad/b.java, line(s) 21
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: arm/i8.java, line(s) 83 com/ak/torch/base/bean/Strategy.java, line(s) 52 com/beizi/ads/d/a/d.java, line(s) 177,218,27,194,264,42,267,30,180,100,45,200,270,249,18,91,39,261,234,237,240,339,243,246,136,255,106,258,94,155,149,378,336,152,33,353,369,363,366,372,97,103,146,21,24,375,228,231,197,252,36 com/beizi/ads/d/a/e.java, line(s) 44,17,47,31,14,41,9,65 com/beizi/ads/model/AdPlusConfig.java, line(s) 8,11 com/beizi/ads/model/AdSpacesBean.java, line(s) 2656,1800,1803,310,13,313,316,656,659,16,319,1806,322,1094,1097,2011,2703,1568,1809,19,22,232,325,261,328,2171,2174,25,2014,331,2017,28,334,337,340,1812,857,1413,2571,860,2574,2177,1815,1818,31,2020,34,2141,1571,662,1003,1485,1692,2793,2180,2183,1821,1289,1292,343,2186,346,1543,1488,2495,2189,2796,37,2659,665,1006,40,349,43,352,2706,2144,2023,172,355,1235,1199,863,1416,2577,2755,2026,1824,358,1827,668,2192,175,361,2799,1574,1491,671,2195,2029,2198,2201,2662,1830,2665,178,1833,46,2204,2498,2207,674,1100,1202,1295,1494,1577,909,1174,1238,1460,1546,1750,2210,2032,934,2533,2213,2536,2216,677,1103,1298,1580,1263,364,181,680,1205,1301,683,1304,1497,2631,2802,1106,367,1177,370,1836,686,373,376,379,264,267,1775,2709,1839,1583,1695,1586,1698,1589,1701,382,1753,1592,689,937,1009,692,940,1012,235,2035,2712,385,1463,1307,1842,1310,1313,2219,2222,695,943,1015,698,946,1018,701,949,1021,388,912,704,2225,2228,2231,391,2234,2237,2240,1845,1848,2038,49,394,1595,2243,2246,707,1109,1316,1598,1112,1851,1319,1419,1778,2249,1024,1704,2634,2252,866,1422,2580,2758,397 com/beizi/ads/model/Configurator.java, line(s) 11,14,17,20,23,26,29 com/beizi/ads/model/FreqItem.java, line(s) 8,17,11,14 com/beizi/ads/model/GlobalConfig.java, line(s) 8,11,17,14,20,23,26,29,32,35,38,41,44 com/beizi/ads/model/Manager.java, line(s) 11,14,17,20,106 com/beizi/ads/model/Messenger.java, line(s) 12,151,15,21,24,27,154,30,157,160,33 com/beizi/ads/model/S2SBiddingConfig.java, line(s) 5,8,11 com/beizi/ads/model/TaskBean.java, line(s) 91,248,94,11,14,97,17,100,103,106,109,112,251,115,118 com/beizi/ads/model/TaskConfig.java, line(s) 11,14,17,20,23,26 com/qihoo/ak/click/dialog/DownloadDialogActivity.java, line(s) 23 com/qihoo/ak/landingpage/LandingBundle.java, line(s) 19 com/qihoo/ak/request/AkApiAdapterImpl.java, line(s) 135 com/qihoo/ak/utils/b/b/a.java, line(s) 86 com/ubix/ssp/ad/d/b.java, line(s) 33,49,50,51,80,52,53,57,58,182,219,60,61,62,63,77,78,79,13,15,24,32,34,35,48,59,118,119,120,121,122,123,142,143,147,158,159,234,235,255,259,281,282,284,308 com/ubix/ssp/ad/e/i/c.java, line(s) 29,30,31,28 com/ubix/ssp/ad/e/n/t.java, line(s) 12 com/ubix/ssp/ad/h/c.java, line(s) 35,27,28,29,30,32,33,34,36,37,38,39,40,41 com/wangmai/common/utils/SharedPreferencesHelper.java, line(s) 8 com/wangmai/okhttp/cache/CacheEntity.java, line(s) 13,63 com/wangmai/okhttp/exception/CacheException.java, line(s) 15,11
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: c/b/a/a/n.java, line(s) 6,97 com/beizi/ads/a/a.java, line(s) 5,6,49 com/beizi/ads/a/b.java, line(s) 6,81 com/iapp/app/Aid_YuCodeX.java, line(s) 15,6401 com/iapp/app/Aid_javaCode.java, line(s) 14,3814 com/iapp/app/Aid_jsCode.java, line(s) 13,4358 com/iapp/app/Aid_luaCode.java, line(s) 14,4482 com/qihoo/ak/utils/b/a/a.java, line(s) 3,4,78 com/ubix/ssp/ad/core/monitor/data/a.java, line(s) 4,5,21 com/ubix/ssp/ad/e/f/h/b.java, line(s) 4,5,28 com/ubix/ssp/ad/e/j/q/b.java, line(s) 4,5,24 com/ubix/ssp/ad/e/o/h/u/a.java, line(s) 6,7,36 com/wangmai/okhttp/db/DBHelper.java, line(s) 4,5,38 com/wangmai/okhttp/db/DBUtils.java, line(s) 4,65,66,11
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/iapp/app/Aid_YuCodeX.java, line(s) 3588,4984,1748,1780,3571 com/iapp/app/Aid_javaCode.java, line(s) 2091,2200,3009,1144,2074,2183 com/iapp/app/Aid_jsCode.java, line(s) 2658,2767,3644,4468,1775,2641,2750 com/iapp/app/Aid_luaCode.java, line(s) 2650,2766,3588,1684,2633,2749 com/iapp/app/c.java, line(s) 64,89,47,72
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/ak/torch/base/encrypt/AkMD5Utils.java, line(s) 19,37 com/beizi/ads/f/aj.java, line(s) 31 com/beizi/ads/f/f.java, line(s) 137 com/qihoo/ak/a/b/a.java, line(s) 15,27 com/qihoo/ak/imageloader/c.java, line(s) 448 com/qihoo/ak/utils/k.java, line(s) 18,36 com/ubix/ssp/ad/e/n/f.java, line(s) 55 com/ubix/ssp/ad/e/n/i.java, line(s) 468 com/ubix/ssp/ad/e/o/h/o.java, line(s) 36 com/wangmai/common/utils/AesUtil.java, line(s) 131 com/wangmai/common/utils/Utils.java, line(s) 382 com/wangmai/okhttp/interceptor/SameRequestFilterInterceptor.java, line(s) 204
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: arm/FileProvider.java, line(s) 134 c/b/a/a/d.java, line(s) 311,328,19 com/ak/torch/base/util/AkPathUtils.java, line(s) 61,62,64,65 com/beizi/ads/f/g.java, line(s) 15,15,33 com/beizi/ads/f/n.java, line(s) 135 com/iapp/app/p.java, line(s) 26 com/qihoo/ak/utils/m.java, line(s) 19 com/qihoo/ak/utils/n.java, line(s) 58,59,61,62 com/ubix/ssp/ad/e/n/i.java, line(s) 217,273 com/ubix/ssp/ad/e/n/w/a.java, line(s) 337,338 com/ubix/ssp/ad/e/n/x/a.java, line(s) 55,58,48 com/ubix/ssp/ad/e/o/h/r.java, line(s) 15,32 com/ubix/ssp/open/comm/UBiXFileProvider.java, line(s) 184,182 com/wangmai/appsdkdex/utils/WMAppEnvironment.java, line(s) 8 com/wangmai/appsdkdex/utils/dexa.java, line(s) 29,30,34 com/wangmai/okhttp/convert/FileConvert.java, line(s) 27,50 com/wangmai/okserver/OkDownload.java, line(s) 130 np/protect/assets/C0061.java, line(s) 251
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: arm/w.java, line(s) 217 com/beizi/ads/sm/a/a/n.java, line(s) 67 com/jg/ids/i/i.java, line(s) 145 com/ubix/ssp/ad/core/util/myoaid/impl/huawei/e.java, line(s) 555,490 com/ubix/ssp/ad/e/n/w/h/n.java, line(s) 32
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 6d70cb65d15211726dcce4c0e971e21c 5QiXOQGYGANMW3rZ88JOIX6LkjgELbnMdj1GTCtLxc aHR0cHM6Ly9hcGktaHRwLmJlaXppLmJpei9tYi9zZGswL2pzb24= b47f1b4445974427848bf2c5e6268ed3 0c9eba0980c98b5881bd5c88bc565d3 D0BA7C734FADA90958E5F79A44012E57 222e3b9ecfb3a1465badbbbeb48df4140c 7i8eBwYXvqJbRKVquUDLjlemCf1oFYHI56uvFGH25JBietorj aHR0cDovL3Nkay5iZWl6aS5iaXovdjQvYXBpL3Nkay9jZi9wP2FwcElkPV9fQVBQSURfXyZwYWNrYWdlTmFtZT1fX1BBQ0tBR0VOQU1FX18maW5zdGFsbFRpbWU9X19JTlNUQUxMVElNRV9fJnVwZGF0ZVRpbWU9X19VUERBVEVUSU1FX18mbm93VGltZT1fX05PV1RJTUVfXyZhcHBWZXJzaW9uPV9fQVBQVkVSU0lPTl9fJmFwcFZlcnNpb25Db2RlPV9fQVBQVkVSU0lPTkNPREVfXyZzZGtWZXJzaW9uPV9fU0RLVkVSU0lPTl9fJlVzZXJBZ2VudD1fX1VTRVJBR0VOVF9fJnNka1VJRD1fX1NES1VJRF9fJmlkZmE9X19JREZBX18maWRmdj1fX0lERlZfXyZvcz1fX09TX18mcGxhdGZvcm09X19QTEFURk9STV9fJmRldlR5cGU9X19ERVZUWVBFX18mYnJhbmQ9X19CUkFORF9fJm1vZGVsPV9fTU9ERUxfXyZyZXNvbHV0aW9uPV9fUkVTT0xVVElPTl9fJnNjcmVlblNpemU9X19TQ1JFRU5TSVpFX18mbGFuZ3VhZ2U9X19MQU5HVUFHRV9fJmRlbnNpdHk9X19ERU5TSVRZX18mcm9vdD1fX1JPT1RfXyZuZXQ9X19ORVRfXyZpc3A9X19JU1BfXyZiYXR0ZXJ5PV9fQkFUVEVSWV9fJmRldmVsb3Blck1vZGU9X19ERVZFTE9QRVJNT0RFX18maXNVc2I9X19JU1VTQl9fJmlzRGVidWdBcGs9X19JU0RFQlVHQVBLX18maXNEZWJ1Z0Nvbm5lY3RlZD1fX0lTREVCVUdDT05ORUNURURfXyZkZWJ1Z1N5c3RlbT1fX0RFQlVHU1lTVEVNX18maXNXaWZpUHJveHk9X19JU1dJRklQUk9YWV9fJmlzQmx1ZXRvb3RoPV9fSVNCTFVFVE9PVEhfXyZpc0NhbWVyYT1fX0lTQ0FNRVJBX18maXNMb2NrU2NyZWVuPV9fSVNMT0NLU0NSRUVOX18mbmVpZ2hib3JpbmdMYWM9X19ORUlHSEJPUklOR0xBQ19fJmlzVnBuPV9fSVNWUE5fXyZpc1NpbXVsYXRvcj1fX0lTU0lNVUxBVE9SX18mY29uZmlnVmVyc2lvbj1fX0NPTkZJR1ZFUlNJT05fXyZjb25maWd1cmF0b3JDb25maWdWZXJzaW9uPV9fQ09ORklHVVJBVE9SQ09ORklHVkVSU0lPTl9fJm1lc3NlbmdlckNvbmZpZ1ZlcnNpb249X19NRVNTRU5HRVJDT05GSUdWRVJTSU9OX18mYmFubmVyRXhjdXRvckZvckxpZVlpbmdDb25maWdWZXJzaW9uPV9fQkFOTkVSRVhDVVRPUkZPUkxJRVlJTkdDT05GSUdWRVJTSU9OX18maHJDb25maWdWZXJzaW9uPV9fSFJDT05GSUdWRVJTSU9OX18mbWFuYWdlckNvbmZpZ1ZlcnNpb249X19NQU5BR0VSQ09ORklHVkVSU0lPTl9fJmxvZ1ZlcnNpb249X19MT0dWRVJTSU9OX18mZXZlbnRUaW1lPV9fRVZFTlRUSU1FX18mdXBsb2FkdGltZT1fX1VQTE9BRFRJTUVfXyZTZXNzaW9uSUQ9X19TRVNTSU9OSURfXyZldmVudElEPV9fRVZFTlRJRF9fJmV2ZW50Q29kZT1fX0VWRU5UQ09ERV9fJmFkVHlwZT1fX0FEVFlQRV9fJnJlc2VydmVUaW1lPV9fUkVTRVJWRVRJTUVfXyZhZHhJRD1fX0FEWElEX18mYWRQb3NpdGlvbklkPV9fQURQT1NJVElPTklEX18mT0FJRD1fX09BSURfXyZHQUlEPV9fR0FJRF9fJl9fRVJSSU5GT19fJmFwcFN0YXJ0PV9fQVBQU1RBUlRfXyZhcHBJbml0PV9fQVBQU0RLSU5JVF9fJmFwcFNwbGFzaFJlcXVlc3Q9X19BUFBTUExBU0hSRVFVRVNUX18= Gr3TsKzrUrGyLbhp80xMH3SROJUeimxDzMJh0VekVPtjYfUYXM5Ufq0sjbk c372e6227d4a89c55d36addf72c7ea3f 627004c85d9949d1b7bf3418f428af8c l4EddK5J6KRhXDTTMaWw0mrq560JsATZQ4o3mrtHAa aHR0cDovL2FwaS5odHAuYWQtc2NvcGUuY29tLmNuOjQ1NjAwL21iL3Nkay9jcmFzaC92MQ== 2FfrY3SABPlvBq5BGVPJUZv4KORcpDwWotkABjm0r56F5MkamhtE7vrm1dUkkUAE 9RDKI6l3SjNoaUE+kSSk3coPtctLovJXjzBehFicHbJgLqiT25HTl7HLJE 7oWbzjqTItoetRulbv7emfmDmu8DpGeq3CbEr0phyRtjYcoUR41sixtEcCJQo4x8TXfnjKeqob8bd5OtgdBPPXw1p649vlul1XwGmHcBeHFZ3k aHR0cDovL2FwaS5odHAuYWQtc2NvcGUuY29tLmNuOjQ1NjAwL21iL3NkazAvanNvbg== 3DiKUN4lKS8w3aMIN2H1JmDZe8podW6 245d64e65dc9fe70d4d62aa6b941221fa92a3fb07db7a4858e43bf1dbf2972e9 898CB257F817B793217DBEC7962F800C aHR0cHM6Ly9hcGktaHRwLmJlaXppLmJpei9tYi9zZGsvY3Jhc2gvdjE= 2FW0td3JNt1NRam8IiHX7oAnhJdOClcIkDALDtv0U6V6wiGcd 642febaa96c94802a005093f628ad342 6e035f162e79448197f8210d6745640c- d37359515cce79e96b11a65e10f5f3e0 FN5cJ4ajhxr0VQQYs7EvrAYwoeF4jUx31oTdOaBiDoKJCCSqGRCHA8dA7efTFiBsRiDBZKk 9b38b1ce5d9b5bba1a6539ad75eae153555c74f5b95e6cdfe5019a6a0e56f466 3DaHR0cDovL3JlLm0uamQuY29tL2xpc3QvaXRlbS8xMjgwMy0xMDAwMjc2ODc1MDQuaHRtbD9yZV9kY3A9NDVsYTFXakxSSmszbmYwUENzV0FDRUstbUVIY2NkMzkwcXlEdXpab1lXS0g0c3BneTd6dmQyZ0ZqNnZMUVVDbWwxdjc5bUVpTi1nSmMtUWJsV1lvOFU2Vy1oR0JFTTRTSWFBeWNEOFdQYWNscmNncmw5YVRNZktqSkdEREIwMkc0WXRDVzVDdXRIRGloN0cyWkZTZUxlejgzMHc5TkIxWTdHYnF4WV8tdzk1X0N1cnhDR1BZRnFMeTRLaVlpWGs0NGM1MS1HT2k5UEY3RmNXRWRNYkpEZyUzRCUzRCZhZF9vZD0x 9e23681ff40518eb80633bd047463d5d058c4566
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: arm/a7.java, line(s) 28 arm/a8.java, line(s) 150,210,421 arm/ac.java, line(s) 145 arm/b8.java, line(s) 134 arm/c9.java, line(s) 159,200 arm/d6.java, line(s) 97,233 arm/d8.java, line(s) 15 arm/d9.java, line(s) 61,78,90,104,144,153,167,169,180,191 arm/f6.java, line(s) 557 arm/gd.java, line(s) 34,56,83 arm/i7.java, line(s) 48,52,54,60,127 arm/jb.java, line(s) 218,241,255,261,266 arm/jf.java, line(s) 37 arm/k7.java, line(s) 30 arm/ke.java, line(s) 15 arm/l6.java, line(s) 40,180 arm/l9.java, line(s) 34,44,55,87 arm/la.java, line(s) 79 arm/lc.java, line(s) 57,69,76,81 arm/m6.java, line(s) 145,161,176 arm/ma.java, line(s) 38 arm/mb.java, line(s) 51,61 arm/md.java, line(s) 58 arm/nd.java, line(s) 117 arm/oc.java, line(s) 19 arm/p7.java, line(s) 69 arm/q9.java, line(s) 78 arm/qb.java, line(s) 115 arm/qd.java, line(s) 46,52 arm/s9.java, line(s) 73 arm/t8.java, line(s) 48 arm/te.java, line(s) 40,77 arm/uc.java, line(s) 40 arm/v5.java, line(s) 217,222,224,230,233,248,255,408 arm/v9.java, line(s) 15 arm/w9.java, line(s) 29 arm/xa.java, line(s) 69,96 arm/y9.java, line(s) 76 arm/yb.java, line(s) 83,86,92,99,104 bsh/BshClassManager.java, line(s) 320 bsh/CommandLineReader.java, line(s) 20 bsh/Console.java, line(s) 12,9 bsh/NameSpace.java, line(s) 301 bsh/Parser.java, line(s) 2304 bsh/Remote.java, line(s) 44,97,105,142 bsh/SimpleNode.java, line(s) 32 bsh/classpath/BshClassPath.java, line(s) 466,475,672 bsh/classpath/ClassManagerImpl.java, line(s) 245 bsh/util/ClassBrowser.java, line(s) 469 bsh/util/Httpd.java, line(s) 23 bsh/util/JDemoApplet.java, line(s) 27,30 bsh/util/Sessiond.java, line(s) 22 bsh/util/SessiondConnection.java, line(s) 29 c/b/a/a/f.java, line(s) 69 c/b/a/a/t.java, line(s) 1856,2851,4286,4990 c/d/a/k.java, line(s) 78,81,190,274,277,314,333,336 cn/hugo/android/scanner/CaptureActivity.java, line(s) 277,109,119,122 cn/hugo/android/scanner/b.java, line(s) 41 cn/hugo/android/scanner/d.java, line(s) 28,79,85 cn/hugo/android/scanner/f/a.java, line(s) 54,64,74 cn/hugo/android/scanner/f/b.java, line(s) 60,68,81,86,103,114,125,166,178,188,54,185,190,211 cn/hugo/android/scanner/f/c.java, line(s) 72,99,100,101,176,140,139,148 cn/hugo/android/scanner/f/e.java, line(s) 25,28,12 cn/hugo/android/scanner/f/f.java, line(s) 30 cn/hugo/android/scanner/h/c.java, line(s) 77,90,98,113,117,109 cn/hugo/android/scanner/h/f.java, line(s) 49 com/ak/torch/base/log/AkLogUtils.java, line(s) 128,130,136,138,122,124,116,118 com/ak/torch/base/threadpool/base/DefaultPoolExecutor.java, line(s) 42,51,66 com/ak/torch/base/threadpool/task/TaskCompletionSource.java, line(s) 26,32,38 com/ak/torch/specialfun/oaid/huawei/HwOaidAidlUtil.java, line(s) 28,42,53,76,81,26,35,40,66,94 com/qihoo/ak/a/c/a.java, line(s) 78,80,86,88,72,74,66,68 com/qihoo/ak/a/f/g.java, line(s) 49,141,161 com/qihoo/ak/c/a.java, line(s) 123,125,131,133,117,119,111,113 com/qihoo/ak/h/a/b.java, line(s) 42,51,66 com/qihoo/ak/h/c/e.java, line(s) 23,28 com/qihoo/ak/h/c/f.java, line(s) 22 com/qihoo/ak/imageloader/ImageWorker.java, line(s) 57,187,200,251,269,281,209,86,115,182,264 com/qihoo/ak/imageloader/c.java, line(s) 101,108,179,186,271,339,386,406,421 com/qihoo/ak/imageloader/h.java, line(s) 61 com/qihoo/ak/oaid/HwOaidAidlUtil.java, line(s) 28,42,53,76,81,26,35,40,66,94 com/stub/stub01/StartActivity.java, line(s) 292 com/ubix/ssp/ad/core/util/myoaid/impl/huawei/AdvertisingIdClient.java, line(s) 118,121,59,79,94,140,152 com/ubix/ssp/ad/core/util/myoaid/impl/huawei/b.java, line(s) 26,36,42,29 com/ubix/ssp/ad/core/util/myoaid/impl/huawei/c.java, line(s) 28,66,76,95,101,142 com/ubix/ssp/ad/core/util/myoaid/impl/huawei/d.java, line(s) 29,31 com/ubix/ssp/ad/core/util/myoaid/impl/huawei/e.java, line(s) 405,424,467,565,362,385,402,428,453,457,471,474,68,251,296,299,311,323,326,342,349,376,493 com/ubix/ssp/ad/core/util/myoaid/impl/huawei/f.java, line(s) 62,40,50 com/ubix/ssp/ad/e/f/i/b.java, line(s) 76 com/ubix/ssp/ad/e/j/g.java, line(s) 70,39,45,52,59 com/ubix/ssp/ad/e/k/f.java, line(s) 21 com/ubix/ssp/ad/e/n/c.java, line(s) 605 com/ubix/ssp/ad/e/n/f.java, line(s) 32,36 com/ubix/ssp/ad/e/n/g.java, line(s) 37,40,68,74,79,86,114,120,125,132,159,188,213 com/ubix/ssp/ad/e/n/k.java, line(s) 146,151,158,162,182,210 com/ubix/ssp/ad/e/n/q.java, line(s) 63,169,75,175,195,103,112,119,181,131,137,188,47,69,81,116,125,143,149 com/ubix/ssp/ad/e/n/w/f.java, line(s) 17 com/ubix/ssp/ad/e/o/h/o.java, line(s) 63 com/ubix/ssp/open/UBiXAdPrivacyManager.java, line(s) 223,225 com/wangmai/aliagainstcheatingId/AliAgainstId.java, line(s) 31,41,54 com/wangmai/common/utils/DebugLog.java, line(s) 36,42,44,53,59,61,70,76,78,87,93,95 com/wangmai/common/utils/GsonUtils.java, line(s) 36,48,60 com/wangmai/common/view/CustomVideoView2.java, line(s) 199 com/wangmai/common/view/CustomWebView.java, line(s) 43 com/wangmai/okhttp/interceptor/SameRequestFilterInterceptor.java, line(s) 91,121,194 com/wangmai/okhttp/model/HttpHeaders.java, line(s) 237 com/wangmai/okserver/download/DownloadTask.java, line(s) 390 dexb/dexa/dexa/dexb.java, line(s) 33,39,44 fr/castorflex/android/verticalviewpager/VerticalViewPager.java, line(s) 1571,1577,1594 np/protect/assets/ShellApplication.java, line(s) 52 np/protect/assets/a/C0013.java, line(s) 1221,1464 np/protect/assets/a/C0016.java, line(s) 27 org/keplerproject/luajava/Console.java, line(s) 38,39,24 org/keplerproject/luajava/LuaObject.java, line(s) 354
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/iapp/app/ays.java, line(s) 8,149
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/beizi/ads/f/ak.java, line(s) 88,88,91,91 com/ubix/ssp/ad/e/n/c.java, line(s) 1003,1003,1003,1003
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: arm/uj.java, line(s) 136,135,134,134 c/b/a/a/g.java, line(s) 572,574 com/wangmai/okhttp/https/HttpsUtils.java, line(s) 139,82,137,137
安全 此应用程序没有隐私跟踪程序
此应用程序不包括任何用户或设备跟踪器。在静态分析期间没有找到任何跟踪器。
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (jiagu.ads.360.cn) 通信。
{'ip': '180.163.252.237', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (sdk.e.360.cn) 通信。
{'ip': '180.163.247.88', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (test-m.mediav.com) 通信。
{'ip': '180.163.247.63', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (d37359515cce79e96b11a65e10f5f3e0.dlied1.cdntips.net) 通信。
{'ip': '211.91.52.109', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '宁波', 'latitude': '29.878410', 'longitude': '121.549767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (pages.juxiao.mediav.com) 通信。
{'ip': '180.163.252.237', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (sdk-data.ubixioe.com) 通信。
{'ip': '180.163.252.237', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (sdk.tf.360.cn) 通信。
{'ip': '180.163.247.88', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (entry-test.ubixioe.com) 通信。
{'ip': '101.126.10.230', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api.timeno1.com) 通信。
{'ip': '180.163.247.88', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (sdkrec.tf.360.cn) 通信。
{'ip': '180.163.247.88', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (show-m.mediav.com) 通信。
{'ip': '180.163.252.237', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (entry.ubixioe.com) 通信。
{'ip': '180.163.252.237', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (p3.ssl.qhimg.com) 通信。
{'ip': '180.163.252.237', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (pub-bjyt.s3.360.cn) 通信。
{'ip': '101.198.0.106', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (p.s.360.cn) 通信。
{'ip': '171.8.167.68', 'country_short': 'CN', 'country_long': '中国', 'region': '河南', 'city': '郑州', 'latitude': '34.757778', 'longitude': '113.648613'}