移动应用安全检测报告:
安全基线评分
安全基线评分 38/100
综合风险等级
风险等级评定
- A
- B
- C
- F
漏洞与安全项分布(%)
隐私风险
1
检测到的第三方跟踪器数量
检测结果分布
高危安全漏洞
10
中危安全漏洞
20
安全提示信息
3
已通过安全项
2
重点安全关注
2
高危安全漏洞 Activity (com.studio.multip2.activity.ConteudoActivity) is vulnerable to StrandHogg 2.0
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (27) 更新到 29 或更高版本以在平台级别修复此问题。
高危安全漏洞 Activity (com.studio.multip2.activity.LogadoActivity) is vulnerable to StrandHogg 2.0
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (27) 更新到 29 或更高版本以在平台级别修复此问题。
高危安全漏洞 Activity (com.studio.multip2.activity.MainActivity) is vulnerable to StrandHogg 2.0
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (27) 更新到 29 或更高版本以在平台级别修复此问题。
高危安全漏洞 Activity (com.google.firebase.auth.internal.FederatedSignInActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危安全漏洞 Activity (com.google.firebase.auth.internal.FederatedSignInActivity) 容易受到 Android Task Hijacking/StrandHogg 的攻击。
活动不应将启动模式属性设置为“singleTask”。 然后,其他应用程序可以将恶意活动放置在活动栈顶部,从而导致任务劫持/StrandHogg 1.0 漏洞。 这使应用程序成为网络钓鱼攻击的易受攻击目标。 可以通过将启动模式属性设置为“singleInstance”或设置空 taskAffinity (taskAffinity="") 属性来修复此漏洞。 您还可以将应用的目标 SDK 版本 (27) 更新到 28 或更高版本以在平台级别修复此问题。
高危安全漏洞 Activity (com.google.firebase.auth.internal.FederatedSignInActivity) is vulnerable to StrandHogg 2.0
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (27) 更新到 29 或更高版本以在平台级别修复此问题。
高危安全漏洞 Activity (com.applisto.appcloner.classes.DefaultProvider$MyActivity) is vulnerable to StrandHogg 2.0
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (27) 更新到 29 或更高版本以在平台级别修复此问题。
高危安全漏洞 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
com/applisto/appcloner/classes/util/SimpleCrypt.java, line(s) 17
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: p3/a.java, line(s) 66
高危安全漏洞 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: andhook/lib/BuildConfig.java, line(s) 3,8
中危安全漏洞 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危安全漏洞 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危安全漏洞 Activity (com.studio.multip2.activity.ConteudoActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.studio.multip2.activity.LogadoActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.google.firebase.auth.internal.FederatedSignInActivity) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.firebase.auth.api.gms.permission.LAUNCH_FEDERATED_SIGN_IN [android:exported=true] 发现一个 Activity被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Content Provider (com.applisto.appcloner.classes.DefaultProvider) 未被保护。
[android:exported=true] 发现 Content Provider与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Service (com.applisto.appcloner.service.RemoteService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (com.applisto.appcloner.classes.DefaultProvider$DefaultReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.applisto.appcloner.classes.DefaultProvider$MyActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (com.applisto.appcloner.classes.FakeCamera$FakeCameraReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危安全漏洞 Content Provider (com.applisto.appcloner.classes.ClearCacheOnExitProvider) 如果应用程序在API级别低于17的设备上运行,则不会受到保护。
[Content Provider, targetSdkVersion >= 17] 如果应用程序运行在一个API级别低于17的设备上,内容提供者( Content Provider)就会被导出。在这种情况下,它会被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: g5/b3.java, line(s) 5,6,7,8,139 g5/e7.java, line(s) 5,304 g5/h3.java, line(s) 4,64 g5/j.java, line(s) 6,7,71 g5/q6.java, line(s) 17,18,1627 v4/a.java, line(s) 5,6,169
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/applisto/appcloner/classes/DataDirectoryFtpServer.java, line(s) 23 com/applisto/appcloner/classes/util/MultiProcessPreferences.java, line(s) 20 e1/q.java, line(s) 91 h3/a.java, line(s) 88
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: j2/d1.java, line(s) 14 j2/j0.java, line(s) 26 k3/j0.java, line(s) 4 n3/b.java, line(s) 11
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: andhook/lib/xposed/XposedHelpers.java, line(s) 622 p000/p001/p002/p003/p004/p005/C0177.java, line(s) 61 p006/p007/p008/p009/p010/p011/C0178.java, line(s) 61
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/applisto/appcloner/classes/Utils.java, line(s) 415
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/applisto/appcloner/classes/BundleObb.java, line(s) 74 com/applisto/appcloner/classes/FakeCamera.java, line(s) 122 e2/f.java, line(s) 20,21,22,23,24,25
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/applisto/appcloner/classes/DefaultProvider.java, line(s) 3068,3068 com/applisto/appcloner/classes/HostsBlocker.java, line(s) 277 d/f.java, line(s) 237
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个1隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "firebase_database_url" : "https://adm-p2p-default-rtdb.firebaseio.com" "google_api_key" : "AIzaSyDAMC_ROuYDmYd9s5tinco1ILxFP-TCbxM" "google_crash_reporting_api_key" : "AIzaSyDAMC_ROuYDmYd9s5tinco1ILxFP-TCbxM" njY7OJr0mLOpwiHpt4BgUi6Q3PCZi8h1SSjpR0vaM9LxEkHSMh69dMRHz7agGfUSIhqhzKG50dHiJ n4EPbNtXMNgNzgO0pJjfLc54Q9QnnUoOaUIYAPh3VtjxGkQhzM+wXdSDCxzgR/iipbLkIXQNuy2sY -101a5344444f52c1c2bb27f2fdc145fa1f3d211b08a0f37e3f51f2fc73e630ec nd7qkHRn2vssMU5VdE3xYVka86jITBsDMNuBGM2mjDa9lhqhj7ifnqmsbvLfG5CH0PGDUkNXMvqV4 -4e45d46ccf37c15a7ce487ab43eef315 edef8ba9-79d6-4ace-a3c8-27dcd51d21ed -3b53dfda20f8edcac2b95b99db29f6ad0ec99f35a2087087c8d123d43b77302ea168df4f7b817a5a721702166fe9282c133fc4854cb04f67b1f43ba0d59d373d95efaa73be3225086b6e0a4b1af090cb -1c480743edc938708d177d7eb7a96f1b -fa631717cec1133fb8d49df77db53d47 nlwr5ETjezBRsKULS6ZJWAU8xvoIPcBxwGQRaC5I0iNvycX7oSARkPgQQQNKjwHJgQugIBGYiVLwY nxtAB6Dkkzc+55W9DaF97Fkkv5BBgPHxbUjgkvZgS+F2SbgztX10o9cGJpAXA1cB03BOr94DlZvZT -e7c84be70d568e9b3ae06591c79d93d6 n2olwU2SXZdN1AtzmEfwtI+49oSQRspqj1yT9EUqAMoahx3rYvpW8MLONwFzglxT7WyQ97eOMmX0M -9548a1c162c6dbd71727dbfacb09bb80 -e2705db72e1eaf08161ef4303e58ea3d nJBUhcameExFCkEhow4NEJCIST32oW4TEg3ogbg+NklAaSl1KFG2lNGlJimqU0/P3sGZ0nLNn9qx9 nzHYAd4WORoWsA241sxkhgw8jJi6SHgPuC+lQifwMvAu8ZGavhnYmptVM+CLc4RUzgEm42eiehP2E -f3d466b0d071a188ac9921f26ac8abdd35f1d77b0e82a97d2739d062e0d3e61d -f84a2d3d6088e772fe0c6de092a4a847 -19b61c657b5c17b86231177493f36b23379aa755d6e7a97404bc27225840eb5b -880c861a30ad671061747d7714e64dfc 16a09e667f3bcc908b2fb1366ea957d3e3adec17512775099da2f590b0667322a nsw0NDQ0NDQ0FUesnYpIOBE4BTsKt2ewLTEyYDCfK0MfeUYzYO8ROjmQsca3o2lrYFJm2AXuAL81s -63187d1e2bf6f5e34daaeb9e325d0e1b7fa6fe9d7ec45d327e261afc2db2dc85d759472f5d416f21e07018f1b3a2a0006e8615ec958a022223c4caa5290764d2 -a0f8fd725d0562895286e77d77c4424131d948ed2042f63513e0b288ce89d3bb9962ae0264f741b546895dd9114aae38 nbmhoaGhoaMig8M5S0hTgENxxYMk8kg9v+nAPg34ys79CB6GnkDt8Q5KGon97Er8nPxu1LWU8UsbB nZWtL6D4gxleEjTgRsiZreZ8nNC9qRwx6BC0WIWuyNpCzY/YJalfUgLEw4LPgFs0T+snumNuJ4BOD -a424a844f73e122563a7410e142a4fec -7903102e1e0c3145fde268d7a17b5ed3 -b97b6bc375c24719f1e5acbc7652f21d -989469bbb8e8986ddc9c3954759ecaa300724f957c55b6ecfeec688dfa8e8b81 n5cgy1k4ASf3A5cAFuJXKKaF9KpBPgDvM7KP4g1oIIGkCMADcBJwb2p8KOMvMPoUaCCBpALgfmBba Y29tLmFwcGxpc3RvLmFwcGNsb25lci5jbGFzc2VzLnNlY29uZGFyeQ== -b30c2da06c891c09fc32f1cde6037194 -ef32e7875736b0f896af2102d78b7b00 n78C8qoIPewXwOcK9V1kHzIi2qlRGLEB3LDSVx3KgP3rEWSlxHzAZt8OgljPjEvkcWGJmr4dyoA/A -734ce46bd8db4dfd8e9dbf55156dedc9 -877d89d440d89640aaee669f67d87ea2 -878ea3ccb6cd499b97fef77b6cf460747e938bc7f82a6709356736e0e38356f9 -86378f1e1b35088dfea6863da8c49f44 -36a7aa9341e3adc05530a833fb838c932eb953690088c86d94fa4252b5582b28 -a5953efb8e809e262f0cf51f10bca3bf -20134a9cdd70f5f2aa49188d190e77ca -44c2622f904f71255a1135f3f310bb6d23c6ca0f312c8bce8c242f592410e75a nAP7xsB0qOvNGAL+5kIrOvBGghKD60AgQmEYAONDD9oSiM98ndOlrwNdAPL4fjn7G/UKyedoX+C60 nYfAXeebVnyGCJC3JuHeGh1/vFx2nMjvh++m8iTvax9jMPgHOBv5OMXlE0tICyhR86SYXchted46h -766892306220e4d474cd3a4ec7440dda nJ2k5MBi65DXhQ6iwE5b0BHBP6FLXhB3AUWa2u5ImSNKdNMFPcp2Z7YYKaoCkmcDa0CWuCVuBu8zs nnEP6ewBXAAflTa7oYJUhwJEetmtGlXCvCL+m3LNYblk7NznmCXnpivcDfARoGWQz+wH3PlZaTRjs -ac8351152827f2443d0e7f5be19550f7 nEWYD347Bz/VmtmYM96cSWoCWRCLMJVsE38naNXQ+k30gdExyI+kVj3Z1fpu0Jssdnp1GWxEkHSTp -47fae620d9cd87d0ba788f5e35f63a16 nbz2PpFXK5obQPvYskh5WPqaG9rXnkDRR0q6cAjxZdP59oQNQA84ADshpO6vozBsB4DAP2/2KzrwR -d3a840b805a000df012a9613c84b421a -7735a8a782221940f54d2f857e213368a7fdd49c02f54c20062570e4576a2a5cf0dfb3f66b4f3518596618cb04a2ae7ceaba80d353c46e3278fdb5034c4218b977d1d924299c9abf070783d9405e96b0 -0b5c684e4db8a3a1aceb91f17164e824 n6ILXhSq+P2Ae7qsIh4HV0REDDQ314F/QQmVQhaYmuwAAAABJRU5ErkJggg== 9a04f079-9840-4286-ab92-e65be0885f95 n+ZGkpzrId6ak3RlpLm1xz5kePn0QOrZ5A3H9GIMf80wHeZ+l7OZo6Qh7HwFWh45t3iCsKEiATkXo nCXBIWXMAAC4jAAAuIwF4pT92AAAHk0lEQVR42u2dW6wdUxjHf98pirqURElc6tIihKZOL0rqLiEl n+AxcP7sT90e4wsx2lRLoVkh6KOeOs1Z8IekeSce3yWOWpL9T0tglaWGb+w/x8OmdyoJXQPCPkDTc -72abdb4cdb949102f694a4628dbd5d43a2a9492ab44e7db6ee9a00cb6f7f47c42cbb7d8b1aefe3e09262f587738f091a -58182acd20e875142693ea11cd9becbe -dc7121fe9b24ed953641c67dddaba32d -18107bd11b42c78b63546933499dc4cb noCasBeYxdhEKpQwBfJ50pb7yY2abgNmki7C4F0QoQ4DC2slIhFm4VchWLJb0nGeaa3F9QicidEUf -f6d88224de472d3c9f0ee6ae6c026000a666e153b38913691c942b66ce458d1a
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a0/d.java, line(s) 50,55 a0/e.java, line(s) 50 a0/f.java, line(s) 58 a0/g.java, line(s) 45 a0/h.java, line(s) 59,226 a0/l.java, line(s) 82 a1/d.java, line(s) 170,197,169,196 a1/e.java, line(s) 101,121,138,100,120,137 a3/i.java, line(s) 90 a3/m.java, line(s) 348,378,286 a3/n.java, line(s) 322,726,807 a3/s.java, line(s) 1556,1563,546,552,561,628,632,770,779,783,793,919,1261,1269,1273,1345,1349,1420,1454 a4/a.java, line(s) 90,264 andhook/lib/AndHook.java, line(s) 68,80,103 andhook/lib/HookHelper.java, line(s) 49,54,82,103,124,145,161,257,268,282,288,247 andhook/lib/xposed/XposedBridge.java, line(s) 218,214 andhook/lib/xposed/XposedHelpers.java, line(s) 68,81,94,107,533,544,555,570,591,602,613,663,775,786,797,808,819,830,841,852,863,874,906,921,994,1005,1016,1027,1038,1049,1060,1071,1082,1093,1104,1115,1126,1137,1148,1159,1170,1181 b0/a.java, line(s) 61,70,87,97 b0/e.java, line(s) 45,68 b4/c.java, line(s) 1206,165,185,206,500,832,835,852,880,883,1044,1047,1159,1170 b4/d.java, line(s) 275 b5/w3.java, line(s) 56,83 b6/c.java, line(s) 245 c1/b.java, line(s) 49,48 c1/j.java, line(s) 96,132,93,131,135,141,148,145,151 c1/l.java, line(s) 50,49 c4/a.java, line(s) 169,180 c5/g1.java, line(s) 42 c5/g4.java, line(s) 93 c5/i0.java, line(s) 26,35,25,34 c5/l0.java, line(s) 21 c5/l4.java, line(s) 50 c5/n4.java, line(s) 19 c5/p4.java, line(s) 22 c5/q4.java, line(s) 25 c5/r4.java, line(s) 22 c5/v4.java, line(s) 112,110 c5/w1.java, line(s) 55,52,60,84,98,112,118 com/applisto/appcloner/classes/AppClonerNative.java, line(s) 13 com/applisto/appcloner/classes/ApplicationWrapper.java, line(s) 24,47,57,206,213,220,41,84,96,112,124,136,148,160,172,184 com/applisto/appcloner/classes/AutoPressButtons.java, line(s) 161,181,185,187,197,227,236,249,255,264,283,289,142,213,217,223,298 com/applisto/appcloner/classes/AutoRotateControls.java, line(s) 19,20,24,42,48,40,55 com/applisto/appcloner/classes/BluetoothControls.java, line(s) 19,20,40,43,48,54,62,65,46,68 com/applisto/appcloner/classes/BootReceiver.java, line(s) 14,22 com/applisto/appcloner/classes/BundleFilesDirectories.java, line(s) 18,27,33,41,49,63,44,67 com/applisto/appcloner/classes/BundleObb.java, line(s) 19,90,98,101,121,127,137,140 com/applisto/appcloner/classes/CalculatorActivity.java, line(s) 98,189,199,261 com/applisto/appcloner/classes/ClearCacheOnExitProvider.java, line(s) 32,37 com/applisto/appcloner/classes/ClearCacheOnExitService.java, line(s) 18,24 com/applisto/appcloner/classes/ClearCacheReceiver.java, line(s) 15 com/applisto/appcloner/classes/CloneSettings.java, line(s) 52,87,65,70,99,124 com/applisto/appcloner/classes/CrashHandler.java, line(s) 80,86,93,100,108,24,66,102,110 com/applisto/appcloner/classes/DataDirectoryFtpServer.java, line(s) 33,48,88,93,102,122,140,83,100,114,129 com/applisto/appcloner/classes/DatabaseEditor.java, line(s) 30,45,50,94,112,86,101 com/applisto/appcloner/classes/DefaultFontProvider.java, line(s) 44,58,34,60 com/applisto/appcloner/classes/DefaultProvider.java, line(s) 54,85,97,149,160,176,211,360,362,401,430,459,497,515,525,724,772,1268,1320,1368,1931,1967,1989,1995,2859,5953,6973,7498,8022,8067,8607,9177,9225,9746,9794,10390,10438,11010,11058,11689,11737,12336,12384,12887,12907,12931,12935,12943,12947,494,61,71,77,89,100,113,138,182,217,392,421,450,520,680,1276,2015,2734,2875,3244,12903,12923,12954 com/applisto/appcloner/classes/DisableCameras.java, line(s) 27,35,41,59,76,88,107,117,54,71,83,102,112,130 com/applisto/appcloner/classes/DisableClipboardAccess.java, line(s) 58,73,89,105,109,113,117,143,169,176,181,191,200,204,208,213,218,223,228,246,250,254,258,262,266,272,318,333,342,358,365,374,120,171,193,237,320,335,360,382 com/applisto/appcloner/classes/FacebookLoginBehavior.java, line(s) 13,26,43 com/applisto/appcloner/classes/FacebookMessengerProvider.java, line(s) 39,41 com/applisto/appcloner/classes/FakeCalculator.java, line(s) 13,21,25,31 com/applisto/appcloner/classes/FakeCamera.java, line(s) 166,188,195,203,238,250,262,315,323,332,340,356,370,388,394,420,465,477,488,105,210,215,275,298,472,516 com/applisto/appcloner/classes/FileAccessMonitor.java, line(s) 30,53 com/applisto/appcloner/classes/GmailSupport.java, line(s) 52,88,93,125,129,139,141,159,176,189,199,206,209,213,227,233,236,98,180,184,201,217,238 com/applisto/appcloner/classes/HeadphonesEventReceiver.java, line(s) 13,25,30,19,38 com/applisto/appcloner/classes/HostMapper.java, line(s) 43,58,70,89,101,110,120,84,93 com/applisto/appcloner/classes/HostsBlocker.java, line(s) 69,78,89,100,118,178,242,249,257,265,284,287,302,338,380,398,402,432,494,92,136,352,389,504 com/applisto/appcloner/classes/InterruptionFilterControls.java, line(s) 24,25,29,44,51,52,65,71,57,74 com/applisto/appcloner/classes/LaunchTileService.java, line(s) 14,28,21 com/applisto/appcloner/classes/LoadLibraryWorkaround.java, line(s) 36,43,48,30 com/applisto/appcloner/classes/LogcatViewer.java, line(s) 81,163,240,211,250 com/applisto/appcloner/classes/MediaMountEjectReceiver.java, line(s) 13,24 com/applisto/appcloner/classes/MyControlsProviderService.java, line(s) 37,62,67,85,89,95 com/applisto/appcloner/classes/NotificationDots.java, line(s) 30,36,48,68,104,110,120,137,142,42,54,99,131,154 com/applisto/appcloner/classes/NotificationOptions.java, line(s) 202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,258,265,277,284,309,343,633,642,644,663,700,726,741,746,770,775,787,820,821,826,848,852,857,862,866,870,874,878,882,899,911,915,920,924,930,938,942,947,950,953,956,959,1036,1039,1099,1113,1144,1188,1259,92,118,147,246,312,557,565,606,626,665,668,706,795,832,904,932,1066,1101,1115,1146,1163,1198,1202,1244 com/applisto/appcloner/classes/PasswordActivity.java, line(s) 68,81,86,124,394,416,487,90,176,182,219,238,298,336,353,372,388,402,410,424,495 com/applisto/appcloner/classes/PasswordProtectApp.java, line(s) 12,18,20,24,30 com/applisto/appcloner/classes/PenEventReceiver.java, line(s) 12,18,23,33 com/applisto/appcloner/classes/PersistentApp.java, line(s) 13,17,22 com/applisto/appcloner/classes/PersistentAppAccessibilityService.java, line(s) 20 com/applisto/appcloner/classes/PersistentAppService.java, line(s) 18 com/applisto/appcloner/classes/PictureInPicture.java, line(s) 23,27,37,47,50,56,68,76,31,78 com/applisto/appcloner/classes/PowerEventReceiver.java, line(s) 12,18,22,25,28,31,33,41 com/applisto/appcloner/classes/PreferenceEditor.java, line(s) 27,29,32,50,67,75 com/applisto/appcloner/classes/ScreenSaver.java, line(s) 76,107,131,157,175,183,189,195,115,137,152,165 com/applisto/appcloner/classes/SecretDialerCodeReceiver.java, line(s) 15,24 com/applisto/appcloner/classes/SetBrightnessOnStart.java, line(s) 23,24,55,76,90,98,32,41,50,62,71 com/applisto/appcloner/classes/ShowOnLockScreen.java, line(s) 14,18,26 com/applisto/appcloner/classes/Signatures.java, line(s) 35,73,83,86,138,142,169,180,184,45,67,100,126,132,164,173,176,196 com/applisto/appcloner/classes/SplashScreenActivity.java, line(s) 74,81,118,129,147 com/applisto/appcloner/classes/StartActivity1.java, line(s) 20,37 com/applisto/appcloner/classes/StartForOutgoingCallReceiver.java, line(s) 19,26 com/applisto/appcloner/classes/ToastFilter.java, line(s) 25,29,67,74,83,58,85 com/applisto/appcloner/classes/UsbDeviceAttachedReceiver.java, line(s) 13,21 com/applisto/appcloner/classes/Utils.java, line(s) 293,296,303,305,722,734,84,105,168,224,231,245,285,338,404,436,494,507,516,590,603,647,740,752,756 com/applisto/appcloner/classes/WhatsAppSupport.java, line(s) 20,42,54,70,45,49,56,79 com/applisto/appcloner/classes/WifiControls.java, line(s) 19,20,24,41,44,49,55,63,66,47,69 com/applisto/appcloner/classes/freeform/FreeFormWindow.java, line(s) 38,41,31,45 com/applisto/appcloner/classes/freeform/FreeFormWindowActivity.java, line(s) 21,36,67,83,86,49,89 com/applisto/appcloner/classes/util/IActivityManagerHook.java, line(s) 16 com/applisto/appcloner/classes/util/IPackageManagerHook.java, line(s) 19 com/applisto/appcloner/classes/util/Log.java, line(s) 13,20,27,34,45,52,59,66,73,80,87 com/applisto/appcloner/classes/util/MultiProcessPreferences.java, line(s) 237,298 com/applisto/appcloner/classes/util/activity/ActivityLifecycleListener.java, line(s) 30,35 com/applisto/appcloner/classes/util/activity/OnAppExitListener.java, line(s) 17,24 com/applisto/appcloner/classes/util/activity/ResumePauseActivityLifecycleListener.java, line(s) 23,38 com/applisto/appcloner/classes/util/activity/StartExitAppEventReceiver.java, line(s) 19,35,54,67,25,49,62 com/applisto/appcloner/hooking/Hooking.java, line(s) 28,84,99,115,126,49,66,94,103,110 com/applisto/appcloner/service/RemoteService.java, line(s) 32,41,91,101,110 com/swift/sandhook/ClassNeverCall.java, line(s) 10 com/swift/sandhook/HookLog.java, line(s) 10,14,18,22,26,30 com/swift/sandhook/PendingHookHandler.java, line(s) 49,44 com/swift/sandhook/SandHook.java, line(s) 267 com/swift/sandhook/utils/FileUtils.java, line(s) 73,109 com/swift/sandhook/utils/ReflectionUtils.java, line(s) 21 com/swift/sandhook/utils/Unsafe.java, line(s) 85,32 com/swift/sandhook/wrapper/HookWrapper.java, line(s) 422,519,585,389,482 d0/c.java, line(s) 23 d1/a.java, line(s) 33,32,42,43 d1/b.java, line(s) 116,156,201,115,155,200 d4/e.java, line(s) 520,584,594,598,834,908 d4/f.java, line(s) 299 d6/d.java, line(s) 117,153 e/h.java, line(s) 176 e/k.java, line(s) 1105,1443,1445,1448,948,957,967,976,991,1000,1013,1022,697,2226,2235,2286,2427,2440,2685,2688,1330 e/r.java, line(s) 273,366,384,272,406 e/s.java, line(s) 30,44,56 e/u.java, line(s) 37 e1/a0.java, line(s) 68,69 e1/i.java, line(s) 553,183,238,552,385 e1/j.java, line(s) 134,135 e1/l.java, line(s) 18,167 e1/r.java, line(s) 150 e4/a.java, line(s) 82 e4/l.java, line(s) 257 e6/a.java, line(s) 21 f/a.java, line(s) 78,122 f1/i.java, line(s) 187,224,191,229 f1/j.java, line(s) 60,64,75,176,220,59,63,74,123,131,141,171,188,207,219,124,132,161,193,208 f2/c.java, line(s) 470,807 f2/i.java, line(s) 307,644 f2/u.java, line(s) 422 f3/b.java, line(s) 86,91,159,164 g1/e.java, line(s) 50,82,94,104,51,95,83,107 g1/j.java, line(s) 94,79 g3/g.java, line(s) 186,231,282,287,582 g4/q.java, line(s) 189 g4/s.java, line(s) 481,510,502 g5/c7.java, line(s) 51 g5/e7.java, line(s) 781 g5/q6.java, line(s) 447,462,446,630,3383,3524 g6/f.java, line(s) 401 h0/a.java, line(s) 277 h0/b.java, line(s) 49 h0/g.java, line(s) 31,44,83,155,198,216,239 h0/p.java, line(s) 990,933,989,351 h0/r.java, line(s) 20,31 h0/w.java, line(s) 251,329,83,95,102,111,50,318 h1/a.java, line(s) 47,46 h4/l.java, line(s) 46,63,78,83 h4/p.java, line(s) 46,51,56 i/g.java, line(s) 154,188,200,210,368 i1/c.java, line(s) 39,38 i1/e.java, line(s) 96,95 i1/r.java, line(s) 85,86 i2/j.java, line(s) 350 i4/h.java, line(s) 1955,2020 i5/a.java, line(s) 61,66 j2/d.java, line(s) 10 j2/f0.java, line(s) 53 j2/j0.java, line(s) 123,580 j2/l.java, line(s) 148 j2/l0.java, line(s) 813 j2/m1.java, line(s) 86 j2/v1.java, line(s) 799,904 java/io/ByteArrayOutputStrean.java, line(s) 20,24,25,38,27 k0/c.java, line(s) 25,34 k0/f.java, line(s) 55,64 k0/h.java, line(s) 18,17 k1/a.java, line(s) 82,125,93,135 k3/g0.java, line(s) 366 k4/a.java, line(s) 102,206 k4/b.java, line(s) 38,55,65,76 l0/b.java, line(s) 35 l1/b.java, line(s) 57,56,73,74 l1/i.java, line(s) 21,26,22,29 l1/j.java, line(s) 191,258,268,280,293,314,322,340,372,181,186,257,267,279,292,313,321,339,349,352,355,362,365 l1/l.java, line(s) 110,479,707,109,427,478,503,551,646,668,689,701,706,728,740,462,522,576 l1/m.java, line(s) 52,62,58,68 l1/q.java, line(s) 125,126 l1/v.java, line(s) 75,84,91,76,85,92,93,94,98 l1/y.java, line(s) 116,115 l2/b.java, line(s) 109 l2/w.java, line(s) 450,468,476,594,1488 l5/g.java, line(s) 47 m3/c.java, line(s) 36 m3/h.java, line(s) 481 n0/c.java, line(s) 326 n2/a.java, line(s) 599,344,444 n2/b.java, line(s) 273 n2/c.java, line(s) 87 n2/v.java, line(s) 216,200 n4/e.java, line(s) 153 n4/f.java, line(s) 97,110,167,175,192,208 n4/i.java, line(s) 40 n4/r.java, line(s) 39 n4/v.java, line(s) 68,72 o/d.java, line(s) 404 o0/a.java, line(s) 236,1233,1612,537,545,579,591,603,615,627,639,651,663,675,682,693,705,688,925,1147,1382,1428,1455,1458,1474,1510,1518,1552,1626,1700,1713 o2/c.java, line(s) 15 o2/r.java, line(s) 90 o3/d.java, line(s) 455,1393,1410 o3/n.java, line(s) 39 p1/a.java, line(s) 66,147,154,161,67,150,157,164 p1/h.java, line(s) 48,49 p4/u.java, line(s) 153,169 q/f.java, line(s) 712 q3/g.java, line(s) 524 q4/d.java, line(s) 15 q4/e.java, line(s) 65 q4/i0.java, line(s) 52,58 q4/j0.java, line(s) 49 q4/v.java, line(s) 26 r1/d.java, line(s) 42,39,93,111,94,112 r1/i.java, line(s) 67,68 r1/j.java, line(s) 198,199,210 r1/m.java, line(s) 55,62,56,63 s/d.java, line(s) 573,110,488 s2/a.java, line(s) 178 s3/c.java, line(s) 76 s4/a.java, line(s) 42,35,53,58 t/a.java, line(s) 154,157,158,163,167 t/b.java, line(s) 220,115 t0/a.java, line(s) 142,147,154,158,174,184 t2/e.java, line(s) 1282,1468,2210,2249,2511,3101,3154,3236 t4/a.java, line(s) 73,84 u1/g.java, line(s) 542,20,400,410 u2/d.java, line(s) 207,284 u4/g.java, line(s) 36,35,29 v0/a.java, line(s) 31 v1/h.java, line(s) 45,91,92,46 v2/b.java, line(s) 66,632,1556,1662 v2/e.java, line(s) 314,643 v2/f.java, line(s) 18,40,66,77,90,100 v2/i.java, line(s) 95 v2/m.java, line(s) 62 v3/a.java, line(s) 260 v3/b.java, line(s) 423,371,354,446,716 w0/x.java, line(s) 40,66 w2/i.java, line(s) 255 x/e.java, line(s) 112 x/f.java, line(s) 31 x/i.java, line(s) 28 x/j.java, line(s) 57,75,93 x0/b.java, line(s) 304 x0/f.java, line(s) 1066 x4/b.java, line(s) 37,102 y2/c0.java, line(s) 516 y2/f.java, line(s) 209 y2/l.java, line(s) 184,191,199,250,257,373,480 y2/o.java, line(s) 39 y2/t.java, line(s) 61,72 y2/w.java, line(s) 106 z/g.java, line(s) 148,171,178 z/i.java, line(s) 23 z0/a.java, line(s) 313 z1/a.java, line(s) 48,51 z2/a.java, line(s) 413 z2/c.java, line(s) 43 z3/a.java, line(s) 577,141,264,289,311,351,502,513 z3/c.java, line(s) 88,143
安全提示信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/applisto/appcloner/classes/DisableClipboardAccess.java, line(s) 51,219,224,232,8,63
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/applisto/appcloner/classes/DisableClipboardAccess.java, line(s) 8,63,114,380
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/studio/multip2/activity/LogadoActivity.java, line(s) 193,157,164 f2/r.java, line(s) 129,127 u6/v.java, line(s) 115,114,113,113
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: e/r.java, line(s) 354
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (app-measurement.com) 通信。
{'ip': '180.163.150.161', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (pagead2.googlesyndication.com) 通信。
{'ip': '180.163.151.38', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}