移动应用安全检测报告: P2online americano v6.0

安全基线评分


安全基线评分 38/100

综合风险等级


风险等级评定

  1. A
  2. B
  3. C
  4. F

漏洞与安全项分布(%)


隐私风险

1

检测到的第三方跟踪器数量


检测结果分布

高危安全漏洞 10
中危安全漏洞 20
安全提示信息 3
已通过安全项 2
重点安全关注 2

高危安全漏洞 Activity (com.studio.multip2.activity.ConteudoActivity) is vulnerable to StrandHogg 2.0

已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (27) 更新到 29 或更高版本以在平台级别修复此问题。

高危安全漏洞 Activity (com.studio.multip2.activity.LogadoActivity) is vulnerable to StrandHogg 2.0

已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (27) 更新到 29 或更高版本以在平台级别修复此问题。

高危安全漏洞 Activity (com.studio.multip2.activity.MainActivity) is vulnerable to StrandHogg 2.0

已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (27) 更新到 29 或更高版本以在平台级别修复此问题。

高危安全漏洞 Activity (com.google.firebase.auth.internal.FederatedSignInActivity) 的启动模式不是standard模式

Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。

高危安全漏洞 Activity (com.google.firebase.auth.internal.FederatedSignInActivity) 容易受到 Android Task Hijacking/StrandHogg 的攻击。

活动不应将启动模式属性设置为“singleTask”。 然后,其他应用程序可以将恶意活动放置在活动栈顶部,从而导致任务劫持/StrandHogg 1.0 漏洞。 这使应用程序成为网络钓鱼攻击的易受攻击目标。 可以通过将启动模式属性设置为“singleInstance”或设置空 taskAffinity (taskAffinity="") 属性来修复此漏洞。 您还可以将应用的目标 SDK 版本 (27) 更新到 28 或更高版本以在平台级别修复此问题。

高危安全漏洞 Activity (com.google.firebase.auth.internal.FederatedSignInActivity) is vulnerable to StrandHogg 2.0

已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (27) 更新到 29 或更高版本以在平台级别修复此问题。

高危安全漏洞 Activity (com.applisto.appcloner.classes.DefaultProvider$MyActivity) is vulnerable to StrandHogg 2.0

已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (27) 更新到 29 或更高版本以在平台级别修复此问题。

高危安全漏洞 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同

默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode

Files:
com/applisto/appcloner/classes/util/SimpleCrypt.java, line(s) 17

高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。

应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
p3/a.java, line(s) 66

高危安全漏洞 启用了调试配置。生产版本不能是可调试的

启用了调试配置。生产版本不能是可调试的
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing

Files:
andhook/lib/BuildConfig.java, line(s) 3,8

中危安全漏洞 应用程序已启用明文网络流量

[android:usesCleartextTraffic=true]
应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。

中危安全漏洞 应用程序数据可以被备份

[android:allowBackup=true]
这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。

中危安全漏洞 Activity (com.studio.multip2.activity.ConteudoActivity) 未被保护。

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危安全漏洞 Activity (com.studio.multip2.activity.LogadoActivity) 未被保护。

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危安全漏洞 Activity (com.google.firebase.auth.internal.FederatedSignInActivity) 受权限保护, 但是应该检查权限的保护级别。

Permission: com.google.firebase.auth.api.gms.permission.LAUNCH_FEDERATED_SIGN_IN [android:exported=true]
发现一个 Activity被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危安全漏洞 Content Provider (com.applisto.appcloner.classes.DefaultProvider) 未被保护。

[android:exported=true]
发现 Content Provider与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危安全漏洞 Service (com.applisto.appcloner.service.RemoteService) 未被保护。

[android:exported=true]
发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危安全漏洞 Broadcast Receiver (com.applisto.appcloner.classes.DefaultProvider$DefaultReceiver) 未被保护。

[android:exported=true]
发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危安全漏洞 Activity (com.applisto.appcloner.classes.DefaultProvider$MyActivity) 未被保护。

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危安全漏洞 Broadcast Receiver (com.applisto.appcloner.classes.FakeCamera$FakeCameraReceiver) 未被保护。

存在一个intent-filter。
发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。

中危安全漏洞 Content Provider (com.applisto.appcloner.classes.ClearCacheOnExitProvider) 如果应用程序在API级别低于17的设备上运行,则不会受到保护。

[Content Provider, targetSdkVersion >= 17]
如果应用程序运行在一个API级别低于17的设备上,内容提供者( Content Provider)就会被导出。在这种情况下,它会被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。

中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库

应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2

Files:
g5/b3.java, line(s) 5,6,7,8,139
g5/e7.java, line(s) 5,304
g5/h3.java, line(s) 4,64
g5/j.java, line(s) 6,7,71
g5/q6.java, line(s) 17,18,1627
v4/a.java, line(s) 5,6,169

中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等

文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10

Files:
com/applisto/appcloner/classes/DataDirectoryFtpServer.java, line(s) 23
com/applisto/appcloner/classes/util/MultiProcessPreferences.java, line(s) 20
e1/q.java, line(s) 91
h3/a.java, line(s) 88

中危安全漏洞 应用程序使用不安全的随机数生成器

应用程序使用不安全的随机数生成器
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators

Files:
j2/d1.java, line(s) 14
j2/j0.java, line(s) 26
k3/j0.java, line(s) 4
n3/b.java, line(s) 11

中危安全漏洞 MD5是已知存在哈希冲突的弱哈希

MD5是已知存在哈希冲突的弱哈希
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
andhook/lib/xposed/XposedHelpers.java, line(s) 622
p000/p001/p002/p003/p004/p005/C0177.java, line(s) 61
p006/p007/p008/p009/p010/p011/C0178.java, line(s) 61

中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件

应用程序创建临时文件。敏感信息永远不应该被写进临时文件


Files:
com/applisto/appcloner/classes/Utils.java, line(s) 415

中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据

应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage

Files:
com/applisto/appcloner/classes/BundleObb.java, line(s) 74
com/applisto/appcloner/classes/FakeCamera.java, line(s) 122
e2/f.java, line(s) 20,21,22,23,24,25

中危安全漏洞 IP地址泄露

IP地址泄露


Files:
com/applisto/appcloner/classes/DefaultProvider.java, line(s) 3068,3068
com/applisto/appcloner/classes/HostsBlocker.java, line(s) 277
d/f.java, line(s) 237

中危安全漏洞 应用程序包含隐私跟踪程序

此应用程序有多个1隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。

中危安全漏洞 此应用可能包含硬编码机密信息

从应用程序中识别出以下机密确保这些不是机密或私人信息
"firebase_database_url" : "https://adm-p2p-default-rtdb.firebaseio.com"
"google_api_key" : "AIzaSyDAMC_ROuYDmYd9s5tinco1ILxFP-TCbxM"
"google_crash_reporting_api_key" : "AIzaSyDAMC_ROuYDmYd9s5tinco1ILxFP-TCbxM"
njY7OJr0mLOpwiHpt4BgUi6Q3PCZi8h1SSjpR0vaM9LxEkHSMh69dMRHz7agGfUSIhqhzKG50dHiJ
n4EPbNtXMNgNzgO0pJjfLc54Q9QnnUoOaUIYAPh3VtjxGkQhzM+wXdSDCxzgR/iipbLkIXQNuy2sY
-101a5344444f52c1c2bb27f2fdc145fa1f3d211b08a0f37e3f51f2fc73e630ec
nd7qkHRn2vssMU5VdE3xYVka86jITBsDMNuBGM2mjDa9lhqhj7ifnqmsbvLfG5CH0PGDUkNXMvqV4
-4e45d46ccf37c15a7ce487ab43eef315
edef8ba9-79d6-4ace-a3c8-27dcd51d21ed
-3b53dfda20f8edcac2b95b99db29f6ad0ec99f35a2087087c8d123d43b77302ea168df4f7b817a5a721702166fe9282c133fc4854cb04f67b1f43ba0d59d373d95efaa73be3225086b6e0a4b1af090cb
-1c480743edc938708d177d7eb7a96f1b
-fa631717cec1133fb8d49df77db53d47
nlwr5ETjezBRsKULS6ZJWAU8xvoIPcBxwGQRaC5I0iNvycX7oSARkPgQQQNKjwHJgQugIBGYiVLwY
nxtAB6Dkkzc+55W9DaF97Fkkv5BBgPHxbUjgkvZgS+F2SbgztX10o9cGJpAXA1cB03BOr94DlZvZT
-e7c84be70d568e9b3ae06591c79d93d6
n2olwU2SXZdN1AtzmEfwtI+49oSQRspqj1yT9EUqAMoahx3rYvpW8MLONwFzglxT7WyQ97eOMmX0M
-9548a1c162c6dbd71727dbfacb09bb80
-e2705db72e1eaf08161ef4303e58ea3d
nJBUhcameExFCkEhow4NEJCIST32oW4TEg3ogbg+NklAaSl1KFG2lNGlJimqU0/P3sGZ0nLNn9qx9
nzHYAd4WORoWsA241sxkhgw8jJi6SHgPuC+lQifwMvAu8ZGavhnYmptVM+CLc4RUzgEm42eiehP2E
-f3d466b0d071a188ac9921f26ac8abdd35f1d77b0e82a97d2739d062e0d3e61d
-f84a2d3d6088e772fe0c6de092a4a847
-19b61c657b5c17b86231177493f36b23379aa755d6e7a97404bc27225840eb5b
-880c861a30ad671061747d7714e64dfc
16a09e667f3bcc908b2fb1366ea957d3e3adec17512775099da2f590b0667322a
nsw0NDQ0NDQ0FUesnYpIOBE4BTsKt2ewLTEyYDCfK0MfeUYzYO8ROjmQsca3o2lrYFJm2AXuAL81s
-63187d1e2bf6f5e34daaeb9e325d0e1b7fa6fe9d7ec45d327e261afc2db2dc85d759472f5d416f21e07018f1b3a2a0006e8615ec958a022223c4caa5290764d2
-a0f8fd725d0562895286e77d77c4424131d948ed2042f63513e0b288ce89d3bb9962ae0264f741b546895dd9114aae38
nbmhoaGhoaMig8M5S0hTgENxxYMk8kg9v+nAPg34ys79CB6GnkDt8Q5KGon97Er8nPxu1LWU8UsbB
nZWtL6D4gxleEjTgRsiZreZ8nNC9qRwx6BC0WIWuyNpCzY/YJalfUgLEw4LPgFs0T+snumNuJ4BOD
-a424a844f73e122563a7410e142a4fec
-7903102e1e0c3145fde268d7a17b5ed3
-b97b6bc375c24719f1e5acbc7652f21d
-989469bbb8e8986ddc9c3954759ecaa300724f957c55b6ecfeec688dfa8e8b81
n5cgy1k4ASf3A5cAFuJXKKaF9KpBPgDvM7KP4g1oIIGkCMADcBJwb2p8KOMvMPoUaCCBpALgfmBba
Y29tLmFwcGxpc3RvLmFwcGNsb25lci5jbGFzc2VzLnNlY29uZGFyeQ==
-b30c2da06c891c09fc32f1cde6037194
-ef32e7875736b0f896af2102d78b7b00
n78C8qoIPewXwOcK9V1kHzIi2qlRGLEB3LDSVx3KgP3rEWSlxHzAZt8OgljPjEvkcWGJmr4dyoA/A
-734ce46bd8db4dfd8e9dbf55156dedc9
-877d89d440d89640aaee669f67d87ea2
-878ea3ccb6cd499b97fef77b6cf460747e938bc7f82a6709356736e0e38356f9
-86378f1e1b35088dfea6863da8c49f44
-36a7aa9341e3adc05530a833fb838c932eb953690088c86d94fa4252b5582b28
-a5953efb8e809e262f0cf51f10bca3bf
-20134a9cdd70f5f2aa49188d190e77ca
-44c2622f904f71255a1135f3f310bb6d23c6ca0f312c8bce8c242f592410e75a
nAP7xsB0qOvNGAL+5kIrOvBGghKD60AgQmEYAONDD9oSiM98ndOlrwNdAPL4fjn7G/UKyedoX+C60
nYfAXeebVnyGCJC3JuHeGh1/vFx2nMjvh++m8iTvax9jMPgHOBv5OMXlE0tICyhR86SYXchted46h
-766892306220e4d474cd3a4ec7440dda
nJ2k5MBi65DXhQ6iwE5b0BHBP6FLXhB3AUWa2u5ImSNKdNMFPcp2Z7YYKaoCkmcDa0CWuCVuBu8zs
nnEP6ewBXAAflTa7oYJUhwJEetmtGlXCvCL+m3LNYblk7NznmCXnpivcDfARoGWQz+wH3PlZaTRjs
-ac8351152827f2443d0e7f5be19550f7
nEWYD347Bz/VmtmYM96cSWoCWRCLMJVsE38naNXQ+k30gdExyI+kVj3Z1fpu0Jssdnp1GWxEkHSTp
-47fae620d9cd87d0ba788f5e35f63a16
nbz2PpFXK5obQPvYskh5WPqaG9rXnkDRR0q6cAjxZdP59oQNQA84ADshpO6vozBsB4DAP2/2KzrwR
-d3a840b805a000df012a9613c84b421a
-7735a8a782221940f54d2f857e213368a7fdd49c02f54c20062570e4576a2a5cf0dfb3f66b4f3518596618cb04a2ae7ceaba80d353c46e3278fdb5034c4218b977d1d924299c9abf070783d9405e96b0
-0b5c684e4db8a3a1aceb91f17164e824
n6ILXhSq+P2Ae7qsIh4HV0REDDQ314F/QQmVQhaYmuwAAAABJRU5ErkJggg==
9a04f079-9840-4286-ab92-e65be0885f95
n+ZGkpzrId6ak3RlpLm1xz5kePn0QOrZ5A3H9GIMf80wHeZ+l7OZo6Qh7HwFWh45t3iCsKEiATkXo
nCXBIWXMAAC4jAAAuIwF4pT92AAAHk0lEQVR42u2dW6wdUxjHf98pirqURElc6tIihKZOL0rqLiEl
n+AxcP7sT90e4wsx2lRLoVkh6KOeOs1Z8IekeSce3yWOWpL9T0tglaWGb+w/x8OmdyoJXQPCPkDTc
-72abdb4cdb949102f694a4628dbd5d43a2a9492ab44e7db6ee9a00cb6f7f47c42cbb7d8b1aefe3e09262f587738f091a
-58182acd20e875142693ea11cd9becbe
-dc7121fe9b24ed953641c67dddaba32d
-18107bd11b42c78b63546933499dc4cb
noCasBeYxdhEKpQwBfJ50pb7yY2abgNmki7C4F0QoQ4DC2slIhFm4VchWLJb0nGeaa3F9QicidEUf
-f6d88224de472d3c9f0ee6ae6c026000a666e153b38913691c942b66ce458d1a

安全提示信息 应用程序记录日志信息,不得记录敏感信息

应用程序记录日志信息,不得记录敏感信息
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs

Files:
a0/d.java, line(s) 50,55
a0/e.java, line(s) 50
a0/f.java, line(s) 58
a0/g.java, line(s) 45
a0/h.java, line(s) 59,226
a0/l.java, line(s) 82
a1/d.java, line(s) 170,197,169,196
a1/e.java, line(s) 101,121,138,100,120,137
a3/i.java, line(s) 90
a3/m.java, line(s) 348,378,286
a3/n.java, line(s) 322,726,807
a3/s.java, line(s) 1556,1563,546,552,561,628,632,770,779,783,793,919,1261,1269,1273,1345,1349,1420,1454
a4/a.java, line(s) 90,264
andhook/lib/AndHook.java, line(s) 68,80,103
andhook/lib/HookHelper.java, line(s) 49,54,82,103,124,145,161,257,268,282,288,247
andhook/lib/xposed/XposedBridge.java, line(s) 218,214
andhook/lib/xposed/XposedHelpers.java, line(s) 68,81,94,107,533,544,555,570,591,602,613,663,775,786,797,808,819,830,841,852,863,874,906,921,994,1005,1016,1027,1038,1049,1060,1071,1082,1093,1104,1115,1126,1137,1148,1159,1170,1181
b0/a.java, line(s) 61,70,87,97
b0/e.java, line(s) 45,68
b4/c.java, line(s) 1206,165,185,206,500,832,835,852,880,883,1044,1047,1159,1170
b4/d.java, line(s) 275
b5/w3.java, line(s) 56,83
b6/c.java, line(s) 245
c1/b.java, line(s) 49,48
c1/j.java, line(s) 96,132,93,131,135,141,148,145,151
c1/l.java, line(s) 50,49
c4/a.java, line(s) 169,180
c5/g1.java, line(s) 42
c5/g4.java, line(s) 93
c5/i0.java, line(s) 26,35,25,34
c5/l0.java, line(s) 21
c5/l4.java, line(s) 50
c5/n4.java, line(s) 19
c5/p4.java, line(s) 22
c5/q4.java, line(s) 25
c5/r4.java, line(s) 22
c5/v4.java, line(s) 112,110
c5/w1.java, line(s) 55,52,60,84,98,112,118
com/applisto/appcloner/classes/AppClonerNative.java, line(s) 13
com/applisto/appcloner/classes/ApplicationWrapper.java, line(s) 24,47,57,206,213,220,41,84,96,112,124,136,148,160,172,184
com/applisto/appcloner/classes/AutoPressButtons.java, line(s) 161,181,185,187,197,227,236,249,255,264,283,289,142,213,217,223,298
com/applisto/appcloner/classes/AutoRotateControls.java, line(s) 19,20,24,42,48,40,55
com/applisto/appcloner/classes/BluetoothControls.java, line(s) 19,20,40,43,48,54,62,65,46,68
com/applisto/appcloner/classes/BootReceiver.java, line(s) 14,22
com/applisto/appcloner/classes/BundleFilesDirectories.java, line(s) 18,27,33,41,49,63,44,67
com/applisto/appcloner/classes/BundleObb.java, line(s) 19,90,98,101,121,127,137,140
com/applisto/appcloner/classes/CalculatorActivity.java, line(s) 98,189,199,261
com/applisto/appcloner/classes/ClearCacheOnExitProvider.java, line(s) 32,37
com/applisto/appcloner/classes/ClearCacheOnExitService.java, line(s) 18,24
com/applisto/appcloner/classes/ClearCacheReceiver.java, line(s) 15
com/applisto/appcloner/classes/CloneSettings.java, line(s) 52,87,65,70,99,124
com/applisto/appcloner/classes/CrashHandler.java, line(s) 80,86,93,100,108,24,66,102,110
com/applisto/appcloner/classes/DataDirectoryFtpServer.java, line(s) 33,48,88,93,102,122,140,83,100,114,129
com/applisto/appcloner/classes/DatabaseEditor.java, line(s) 30,45,50,94,112,86,101
com/applisto/appcloner/classes/DefaultFontProvider.java, line(s) 44,58,34,60
com/applisto/appcloner/classes/DefaultProvider.java, line(s) 54,85,97,149,160,176,211,360,362,401,430,459,497,515,525,724,772,1268,1320,1368,1931,1967,1989,1995,2859,5953,6973,7498,8022,8067,8607,9177,9225,9746,9794,10390,10438,11010,11058,11689,11737,12336,12384,12887,12907,12931,12935,12943,12947,494,61,71,77,89,100,113,138,182,217,392,421,450,520,680,1276,2015,2734,2875,3244,12903,12923,12954
com/applisto/appcloner/classes/DisableCameras.java, line(s) 27,35,41,59,76,88,107,117,54,71,83,102,112,130
com/applisto/appcloner/classes/DisableClipboardAccess.java, line(s) 58,73,89,105,109,113,117,143,169,176,181,191,200,204,208,213,218,223,228,246,250,254,258,262,266,272,318,333,342,358,365,374,120,171,193,237,320,335,360,382
com/applisto/appcloner/classes/FacebookLoginBehavior.java, line(s) 13,26,43
com/applisto/appcloner/classes/FacebookMessengerProvider.java, line(s) 39,41
com/applisto/appcloner/classes/FakeCalculator.java, line(s) 13,21,25,31
com/applisto/appcloner/classes/FakeCamera.java, line(s) 166,188,195,203,238,250,262,315,323,332,340,356,370,388,394,420,465,477,488,105,210,215,275,298,472,516
com/applisto/appcloner/classes/FileAccessMonitor.java, line(s) 30,53
com/applisto/appcloner/classes/GmailSupport.java, line(s) 52,88,93,125,129,139,141,159,176,189,199,206,209,213,227,233,236,98,180,184,201,217,238
com/applisto/appcloner/classes/HeadphonesEventReceiver.java, line(s) 13,25,30,19,38
com/applisto/appcloner/classes/HostMapper.java, line(s) 43,58,70,89,101,110,120,84,93
com/applisto/appcloner/classes/HostsBlocker.java, line(s) 69,78,89,100,118,178,242,249,257,265,284,287,302,338,380,398,402,432,494,92,136,352,389,504
com/applisto/appcloner/classes/InterruptionFilterControls.java, line(s) 24,25,29,44,51,52,65,71,57,74
com/applisto/appcloner/classes/LaunchTileService.java, line(s) 14,28,21
com/applisto/appcloner/classes/LoadLibraryWorkaround.java, line(s) 36,43,48,30
com/applisto/appcloner/classes/LogcatViewer.java, line(s) 81,163,240,211,250
com/applisto/appcloner/classes/MediaMountEjectReceiver.java, line(s) 13,24
com/applisto/appcloner/classes/MyControlsProviderService.java, line(s) 37,62,67,85,89,95
com/applisto/appcloner/classes/NotificationDots.java, line(s) 30,36,48,68,104,110,120,137,142,42,54,99,131,154
com/applisto/appcloner/classes/NotificationOptions.java, line(s) 202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,258,265,277,284,309,343,633,642,644,663,700,726,741,746,770,775,787,820,821,826,848,852,857,862,866,870,874,878,882,899,911,915,920,924,930,938,942,947,950,953,956,959,1036,1039,1099,1113,1144,1188,1259,92,118,147,246,312,557,565,606,626,665,668,706,795,832,904,932,1066,1101,1115,1146,1163,1198,1202,1244
com/applisto/appcloner/classes/PasswordActivity.java, line(s) 68,81,86,124,394,416,487,90,176,182,219,238,298,336,353,372,388,402,410,424,495
com/applisto/appcloner/classes/PasswordProtectApp.java, line(s) 12,18,20,24,30
com/applisto/appcloner/classes/PenEventReceiver.java, line(s) 12,18,23,33
com/applisto/appcloner/classes/PersistentApp.java, line(s) 13,17,22
com/applisto/appcloner/classes/PersistentAppAccessibilityService.java, line(s) 20
com/applisto/appcloner/classes/PersistentAppService.java, line(s) 18
com/applisto/appcloner/classes/PictureInPicture.java, line(s) 23,27,37,47,50,56,68,76,31,78
com/applisto/appcloner/classes/PowerEventReceiver.java, line(s) 12,18,22,25,28,31,33,41
com/applisto/appcloner/classes/PreferenceEditor.java, line(s) 27,29,32,50,67,75
com/applisto/appcloner/classes/ScreenSaver.java, line(s) 76,107,131,157,175,183,189,195,115,137,152,165
com/applisto/appcloner/classes/SecretDialerCodeReceiver.java, line(s) 15,24
com/applisto/appcloner/classes/SetBrightnessOnStart.java, line(s) 23,24,55,76,90,98,32,41,50,62,71
com/applisto/appcloner/classes/ShowOnLockScreen.java, line(s) 14,18,26
com/applisto/appcloner/classes/Signatures.java, line(s) 35,73,83,86,138,142,169,180,184,45,67,100,126,132,164,173,176,196
com/applisto/appcloner/classes/SplashScreenActivity.java, line(s) 74,81,118,129,147
com/applisto/appcloner/classes/StartActivity1.java, line(s) 20,37
com/applisto/appcloner/classes/StartForOutgoingCallReceiver.java, line(s) 19,26
com/applisto/appcloner/classes/ToastFilter.java, line(s) 25,29,67,74,83,58,85
com/applisto/appcloner/classes/UsbDeviceAttachedReceiver.java, line(s) 13,21
com/applisto/appcloner/classes/Utils.java, line(s) 293,296,303,305,722,734,84,105,168,224,231,245,285,338,404,436,494,507,516,590,603,647,740,752,756
com/applisto/appcloner/classes/WhatsAppSupport.java, line(s) 20,42,54,70,45,49,56,79
com/applisto/appcloner/classes/WifiControls.java, line(s) 19,20,24,41,44,49,55,63,66,47,69
com/applisto/appcloner/classes/freeform/FreeFormWindow.java, line(s) 38,41,31,45
com/applisto/appcloner/classes/freeform/FreeFormWindowActivity.java, line(s) 21,36,67,83,86,49,89
com/applisto/appcloner/classes/util/IActivityManagerHook.java, line(s) 16
com/applisto/appcloner/classes/util/IPackageManagerHook.java, line(s) 19
com/applisto/appcloner/classes/util/Log.java, line(s) 13,20,27,34,45,52,59,66,73,80,87
com/applisto/appcloner/classes/util/MultiProcessPreferences.java, line(s) 237,298
com/applisto/appcloner/classes/util/activity/ActivityLifecycleListener.java, line(s) 30,35
com/applisto/appcloner/classes/util/activity/OnAppExitListener.java, line(s) 17,24
com/applisto/appcloner/classes/util/activity/ResumePauseActivityLifecycleListener.java, line(s) 23,38
com/applisto/appcloner/classes/util/activity/StartExitAppEventReceiver.java, line(s) 19,35,54,67,25,49,62
com/applisto/appcloner/hooking/Hooking.java, line(s) 28,84,99,115,126,49,66,94,103,110
com/applisto/appcloner/service/RemoteService.java, line(s) 32,41,91,101,110
com/swift/sandhook/ClassNeverCall.java, line(s) 10
com/swift/sandhook/HookLog.java, line(s) 10,14,18,22,26,30
com/swift/sandhook/PendingHookHandler.java, line(s) 49,44
com/swift/sandhook/SandHook.java, line(s) 267
com/swift/sandhook/utils/FileUtils.java, line(s) 73,109
com/swift/sandhook/utils/ReflectionUtils.java, line(s) 21
com/swift/sandhook/utils/Unsafe.java, line(s) 85,32
com/swift/sandhook/wrapper/HookWrapper.java, line(s) 422,519,585,389,482
d0/c.java, line(s) 23
d1/a.java, line(s) 33,32,42,43
d1/b.java, line(s) 116,156,201,115,155,200
d4/e.java, line(s) 520,584,594,598,834,908
d4/f.java, line(s) 299
d6/d.java, line(s) 117,153
e/h.java, line(s) 176
e/k.java, line(s) 1105,1443,1445,1448,948,957,967,976,991,1000,1013,1022,697,2226,2235,2286,2427,2440,2685,2688,1330
e/r.java, line(s) 273,366,384,272,406
e/s.java, line(s) 30,44,56
e/u.java, line(s) 37
e1/a0.java, line(s) 68,69
e1/i.java, line(s) 553,183,238,552,385
e1/j.java, line(s) 134,135
e1/l.java, line(s) 18,167
e1/r.java, line(s) 150
e4/a.java, line(s) 82
e4/l.java, line(s) 257
e6/a.java, line(s) 21
f/a.java, line(s) 78,122
f1/i.java, line(s) 187,224,191,229
f1/j.java, line(s) 60,64,75,176,220,59,63,74,123,131,141,171,188,207,219,124,132,161,193,208
f2/c.java, line(s) 470,807
f2/i.java, line(s) 307,644
f2/u.java, line(s) 422
f3/b.java, line(s) 86,91,159,164
g1/e.java, line(s) 50,82,94,104,51,95,83,107
g1/j.java, line(s) 94,79
g3/g.java, line(s) 186,231,282,287,582
g4/q.java, line(s) 189
g4/s.java, line(s) 481,510,502
g5/c7.java, line(s) 51
g5/e7.java, line(s) 781
g5/q6.java, line(s) 447,462,446,630,3383,3524
g6/f.java, line(s) 401
h0/a.java, line(s) 277
h0/b.java, line(s) 49
h0/g.java, line(s) 31,44,83,155,198,216,239
h0/p.java, line(s) 990,933,989,351
h0/r.java, line(s) 20,31
h0/w.java, line(s) 251,329,83,95,102,111,50,318
h1/a.java, line(s) 47,46
h4/l.java, line(s) 46,63,78,83
h4/p.java, line(s) 46,51,56
i/g.java, line(s) 154,188,200,210,368
i1/c.java, line(s) 39,38
i1/e.java, line(s) 96,95
i1/r.java, line(s) 85,86
i2/j.java, line(s) 350
i4/h.java, line(s) 1955,2020
i5/a.java, line(s) 61,66
j2/d.java, line(s) 10
j2/f0.java, line(s) 53
j2/j0.java, line(s) 123,580
j2/l.java, line(s) 148
j2/l0.java, line(s) 813
j2/m1.java, line(s) 86
j2/v1.java, line(s) 799,904
java/io/ByteArrayOutputStrean.java, line(s) 20,24,25,38,27
k0/c.java, line(s) 25,34
k0/f.java, line(s) 55,64
k0/h.java, line(s) 18,17
k1/a.java, line(s) 82,125,93,135
k3/g0.java, line(s) 366
k4/a.java, line(s) 102,206
k4/b.java, line(s) 38,55,65,76
l0/b.java, line(s) 35
l1/b.java, line(s) 57,56,73,74
l1/i.java, line(s) 21,26,22,29
l1/j.java, line(s) 191,258,268,280,293,314,322,340,372,181,186,257,267,279,292,313,321,339,349,352,355,362,365
l1/l.java, line(s) 110,479,707,109,427,478,503,551,646,668,689,701,706,728,740,462,522,576
l1/m.java, line(s) 52,62,58,68
l1/q.java, line(s) 125,126
l1/v.java, line(s) 75,84,91,76,85,92,93,94,98
l1/y.java, line(s) 116,115
l2/b.java, line(s) 109
l2/w.java, line(s) 450,468,476,594,1488
l5/g.java, line(s) 47
m3/c.java, line(s) 36
m3/h.java, line(s) 481
n0/c.java, line(s) 326
n2/a.java, line(s) 599,344,444
n2/b.java, line(s) 273
n2/c.java, line(s) 87
n2/v.java, line(s) 216,200
n4/e.java, line(s) 153
n4/f.java, line(s) 97,110,167,175,192,208
n4/i.java, line(s) 40
n4/r.java, line(s) 39
n4/v.java, line(s) 68,72
o/d.java, line(s) 404
o0/a.java, line(s) 236,1233,1612,537,545,579,591,603,615,627,639,651,663,675,682,693,705,688,925,1147,1382,1428,1455,1458,1474,1510,1518,1552,1626,1700,1713
o2/c.java, line(s) 15
o2/r.java, line(s) 90
o3/d.java, line(s) 455,1393,1410
o3/n.java, line(s) 39
p1/a.java, line(s) 66,147,154,161,67,150,157,164
p1/h.java, line(s) 48,49
p4/u.java, line(s) 153,169
q/f.java, line(s) 712
q3/g.java, line(s) 524
q4/d.java, line(s) 15
q4/e.java, line(s) 65
q4/i0.java, line(s) 52,58
q4/j0.java, line(s) 49
q4/v.java, line(s) 26
r1/d.java, line(s) 42,39,93,111,94,112
r1/i.java, line(s) 67,68
r1/j.java, line(s) 198,199,210
r1/m.java, line(s) 55,62,56,63
s/d.java, line(s) 573,110,488
s2/a.java, line(s) 178
s3/c.java, line(s) 76
s4/a.java, line(s) 42,35,53,58
t/a.java, line(s) 154,157,158,163,167
t/b.java, line(s) 220,115
t0/a.java, line(s) 142,147,154,158,174,184
t2/e.java, line(s) 1282,1468,2210,2249,2511,3101,3154,3236
t4/a.java, line(s) 73,84
u1/g.java, line(s) 542,20,400,410
u2/d.java, line(s) 207,284
u4/g.java, line(s) 36,35,29
v0/a.java, line(s) 31
v1/h.java, line(s) 45,91,92,46
v2/b.java, line(s) 66,632,1556,1662
v2/e.java, line(s) 314,643
v2/f.java, line(s) 18,40,66,77,90,100
v2/i.java, line(s) 95
v2/m.java, line(s) 62
v3/a.java, line(s) 260
v3/b.java, line(s) 423,371,354,446,716
w0/x.java, line(s) 40,66
w2/i.java, line(s) 255
x/e.java, line(s) 112
x/f.java, line(s) 31
x/i.java, line(s) 28
x/j.java, line(s) 57,75,93
x0/b.java, line(s) 304
x0/f.java, line(s) 1066
x4/b.java, line(s) 37,102
y2/c0.java, line(s) 516
y2/f.java, line(s) 209
y2/l.java, line(s) 184,191,199,250,257,373,480
y2/o.java, line(s) 39
y2/t.java, line(s) 61,72
y2/w.java, line(s) 106
z/g.java, line(s) 148,171,178
z/i.java, line(s) 23
z0/a.java, line(s) 313
z1/a.java, line(s) 48,51
z2/a.java, line(s) 413
z2/c.java, line(s) 43
z3/a.java, line(s) 577,141,264,289,311,351,502,513
z3/c.java, line(s) 88,143

安全提示信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改

此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard

Files:
com/applisto/appcloner/classes/DisableClipboardAccess.java, line(s) 51,219,224,232,8,63

安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它

此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard

Files:
com/applisto/appcloner/classes/DisableClipboardAccess.java, line(s) 8,63,114,380

已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击

此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4

Files:
com/studio/multip2/activity/LogadoActivity.java, line(s) 193,157,164
f2/r.java, line(s) 129,127
u6/v.java, line(s) 115,114,113,113

已通过安全项 此应用程序可能具有Root检测功能

此应用程序可能具有Root检测功能
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1

Files:
e/r.java, line(s) 354

重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (app-measurement.com) 通信。

{'ip': '180.163.150.161', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}

重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (pagead2.googlesyndication.com) 通信。

{'ip': '180.163.151.38', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}

综合安全基线评分: ( P2online americano 6.0)