安全分析报告:
安全分数
安全分数 46/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
8
用户/设备跟踪器
调研结果
高危
6
中危
40
信息
3
安全
2
关注
18
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危 基本配置配置为信任用户安装的证书。
Scope: *
高危 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: net/xrcloud/activity/web/RobustWebView.java, line(s) 308,301
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/unity3d/services/core/webview/WebViewApp.java, line(s) 302,304,10,376,405,411,417
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: net/xrcloud/utils/AesUtils.java, line(s) 45,77
高危 应用程序包含隐私跟踪程序
此应用程序有多个8隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 基本配置配置为信任系统证书。
Scope: *
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Activity设置了TaskAffinity属性
(net.xrcloud.douyinapi.DouYinEntryActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity (net.xrcloud.douyinapi.DouYinEntryActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (net.xrcloud.activity.main.MainActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (net.xrcloud.activity.mycomputers.MyComputersActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (net.xrcloud.activity.web.WebActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (net.xrcloud.activity.disk.DiskActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (net.xrcloud.activity.gamedetail.NewGameDetailActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (net.xrcloud.activity.gamedetail.NewComputerDetailActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.tencent.tauth.AuthActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (net.xrcloud.wxapi.WXEntryActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (net.xrcloud.wxapi.WXPayEntryActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.vivo.push.sdk.service.CommandClientService) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.push.permission.UPSTAGESERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (net.xrcloud.push.oppo.PushMessageService) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.coloros.mcs.permission.SEND_MCS_MESSAGE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (net.xrcloud.push.oppo.AppPushMessageService) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.heytap.mcs.permission.SEND_PUSH_MESSAGE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (net.xrcloud.push.xiaomi.MyXiaomiPushReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.xiaomi.mipush.sdk.NotificationClickedActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.xiaomi.mipush.sdk.PushMessageHandler) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.xiaomi.push.service.receivers.NetworkStatusReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.alipay.sdk.app.PayResultActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.alipay.sdk.app.AlipayResultActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Activity设置了TaskAffinity属性
(com.readystatesoftware.chuck.internal.ui.MainActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity (com.bytedance.android.openliveplugin.stub.activity.DouyinAuthorizeActivityProxy) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.huawei.hms.support.api.push.service.HmsMsgService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Content Provider (com.huawei.hms.support.api.push.PushProvider) 未被保护。
[android:exported=true] 发现 Content Provider与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 数据短信接收端设置在端口: 8989 上
[android:port] 一个二进制短信接收器被配置为监听一个端口。发送到设备的二进制短信由应用程序以开发者选择的方式处理。这个短信中的数据应该被应用程序正确地验证。此外,应用程序应该假设接收到的短信来自一个不可信的来源。
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/unity3d/services/core/webview/WebView.java, line(s) 21,47 net/xrcloud/activity/web/ProtocolActivity.java, line(s) 116,64 net/xrcloud/activity/web/RobustWebView.java, line(s) 563,556 net/xrcloud/utils/ExtendFunKt.java, line(s) 1880,1881 net/xrcloud/utils/WebViewPool.java, line(s) 121,116 net/xrcloud/view/tasklabby/TaskLabbyView.java, line(s) 197,184
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/unionpay/WebViewJavascriptBridge.java, line(s) 44,32 com/unity3d/services/ads/webplayer/WebPlayerView.java, line(s) 90,74 com/unity3d/services/core/webview/WebView.java, line(s) 74,47 wendu/dsbridge/DWebView.java, line(s) 648,641
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/abedelazizshe/lightcompressorlibrary/VideoCompressor.java, line(s) 118,120 com/afollestad/materialdialogs/folderselector/FileChooserDialog.java, line(s) 174,244 com/afollestad/materialdialogs/folderselector/FolderChooserDialog.java, line(s) 160,228 com/lzy/okgo/convert/FileConvert.java, line(s) 26,43 com/readystatesoftware/chuck/internal/support/SQLiteUtils.java, line(s) 30 com/ss/android/downloadlib/addownload/lg.java, line(s) 368 com/ss/android/downloadlib/addownload/pa.java, line(s) 242,244 com/ss/android/downloadlib/lg/nt.java, line(s) 341,321,415 com/tencent/a/a/a/a/b.java, line(s) 21,23,35,44 com/tencent/ugc/TXVideoEditer.java, line(s) 1379 com/unity3d/services/core/cache/CacheDirectory.java, line(s) 29 com/xuexiang/xupdate/utils/UpdateUtils.java, line(s) 177 net/xrcloud/VideoUtils.java, line(s) 132 net/xrcloud/activity/gamedetail/DownLoadSaveImg.java, line(s) 88,98 net/xrcloud/activity/my/invitecode/InviteCodeActivity.java, line(s) 875 net/xrcloud/activity/videoplayer/TXVodPlayerWrapper.java, line(s) 56 net/xrcloud/activity/web/WebActivity.java, line(s) 842,846 net/xrcloud/activity/webrtcconnect/PeerConnectionClient.java, line(s) 314,521 net/xrcloud/ad/hpcad/HpcAdActivity.java, line(s) 764,768 net/xrcloud/ad/hpcad/HpcLandAdActivity.java, line(s) 774,778 net/xrcloud/application/Consts.java, line(s) 912
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/lzy/okgo/db/DBHelper.java, line(s) 4,5,44,45,46,47,53,56,59,62 com/lzy/okgo/db/DBUtils.java, line(s) 4,12,40,75 com/ss/android/downloadlib/g/zx.java, line(s) 4,5,17,22 nl/qbusict/cupboard/DatabaseCompartment.java, line(s) 5,64,170,205,415,416
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/koushikdutta/async/dns/Dns.java, line(s) 20 com/koushikdutta/async/util/FileCache.java, line(s) 17 com/scwang/smartrefresh/header/FunGameBattleCityHeader.java, line(s) 14 com/scwang/smartrefresh/header/TaurusHeader.java, line(s) 25 com/scwang/smartrefresh/header/storehouse/StoreHouseBarItem.java, line(s) 8 com/unity3d/services/core/request/metrics/SDKMetrics.java, line(s) 9 com/xuexiang/xupdate/utils/ColorUtils.java, line(s) 7 org/java_websocket/drafts/Draft_6455.java, line(s) 15
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/lzy/okgo/cache/CacheEntity.java, line(s) 13,85 com/lzy/okgo/exception/CacheException.java, line(s) 7,11 com/tencent/ugc/MediaExtractorWrapper.java, line(s) 115,127,139 com/unionpay/tsmservice/data/Constant.java, line(s) 195,197 com/unionpay/tsmservice/data/ResultCode.java, line(s) 75,62 com/unionpay/tsmservice/mi/data/Constant.java, line(s) 142,146 com/unionpay/tsmservice/mi/data/ResultCode.java, line(s) 33,30 com/unity3d/ads/metadata/InAppPurchaseMetaData.java, line(s) 13 com/unity3d/services/core/configuration/ExperimentObject.java, line(s) 7,8 com/unity3d/services/core/device/reader/DeviceInfoReaderFilterProvider.java, line(s) 12,13 com/unity3d/services/core/device/reader/JsonStorageKeyNames.java, line(s) 4,6,7,9,10,11,8,12,5,13,14,15 com/unity3d/services/core/properties/SdkProperties.java, line(s) 24 com/zhy/http/okhttp/builder/PostFormBuilder.java, line(s) 53 net/xrcloud/activity/gamedetail/SelfAccountBean.java, line(s) 70 net/xrcloud/activity/my/consume/ConsumePresenterImpl.java, line(s) 23 net/xrcloud/activity/my/ranking/RankingPresenterImpl.java, line(s) 23 net/xrcloud/application/Consts.java, line(s) 541,741,547,552,534,359,426,252,535,553,742,254,489 net/xrcloud/application/Preference.java, line(s) 34 net/xrcloud/datadao/Accounts.java, line(s) 60 net/xrcloud/fragment/scenelink/SceneContractKt.java, line(s) 7 net/xrcloud/fragment/sharedialog/RoomByWord.java, line(s) 160 net/xrcloud/google/zxing/decoding/Intents.java, line(s) 45 net/xrcloud/utils/RSACoder.java, line(s) 30,29 net/xrcloud/view/onnumber/NumberEntity.java, line(s) 96 org/java_websocket/drafts/Draft_6455.java, line(s) 54 rx/internal/schedulers/NewThreadWorker.java, line(s) 26,36
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: a/a/a/a/c.java, line(s) 60 com/jg/ids/i/i.java, line(s) 101 com/koushikdutta/async/http/WebSocketImpl.java, line(s) 58 com/unionpay/utils/UPUtils.java, line(s) 16 com/unionpay/utils/b.java, line(s) 126 com/unity3d/services/core/device/Device.java, line(s) 428 org/java_websocket/drafts/Draft_6455.java, line(s) 543 org/repackage/a/a/a/a/c.java, line(s) 59
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/chinaums/pppay/unify/UnifyMd5.java, line(s) 16,35 com/koushikdutta/async/http/spdy/ByteString.java, line(s) 232 com/koushikdutta/async/util/FileCache.java, line(s) 92 com/opensource/svgaplayer/SVGACache.java, line(s) 131 com/xuexiang/xupdate/utils/Md5Utils.java, line(s) 23 net/xrcloud/utils/MD5Utils.java, line(s) 11 net/xrcloud/view/verification/MD5Util.java, line(s) 20
中危 IP地址泄露
IP地址泄露 Files: com/afollestad/materialdialogs/BuildConfig.java, line(s) 9 com/afollestad/materialdialogs/commons/BuildConfig.java, line(s) 9 com/koushikdutta/async/AsyncSSLSocketWrapper.java, line(s) 81 com/koushikdutta/async/dns/Dns.java, line(s) 92,122,84 net/xrcloud/utils/RSACoder.java, line(s) 176
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 华为HMS Core 应用ID的=> "com.huawei.hms.client.appid" : "appid=101025571" AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "ca-app-pub-7429905520994113~5143797969" vivo推送的=> "com.vivo.push.api_key" : "c50a4dd9925f1ea5f3be7948cd0b5b19" vivo推送的=> "local_iv" : "MzMsMzQsMzUsMzYsMzcsMzgsMzksNDAsNDEsMzIsMzgsMzcsMzYsMzUsMzQsMzMsI0AzNCwzMiwzMywzNywzMywzNCwzMiwzMywzMywzMywzNCw0MSwzNSwzNSwzMiwzMiwjQDMzLDM0LDM1LDM2LDM3LDM4LDM5LDQwLDQxLDMyLDM4LDM3LDMzLDM1LDM0LDMzLCNAMzQsMzIsMzMsMzcsMzMsMzQsMzIsMzMsMzMsMzMsMzQsNDEsMzUsMzIsMzIsMzI" vivo推送的=> "com.vivo.push.app_id" : "102096202" "cus_cloud_keyboard_space" : "Space" "key_back" : "Back" "key_capslock_small" : "Lowercase" "key_capslock" : "Uppercase" "cus_cloud_keyboard_symbol" : "Symbols" "key_space" : "Spcae" "pref_speakerphone_key" : "speakerphone_preference" "key_delete" : "delete" "key_floatbar" : "AssistiveTouch" "cus_cloud_keyboard_return" : "Return" "cus_cloud_keyboard_low" : "Lowercase" "key_hong_en" : "Chinese/English" "key_sure" : "Confirm" "cus_cloud_keyboard_CN" : "Chinese/Mandarin" "key_symbol" : "Symbols" "cus_cloud_keyboard_height" : "Uppercase" 6X8Y4XdM2Vhvn0KfzcEatGnWaNU= 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 6e400002-b5a3-f393-e0a9-e50e24dcca9e ab4c04e3a17b47e4bb8e98dbb30a6173 f0131e62-8597-44bd-a5ef-48f7409be84d ED2B1F468C5F915F3F1CF75D7068BAAE 00e120ef2ef34b2a81822a1de4e542f7 13099a37-2b8a-4b12-966c-2e0339d2d454 D75BB2802E61738A9A03BF014F927D9A c976c0465f40474e4cd50bd1e1d37162 330ab80fa0ef4057ad00988bbb81d64d c06c8400-8e06-11e0-9cb6-0002a5d5c51b 6e400001-b5a3-f393-e0a9-e50e24dcca9e 03926990816987241548078304229099 5dad67a43fc1956bbd000c41 9A04F079-9840-4286-AB92-E65BE0885F95 536C79B93ACFBEA950AE365D8CE1AEF91FEA9535 89504e470d0a1a0a0000000d49484452000000210000003c0806000000e8acd32a000000097048597300000b1300000b1301009a9c1800000a4d6943435050686f746f73686f70204943432070726f66696c65000078da9d53775893f7163edff7650f5642d8f0b1976c81002223ac08c81059a21092006184101240c585880a561415119c4855c482d50a489d88e2a028b867418a885a8b555c38ee1fdca7b57d7aefededfbd7fbbce79ce7fcce79cf0f8011122691e6a26a003952853c3ad81f8f4f48c4c9bd80021548e0042010e6cbc26705c50000f00379787e74b03ffc01af6f00020070d52e2412c7e1ff83ba50265700209100e02212e70b01905200c82e54c81400c81800b053b3640a009400006c797c422200aa0d00ecf4493e0500d8a993dc1700d8a21ca908008d0100992847240240bb00605581522c02c0c200a0ac40222e04c0ae018059b632470280bd0500768e58900f4060008099422ccc0020380200431e13cd03204c03a030d2bfe0a95f7085b8480100c0cb95cd974bd23314b895d01a77f2f0e0e221e2c26cb142611729106609e4229c979b231348e7034cce0c00001af9d1c1fe383f90e7e6e4e1e666e76ceff4c5a2fe6bf06f223e21f1dffebc8c020400104ecfefda5fe5e5d60370c701b075bf6ba95b00da560068dff95d33db09a05a0ad07af98b7938fc401e9ea150c83c1d1c0a0b0bed2562a1bd30e38b3eff33e16fe08b7ef6fc401efedb7af000719a4099adc0a383fd71616e76ae528ee7cb0442316ef7e723fec7857ffd8e29d1e234b15c2c158af15889b850224dc779b952914421c995e212e97f32f11f96fd0993770d00ac864fc04eb607b5cb6cc07eee01028b0e58d27600407ef32d8c1a0b91001067343279f7000093bff98f402b0100cd97a4e30000bce8185ca894174cc608000044a0812ab041070cc114acc00e9cc11dbcc01702610644400c24c03c104206e4801c0aa11896411954c03ad804b5b0031aa0119ae110b4c131380de7e0125c81eb70170660189ec218bc86090441c8081361213a8811628ed822ce0817998e04226148349280a420e988145122c5c872a402a9426a915d4823f22d7214398d5c40fa90dbc820328afc8abc47319481b25103d4027540b9a81f1a8ac6a073d174340f5d8096a26bd11ab41e3d80b6a2a7d14be87574007d8a8e6380d1310e668cd9615c8c87456089581a26c71663e55835568f35631d583776151bc09e61ef0824028b8013ec085e8410c26c82909047584c5843a825ec23b412ba085709838431c2272293a84fb4257a12f9c478623ab1905846ac26ee211e219e255e270e135f9348240ec992e44e0a21259032490b496b48db482da453a43ed210699c4c26eb906dc9dee408b280ac209791b7900f904f92fbc9c3e4b7143ac588e24c09a22452a494124a35653fe504a59f324299a0aa51cda99ed408aa883a9f5a496da076502f5387a91334759a25cd9b1643cba42da3d5d09a696769f7682fe974ba09dd831e4597d097d26be807e9e7e983f4770c0d860d83c7486228196b197b19a718b7192f994ca605d39799c85430d7321b9967980f986f55582af62a7c1591ca12953a9556957e95e7aa545573553fd579aa0b54ab550fab5e567da64655b350e3a909d416abd5a91d55bba936aece5277528f50cf515fa3be5ffd82fa630db2868546a08648a35463b7c6198d2116c63265f15842d6725603eb2c6b984d625bb2f9ec4c7605fb1b762f7b4c534373aa66ac6691669de671cd010ec6b1e0f039d99c4ace21ce0dce7b2d032d3f2db1d66aad66ad7ead37da7adabeda62ed72ed16edebdaef75709d409d2c9df53a6d3af77509ba36ba51ba85badb75cfea3ed363eb79e909f5caf50ee9ddd147f56df4a3f517eaefd6efd11f373034083690196c313863f0cc9063e86b9869b8d1f084e1a811cb68ba91c468a3d149a327b826ee8767e33578173e66ac6f1c62ac34de65dc6b3c61626932dba4c4a4c5e4be29cd946b9a66bad1b4d374ccccc82cdcacd8acc9ec8e39d59c6b9e61bed9bcdbfc8d85a5459cc54a8b368bc796da967ccb05964d96f7ac98563e567956f556d7ac49d65ceb2ceb6dd6576c501b579b0c9b3a9bcbb6a8ad9badc4769b6ddf14e2148f29d229f5536eda31ecfcec0aec9aec06ed39f661f625f66df6cf1dcc1c121dd63b743b7c727475cc766c70bceba4e134c3a9c4a9c3e957671b67a1739df33517a64b90cb1297769717536da78aa76e9f7acb95e51aeebad2b5d3f5a39bbb9bdcadd96dd4ddcc3dc57dabfb4d2e9b1bc95dc33def41f4f0f758e271cce39da79ba7c2f390e72f5e765e595efbbd1e4fb39c269ed6306dc8dbc45be0bdcb7b603a3e3d65facee9033ec63e029f7a9f87bea6be22df3dbe237ed67e997e07fc9efb3bfacbfd8ff8bfe179f216f14e056001c101e501bd811a81b3036b031f049904a50735058d05bb062f0c3e15420c090d591f72936fc017f21bf96333dc672c9ad115ca089d155a1bfa30cc264c1ed6118e86cf08df107e6fa6f94ce9ccb60888e0476c88b81f69199917f97d14292a32aa2eea51b453747174f72cd6ace459fb67bd8ef18fa98cb93bdb6ab6727667ac6a6c526c63ec9bb880b8aab8817887f845f1971274132409ed89e4c4d8c43d89e37302e76c9a339ce49a54967463aee5dca2b917e6e9cecb9e773c593559907c3885981297b23fe5832042502f184fe5a76e4d1d13f2849b854f45bea28da251b1b7b84a3c92e69d5695f638dd3b7d43fa68864f4675c633094f522b79911992b923f34d5644d6deaccfd971d92d39949c949ca3520d6996b42bd730b728b74f662b2b930de479e66dca1b9387caf7e423f973f3db156c854cd1a3b452ae500e164c2fa82b785b185b78b848bd485ad433df66feeaf9230b82167cbd90b050b8b0b3d8b87859f1e022bf45bb16238b5317772e315d52ba647869f0d27dcb68cbb296fd50e2585255f26a79dcf28e5283d2a5a5432b82573495a994c9cb6eaef45ab9631561956455ef6a97d55b567f2a17955fac70aca8aef8b046b8e6e2574e5fd57cf5796ddadade4ab7caedeb48eba4eb6eacf759bfaf4abd6a41d5d086f00dad1bf18de51b5f6d4ade74a17a6af58ecdb4cdcacd03356135ed5bccb6acdbf2a136a3f67a9d7f5dcb56fdadabb7bed926dad6bfdd777bf30e831d153bdeef94ecbcb52b78576bbd457df56ed2ee82dd8f1a621bbabfe67eddb847774fc59e8f7ba57b07f645efeb6a746f6cdcafbfbfb2096d52368d1e483a70e59b806fda9bed9a77b5705a2a0ec241e5c127dfa67c7be350e8a1cec3dcc3cddf997fb7f508eb48792bd23abf75ac2da36da03da1bdefe88ca39d1d5e1d47beb7ff7eef31e36375c7358f579ea09d283df1f9e48293e3a764a79e9d4e3f3dd499dc79f74cfc996b5d515dbd6743cf9e3f1774ee4cb75ff7c9f3dee78f5df0bc70f422f762db25b74bad3dae3d477e70fde148af5b6feb65f7cbed573cae74f44deb3bd1efd37ffa6ac0d573d7f8d72e5d9f79bdefc6ec1bb76e26dd1cb825baf5f876f6ed17770aee4cdc5d7a8f78affcbedafdea07fa0fea7fb4feb165c06de0f860c060cfc3590fef0e09879efe94ffd387e1d247cc47d52346238d8f9d1f1f1b0d1abdf264ce93e1a7b2a713cfca7e56ff79eb73abe7dffde2fb4bcf58fcd8f00bf98bcfbfae79a9f372efaba9af3ac723c71fbcce793df1a6fcadcedb7defb8efbadfc7bd1f9928fc40fe50f3d1fa63c7a7d04ff73ee77cfefc2ff784f3fb25d29f33000000206348524d00007a25000080830000f9ff000080e9000075300000ea6000003a980000176f925fc546000002744944415478dabcd9c96b145110c7f1d734b6c9b8ef8a0b2e410cfe77826741100441c48324a006040f8a08828a8a102689c11d238a3b8a0b060feaf7e8e979e9816178f57a7b5587390df47c86ee7e55f52b0738c3cf3ae01af00f580226bdf7ce1af010f0439fbe25622db03802f0c02f2bc41a602100f0c094056215302f00ee0063da881ed01700f78071c069227ac0ac00b85f7eef3411bdf2874280d9618016621cb82b00faa3000dc4caf2610b01e6cb87d469220ae0b60058285f53a78928809b0260b13c299d26a2006e0880475580148802b82e009ed4017445ac28ab6108f014585ff75a6d11397055003c073636b95e1b440e5c11002f804d4dff5453440e5c16004bc09636b7b60922072e0980576d014d10393023005e035bbbbce6751019704100bc01b6753decaa1019705e00bc0576a438f263880c981200ef819da90a9f84c8807302e003b02b65f90f2132e0ac00f804ec4edd0485106704c067608f462b388a382d00be007bb51ae261c42901f015d8a739160c104705c037e080f6703440fc0900be03131623e200f137342302872d114784dbb10c4c5a211c704c80fc040e59211c705c80fc000e5a211c704280a83da852ed3869f9cac6aa68ecf0da6f85303bc6eb7456ea05ad6e7ba75adaeb36bab126e763d726a749cb9f01d31aed5ed3e127d6f8be6bdbf8b6190333e0626404d86e81483e0c758906928d855d4392d880fcb22e24455c5415156cb640740e4d524688b1f8e819b0c102d13a48d388956391e2e310442b602f805b75c355cd55432c667e50aea3d4110e18ab08dc575b20aa560f7340cf6a11175bc24c5bae24a575d4b2f57236b4989bb3460c569433c0ef1234e1bd77ff070038285c304da61b3c0000000049454e44ae426082 bdb32016-b069-461c-ae3e-c9657021340c bb392ec0-8d4d-11e0-a896-0002a5d5c51b 2cd8c1128c46320ce7198199d0738003 fa92884b-e0e5-4187-9ab9-1cbaf32feb87 15795b19-59fb-4fb5-9b16-054ab8fc5172 fa676b4050e09ba3ac4d9bec4c87a41e 2601a741ad9e22ec7957ff9a3b3c9376 bf1c7ddd93cff2ff0d64b9420c3e b5e52765b81d101510dc0afdc52b1d64 c50a4dd9925f1ea5f3be7948cd0b5b19 A2B55680-6F43-11E0-9A3F-0002A5D5C51B 5dd4fbfc5b1b49d49bd66bfc659c5534 0000000023456789abcdef12123456786789abcd NUYQuYgh++3WROW88KunxEUyPdmoS6HoC0U0kfZy7YAvJKXBVx8RNvwJeSSW+OL2qi2SiJc3uSnzFErIwEC45w 6e400003-b5a3-f393-e0a9-e50e24dcca9e 5fb7b06eb59a8fef0ed7c182e888a55b e337e2f29bfd4d91aaae30c2278bf3b8 5fd96afe49e048229458eb0fed55ac6c 857c1b6bfc3077e393e44ce380594f3b
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/abedelazizshe/lightcompressorlibrary/utils/CompressorUtils.java, line(s) 160,91,210 com/abedelazizshe/lightcompressorlibrary/utils/StreamableVideo.java, line(s) 143,170,174,177,105,113,156,187 com/afollestad/materialdialogs/MaterialDialog.java, line(s) 594 com/afollestad/materialdialogs/internal/MDTintHelper.java, line(s) 140 com/chinaums/pppay/unify/UnifyPayPlugin.java, line(s) 184,202,218,224 com/chinaums/pppay/unify/UnifyUtils.java, line(s) 107,111,88 com/coremedia/iso/boxes/sampleentry/AudioSampleEntry.java, line(s) 194 com/draggable/library/core/DraggableImageView.java, line(s) 416 com/draggable/library/core/DraggableZoomCore.java, line(s) 186,194,202,204,212,291,348,356,374,422 com/drakeet/multitype/MultiTypeAdapter.java, line(s) 204 com/huawei/appgallery/serviceverifykit/d/d/b.java, line(s) 22,30,38,46 com/koushikdutta/async/AsyncNetworkSocket.java, line(s) 224 com/koushikdutta/async/AsyncServer.java, line(s) 241,354,509,535,167,582,625,643,798,816,819,822 com/koushikdutta/async/ByteBufferList.java, line(s) 347 com/koushikdutta/async/PushParser.java, line(s) 233 com/koushikdutta/async/Util.java, line(s) 26,37,38 com/koushikdutta/async/http/AsyncHttpRequest.java, line(s) 231,238,239,246,253,254,210,217,224 com/koushikdutta/async/http/HybiParser.java, line(s) 384 com/koushikdutta/async/http/cache/RawHeaders.java, line(s) 110 com/koushikdutta/async/http/server/AsyncHttpServerRequestImpl.java, line(s) 79 com/lzy/okgo/utils/OkLogger.java, line(s) 34,64,44,24,54 com/miui/deviceid/IdentifierManager.java, line(s) 26,62 com/opensource/svgaplayer/utils/log/DefaultLogCat.java, line(s) 29,42,22,15,36 com/readystatesoftware/chuck/ChuckInterceptor.java, line(s) 219 com/readystatesoftware/chuck/internal/support/RetentionManager.java, line(s) 41,61 com/scwang/smartrefresh/header/waveswipe/WaveView.java, line(s) 326 com/scwang/smartrefresh/layout/internal/pathview/PathParser.java, line(s) 525,530 com/smarx/notchlib/impl/VivoNotchScreen.java, line(s) 21 com/tbruyelle/rxpermissions2/RxPermissionsFragment.java, line(s) 81,46 com/tencent/a/a/a/a/b.java, line(s) 20,42,48,28,54 com/tencent/a/a/a/a/c.java, line(s) 31,45 com/tencent/a/a/a/a/d.java, line(s) 16,32 com/tencent/a/a/a/a/e.java, line(s) 14,28 com/tencent/a/a/a/a/h.java, line(s) 30,20,60,24 com/tencent/live2/impl/V2TXLivePusherImpl.java, line(s) 442,38,52 com/tencent/live2/impl/V2TXLiveUtils.java, line(s) 159,16,19 com/tencent/live2/impl/a.java, line(s) 49 com/tencent/trtc/TRTCCloud.java, line(s) 445 com/tencent/ugc/MP4Writer.java, line(s) 44,53,62,67,72,77,84,93,119,79,104,112 com/tencent/ugc/MediaExtractorWrapper.java, line(s) 115,127,139,188,23,48,152,211,217,147,169 com/tencent/ugc/RemuxJoiner.java, line(s) 78,35,43,37,54,63,72,85 com/tencent/ugc/TXUGCRecord.java, line(s) 128,136,144,152,160,168,176,184,192,200,208,216,224,232,241,250,259,268,277,286,295,304,313 com/tencent/ugc/TXVideoEditer.java, line(s) 275,297,315,339,352,365,381,398,406,447,460,473,486,499,512,526,541,555,569,583,598,620,634,654,669,682,696,709,722,1218,1381,1394,1400,1407,1415,1438,1451,144,169,193,199,260,266,282,291,304,325,346,359,374,389,401,411,454,467,480,493,506,520,534,549,563,577,590,610,628,642,663,676,690,703,716,729,738,751,765,780,785,814,827,848,862,868,871,900,931,945,959,964,977,988,998,1010,1020,1040,1077,1093,1136,1144,1149,1157,1162,1224,1241,1249,1260,1284,1340,1369,436,1311,1351,1458,1475 com/tencent/ugc/TXVideoInfoReader.java, line(s) 69,75,127,180,64,83,89,183,202,206,220,241,258,276,160,164,175,191,195,254 com/tencent/ugc/TXVideoJoiner.java, line(s) 194,256,107,122,126,131,141,153,161,169,177,187,192,204,219,235,245,254,260,274,283,309 com/tencent/ugc/UGCAudioProcessor.java, line(s) 260,253 com/tencent/ugc/UGCCombineFrameFilter.java, line(s) 57 com/tencent/ugc/UGCCombineProcessor.java, line(s) 43,21 com/tencent/ugc/UGCImageProvider.java, line(s) 176,189,45,56,76,94,105,133,59,152 com/tencent/ugc/UGCInitializer.java, line(s) 20,29 com/tencent/ugc/UGCLicenseChecker.java, line(s) 28,25 com/tencent/ugc/UGCMediaListSource.java, line(s) 98,111,154,173,183,366,380,398,410,434,439,501,519,532,554,571,603,691,812,101,867,899,933 com/tencent/ugc/UGCMultiFileAudioFrameProvider.java, line(s) 30 com/tencent/ugc/UGCMultiFilePixelFrameProvider.java, line(s) 43 com/tencent/ugc/UGCRecorderJni.java, line(s) 456 com/tencent/ugc/UGCSingleFileAudioFrameProvider.java, line(s) 63,90,51,136,230,239,244,139 com/tencent/ugc/UGCSingleFilePixelFrameProvider.java, line(s) 182,186,343,366,63,69,85,109,138,190,245,271,278,382,402,421,483,495,324 com/tencent/ugc/UGCThumbnailGenerator.java, line(s) 59,83,45,67,97,118,142,160,170,184,211,235,100,122,157,232 com/tencent/ugc/UGCTransitionProcessor.java, line(s) 42,30 com/tencent/ugc/UGCVideoProcessor.java, line(s) 233,716,246,426,760,780,799,803,117,140,180,218,225,267,288,353,374,395,404,450,534,564,628,726,744,765 com/tencent/ugc/VideoDemuxerFFmpeg.java, line(s) 50,53,60,35,97 com/tencent/ugc/common/MediaExtractorBuilder.java, line(s) 44 com/tencent/ugc/common/MediaRetrieverBuilder.java, line(s) 34 com/tencent/ugc/common/UGCTranscodeAudioEncodeParamsDecider.java, line(s) 24,99 com/tencent/ugc/common/UGCTranscodeVideoEncodeParamsDecider.java, line(s) 54,61,66,80,88,96,118,153,236,254,267,288,292 com/tencent/ugc/retriver/FFmpegMediaRetriever.java, line(s) 18,25,30 com/tencent/ugc/videoprocessor/VideoEffectProcessor.java, line(s) 39,50,62,67 com/tencent/ugc/videoprocessor/VideoTransitionProcessor.java, line(s) 116,101,103,120 com/tencent/ugc/videoprocessor/WatermarkProcessor.java, line(s) 216,248,48,172,186,214,251 com/tencent/ugc/videoprocessor/videoeffect/filter/TXCGPULightingFilter.java, line(s) 53,61 com/tencent/ugc/videoprocessor/watermark/AnimatedPasterFilterChain.java, line(s) 117,121 com/tencent/ugc/videoprocessor/watermark/TailWaterMarkChain.java, line(s) 13,28 com/unionpay/b/e.java, line(s) 24 com/unionpay/b/i.java, line(s) 24 com/unionpay/utils/j.java, line(s) 14,23,17,11,20 com/unity3d/ads/UnityAdsBaseOptions.java, line(s) 18 com/unity3d/ads/metadata/InAppPurchaseMetaData.java, line(s) 62,77,81 com/unity3d/ads/metadata/MetaData.java, line(s) 74,83 com/unity3d/services/UnityServices.java, line(s) 29,66,73,78,89,94,107,123,99,101,111,42 com/unity3d/services/ads/UnityAdsImplementation.java, line(s) 41,125 com/unity3d/services/ads/adunit/AdUnitActivity.java, line(s) 347,349,67,89,111,134,172,268,313,373,139 com/unity3d/services/ads/adunit/VideoPlayerHandler.java, line(s) 33,51 com/unity3d/services/ads/api/AdUnit.java, line(s) 76,79,82,85,108,422,428,480,484,489,493,99,112,117,122,154,244,336,352,381,388 com/unity3d/services/ads/api/VideoPlayer.java, line(s) 57,75,93,111,129,165 com/unity3d/services/ads/api/WebPlayer.java, line(s) 133 com/unity3d/services/ads/configuration/AdsModuleConfiguration.java, line(s) 48,59,67 com/unity3d/services/ads/gmascar/adapters/ScarAdapterFactory.java, line(s) 63 com/unity3d/services/ads/gmascar/bridges/AdapterStatusBridge.java, line(s) 26,35 com/unity3d/services/ads/gmascar/bridges/InitializeListenerBridge.java, line(s) 26,49 com/unity3d/services/ads/gmascar/bridges/mobileads/MobileAdsBridge.java, line(s) 30 com/unity3d/services/ads/gmascar/bridges/mobileads/MobileAdsBridgeLegacy.java, line(s) 37 com/unity3d/services/ads/gmascar/finder/GMAInitializer.java, line(s) 50 com/unity3d/services/ads/gmascar/finder/ScarVersionFinder.java, line(s) 33,49 com/unity3d/services/ads/token/AsyncTokenStorage.java, line(s) 161,191 com/unity3d/services/ads/token/NativeTokenGenerator.java, line(s) 41 com/unity3d/services/ads/video/VideoPlayerView.java, line(s) 47,83,86,107,150,156,210,221,248 com/unity3d/services/ads/webplayer/WebPlayerView.java, line(s) 66,166,201,205,299,312,324,337,356,418 com/unity3d/services/banners/BannerView.java, line(s) 110 com/unity3d/services/banners/UnityBanners.java, line(s) 134 com/unity3d/services/core/api/Cache.java, line(s) 102,116,42,121,131 com/unity3d/services/core/api/DeviceInfo.java, line(s) 208,231,249,304,311,341,513 com/unity3d/services/core/api/Intent.java, line(s) 91,109,133,169,183 com/unity3d/services/core/api/Request.java, line(s) 33,45,63,75,92,104 com/unity3d/services/core/api/Sdk.java, line(s) 16,42,92,104,74,86,80 com/unity3d/services/core/broadcast/BroadcastEventReceiver.java, line(s) 36 com/unity3d/services/core/cache/CacheDirectory.java, line(s) 40,44,51,91,95,101,108,117,119,33,54,122 com/unity3d/services/core/cache/CacheThread.java, line(s) 30 com/unity3d/services/core/cache/CacheThreadHandler.java, line(s) 44,86,89,93 com/unity3d/services/core/configuration/ConfigurationReader.java, line(s) 40 com/unity3d/services/core/configuration/ConfigurationRequestFactory.java, line(s) 54 com/unity3d/services/core/configuration/EnvironmentCheck.java, line(s) 21,40,24,27,30,33,43 com/unity3d/services/core/configuration/ExperimentObject.java, line(s) 28 com/unity3d/services/core/configuration/ExperimentsReader.java, line(s) 33 com/unity3d/services/core/configuration/InitializationNotificationCenter.java, line(s) 66 com/unity3d/services/core/configuration/InitializeEventsMetricSender.java, line(s) 68,85,108,123,131,152 com/unity3d/services/core/configuration/InitializeThread.java, line(s) 188,196,219,417,432,508,540,638,650,670,60,69,482,517,520,547,550,590,624,674,738,831,331,424,460,812 com/unity3d/services/core/configuration/PrivacyConfigurationLoader.java, line(s) 29 com/unity3d/services/core/connectivity/ConnectivityMonitor.java, line(s) 113,130,157,102,149 com/unity3d/services/core/device/AdvertisingId.java, line(s) 177,49,59 com/unity3d/services/core/device/Device.java, line(s) 318,334,343,430,126 com/unity3d/services/core/device/OpenAdvertisingId.java, line(s) 168,57,64 com/unity3d/services/core/device/Storage.java, line(s) 36,40,70 com/unity3d/services/core/device/reader/DeviceInfoReaderCompressor.java, line(s) 40,44 com/unity3d/services/core/device/reader/DeviceInfoReaderExtended.java, line(s) 46 com/unity3d/services/core/domain/task/InitializeStateConfig$doWork$2.java, line(s) 52 com/unity3d/services/core/domain/task/InitializeStateCreate$doWork$2.java, line(s) 52,58,76 com/unity3d/services/core/domain/task/InitializeStateCreateWithRemote$doWork$2.java, line(s) 52,57,75 com/unity3d/services/core/domain/task/InitializeStateError$doWork$2.java, line(s) 49 com/unity3d/services/core/domain/task/InitializeStateLoadCache$doWork$2.java, line(s) 53,60 com/unity3d/services/core/domain/task/InitializeStateLoadCache.java, line(s) 88 com/unity3d/services/core/domain/task/InitializeStateLoadConfigFile$doWork$2.java, line(s) 53,61 com/unity3d/services/core/domain/task/InitializeStateNetworkError$doWork$2.java, line(s) 50 com/unity3d/services/core/domain/task/InitializeStateNetworkError.java, line(s) 51,69 com/unity3d/services/core/log/DeviceLog.java, line(s) 187,227,234 com/unity3d/services/core/misc/JsonFlattener.java, line(s) 39 com/unity3d/services/core/misc/JsonStorage.java, line(s) 62,56,65,74,86,122,142,160,166 com/unity3d/services/core/misc/JsonStorageAggregator.java, line(s) 24 com/unity3d/services/core/misc/Utilities.java, line(s) 48,69 com/unity3d/services/core/misc/ViewUtilities.java, line(s) 18,27 com/unity3d/services/core/preferences/AndroidPreferences.java, line(s) 19,31,43,55,67 com/unity3d/services/core/properties/ClientProperties.java, line(s) 66,85,97,99 com/unity3d/services/core/properties/SdkProperties.java, line(s) 217,219,142 com/unity3d/services/core/reflection/GenericBridge.java, line(s) 32,39,58,73,82,88,95,101 com/unity3d/services/core/request/WebRequest.java, line(s) 252,152,158 com/unity3d/services/core/request/WebRequestRunnable.java, line(s) 35,39,82 com/unity3d/services/core/request/WebRequestThread.java, line(s) 45,158,172 com/unity3d/services/core/request/metrics/MetricCommonTags.java, line(s) 155 com/unity3d/services/core/request/metrics/MetricSender.java, line(s) 52,71,75,79,91,93,96 com/unity3d/services/core/request/metrics/MetricSenderWithBatch.java, line(s) 40 com/unity3d/services/core/request/metrics/SDKMetrics.java, line(s) 20,31,76,91,96 com/unity3d/services/core/sensorinfo/SensorInfoListener.java, line(s) 54 com/unity3d/services/core/timer/BaseTimer.java, line(s) 189 com/unity3d/services/core/webview/WebView.java, line(s) 83,29,107,111 com/unity3d/services/core/webview/WebViewApp.java, line(s) 122,141,162,191,407,412,448,154,184,227,272,293,300,308,339,389,420,423,426,441 com/unity3d/services/core/webview/WebViewUrlBuilder.java, line(s) 31 com/unity3d/services/core/webview/bridge/Invocation.java, line(s) 49 com/unity3d/services/core/webview/bridge/NativeCallback.java, line(s) 40 com/unity3d/services/core/webview/bridge/WebViewBridge.java, line(s) 101 com/unity3d/services/core/webview/bridge/WebViewBridgeInterface.java, line(s) 11,27 com/unity3d/services/core/webview/bridge/WebViewCallback.java, line(s) 56 com/unity3d/services/store/core/StoreLifecycleListener.java, line(s) 55 com/unity3d/services/store/gpbl/bridges/CommonJsonResponseBridge.java, line(s) 38 com/unity3d/services/store/gpbl/bridges/PurchaseBridge.java, line(s) 36 com/xuexiang/xupdate/UpdateManager.java, line(s) 75,116,231,140,163,194,205,216 com/xuexiang/xupdate/XUpdate.java, line(s) 88,109,113,134,140,146,152,163,168 com/xuexiang/xupdate/_XUpdate.java, line(s) 89 com/xuexiang/xupdate/listener/impl/DefaultUpdateFailureListener.java, line(s) 10 com/xuexiang/xupdate/logs/LogcatLogger.java, line(s) 59,68,62,56,74,65,71 com/xuexiang/xupdate/service/DownloadService.java, line(s) 157,214 com/yanzhenjie/permission/AndPermission.java, line(s) 73 com/yanzhenjie/permission/ImplPermission.java, line(s) 91 com/yxf/clippathlayout/ClipPathLayoutDelegate.java, line(s) 174,223,279,115,131,146,285,322,326,332 com/yxf/clippathlayout/PathInfo.java, line(s) 55,60 com/yxf/clippathlayout/Utils.java, line(s) 33 com/yxf/clippathlayout/transition/TransitionFrameLayout.java, line(s) 55,72 com/yxf/clippathlayout/transition/generator/RandomTransitionPathGenerator.java, line(s) 30 com/zhy/http/okhttp/cookie/store/PersistentCookieStore.java, line(s) 144,153,156 com/zhy/http/okhttp/intercepter/HttpLoggingInterceptor.java, line(s) 37 com/zhy/http/okhttp/utils/OkHttpLog.java, line(s) 10 com/zhy/http/okhttp/utils/Platform.java, line(s) 14 etong/bottomnavigation/lib/BottomBarTab.java, line(s) 71 etong/bottomnavigation/lib/BottomNavigationBehavior.java, line(s) 30 me/zhanghai/android/materialprogressbar/BaseProgressLayerDrawable.java, line(s) 72 me/zhanghai/android/materialprogressbar/MaterialProgressBar.java, line(s) 120,362,372 net/xrcloud/VideoUtils.java, line(s) 49,141 net/xrcloud/activity/gamedetail/DownLoadSaveImg.java, line(s) 47 net/xrcloud/activity/gamedetail/NewComputerDetailActivity.java, line(s) 1189 net/xrcloud/activity/gamedetail/NewGameDetailActivity.java, line(s) 1170 net/xrcloud/activity/main/MainActivity.java, line(s) 1888,1892,1906,2056,2081,2002,2007,2018,2028,2047,2063,2065,2078 net/xrcloud/activity/web/ExternalLinkActivity.java, line(s) 238 net/xrcloud/activity/web/WebActivity.java, line(s) 1204,2040 net/xrcloud/activity/webrtcconnect/AppRTCAudioManager.java, line(s) 95,106,114,126,131,137,150,155,167,171,186,193,195,200,256,313,317,327,328,362,382,388,134,157,175,212,254,263 net/xrcloud/activity/webrtcconnect/AppRTCBluetoothManager.java, line(s) 88,91,99,105,121,131,135,143,145,149,154,159,164,182,213,214,216,221,239,244,253,259,265,271,279,284,288,290,314,319,321,327,333,339,201,206,246,250,140,184,188,197 net/xrcloud/activity/webrtcconnect/AppRTCProximitySensor.java, line(s) 25,32,42,69,72,79,124,60 net/xrcloud/activity/webrtcconnect/AppRTCUtils.java, line(s) 21 net/xrcloud/activity/webrtcconnect/FdManager.java, line(s) 290 net/xrcloud/activity/webrtcconnect/WebRtcConnectActivity.java, line(s) 2421 net/xrcloud/ad/GDAdShowManager.java, line(s) 546,554 net/xrcloud/ad/TTAdManagerHolder.java, line(s) 31,35 net/xrcloud/application/ForegroundCallbacks.java, line(s) 112,136 net/xrcloud/application/MyApplication.java, line(s) 132 net/xrcloud/base/SDLPresenterImpl.java, line(s) 197 net/xrcloud/floatview/FloatingMagnetView.java, line(s) 189 net/xrcloud/floatview/FloatingView.java, line(s) 158,58,67,86,93,136,150 net/xrcloud/fragment/describe/ComputerDescribeFragment.java, line(s) 529 net/xrcloud/fragment/describe/DescribeFragment.java, line(s) 487 net/xrcloud/fragment/gamedescribe/ComputerGameDescribeFragment.java, line(s) 281 net/xrcloud/fragment/newfollow/FollowModelAdapter.java, line(s) 118 net/xrcloud/fragment/paydialog/PaySheetFragmentPresenter.java, line(s) 175 net/xrcloud/fragment/paydialog/WebPayUtils.java, line(s) 166 net/xrcloud/google/zxing/camera/AutoFocusCallback.java, line(s) 29 net/xrcloud/google/zxing/camera/CameraConfigurationManager.java, line(s) 36,39,48,53,84,104,121,169,180 net/xrcloud/google/zxing/camera/FlashlightManager.java, line(s) 18,20,60,71,80,83,86 net/xrcloud/google/zxing/camera/PreviewCallback.java, line(s) 36 net/xrcloud/google/zxing/decoding/CaptureActivityHandler.java, line(s) 54,60,66,70 net/xrcloud/google/zxing/decoding/DecodeHandler.java, line(s) 66 net/xrcloud/http/JsonCallback.java, line(s) 60,64 net/xrcloud/push/hwpush/HwPushService.java, line(s) 71,75,59,49,57,62,65 net/xrcloud/utils/AesUtils.java, line(s) 106,108 net/xrcloud/utils/Base64.java, line(s) 85 net/xrcloud/utils/DataWheelView.java, line(s) 228,288,298,311,315 net/xrcloud/utils/FileUtils.java, line(s) 107,124,135 net/xrcloud/utils/Gl2Utils.java, line(s) 173 net/xrcloud/utils/KeyboardUtils.java, line(s) 117,200,234 net/xrcloud/utils/LogUtil.java, line(s) 15,35,25,50,53 net/xrcloud/utils/MD5Utils.java, line(s) 29,45,46,47,48 net/xrcloud/utils/PeopleWheelView.java, line(s) 228,288,298,311,315 net/xrcloud/utils/RSACoder.java, line(s) 142,143,144,145,146,152,153,155,156,157,164,165,166,167,170,171,174,175,176 net/xrcloud/utils/TrafficInfo.java, line(s) 104,120,194,209,71,98,115,133,137,151,97,110,132,146,188,200,221,233 net/xrcloud/utils/VideoCompressUtil.java, line(s) 82,106,112,116,130,134,152,192,201,66,81 net/xrcloud/utils/WheelView.java, line(s) 225,285,295,308,312 net/xrcloud/utils/X5InitUtil.java, line(s) 60,69,79 net/xrcloud/utils/ZipUtilKt.java, line(s) 152 net/xrcloud/utils/minasocket/ConnectManager.java, line(s) 116,138,141,146,173,190,201,212,393,403,435,219,232,245,256,282,293,321,340,360,366 net/xrcloud/utils/minasocket/ConnectService.java, line(s) 1090,1334 net/xrcloud/utils/minasocket/HeartRequestFactoryImpl.java, line(s) 24 net/xrcloud/utils/minasocket/KeepAliveRequestTimeoutHandlerImpl.java, line(s) 10 net/xrcloud/utils/wxqqlogin/WXQQLoginUtils.java, line(s) 262,265,270,296 net/xrcloud/view/StrongWindowSoftInputModeLayout.java, line(s) 169,171,173 net/xrcloud/view/UpdateInstall.java, line(s) 11 net/xrcloud/view/contrarywind/view/WheelView.java, line(s) 338 net/xrcloud/view/cushelpcenter/CusHelpCenterView.java, line(s) 146 net/xrcloud/view/cuskeyboard/ControllerRockerView.java, line(s) 280,318 net/xrcloud/view/cuskeyboard/CusRockerView.java, line(s) 493,503 net/xrcloud/view/cuskeyboard/CusSlideMouseView.java, line(s) 461 net/xrcloud/view/cuskeyboard/DirectBarView.java, line(s) 528,553,578,603,628,653,678,703,731,756,781,806 net/xrcloud/view/cuskeyboard/JustRockerView.java, line(s) 357,367 net/xrcloud/view/cuskeyboard/JustSlideMouseView.java, line(s) 175 net/xrcloud/view/cuskeyboard/RockerConsumer.java, line(s) 90 net/xrcloud/view/customloading/WinLoading.java, line(s) 45 net/xrcloud/view/dragableimage/core/photoview/CustomGestureDetector.java, line(s) 125 net/xrcloud/view/dragableimage/core/photoview/PhotoViewAttacher.java, line(s) 128,457,458,535 net/xrcloud/view/dragableimage/extension/glide/GlideHelper.java, line(s) 50 net/xrcloud/view/gamekeyboard/CusSlidView.java, line(s) 161 net/xrcloud/view/linktextview/QMUILinkTextView.java, line(s) 84,156,160,166,189,193 net/xrcloud/view/opengl/ShaderUtils.java, line(s) 15,30,31,56 net/xrcloud/view/pickerview/utils/LunarCalendar.java, line(s) 148 net/xrcloud/view/tasklabby/TaskLabbyView.java, line(s) 230 net/xrcloud/view/verification/BlockPuzzleDialog.java, line(s) 188,189 net/xrcloud/wxapi/WXEntryActivity.java, line(s) 52,56,57,62,66,70 org/greenrobot/eventbus/Logger.java, line(s) 81,86 org/greenrobot/eventbus/util/ErrorDialogConfig.java, line(s) 34 org/greenrobot/eventbus/util/ErrorDialogManager.java, line(s) 185 org/greenrobot/eventbus/util/ExceptionToResourceMapping.java, line(s) 25 razerdp/basepopup/BasePopupSupporterManager.java, line(s) 57,138 razerdp/basepopup/BasePopupWindow.java, line(s) 189,311,437,458,549,851,1032 razerdp/basepopup/BasePopupWindowProxy.java, line(s) 95,148,176 razerdp/basepopup/PopupCompatManager.java, line(s) 63,78 razerdp/basepopup/PopupDecorViewProxy.java, line(s) 342,221,243,364,440,458,462,470,476,618 razerdp/basepopup/PopupMaskLayout.java, line(s) 40 razerdp/basepopup/PopupReflectionHelper.java, line(s) 23 razerdp/basepopup/WindowManagerProxy.java, line(s) 41,66,92,100,139,186 razerdp/blur/BlurHelper.java, line(s) 68,108,45,48,84,98,114,134 razerdp/blur/BlurImageView.java, line(s) 72,84,88,125,299,321,77,82,138,170,235,251,253,302 razerdp/util/log/PopupLog.java, line(s) 76,80,84,92,88,90 rx/internal/util/IndexedRingBuffer.java, line(s) 39 rx/internal/util/RxJavaPluginUtils.java, line(s) 15 rx/internal/util/RxRingBuffer.java, line(s) 47 wendu/dsbridge/DWebView.java, line(s) 73,896
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: net/xrcloud/activity/my/friends/FriendsActivity.java, line(s) 4,157,160 net/xrcloud/activity/my/invitecode/InviteCodeActivity$viewClick$6.java, line(s) 4,48,52 net/xrcloud/activity/my/invitecode/InviteCodeActivity.java, line(s) 5,340,343 net/xrcloud/fragment/ShareDialogFragment$onViewCreated$6.java, line(s) 4,52,56 net/xrcloud/fragment/sharedialog/ShareVideoDialogFragment$onViewCreated$3.java, line(s) 4,51,55 net/xrcloud/view/ClipboardManagerProxy.java, line(s) 4,58
信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: net/xrcloud/view/ClipboardManagerProxy.java, line(s) 44,4
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/koushikdutta/async/AsyncSSLSocketWrapper.java, line(s) 274,67,273,272,272 com/lzy/okgo/https/HttpsUtils.java, line(s) 133,82,99,132,120,131,131 com/unionpay/a/b.java, line(s) 29,28,27,27
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/unionpay/UPPayAssistEx.java, line(s) 172 com/xuexiang/xupdate/utils/ApkInstallUtils.java, line(s) 97,164
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.chengzijianzhan.com) 通信。
{'ip': '49.4.35.16', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (hw.ossxrcloud.net) 通信。
{'ip': '183.60.103.245', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '惠州', 'latitude': '39.509766', 'longitude': '116.693001'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (ydncs.ossxrcloud.net) 通信。
{'ip': '223.111.122.33', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '惠州', 'latitude': '39.509766', 'longitude': '116.693001'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api.honpc.com) 通信。
{'ip': '223.111.122.103', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (uploadlog.honpc.com) 通信。
{'ip': '119.84.65.139', 'country_short': 'CN', 'country_long': '中国', 'region': '重庆', 'city': '重庆', 'latitude': '29.562780', 'longitude': '106.553101'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (sf6-ttcdn-tos.pstatp.com) 通信。
{'ip': '221.230.244.92', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '温州', 'latitude': '27.999420', 'longitude': '120.666817'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (appgallery.cloud.huawei.com) 通信。
{'ip': '221.230.244.92', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (apps.oceanengine.com) 通信。
{'ip': '221.230.244.92', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (i.snssdk.com) 通信。
{'ip': '221.230.244.92', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '常州', 'latitude': '31.783331', 'longitude': '119.966667'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.honpc.com) 通信。
{'ip': '223.111.122.103', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.bytedance.com) 通信。
{'ip': '221.230.244.92', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (csfile.ossxrcloud.net) 通信。
{'ip': '183.60.103.239', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '惠州', 'latitude': '39.509766', 'longitude': '116.693001'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (cmty.ossxrcloud.net) 通信。
{'ip': '183.60.104.177', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '惠州', 'latitude': '39.509766', 'longitude': '116.693001'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.95516.com) 通信。
{'ip': '117.85.70.227', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.toutiaopage.com) 通信。
{'ip': '119.84.65.187', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '无锡', 'latitude': '31.569349', 'longitude': '120.288788'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.xinruiyun.cn) 通信。
{'ip': '119.84.65.187', 'country_short': 'CN', 'country_long': '中国', 'region': '重庆', 'city': '重庆', 'latitude': '29.562780', 'longitude': '106.553101'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (video.honpc.com) 通信。
{'ip': '223.111.122.33', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (socket.honpc.com) 通信。
{'ip': '119.84.65.140', 'country_short': 'CN', 'country_long': '中国', 'region': '重庆', 'city': '重庆', 'latitude': '29.562780', 'longitude': '106.553101'}