安全分析报告:
安全分数
安全分数 49/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
13
用户/设备跟踪器
调研结果
高危
5
中危
41
信息
3
安全
3
关注
0
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: ci/b.java, line(s) 48 net/pubnative/lite/sdk/utils/PNCrypto.java, line(s) 25,39
高危 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/applovin/impl/adview/AppLovinWebViewBase.java, line(s) 24,5 com/applovin/impl/adview/l.java, line(s) 27,6 net/pubnative/lite/sdk/views/PNWebView.java, line(s) 73,8
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/applovin/impl/adview/a.java, line(s) 378,702,15 com/applovin/impl/w5.java, line(s) 95,4 com/mbridge/msdk/advanced/signal/NativeAdvancedExpandDialog.java, line(s) 103,15 com/mbridge/msdk/click/o.java, line(s) 308,15,16 com/mbridge/msdk/mbbanner/common/communication/BannerExpandDialog.java, line(s) 103,15 com/mbridge/msdk/nativex/view/BaseMBMediaView.java, line(s) 1654,2062,26,27 com/mbridge/msdk/splash/signal/SplashExpandDialog.java, line(s) 104,15 com/mbridge/msdk/video/bt/module/MBridgeBTWebView.java, line(s) 381,13 com/mbridge/msdk/video/module/MBridgeAlertWebview.java, line(s) 104,7 com/mbridge/msdk/video/module/MBridgeH5EndCardView.java, line(s) 1028,17 com/muso/lr/web/system/SystemWebView.java, line(s) 223,16,17,63,64 g8/f.java, line(s) 152,6,514,514,514 g8/i.java, line(s) 30,3 net/pubnative/lite/sdk/mraid/MRAIDView.java, line(s) 623,44,45 net/pubnative/lite/sdk/vpaid/VideoAdControllerVpaid.java, line(s) 406,11,12
高危 应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文
应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode Files: com/inmobi/media/AbstractC0530v3.java, line(s) 15 com/inmobi/media/AbstractC1458v3.java, line(s) 16
高危 应用程序包含隐私跟踪程序
此应用程序有多个13隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 Activity (com.muso.musicplayer.ui.playstyle.PlayStyleActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity设置了TaskAffinity属性
(com.muso.musicplayer.ui.widget.NotificationActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity (com.muso.musicplayer.ui.widget.NotificationActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity设置了TaskAffinity属性
(com.muso.musicplayer.ui.widget.ScreenLockActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity (com.muso.musicplayer.ui.widget.ScreenLockActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.muso.musicplayer.music.service.MusicService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.muso.musicplayer.ui.desklyrics.LyricsDesktopService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.muso.musicplayer.music.service.MusicActionReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.muso.musicplayer.component.AppMediaButtonReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.muso.musicplayer.utils.logic.NotificationPushLogic$NotificationPushReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.muso.musicplayer.appwidget.musicplay.MusicPlayAppWidget1) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.muso.musicplayer.appwidget.musicplay.MusicPlayAppWidget2) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.muso.musicplayer.appwidget.musicplay.MusicPlayAppWidget3) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.muso.musicplayer.appwidget.musicplay.MusicPlayAppWidget4) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.muso.musicplayer.appwidget.musicplay.MusicPlayAppWidget5) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.muso.musicplayer.appwidget.musicplay.MusicPlayAppWidget6) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.muso.musicplayer.appwidget.musicplay.MusicPlayAppWidget7) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.facebook.CustomTabActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.muso.musicplayer.utils.ShareWidgetReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.muso.musicplayer.utils.logic.NewsLocalPushLogic$NewsLocalPushReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (com.mbridge.msdk.foundation.same.broadcast.NetWorkChangeReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.muso.musicplayer.activity.DefaultIconPlaceActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.muso.musicplayer.activity.MxIconPlaceActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.muso.musicplayer.activity.MusicEvictEsIconPlaceActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/apm/insight/e.java, line(s) 8 com/applovin/impl/d7.java, line(s) 57 com/applovin/impl/q7.java, line(s) 16 com/inmobi/media/C0340g8.java, line(s) 20 com/inmobi/media/C0358i.java, line(s) 9 com/inmobi/media/C1268g8.java, line(s) 24 com/inmobi/media/C1286i.java, line(s) 10 com/inmobi/media/N1.java, line(s) 4 com/inmobi/media/P8.java, line(s) 11 com/inmobi/media/X0.java, line(s) 16 com/mbridge/msdk/dycreator/baseview/rewardpopview/MBAcquireRewardPopView.java, line(s) 27 com/mbridge/msdk/playercommon/exoplayer2/source/ShuffleOrder.java, line(s) 4 com/mbridge/msdk/playercommon/exoplayer2/trackselection/RandomTrackSelection.java, line(s) 7 com/mbridge/msdk/playercommon/exoplayer2/upstream/cache/CachedContentIndex.java, line(s) 21 er/d.java, line(s) 12 er/i.java, line(s) 10 net/pubnative/lite/sdk/interstitial/HyBidInterstitialBroadcastReceiver.java, line(s) 8 net/pubnative/lite/sdk/rewarded/HyBidRewardedBroadcastReceiver.java, line(s) 8 net/pubnative/lite/sdk/views/CloseableContainer.java, line(s) 11 net/pubnative/lite/sdk/vpaid/macros/GenericMacros.java, line(s) 7 org/jsoup/helper/DataUtil.java, line(s) 21 rp/a.java, line(s) 3 rp/b.java, line(s) 3 rq/x.java, line(s) 9 sp/a.java, line(s) 3 tl/b0.java, line(s) 14 tl/c0.java, line(s) 15 tl/k.java, line(s) 18 tl/q.java, line(s) 17 tl/t.java, line(s) 13 ul/a.java, line(s) 15 ul/b.java, line(s) 15 ul/c.java, line(s) 15 ul/d.java, line(s) 13 ul/i.java, line(s) 6 vl/a.java, line(s) 7 vl/b.java, line(s) 14 vl/c.java, line(s) 6 vl/d.java, line(s) 7 vl/e.java, line(s) 12 vl/f.java, line(s) 6
中危 IP地址泄露
IP地址泄露 Files: com/applovin/impl/o3.java, line(s) 96,98,93,97,87,102,90,91,95,86,104,99,101,103,100,89,92,106,105,94,88 com/applovin/mediation/adapters/bytedance/BuildConfig.java, line(s) 4 com/applovin/mediation/adapters/facebook/BuildConfig.java, line(s) 4 com/applovin/mediation/adapters/google/BuildConfig.java, line(s) 4 com/applovin/mediation/adapters/inmobi/BuildConfig.java, line(s) 4 com/applovin/mediation/adapters/mintegral/BuildConfig.java, line(s) 4 com/applovin/mediation/adapters/vungle/BuildConfig.java, line(s) 4 com/mbridge/msdk/advanced/view/a.java, line(s) 61 com/muso/game/server/BaseNanoHTTPD.java, line(s) 283 net/pubnative/lite/sdk/models/OpenRTBAdRequestFactory.java, line(s) 367 q9/c.java, line(s) 39
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/mbridge/msdk/playercommon/exoplayer2/util/Util.java, line(s) 249 com/muso/game/server/BaseNanoHTTPD.java, line(s) 219 m6/z.java, line(s) 59 nc/c.java, line(s) 51 w4/c.java, line(s) 103
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: ce/b.java, line(s) 59 coil/memory/MemoryCache.java, line(s) 72 com/applovin/impl/sdk/AppLovinSdkInitializationConfigurationImpl.java, line(s) 208,154 com/applovin/mediation/ads/MaxAdView.java, line(s) 177,167 com/applovin/mediation/ads/MaxAppOpenAd.java, line(s) 77,67 com/applovin/mediation/ads/MaxInterstitialAd.java, line(s) 98,88 com/applovin/mediation/ads/MaxRewardedAd.java, line(s) 119,109 com/applovin/mediation/nativeAds/MaxNativeAdLoader.java, line(s) 98,93 com/applovin/sdk/AppLovinSdk.java, line(s) 288 com/applovin/sdk/AppLovinSdkSettings.java, line(s) 154 com/inmobi/commons/core/configs/AdConfig.java, line(s) 390 com/koi/remoteconfig/RemoteConfigNative.java, line(s) 82 com/koi/remoteconfig/multiprocess/RCProvider.java, line(s) 38 com/mbridge/msdk/newreward/player/MBRewardVideoActivity.java, line(s) 46 com/mbridge/msdk/newreward/player/imodel/IBigTempModel.java, line(s) 10,13 com/mbridge/msdk/newreward/player/imodel/IECModel.java, line(s) 37,46,40,25,19,22,43,32 com/mbridge/msdk/newreward/player/imodel/IMoreOfferModel.java, line(s) 6,9,12,15 com/mbridge/msdk/newreward/player/imodel/IPlayModel.java, line(s) 44,56,73,80,47,35,29,32,67,53,38 com/mbridge/msdk/newreward/player/iview/IBaseWebView.java, line(s) 21,15,18 com/mbridge/msdk/newreward/player/iview/IMetaData.java, line(s) 18 com/mbridge/msdk/newreward/player/model/BigTemplateModel.java, line(s) 47 com/mbridge/msdk/newreward/player/model/ECTempleModel.java, line(s) 90,124,160,164 com/mbridge/msdk/newreward/player/model/MoreOfferModel.java, line(s) 47,43,39,51 com/mbridge/msdk/newreward/player/model/PlayTempleModel.java, line(s) 195,164,155,251,207 com/mbridge/msdk/newreward/player/model/WebTemplateModel.java, line(s) 254,171,162,210 com/mbridge/msdk/newreward/player/model/WebViewECModel.java, line(s) 101,137,177 com/mbridge/msdk/newreward/player/view/WebViewTemplate.java, line(s) 454,474,500 com/mbridge/msdk/newreward/player/view/ectemplate/WebViewEC.java, line(s) 200,220,244 com/mbridge/msdk/video/dynview/moffer/MOfferModel.java, line(s) 110 com/muso/dd/publish/TaskInfo.java, line(s) 143 com/muso/musicplayer/config/DynamicStyleRemoteConfig.java, line(s) 158 fm/e.java, line(s) 30 ke/c.java, line(s) 32 lq/b1.java, line(s) 54 org/jsoup/parser/TokeniserState.java, line(s) 1256,1259 p2/f.java, line(s) 68 p2/n0.java, line(s) 48 r0/p1.java, line(s) 23 wh/s.java, line(s) 66 yh/c.java, line(s) 41 zh/e.java, line(s) 122
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/apm/insight/e/a/a.java, line(s) 4,36 com/apm/insight/e/a/b.java, line(s) 4,43,44,37 com/applovin/impl/t9.java, line(s) 5,81 com/bykv/vk/openvk/HY/HY/tcp/tcp/tcp/jqz.java, line(s) 4,5,14,20,21,23,25 com/bykv/vk/openvk/preload/geckox/a/b.java, line(s) 6,7,100 com/inmobi/media/S2.java, line(s) 6,77,130 com/mbridge/msdk/foundation/db/BatchReportDao.java, line(s) 6,88 com/mbridge/msdk/foundation/db/c.java, line(s) 5,141 com/mbridge/msdk/foundation/db/e.java, line(s) 6,1025,1155 com/mbridge/msdk/foundation/db/g.java, line(s) 4,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72 com/mbridge/msdk/foundation/download/database/DatabaseHelper.java, line(s) 6,95,184,192 com/mbridge/msdk/newreward/function/database/c.java, line(s) 3,4,20,27,28 com/mbridge/msdk/tracker/b.java, line(s) 4,5,22,36,37,51,52 i9/n.java, line(s) 4,37 i9/p.java, line(s) 5,6,101,135,255,272 i9/q.java, line(s) 3,9,10,11,12,13 i9/r.java, line(s) 3,9,10,11 i9/s.java, line(s) 3,9 i9/t.java, line(s) 3,9,10,11 i9/u.java, line(s) 3,9,10,11,12,13 i9/v.java, line(s) 4,5,43 k2/c0.java, line(s) 3,45 n5/c.java, line(s) 5,6,7,8,9,61,122 net/pubnative/lite/sdk/db/DatabaseHelper.java, line(s) 4,5,14,19 w7/a.java, line(s) 5,36
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: ab/l.java, line(s) 27 com/apm/insight/entity/d.java, line(s) 17 com/apm/insight/l/n.java, line(s) 74,85,94 com/apm/insight/nativecrash/a.java, line(s) 604 com/inmobi/media/C0279c3.java, line(s) 74,77,137,140 com/inmobi/media/C1207c3.java, line(s) 91,94,160,163 com/mbridge/msdk/foundation/same/report/crashreport/d.java, line(s) 170 com/mbridge/msdk/foundation/tools/r0.java, line(s) 39,68,55 com/pgl/ssdk/z.java, line(s) 80 com/vungle/ads/internal/platform/AndroidPlatform.java, line(s) 216 h5/e.java, line(s) 200 hn/k.java, line(s) 362,378,394,410 ji/a.java, line(s) 218,219 lm/d1.java, line(s) 58,67 net/pubnative/lite/sdk/mraid/nativefeature/MRAIDNativeFeatureProvider.java, line(s) 55,59 net/pubnative/lite/sdk/vpaid/utils/FileUtils.java, line(s) 70 oj/a.java, line(s) 92 qh/q.java, line(s) 61,59,68 qk/a.java, line(s) 12
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/applovin/impl/l4.java, line(s) 130 com/applovin/impl/sdk/utils/StringUtils.java, line(s) 40 com/pgl/ssdk/t.java, line(s) 60 nc/b.java, line(s) 49 net/pubnative/lite/sdk/utils/PNCrypto.java, line(s) 87 qc/l.java, line(s) 72 rb/f.java, line(s) 179
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: ck/o.java, line(s) 201,189 net/pubnative/lite/sdk/vpaid/VideoAdControllerVpaid.java, line(s) 100,76
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/apm/insight/l/m.java, line(s) 66 com/bykv/vk/openvk/HY/HY/HY/ns/tcp.java, line(s) 47 com/bykv/vk/openvk/preload/geckox/utils/d.java, line(s) 36 com/mbridge/msdk/foundation/download/resource/MBResourceManager.java, line(s) 89 com/mbridge/msdk/foundation/tools/SameMD5.java, line(s) 45,59,100 com/mbridge/msdk/foundation/tools/l0.java, line(s) 17,31 com/pgl/ssdk/t.java, line(s) 39 fn/g.java, line(s) 40 ji/a.java, line(s) 234 net/pubnative/lite/sdk/utils/PNCrypto.java, line(s) 63
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/applovin/impl/adview/l.java, line(s) 25,21 com/mbridge/msdk/foundation/webview/BrowserView.java, line(s) 236,234 com/mbridge/msdk/mbsignalcommon/base/BaseWebView.java, line(s) 74,72 com/mbridge/msdk/newreward/player/view/hybrid/MBWebView.java, line(s) 67,65 com/muso/game/ui/GameWebView.java, line(s) 118,125 com/muso/lr/web/system/SystemWebView.java, line(s) 169,176 com/vungle/ads/internal/ui/view/MRAIDAdWidget.java, line(s) 142,137
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "ca-app-pub-5946505146401526~9538495356" "google_api_key" : "AIzaSyCxJ7tPyh95RbE3RF2U6j5_poFLBYr2RSY" "com.google.firebase.crashlytics.mapping_file_id" : "095efe335cf8497f90023ad2e7c79491" "facebook_client_token" : "ade7fcdb3d23cd384ccf846ab4c16038" "google_crash_reporting_api_key" : "AIzaSyCxJ7tPyh95RbE3RF2U6j5_poFLBYr2RSY" "google_app_id" : "1:1059753774691:android:cf0c65b2c67085cd073256" "facebook_app_id" : "201752366177118" "anythink_myoffer_feedback_violation_of_laws" : "Illegal" e37116b0d09745ff8c5db63e68d81c75 DFK/HrQgJ+zQW+xUhoPBD+QqJk2MWrfXYN== YkRXhr5AWBPfNgzuH7JQ+2Ha df6b721c8b4d3b6eb44c861d4415007e5a35fc95 470fa2b4ae81cd56ecbcda9735803434cec591fa 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 DFK/HrQgJ+zQW+xUhoPwJ7JgY7K0DkeAWrfXYN== h7KsLkfPW+xUhoPwJ7JgY7K0DkeAWrfXYN== 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 DFKwWgtuDkKwLZPwD+z8H+N/xj26Vjcdx5KanjKnxVN= cc2751449a350f668590264ed76692694a80308a dmFyIGVsZW1lbnRUb1NjYWxlRm91bmQ9ITEsZWxlbWVudFRvU2NhbGU9bnVsbDtjb25zdCBjcmVhdGl2ZVJlc2l6ZT1mdW5jdGlvbihlLHQsbCl7bGV0IG49bCxpPXQsbz1lO24ub2Zmc2V0SGVpZ2h0PjEmJm4ub2Zmc2V0V2lkdGg+MSYmKGk9bi5vZmZzZXRIZWlnaHQsbz1uLm9mZnNldFdpZHRoKTtsZXQgZj1vLGE9aTtpZihpPHR8fG88ZSl7bGV0IGM9MTtpZihlL3Q+by9pPyhmPW8qKGM9dC9pKSxhPXQpOihjPWUvbyxmPWUsYT1pKmMpLGY8ZSYmKG4uc3R5bGUubWFyZ2luTGVmdD0oZS1mKS8yKyJweCIpLGE8dCl7bGV0IGQ9KHQtaSkvMisicHgiO24uc3R5bGUudHJhbnNmb3JtKz0idHJhbnNsYXRlKDBweCwiK2QrIikifW4uc3R5bGUudHJhbnNmb3JtKz0ic2NhbGUoIitjKyIsIitjKyIpIn19LGZpbmRFbGVtZW50QnlTaXplPWZ1bmN0aW9uKGUsdCxsKXtpZihlLm9mZnNldEhlaWdodD09PWwmJmUub2Zmc2V0V2lkdGg9PT10JiYoZWxlbWVudFRvU2NhbGU9ZSxlbGVtZW50VG9TY2FsZUZvdW5kPSEwKSwwIT09ZS5jaGlsZHJlbi5sZW5ndGgpZm9yKHZhciBuPTA7bjxlLmNoaWxkcmVuLmxlbmd0aCYmIWVsZW1lbnRUb1NjYWxlRm91bmQ7bisrKWZpbmRFbGVtZW50QnlTaXplKGUuY2hpbGRyZW5bbl0sdCxsKX0sdXBkYXRlQ3JlYXRpdmVTaXplPWZ1bmN0aW9uKGUsdCl7ZWxlbWVudFRvU2NhbGU9bnVsbCxlbGVtZW50VG9TY2FsZUZvdW5kPSExO2ZpbmRFbGVtZW50QnlTaXplKGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJoeWJpZC1hZCIpLDMyMCw0ODApLGVsZW1lbnRUb1NjYWxlRm91bmQmJm51bGwhPWVsZW1lbnRUb1NjYWxlJiZjcmVhdGl2ZVJlc2l6ZShlLHQsZWxlbWVudFRvU2NhbGUpfTs= DFKwWgtuDkKwLZPwD+z8H+N/xjK+n3eyNVx6ZVPn5jcincKZx5f5ncN= LdxThdi1WBKUL75ULBPBD+QqJk2MWrfXYN== 2c361c9559c7328e3cb5b9b11993dff0 9694c20094344da17db680d5e977bfd6 Y7c14Z2TDbv/Y+xgHFeXDrcshBPUYFT= 063ffa64d72bf602cea425a70a85ebad DkPtYdQTLkfAW+xUhoPwJ7JgY7K0DkeAWrfXYN== 94628ee5-fe99-436d-94b5-f3270ad06529 92d6421e44a44dff9f05b29be0ca5bef cca47107bfcbdb211d88f3385aeede40 3ad74ea1077548c1decc02b0aa401f15 DFeuWkH0W+xUhoPwJ7JgY7K0DkeAWrfXYN== cf0c7c27c07e1ed2bb6f248a3565b469 IhthKilbqbEM0M0CeuJkGNUkVpWMFFMfS/4JXo8P6Sw0 HkzwDFeD4QuyLdx5igfZYcu9xTM9NN== lbHGSM4fX8sme0GZEHeRoRfssWPeCMsttwTEpHm7k8fZaF30h4b6etQTiV15ENU633aGT71viGPP 936dcbdd57fe235fd7cf61c2e93da3c4 c56fb7d591ba6704df047fd98f535372fea00211 0000016742C00BDA259000000168CE0F13200000016588840DCE7118A0002FBF1C31C3275D78 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 96e380195959b8e7e05d6c6029154dc99e7fe954 083b13f085c49bf9481adc84f029c5a5 LdxThdi1WBKUL75ULBPwJ7JgY7K0DkeAWrfXYN== e74483c4b5e6dc78e088d9fb0243ae66 94628ee5-fe99-436d-94b5-f3270ad06530 9da014312c92020f24ce7293a32a18c2 ac101d35c13fd62d6c325efd481134524 9b8f518b086098de3d77736f9458a3d2f6f95a37 dde3c298b47648459f8ada4a982fa92d 30820268308201d102044a9c4610300d06092a864886f70d0101040500307a310b3009060355040613025553310b3009060355040813024341311230100603550407130950616c6f20416c746f31183016060355040a130f46616365626f6f6b204d6f62696c653111300f060355040b130846616365626f6f6b311d301b0603550403131446616365626f6f6b20436f72706f726174696f6e3020170d3039303833313231353231365a180f32303530303932353231353231365a307a310b3009060355040613025553310b3009060355040813024341311230100603550407130950616c6f20416c746f31183016060355040a130f46616365626f6f6b204d6f62696c653111300f060355040b130846616365626f6f6b311d301b0603550403131446616365626f6f6b20436f72706f726174696f6e30819f300d06092a864886f70d010101050003818d0030818902818100c207d51df8eb8c97d93ba0c8c1002c928fab00dc1b42fca5e66e99cc3023ed2d214d822bc59e8e35ddcf5f44c7ae8ade50d7e0c434f500e6c131f4a2834f987fc46406115de2018ebbb0d5a3c261bd97581ccfef76afc7135a6d59e8855ecd7eacc8f8737e794c60a761c536b72b11fac8e603f5da1a2d54aa103b8a13c0dbc10203010001300d06092a864886f70d0101040500038181005ee9be8bcbb250648d3b741290a82a1c9dc2e76a0af2f2228f1d9f9c4007529c446a70175c5a900d5141812866db46be6559e2141616483998211f4a673149fb2232a10d247663b26a9031e15f84bc1c74d141ff98a02d76f85b2c8ab2571b6469b232d8e768a7f7ca04f7abe4a775615916c07940656b58717457b42bd928a2 cb6039c88aaf46f79bc7f41e4fc8d068 h7KsLkfPW+xUhoPBD+QqJk2MWrfXYN== DFKwWgtuDkKwLZPwD+z8H+N/xj26Vjcdx5KyVj5GxVN= d98374d3-3b69-4a4b-a2c1-9dcb4c588849 DkP3hrKuHoPMH+zwL+fALkK/WQc5x5zH+TcincKNNVfWNVJcVM== 3082024d308201b6a00302010202044f31d2cb300d06092a864886f70d0101050500306a310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d53616e204672616e636973636f31163014060355040a130d496e7374616772616d20496e63311630140603550403130d4b6576696e2053797374726f6d3020170d3132303230383031343133315a180f32313132303131353031343133315a306a310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d53616e204672616e636973636f31163014060355040a130d496e7374616772616d20496e63311630140603550403130d4b6576696e2053797374726f6d30819f300d06092a864886f70d010101050003818d003081890281810089ebcac015660b42a5c080bf694c52e29e9df83a4c94964b022ca38d2ba2157d8e4650955c787906ac344bdb8b7d202a92231403d48e9e2f0df3cb917cfa9b9741314c85052673d42ad00f2c251be4a6b012fb9d5b33131b0e5ca0b9193856dc311dc65dc45f97d2632e72bec2b4964adfd5d30675d5d372fbaf11359a7afb550203010001300d06092a864886f70d0101050500038181002aefd84526b570192967b679a685bcdc12cf40030589594d04d885cfa8a311372fb93f2c1c8ba636f061aeb87207f5a1ad26fe58747c30714f1e9b918ab2e090d5250307655eeab5fede1e6409316c5d29779c037b550f29bcad40fa70c947b616cc05daa5532c0ecc3ece773a71f37287a4ac32f2bd7feede847cbac5671969 a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc 6672766bd0040dae935441c6 DFKwWgtuDkKwLZPwD+z8H+N/xjQZxVfV+T2SZVe6V2xS5c5n
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: Application/ActionProcessor.java, line(s) 49,66 a/b.java, line(s) 94,103 a5/b.java, line(s) 73 ab/m.java, line(s) 38,47 ac/a.java, line(s) 75,80 ac/b.java, line(s) 61,48 ae/d.java, line(s) 47 b3/d.java, line(s) 262 bb/j.java, line(s) 57,67,95,98,103,104,92 bb/q.java, line(s) 58 bb/s0.java, line(s) 31,22,37,43,30,36,42,48,49,54,55 bl/a.java, line(s) 136 bl/i1.java, line(s) 125 bm/f7.java, line(s) 95,78,77,94 bm/q7.java, line(s) 133 br/d.java, line(s) 37 c2/d3.java, line(s) 22 c3/c.java, line(s) 117 c3/m.java, line(s) 45,46 c3/p.java, line(s) 68 c4/a.java, line(s) 111 c8/b.java, line(s) 68 c8/c.java, line(s) 45 com/alex/AlexMaxBannerAdapter.java, line(s) 112 com/alex/AlexMaxInitManager.java, line(s) 239 com/alex/AlexMaxInterstitialAdapter.java, line(s) 62 com/alex/AlexMaxManualNativeAd.java, line(s) 97,102 com/alex/AlexMaxRewardedVideoAdapter.java, line(s) 44 com/anythink/banner/api/ATBannerView.java, line(s) 577,582,861,911 com/anythink/interstitial/a/a.java, line(s) 78 com/anythink/interstitial/a/c.java, line(s) 112,129,133,137,144 com/anythink/interstitial/api/ATInterstitial.java, line(s) 222,233,250 com/apm/insight/a.java, line(s) 135,141,119,129 com/apm/insight/b/i.java, line(s) 43 com/apm/insight/k/a.java, line(s) 80 com/apm/insight/k/j.java, line(s) 121 com/apm/insight/runtime/m.java, line(s) 51 com/applovin/impl/la.java, line(s) 65 com/applovin/impl/mediation/q.java, line(s) 39 com/applovin/impl/pa.java, line(s) 136 com/applovin/impl/sdk/n.java, line(s) 53,98,73,114 com/applovin/impl/z3.java, line(s) 51 com/bykv/vk/openvk/HY/HY/tcp/mo/HY.java, line(s) 201,207,214,221,227,235,308,315,144,162,192,249,265 com/bykv/vk/openvk/HY/HY/tcp/tcp/jqz.java, line(s) 301,104,155,165,193,214,231,278,314 com/bykv/vk/openvk/HY/HY/tcp/tcp/ns.java, line(s) 134,167,201,248,254,262,273,278,345,399,209,288,374,426,445 com/bykv/vk/openvk/HY/HY/tcp/tcp/xa.java, line(s) 123,165,224 com/bykv/vk/openvk/HY/HY/tcp/tcp/zT.java, line(s) 49,57 com/bykv/vk/openvk/preload/falconx/a/a.java, line(s) 62 com/bykv/vk/openvk/preload/geckox/logger/DefaultLogger.java, line(s) 20 com/bytedance/adsdk/tcp/xa.java, line(s) 194,206,208,218,405,415,584,607,609,612,615,632,635,637,742,753 com/bytedance/adsdk/ugeno/HY/HY/mo.java, line(s) 161 com/bytedance/adsdk/ugeno/core/aqs.java, line(s) 148,302 com/bytedance/adsdk/ugeno/ns/HY.java, line(s) 18 com/bytedance/adsdk/ugeno/ns/zT.java, line(s) 24,33 com/iab/omid/library/applovin/utils/d.java, line(s) 18,11 com/iab/omid/library/bytedance2/utils/d.java, line(s) 18,11 com/iab/omid/library/inmobi/utils/d.java, line(s) 18,11 com/iab/omid/library/mmadbridge/utils/d.java, line(s) 18,11 com/iab/omid/library/pubnativenet/utils/d.java, line(s) 18,11 com/iab/omid/library/vungle/utils/d.java, line(s) 18,11 com/inmobi/media/AbstractC0254a6.java, line(s) 22,50,16,45 com/inmobi/media/AbstractC0540w0.java, line(s) 172 com/inmobi/media/AbstractC0580z1.java, line(s) 37,57 com/inmobi/media/AbstractC1182a6.java, line(s) 24,52,18,47 com/inmobi/media/AbstractC1468w0.java, line(s) 206 com/inmobi/media/AbstractC1508z1.java, line(s) 38,58 com/inmobi/media/Ba.java, line(s) 26,29,44 com/inmobi/media/C0433n9.java, line(s) 34,60,65 com/inmobi/media/C0549w9.java, line(s) 24 com/inmobi/media/C1361n9.java, line(s) 37,62,67 com/inmobi/media/C1396q5.java, line(s) 1482 com/inmobi/media/C1434t5.java, line(s) 53,32,38,40,55,61,63,73,74,78,79,82,83 com/inmobi/media/C1477w9.java, line(s) 25 com/inmobi/media/G0.java, line(s) 118 com/inmobi/media/L.java, line(s) 19,26,36 com/inmobi/media/N.java, line(s) 21,35,39,42 com/inmobi/media/Nb.java, line(s) 146,156 com/inmobi/media/Oa.java, line(s) 34 com/inmobi/media/P.java, line(s) 184,171 com/inmobi/media/P2.java, line(s) 71 com/inmobi/media/S.java, line(s) 36,40,42,44 com/inmobi/media/W.java, line(s) 63 com/inmobi/media/vc.java, line(s) 107 com/kochava/core/log/internal/Logger.java, line(s) 94 com/koi/activation/core/handler/Request$makeSureHaveDid$2.java, line(s) 47 com/koi/remoteconfig/RemoteConfigNative.java, line(s) 90,58,66,74,82,98 com/koi/statistics/NativeStatistic.java, line(s) 53 com/mbridge/msdk/dycreator/baseview/MBScrollView.java, line(s) 74 com/mbridge/msdk/dycreator/baseview/extview/MBExtAcquireRewardPopView.java, line(s) 428 com/mbridge/msdk/dycreator/baseview/extview/MBExtMBridgeBaitClickView.java, line(s) 430 com/mbridge/msdk/dycreator/bus/BackgroundPoster.java, line(s) 40 com/mbridge/msdk/dycreator/bus/EventBus.java, line(s) 217,277,282,284 com/mbridge/msdk/dycreator/engine/a.java, line(s) 84,87,108,184,185,186,190,198,200 com/mbridge/msdk/dycreator/utils/g.java, line(s) 11 com/mbridge/msdk/foundation/controller/b.java, line(s) 63 com/mbridge/msdk/foundation/same/report/crashreport/b.java, line(s) 91 com/mbridge/msdk/foundation/same/report/crashreport/d.java, line(s) 117 com/mbridge/msdk/foundation/same/report/d.java, line(s) 55 com/mbridge/msdk/foundation/tools/l0.java, line(s) 19 com/mbridge/msdk/foundation/tools/o0.java, line(s) 58,65,72,51 com/mbridge/msdk/mbnative/controller/NativeController.java, line(s) 1773 com/mbridge/msdk/mbnative/controller/d.java, line(s) 440 com/mbridge/msdk/mbnative/report/b.java, line(s) 85 com/mbridge/msdk/newreward/function/cache/controller/a.java, line(s) 64 com/mbridge/msdk/playercommon/exoplayer2/DefaultRenderersFactory.java, line(s) 87,95,100,105,112,115,150 com/mbridge/msdk/playercommon/exoplayer2/ExoPlayerImpl.java, line(s) 129,511 com/mbridge/msdk/playercommon/exoplayer2/ExoPlayerImplInternal.java, line(s) 446,661,1015,1022,1030 com/mbridge/msdk/playercommon/exoplayer2/MediaPeriodHolder.java, line(s) 212 com/mbridge/msdk/playercommon/exoplayer2/audio/DefaultAudioSink.java, line(s) 653 com/mbridge/msdk/playercommon/exoplayer2/drm/ClearKeyUtil.java, line(s) 41 com/mbridge/msdk/playercommon/exoplayer2/drm/DefaultDrmSession.java, line(s) 278 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp4/MetadataUtil.java, line(s) 166 com/mbridge/msdk/playercommon/exoplayer2/extractor/ogg/VorbisUtil.java, line(s) 211 com/mbridge/msdk/playercommon/exoplayer2/mediacodec/MediaCodecRenderer.java, line(s) 608 com/mbridge/msdk/playercommon/exoplayer2/mediacodec/MediaCodecUtil.java, line(s) 334,337,470,249 com/mbridge/msdk/playercommon/exoplayer2/offline/DownloadManager.java, line(s) 308,558 com/mbridge/msdk/playercommon/exoplayer2/offline/DownloadService.java, line(s) 147 com/mbridge/msdk/playercommon/exoplayer2/source/chunk/BaseMediaChunkOutput.java, line(s) 48 com/mbridge/msdk/playercommon/exoplayer2/text/cea/Cea708Decoder.java, line(s) 806 com/mbridge/msdk/playercommon/exoplayer2/text/ttml/TtmlDecoder.java, line(s) 322,333 com/mbridge/msdk/playercommon/exoplayer2/text/webvtt/WebvttCueParser.java, line(s) 227 com/mbridge/msdk/playercommon/exoplayer2/upstream/DefaultHttpDataSource.java, line(s) 77 com/mbridge/msdk/playercommon/exoplayer2/upstream/Loader.java, line(s) 120,172,179,191 com/mbridge/msdk/playercommon/exoplayer2/upstream/cache/CachedRegionTracker.java, line(s) 130 com/mbridge/msdk/playercommon/exoplayer2/upstream/cache/SimpleCache.java, line(s) 296 com/mbridge/msdk/playercommon/exoplayer2/util/EventLogger.java, line(s) 150 com/mbridge/msdk/playercommon/exoplayer2/video/DummySurface.java, line(s) 81,87 com/mbridge/msdk/tracker/b.java, line(s) 25,40,55 com/mbridge/msdk/tracker/c.java, line(s) 28,41,58,74,88,109,136,162,190,217,240,261,279,303,321,340,357,376,394 com/mbridge/msdk/tracker/j.java, line(s) 38 com/mbridge/msdk/tracker/k.java, line(s) 75,88,98,266 com/mbridge/msdk/tracker/m.java, line(s) 26,100,111,155,162,185 com/mbridge/msdk/tracker/network/e0.java, line(s) 35,42 com/mbridge/msdk/tracker/o.java, line(s) 56,87,137,150 com/mbridge/msdk/tracker/q.java, line(s) 38 com/mbridge/msdk/tracker/s.java, line(s) 76,92,102,232,238,250 com/mbridge/msdk/tracker/x.java, line(s) 60,63,66 com/muso/hook/HookManager.java, line(s) 109 com/muso/hook/patronus/_Patrons.java, line(s) 55,79,90,97,109,155,31,59,70,71,116 com/muso/lr/MediaPlayerCore.java, line(s) 624,626 com/muso/musicplayer/MusicApplication.java, line(s) 199 com/vungle/ads/internal/util/Logger.java, line(s) 24,33,45,65,77,84,96 cq/t.java, line(s) 447,465,474 d4/c.java, line(s) 354 d7/b.java, line(s) 104,173 e1/p.java, line(s) 21 en/b.java, line(s) 912 ep/f.java, line(s) 70,109 f3/a.java, line(s) 208,217 f3/c.java, line(s) 75 f3/d.java, line(s) 118 f3/e.java, line(s) 153 f9/a.java, line(s) 14,8,13 fh/b1.java, line(s) 396 fj/a.java, line(s) 39 fn/e.java, line(s) 29 g3/e.java, line(s) 177 g3/f.java, line(s) 335 g3/g.java, line(s) 31,66 g3/h.java, line(s) 136,142 g3/j.java, line(s) 176 g3/k.java, line(s) 148,227,235,286,289,290,291,298 g3/l.java, line(s) 294 g3/n.java, line(s) 800,2078 gb/e.java, line(s) 168,192 gj/e.java, line(s) 22,51 gj/f.java, line(s) 23,67 gj/i.java, line(s) 22,44 gj/j.java, line(s) 23,56 h3/a.java, line(s) 159,162,163,164,171 h3/b.java, line(s) 216 h5/e.java, line(s) 186,192 h8/b.java, line(s) 46 h9/c.java, line(s) 90 hj/g.java, line(s) 42,77 i5/l.java, line(s) 250 i8/d.java, line(s) 133 i9/p.java, line(s) 125 j3/e.java, line(s) 33 j3/f.java, line(s) 74 j3/m.java, line(s) 31 j3/r.java, line(s) 42 j8/e.java, line(s) 166,172,187 j8/k.java, line(s) 20,36,46 jm/a.java, line(s) 19 k1/w0.java, line(s) 43,49,53,138,143 k4/a.java, line(s) 76 k6/a.java, line(s) 130 k8/a.java, line(s) 106 k8/b.java, line(s) 110,140 k8/f.java, line(s) 194 l2/n0.java, line(s) 29,38 lc/e.java, line(s) 151,303 m3/f.java, line(s) 157,166 m3/h.java, line(s) 38,55 n3/f.java, line(s) 58 n3/g.java, line(s) 46 n3/h.java, line(s) 58 n3/m.java, line(s) 79 n5/d.java, line(s) 104 n8/e.java, line(s) 35 nb/b.java, line(s) 15 nb/d.java, line(s) 14 net/pubnative/lite/sdk/models/NativeAd.java, line(s) 74,139 net/pubnative/lite/sdk/mraid/MRAIDView.java, line(s) 179,204,210,216,222,228,234,240,249,253,259,282,298,307,400,405,410,418,425,430,436,441,446,454,466,472,479,481,491,497,589,614,622,667,671,672,673,676,697,702,714,737,742,770,786,816,826,879,888,891,898,916,924,953,954,955,956,1034,1112,1130,1141,1167,1187,1209,1234,1236,1262,1300,1324,1421,1437,1479,1483,1509,1521,1557,1561,1568,1572,1577,1661,1675,1692,1696,1719,1722,1762,1836,1844,1859,1865,1870,1912,1917,1920,1933,1942,1963,2001,2009,2055,2075,2081,2096,2099,978,996,1151,1162,198,1780,1784,1185,1961 net/pubnative/lite/sdk/mraid/internal/MRAIDLog.java, line(s) 39,45,55,61,66 net/pubnative/lite/sdk/mraid/internal/MRAIDNativeFeatureManager.java, line(s) 23,29,35,41,47,53 net/pubnative/lite/sdk/mraid/internal/MRAIDParser.java, line(s) 40,63 net/pubnative/lite/sdk/mraid/nativefeature/MRAIDNativeFeatureProvider.java, line(s) 76,71,96,102,164,50,56,63,85,90 net/pubnative/lite/sdk/presenter/AdPresenterDecorator.java, line(s) 174 net/pubnative/lite/sdk/utils/Logger.java, line(s) 49 net/pubnative/lite/sdk/utils/PNAdvertisingIdClient.java, line(s) 57,90,117 net/pubnative/lite/sdk/utils/json/JsonModel.java, line(s) 108 net/pubnative/lite/sdk/utils/svgparser/utils/CSSParser.java, line(s) 684 net/pubnative/lite/sdk/utils/svgparser/utils/SVGAndroidRenderer.java, line(s) 575,1128,1278 net/pubnative/lite/sdk/utils/svgparser/utils/SVGParserImpl.java, line(s) 2982,2992,2996,3002,3010 net/pubnative/lite/sdk/views/PNAPIContentInfoView.java, line(s) 141 net/pubnative/lite/sdk/vpaid/response/VastProcessor.java, line(s) 105,512,528 o3/a.java, line(s) 117,126,143,153 ob/c.java, line(s) 74 oc/c.java, line(s) 234,242 oi/b.java, line(s) 32 oj/b.java, line(s) 24,50 oo/a.java, line(s) 32 pb/c.java, line(s) 35,26,29,32 pb/d.java, line(s) 30 pb/f.java, line(s) 10 pd/b.java, line(s) 41 pi/a.java, line(s) 18 po/a.java, line(s) 220,391 qb/c.java, line(s) 9 qc/a0.java, line(s) 142,43,44,74,96,136,155,174,179,180,187 qc/e.java, line(s) 23,26 qc/i.java, line(s) 106,109,119,125,128,29,88,114 qc/l.java, line(s) 83 qc/m.java, line(s) 35,38,50,56 qc/n.java, line(s) 65,57 qc/o.java, line(s) 66 qc/t.java, line(s) 35,45 qc/u.java, line(s) 30 qc/v.java, line(s) 82,117,38,39,48,49,85 qd/h.java, line(s) 40 r0/d2.java, line(s) 417 r2/a.java, line(s) 44 r3/o.java, line(s) 23 r5/f.java, line(s) 51,73 rb/a0.java, line(s) 73,132,52,70 rb/d0.java, line(s) 26,30,53,36,50,55,59 rb/e0.java, line(s) 59 rb/f.java, line(s) 63,133,183 rb/h0.java, line(s) 24,29,33 rb/k.java, line(s) 25,27,21 rb/k0.java, line(s) 41 rb/m.java, line(s) 32,39 rb/p.java, line(s) 27,38 rb/q.java, line(s) 271,94,111,216,240,265,268,303,323,327,330,334,335,341 rb/s.java, line(s) 34 rb/s0.java, line(s) 48,171,173,176,180 rb/y.java, line(s) 23 rb/z.java, line(s) 23 rl/d.java, line(s) 79,93,101,121,150,172 sb/e.java, line(s) 40,84,94 sb/g.java, line(s) 75,85 sq/c.java, line(s) 65 t3/b.java, line(s) 54 u3/a.java, line(s) 27,32,47,52,58,73,78 ud/a.java, line(s) 19,32 v3/a.java, line(s) 277 v3/h1.java, line(s) 349,366,84,96,103,112 v3/k0.java, line(s) 854,950 v3/m0.java, line(s) 51,62 v3/n.java, line(s) 33,46,93,155,198,215,239 vb/a.java, line(s) 35 vk/n2.java, line(s) 111 w4/a.java, line(s) 89,156,31,37,39,43,71,82,93 w4/c.java, line(s) 51,63,65,104,125,209,220,224,228,233,267,269,293,315 wb/b.java, line(s) 65,50,61 wd/a.java, line(s) 18,13 x4/b0.java, line(s) 99 xa/g.java, line(s) 22,30,31 xa/k.java, line(s) 80,79 xa/n.java, line(s) 41,40 xb/b.java, line(s) 48,87 yb/c.java, line(s) 54,73,63,76,101 yb/d.java, line(s) 60,64,46,51,55,67 yb/e.java, line(s) 18 yl/d.java, line(s) 65 za/a.java, line(s) 96,105 za/j.java, line(s) 32 za/n.java, line(s) 97,134 za/q.java, line(s) 17
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: c2/j.java, line(s) 5,23,368 il/w.java, line(s) 4,52,53 pl/l2.java, line(s) 4,33,34 ql/d.java, line(s) 4,44,45 vm/l.java, line(s) 4,164,165
信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: dl/j8.java, line(s) 107,140,141,4,105
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: ar/c.java, line(s) 78,77,76 ar/d.java, line(s) 101,91,100,113,99,99 ar/g.java, line(s) 77,76,75,75 ar/h.java, line(s) 141,129,140,139,139 com/cpp/component/NetworkAgent/VerifyCallBack.java, line(s) 25,24,23,23 com/inmobi/media/C0420m9.java, line(s) 56,60 com/inmobi/media/C1348m9.java, line(s) 61,65 com/mbridge/msdk/thrid/okhttp/internal/c.java, line(s) 281,280,279,279 com/mbridge/msdk/tracker/network/toolbox/h.java, line(s) 60,150
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: ab/s.java, line(s) 49 com/apm/insight/nativecrash/a.java, line(s) 311,311,311,311,311 com/kochava/tracker/datapoint/internal/DataPointCollectionState.java, line(s) 51,54,54,54,54,54,54 rb/f.java, line(s) 170,170,171
安全 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/1059753774691/namespaces/firebase:fetch?key=AIzaSyCxJ7tPyh95RbE3RF2U6j5_poFLBYr2RSY ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}