安全分析报告:
安全分数
安全分数 47/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
3
用户/设备跟踪器
调研结果
高危
5
中危
33
信息
1
安全
2
关注
9
高危 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/bumptech/glide/BuildConfig.java, line(s) 2,5 com/bumptech/glide/gifdecoder/BuildConfig.java, line(s) 2,5 com/wbtech/ums/BuildConfig.java, line(s) 2,3
高危 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/alipay/android/app/util/StoreUtils.java, line(s) 12 com/jsict/mobile/plugins/xmpp/XmppMessagePlugin.java, line(s) 59
高危 使用弱加密算法
使用弱加密算法 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/jsict/mobile/plugins/http/DesPlus.java, line(s) 44,46 com/jsict/mobile/plugins/http/SimpleDes.java, line(s) 47,49 com/tencent/mm/sdk/platformtools/LogHelper.java, line(s) 58
高危 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: com/lidroid/xutils/http/client/DefaultSSLSocketFactory.java, line(s) 59,13,14,15 com/lidroid/xutils/util/OtherUtils.java, line(s) 211,211,14,15,16,17,18
高危 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: com/alipay/android/app/sdk/WapPayActivity.java, line(s) 142,141
中危 应用程序存在Janus漏洞
应用程序使用了v1签名方案进行签名,如果只使用v1签名方案,那么它就容易受到安卓5.0-8.0上的Janus漏洞的攻击。在安卓5.0-7.0上运行的使用了v1签名方案的应用程序,以及同时使用了v2/v3签名方案的应用程序也同样存在漏洞。
中危 应用程序可以安装在有漏洞的已更新 Android 版本上
Android 4.4-4.4.4, [minSdk=19] 该应用程序可以安装在具有多个未修复漏洞的旧版本 Android 上。这些设备不会从 Google 接收合理的安全更新。支持 Android 版本 => 10、API 29 以接收合理的安全更新。
中危 应用程序数据存在被泄露的风险
未设置[android:allowBackup]标志 这个标志 [android:allowBackup]应该设置为false。默认情况下它被设置为true,允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Activity (com.jsict.cloud.ythmanagement.VideoChatViewActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (cn.jpush.android.ui.PushActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Service (com.jsict.cloud.ythmanagement.PushService) 未被保护。
存在一个intent-filter。 发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。
中危 Broadcast Receiver (cn.jpush.android.service.PushReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.jsict.cloud.ythmanagement.PushMessageReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (plugins.com.jsict.mobile.plugins.jpush.MyReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Service (com.jsict.cloud.ythmanagement.location.LocTimingService) 未被保护。
存在一个intent-filter。 发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。
中危 Broadcast Receiver (com.jsict.cloud.ythmanagement.location.ServiceRestartReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.jsict.cloud.ythmanagement.location.LocTimingControlReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.jsict.cloud.ythmanagement.location.LocTimingLocReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.jsict.cloud.ythmanagement.location.LocTimingReportReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Service (cn.jpush.android.service.PushService) 未被保护。
存在一个intent-filter。 发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。
中危 Service (cn.jpush.android.service.DaemonService) 未被保护。
存在一个intent-filter。 发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。
中危 Activity设置了TaskAffinity属性
(cn.jpush.android.service.JNotifyActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity (cn.jpush.android.service.JNotifyActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 高优先级的Intent (1000)
[android:priority] 通过设置一个比另一个Intent更高的优先级,应用程序有效地覆盖了其他请求。
中危 高优先级的Intent (1000)
[android:priority] 通过设置一个比另一个Intent更高的优先级,应用程序有效地覆盖了其他请求。
中危 高优先级的Intent (1000)
[android:priority] 通过设置一个比另一个Intent更高的优先级,应用程序有效地覆盖了其他请求。
中危 高优先级的Intent (1000)
[android:priority] 通过设置一个比另一个Intent更高的优先级,应用程序有效地覆盖了其他请求。
中危 高优先级的Intent (1000)
[android:priority] 通过设置一个比另一个Intent更高的优先级,应用程序有效地覆盖了其他请求。
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/jsict/mobile/plugins/xmpp/XmppNotificationService.java, line(s) 12 com/jsict/mobile/plugins/xmpp/XmppNotifier.java, line(s) 16 com/lidroid/xutils/http/client/multipart/MultipartEntity.java, line(s) 11 com/tencent/mm/sdk/platformtools/Util.java, line(s) 54 im/yixin/sdk/http/multipart/MultipartEntity.java, line(s) 8 org/jivesoftware/smack/util/StringUtils.java, line(s) 8 org/kobjects/crypt/Crypt.java, line(s) 7
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/jsict/mobile/plugins/alipay/Rsa.java, line(s) 49 com/lidroid/xutils/cache/MD5FileNameGenerator.java, line(s) 9 com/novell/sasl/client/DigestMD5SaslClient.java, line(s) 194,219 com/tencent/mm/algorithm/MD5.java, line(s) 106,133,186,205 com/wbtech/ums/common/MD5Utility.java, line(s) 9 im/yixin/algorithm/MD5.java, line(s) 12,32
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/novell/sasl/client/DigestMD5SaslClient.java, line(s) 333 org/jivesoftware/smack/util/StringUtils.java, line(s) 224
中危 IP地址泄露
IP地址泄露 Files: com/gprinter/io/PortParameters.java, line(s) 24 com/jsict/mobile/plugins/xmpp/XmppServiceManager.java, line(s) 36
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/bumptech/glide/load/Option.java, line(s) 82 com/bumptech/glide/load/engine/DataCacheKey.java, line(s) 34 com/bumptech/glide/load/engine/EngineResource.java, line(s) 95 com/bumptech/glide/load/engine/ResourceCacheKey.java, line(s) 80 com/bumptech/glide/manager/RequestManagerRetriever.java, line(s) 38 com/gprinter/save/SharedPreferencesUtil.java, line(s) 6,7,8,9,10 com/jsict/cloud/ythmanagement/location/LoginData.java, line(s) 7,9 com/jsict/mobile/plugins/http/DesPlus.java, line(s) 8 com/jsict/mobile/plugins/http/SimpleDes.java, line(s) 9 com/jsict/mobile/plugins/xmpp/XmppConstants.java, line(s) 7,13,32,23,34 com/lzy/okgo/cache/CacheEntity.java, line(s) 12,84 com/lzy/okgo/exception/CacheException.java, line(s) 6,10 com/tencent/mm/sdk/openapi/ConstantsAPI.java, line(s) 11 com/tencent/mm/sdk/platformtools/KVConfig.java, line(s) 27 com/tencent/mm/sdk/platformtools/LocaleUtil.java, line(s) 21,29 com/tencent/mm/sdk/platformtools/Util.java, line(s) 1013,1171 com/tencent/mm/sdk/plugin/BaseProfile.java, line(s) 17 com/tencent/mm/sdk/plugin/MMPluginAPIImpl.java, line(s) 160,126,165 com/tencent/mm/sdk/plugin/MMPluginProviderConstants.java, line(s) 21,46,32,123,24 com/wbtech/ums/AppInfo.java, line(s) 6 com/zxing/decoding/Intents.java, line(s) 44 im/yixin/sdk/api/YXMessage.java, line(s) 106,107 org/jivesoftware/smack/ConnectionConfiguration.java, line(s) 76
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/gprinter/command/GpUtils.java, line(s) 84 com/gprinter/io/utils/GpUtils.java, line(s) 43 com/jsict/mobile/plugins/utils/UtilPlugin.java, line(s) 148,149,242,267,399 com/lidroid/xutils/util/OtherUtils.java, line(s) 80 com/lzy/okgo/convert/FileConvert.java, line(s) 25,42 com/lzy/okserver/OkDownload.java, line(s) 35 com/tencent/mm/sdk/platformtools/Util.java, line(s) 250,251,886,887,896,897 com/wbtech/ums/UmsAgent.java, line(s) 624,626,641 com/wbtech/ums/UpdateManager.java, line(s) 67 com/wbtech/ums/dao/GetInfoFromFile.java, line(s) 19,32 com/wbtech/ums/dao/SaveInfo.java, line(s) 28,29,38,40,67,80
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/gprinter/save/DatabaseHelper.java, line(s) 5,6,29 com/jsict/mobile/plugins/xmpp/XmppRemoteServiceBootReceiver.java, line(s) 7,27 com/lidroid/xutils/DbUtils.java, line(s) 5,749 com/lzy/okgo/db/DBHelper.java, line(s) 4,5,43 com/lzy/okgo/db/DBUtils.java, line(s) 4,9
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/alipay/android/app/sdk/WapPayActivity.java, line(s) 59,54
中危 应用程序包含隐私跟踪程序
此应用程序有多个3隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "agora_access_token" : "" 308202eb30820254a00302010202044d36f7a4300d06092a864886f70d01010505003081b9310b300906035504061302383631123010060355040813094775616e67646f6e673111300f060355040713085368656e7a68656e31353033060355040a132c54656e63656e7420546563686e6f6c6f6779285368656e7a68656e2920436f6d70616e79204c696d69746564313a3038060355040b133154656e63656e74204775616e677a686f7520526573656172636820616e6420446576656c6f706d656e742043656e7465723110300e0603550403130754656e63656e74301e170d3131303131393134333933325a170d3431303131313134333933325a3081b9310b300906035504061302383631123010060355040813094775616e67646f6e673111300f060355040713085368656e7a68656e31353033060355040a132c54656e63656e7420546563686e6f6c6f6779285368656e7a68656e2920436f6d70616e79204c696d69746564313a3038060355040b133154656e63656e74204775616e677a686f7520526573656172636820616e6420446576656c6f706d656e742043656e7465723110300e0603550403130754656e63656e7430819f300d06092a864886f70d010101050003818d0030818902818100c05f34b231b083fb1323670bfbe7bdab40c0c0a6efc87ef2072a1ff0d60cc67c8edb0d0847f210bea6cbfaa241be70c86daf56be08b723c859e52428a064555d80db448cdcacc1aea2501eba06f8bad12a4fa49d85cacd7abeb68945a5cb5e061629b52e3254c373550ee4e40cb7c8ae6f7a8151ccd8df582d446f39ae0c5e930203010001300d06092a864886f70d0101050500038181009c8d9d7f2f908c42081b4c764c377109a8b2c70582422125ce545842d5f520aea69550b6bd8bfd94e987b75a3077eb04ad341f481aac266e89d3864456e69fba13df018acdc168b9a19dfd7ad9d9cc6f6ace57c746515f71234df3a053e33ba93ece5cd0fc15f3e389a3f365588a9fcb439e069d3629cd7732a13fff7b891499 bbd0e8b3dce64e02bab42437becc4384 308201e53082014ea0030201020204527b5e4f300d06092a864886f70d01010505003037310b30090603550406130255533110300e060355040a1307416e64726f6964311630140603550403130d416e64726f6964204465627567301e170d3133313130373039333330335a170d3433313033313039333330335a3037310b30090603550406130255533110300e060355040a1307416e64726f6964311630140603550403130d416e64726f696420446562756730819f300d06092a864886f70d010101050003818d0030818902818100ba479ba3a12175d85c0972b8b9fc82bea78495f927bcd8495abc56d3fab71e2abfe48dfe380e6fe8b8ac00188dfa12c43e0e118ccceaca24329ed097a4ac056de773ae886ca5a3154445886ba4e17bc8e1d3d022d4a05ce7ad8636493b559078c69abad1ae878fc3b85f03790a159c30840a8c838a00a91b23e94602fb986a730203010001300d06092a864886f70d010105050003818100a058af05ddbfb4a894253a7d233b101ff2010d9ed1bf57c947b6f4ad0e64b2b5fee326b92b4da4261ca9aa473ebb20aa570f62f0105a8c13919964af20e97608db137434c6975617291344f6b6debaafb75bbc4f33922f7d0fd90c4fcba5c1b082b141d1f0f098b9ca73cd24910a461634920e5e47f8a6c611c1cc2c2243ebde 3082030d308201f5a003020102020401cc2ba1300d06092a864886f70d01010b05003037310b30090603550406130255533110300e060355040a1307416e64726f6964311630140603550403130d416e64726f6964204465627567301e170d3133303231373232333431305a170d3433303231303232333431305a3037310b30090603550406130255533110300e060355040a1307416e64726f6964311630140603550403130d416e64726f696420446562756730820122300d06092a864886f70d01010105000382010f003082010a0282010100a986894ad9e5faad066d576366d07bb7ab37ad97bb1691b01786d4a37202e7b71115a18392daef2639d8aa6d1c3ac9258c0ab75d006f34bc0273be63000c143843a8ef6ceda0f1de4426fab56c92a59e92d45874831746d39f8982ff89c674d286287b2d749cccd04ce112acb9ffb574a1da7d00188680562adfabe3b03bfef01cdb2e1452e9849f3269378d291bb7525b2f02d0a68725ab1237fd09d3c7e24746160b6a105fc4c781a89cd2aaeec98bcff24cc9916baab82bba79a14299593a543523bb1f327a56947908300b5713b6dd490bc7339d661bd356f2d4c453b78074974b48fd1c5b4ea48e3cb8603ef3cde0dfbf1e3bc2b9d7cb6505f9861b49150203010001a321301f301d0603551d0e041604147f7ead059498d489e43eb0e1a3a8fa57798aa205300d06092a864886f70d01010b050003820101007b650f42089d53e4486c4f0f0eb0fcda466aecd52cf9ce1af4bb48e540031e3b1cd76dc153173b823951882ba8c1790b7eb8f735deb222e0705884980d3fd1507777a82c9ff0cc8b4f6f98cb8ee219fc816fcbea1969055a913e0b7c10fa6af8dfeefc5cb79c88c3d420bb25bb7823610fdc48398b42486b0797d15ac4275138d7a4c7aa49f907efd80c26fc3e498492d633dbb1b866ac1fa42e39e26d27b9512d2cb1850e07ae924c0b2842d2a52c5216b927ed5267876ace7c6b737c05740c623f24cff28c9b23a514bc0daa510d25c646b5c45bf3c5a0f81d176eb9f454d1ef611aaae461cb8fb3ed01baf9017cda4801bd99d2bf3ef327a4ba7b7a0dc517 3082019f30820108a003020102020450d3f283300d06092a864886f70d010105050030133111300f060355040313086368696e6174656c3020170d3132313232313035323431395a180f32303632313230393035323431395a30133111300f060355040313086368696e6174656c30819f300d06092a864886f70d010101050003818d00308189028181009ec811f81e259d74109087d546a6b5cf0d4372a5c095c3de42db8dad608698bb9885d0afed6b1fb8188eec5a51dc086e7a9ef00a2071ec92f586a8faf9a3587a98d09a6e45bb3858f4a3ff1052140fa3ece902518bafe1935351a822eae166825b31f09fb0f25cd96fe3ee7b6b3f0d6fa20126a110f5af481097325a7f0c442b0203010001300d06092a864886f70d010105050003818100776f185197eb6f104a81269ac79d9f9aa02e570d535ea5082e9838a816eecce344fe70b222ec1a7ccb2c3d5ca9331d305f0925c2b111eebecdc42adbd34c85e1f1eb636c2589fcafe23d63ac48bbce8f0ac0ddbb5a72bbe13ee2273a18a7844365102d6395eebfef266a263c8b3ca8196bfda79375534d22b5be5a8a13c08ea8
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/bumptech/glide/Glide.java, line(s) 210,219,134,133,209,216,245,246 com/bumptech/glide/gifdecoder/GifHeaderParser.java, line(s) 246,278,245,277 com/bumptech/glide/gifdecoder/StandardGifDecoder.java, line(s) 162,178,192,160,176,190,213,222 com/bumptech/glide/load/data/AssetPathFetcher.java, line(s) 36,35 com/bumptech/glide/load/data/HttpUrlFetcher.java, line(s) 59,141,58,62,68,76,140,73,77 com/bumptech/glide/load/data/LocalUriFetcher.java, line(s) 38,37 com/bumptech/glide/load/data/mediastore/ThumbFetcher.java, line(s) 54,53 com/bumptech/glide/load/data/mediastore/ThumbnailStreamOpener.java, line(s) 63,62 com/bumptech/glide/load/engine/DecodeJob.java, line(s) 192,191,340,386,448 com/bumptech/glide/load/engine/DecodePath.java, line(s) 60,61 com/bumptech/glide/load/engine/Engine.java, line(s) 31,100 com/bumptech/glide/load/engine/GlideException.java, line(s) 74 com/bumptech/glide/load/engine/SourceGenerator.java, line(s) 67,68 com/bumptech/glide/load/engine/bitmap_recycle/LruArrayPool.java, line(s) 93,148,94,149 com/bumptech/glide/load/engine/bitmap_recycle/LruBitmapPool.java, line(s) 136,167,176,200,76,83,135,145,166,175,189,199,208,77,84,146,214,190 com/bumptech/glide/load/engine/cache/DiskLruCacheWrapper.java, line(s) 52,62,76,82,112,123,53,77,63,83,113,124 com/bumptech/glide/load/engine/cache/MemorySizeCalculator.java, line(s) 67,51 com/bumptech/glide/load/engine/executor/GlideExecutor.java, line(s) 44,41 com/bumptech/glide/load/engine/executor/RuntimeCompat.java, line(s) 37,36 com/bumptech/glide/load/engine/prefill/BitmapPreFillRunner.java, line(s) 74,73 com/bumptech/glide/load/model/ByteBufferEncoder.java, line(s) 21,20 com/bumptech/glide/load/model/ByteBufferFileLoader.java, line(s) 61,60 com/bumptech/glide/load/model/FileLoader.java, line(s) 64,63 com/bumptech/glide/load/model/ResourceLoader.java, line(s) 42,43 com/bumptech/glide/load/model/StreamEncoder.java, line(s) 40,39 com/bumptech/glide/load/resource/bitmap/BitmapEncoder.java, line(s) 65,64,81,82 com/bumptech/glide/load/resource/bitmap/DefaultImageHeaderParser.java, line(s) 123,130,146,153,186,196,208,222,236,242,246,251,257,261,122,129,145,152,185,195,207,221,235,241,245,250,256,260 com/bumptech/glide/load/resource/bitmap/Downsampler.java, line(s) 181,300,337,140,156,180,256,299,336,141,257,364 com/bumptech/glide/load/resource/bitmap/DrawableToBitmapConverter.java, line(s) 47,52,48,53 com/bumptech/glide/load/resource/bitmap/HardwareConfigState.java, line(s) 53,54 com/bumptech/glide/load/resource/bitmap/TransformationUtils.java, line(s) 162,106,115,122,139,144,161,107,116,123,124,125,129,140,145 com/bumptech/glide/load/resource/bitmap/VideoDecoder.java, line(s) 135,134 com/bumptech/glide/load/resource/gif/ByteBufferGifDecoder.java, line(s) 82,88,93,98,108,83,89,94,99,109 com/bumptech/glide/load/resource/gif/GifDrawableEncoder.java, line(s) 27,28 com/bumptech/glide/load/resource/gif/StreamGifDecoder.java, line(s) 56,57 com/bumptech/glide/manager/DefaultConnectivityMonitor.java, line(s) 24,23,53,72,54,73 com/bumptech/glide/manager/DefaultConnectivityMonitorFactory.java, line(s) 17,16 com/bumptech/glide/manager/RequestManagerFragment.java, line(s) 140,141 com/bumptech/glide/manager/RequestManagerRetriever.java, line(s) 345,346 com/bumptech/glide/manager/RequestTracker.java, line(s) 27,28 com/bumptech/glide/manager/SupportRequestManagerFragment.java, line(s) 136,137 com/bumptech/glide/module/ManifestParser.java, line(s) 22,29,40,45,21,28,33,39,44,34 com/bumptech/glide/request/SingleRequest.java, line(s) 383,64,469,420 com/bumptech/glide/request/target/CustomViewTarget.java, line(s) 309,310,324,325 com/bumptech/glide/request/target/ViewTarget.java, line(s) 302,303,317,318 com/bumptech/glide/signature/ApplicationVersionSignature.java, line(s) 53 com/bumptech/glide/util/ContentLengthInputStream.java, line(s) 32,31 com/bumptech/glide/util/pool/FactoryPools.java, line(s) 99,100 com/gprinter/command/EscCommand.java, line(s) 357,361,378,382,686,702,707,716,717,727,758 com/gprinter/command/LabelCommand.java, line(s) 547,554,562,569,576 com/gprinter/io/BluetoothPort.java, line(s) 36,51,73,156,192,200,231,106,130,143,169,197,114,179 com/gprinter/io/EthernetPort.java, line(s) 38,53,79,161,196,212,244,28,114,123,132,138,148,174,209,267,275,121,184 com/gprinter/io/GpDevice.java, line(s) 76,88,91,98,109,113,123,130,134,141,152,163,169,176,210,214,206 com/gprinter/io/GpEquipmentPort.java, line(s) 138,218,245,270,274,283,289,296,315 com/gprinter/io/GpPort.java, line(s) 25,26,35,49,54,69 com/gprinter/io/SerialPort.java, line(s) 65 com/gprinter/io/UsbPort.java, line(s) 40,43,64,79,101,152,155,230,270,295,300,207,147,233 com/gprinter/save/DatabaseHelper.java, line(s) 28,41 com/gprinter/save/PortParamDataBase.java, line(s) 86,31,43,52,65,66,67,68,69,70,71,78,91 com/gprinter/service/AllService.java, line(s) 33 com/gprinter/service/GpPrintService.java, line(s) 89,92,113,119,219,223,227,245,267,295,300,308,315,320,337,379,385,396,404,449,574,581,586,651,652,686,699,485,157,503,555,561,565,568,620,660,663,671,672,812,823,326 com/gprinter/util/LogInfo.java, line(s) 27,42,45 com/hp/hpl/sparta/ParseByteStream.java, line(s) 116 com/hp/hpl/sparta/ParseCharStream.java, line(s) 398,495,582,698,823 com/hp/hpl/sparta/ParseException.java, line(s) 55 com/jsict/cloud/ythmanagement/OpenFromNotification.java, line(s) 24 com/jsict/cloud/ythmanagement/PushMessageReceiver.java, line(s) 48,23,29,45,50,52,54,56,62,67,72,77,82 com/jsict/cloud/ythmanagement/VideoChatViewActivity.java, line(s) 36,44,55,123 com/jsict/cloud/ythmanagement/location/LocTimingControlReceiver.java, line(s) 19 com/jsict/cloud/ythmanagement/location/LocTimingLocReceiver.java, line(s) 13 com/jsict/cloud/ythmanagement/location/LocTimingReportReceiver.java, line(s) 13 com/jsict/cloud/ythmanagement/location/LocTimingService.java, line(s) 69,72,80,97,99,101,103,105,111,113,121,123,166,195,198,202,211,224,234,260,267,280,302,312,319,358 com/jsict/cloud/ythmanagement/location/LoginInfo.java, line(s) 27,28,30,37,39,64,69,100 com/jsict/cloud/ythmanagement/location/ServiceRestartReceiver.java, line(s) 16,28,32 com/jsict/mobile/plugins/alipay/Result.java, line(s) 67,69 com/jsict/mobile/plugins/alipay/Rsa.java, line(s) 74,75,77 com/jsict/mobile/plugins/app/AppManager.java, line(s) 67,196 com/jsict/mobile/plugins/baidu/BaiduMapHandler.java, line(s) 100,105,110,404,410 com/jsict/mobile/plugins/weibo/WeiboPlugin.java, line(s) 339,344,346 com/jsict/mobile/plugins/xmpp/XmppAckIQ.java, line(s) 26 com/jsict/mobile/plugins/xmpp/XmppNotificationDetailsActivity.java, line(s) 34,36,38,40,42,44 com/jsict/mobile/plugins/xmpp/XmppNotificationIQProvider.java, line(s) 73 com/jsict/mobile/plugins/xmpp/XmppNotificationPacketListener.java, line(s) 17,19,53 com/jsict/mobile/plugins/xmpp/XmppNotificationReceiver.java, line(s) 44,60,104 com/jsict/mobile/plugins/xmpp/XmppNotificationService.java, line(s) 31,49,63,68,75,81,86,115,125,147,155,161,168,204,212 com/jsict/mobile/plugins/xmpp/XmppNotifier.java, line(s) 38,137 com/jsict/mobile/plugins/xmpp/XmppPersistentConnectionListener.java, line(s) 15,20,29,34,39 com/jsict/mobile/plugins/xmpp/XmppPhoneStateChangeListener.java, line(s) 31,33 com/jsict/mobile/plugins/xmpp/XmppReconnectionThread.java, line(s) 17 com/jsict/mobile/plugins/xmpp/XmppRemoteServiceBootReceiver.java, line(s) 19,30,41,55,56 com/jsict/mobile/plugins/zebra/ZebraPlugin.java, line(s) 52,80 com/jsict/mobile/plugins/zip/ZipPlugin.java, line(s) 38,53 com/jsict/mobile/util/CopyUtils.java, line(s) 45,78,98,106,112,121 com/lidroid/xutils/util/LogUtils.java, line(s) 64,76,88,100,112,124,136,148,160,172,184,196,208,220 com/lzy/okgo/utils/OkLogger.java, line(s) 33,63,43,23,53 com/tencent/mm/sdk/channel/MMessage.java, line(s) 38,42,48,73 com/tencent/mm/sdk/channel/MMessageAct.java, line(s) 38,45 com/tencent/mm/sdk/openapi/GetMessageFromWX.java, line(s) 53 com/tencent/mm/sdk/openapi/SendAuth.java, line(s) 34,78 com/tencent/mm/sdk/openapi/SendMessageToWX.java, line(s) 25 com/tencent/mm/sdk/openapi/WXApiImplV10.java, line(s) 44,75,85,188,245,65,94,140,167,174,182,210,230,237,242 com/tencent/mm/sdk/openapi/WXAppExtendObject.java, line(s) 72 com/tencent/mm/sdk/openapi/WXEmojiObject.java, line(s) 60 com/tencent/mm/sdk/openapi/WXFileObject.java, line(s) 60 com/tencent/mm/sdk/openapi/WXImageObject.java, line(s) 79 com/tencent/mm/sdk/openapi/WXMediaMessage.java, line(s) 32,113,133 com/tencent/mm/sdk/openapi/WXMusicObject.java, line(s) 35 com/tencent/mm/sdk/openapi/WXTextObject.java, line(s) 21 com/tencent/mm/sdk/openapi/WXVideoObject.java, line(s) 33 com/tencent/mm/sdk/openapi/WXWebpageObject.java, line(s) 20 com/tencent/mm/sdk/platformtools/BackwardSupportUtil.java, line(s) 75,84,124 com/tencent/mm/sdk/platformtools/ChannelUtil.java, line(s) 51,66,94,103,85,86,87,92 com/tencent/mm/sdk/platformtools/FilesCopy.java, line(s) 81,95,107 com/tencent/mm/sdk/platformtools/JpegTools.java, line(s) 159,76,166,60,89,102,111,119,122 com/tencent/mm/sdk/platformtools/KVConfig.java, line(s) 123,176,23,27,92,139 com/tencent/mm/sdk/platformtools/LBSManager.java, line(s) 138,37,99,180,184,189,197,205,210,230,265,273,281 com/tencent/mm/sdk/platformtools/LocaleUtil.java, line(s) 83,101,87 com/tencent/mm/sdk/platformtools/Log.java, line(s) 59,179,75,91,137,121,194,135,210 com/tencent/mm/sdk/platformtools/MAlarmHandler.java, line(s) 92,73,116 com/tencent/mm/sdk/platformtools/MMApplicationContext.java, line(s) 26 com/tencent/mm/sdk/platformtools/MMEntryLock.java, line(s) 17,20,26 com/tencent/mm/sdk/platformtools/MMHandlerThread.java, line(s) 33,133,148 com/tencent/mm/sdk/platformtools/NetStatusUtil.java, line(s) 163,172,185,225,414,52,55,62,99,118,119,120,121,122,123,124,358 com/tencent/mm/sdk/platformtools/ObserverPool.java, line(s) 69,128,94 com/tencent/mm/sdk/platformtools/PhoneUtil20Impl.java, line(s) 142 com/tencent/mm/sdk/platformtools/QueueWorkerThread.java, line(s) 67,99,104,112 com/tencent/mm/sdk/platformtools/SensorController.java, line(s) 72,81,90,98 com/tencent/mm/sdk/platformtools/SyncTask.java, line(s) 33,36,51 com/tencent/mm/sdk/platformtools/TimeLogger.java, line(s) 29,36,39 com/tencent/mm/sdk/platformtools/TrafficStats.java, line(s) 108,77,81,85,89,92,95 com/tencent/mm/sdk/platformtools/Util.java, line(s) 245,263,918,926,1260,1300,1315,1488,537,571,607,611,654,826,991,1140,1189,1387,130,1171,876,880,907,911,1160,1236,1242,1252,1467,1494 com/tencent/mm/sdk/plugin/MMPluginAPIImpl.java, line(s) 147,151,73 com/tencent/mm/sdk/plugin/MMPluginOAuth.java, line(s) 48,125,55,112,131,77,110 com/tencent/mm/sdk/plugin/MMPluginProviderConstants.java, line(s) 60,80,101 com/tencent/mm/sdk/storage/ContentProviderDB.java, line(s) 21,29,39,52,58,64,72 com/tencent/mm/sdk/storage/IAutoDBItem.java, line(s) 43,62 com/tencent/mm/sdk/storage/MAutoDBItem.java, line(s) 16 com/tencent/mm/sdk/storage/MAutoStorage.java, line(s) 68,72,102 com/tenkent/tksdk/API.java, line(s) 454 com/tenkent/tksdk/Request.java, line(s) 70,73 com/tenkent/tksdk/Response.java, line(s) 26 com/wbtech/ums/AppInfo.java, line(s) 19,22,23,34 com/wbtech/ums/ClientdataManager.java, line(s) 33,43,50,57,64,71,78,85,92,99,106,113,121,129,37,47,54,61,68,75,82,89,96,103,110,117,125,133,154,25 com/wbtech/ums/CobubLog.java, line(s) 20,38,44,27,13,32 com/wbtech/ums/CommonUtil.java, line(s) 294,66,76,83,104,112,129,141,155,174,180,201,267,272,286 com/wbtech/ums/DeviceInfo.java, line(s) 52,112,149,165,173,238,259,266,286,45,60,67,72,90,95,103,109,120,127,180,229,255 com/wbtech/ums/ErrorManager.java, line(s) 36,52 com/wbtech/ums/EventManager.java, line(s) 47,63,69 com/wbtech/ums/TagManager.java, line(s) 45 com/wbtech/ums/UmsAgent.java, line(s) 206,391 com/wbtech/ums/UpdateManager.java, line(s) 117 com/wbtech/ums/common/MyCrashHandler.java, line(s) 45 com/wbtech/ums/common/NetworkUitlity.java, line(s) 68,37 com/zxing/activity/CaptureActivity.java, line(s) 230,264,269 com/zxing/camera/AutoFocusCallback.java, line(s) 25 com/zxing/camera/CameraConfigurationManager.java, line(s) 35,39,42,48,80,101,118,168,179 com/zxing/camera/CameraManager.java, line(s) 162 com/zxing/camera/FlashlightManager.java, line(s) 14,16,57,69,79,83,87 com/zxing/camera/PreviewCallback.java, line(s) 36 com/zxing/decoding/CaptureActivityHandler.java, line(s) 56,59,67,71 com/zxing/decoding/DecodeHandler.java, line(s) 64 im/yixin/sdk/util/DevicesUtils.java, line(s) 34 im/yixin/sdk/util/SDKHttpUtils.java, line(s) 150 im/yixin/sdk/util/SDKLogger.java, line(s) 13,18,21,9 im/yixin/sdk/util/SDKNetworkUtil.java, line(s) 75 io/agora/live/LiveSubscriber.java, line(s) 30,65 io/agora/rtc/gl/EglBase14.java, line(s) 31 io/agora/rtc/gl/EglRenderer.java, line(s) 488 io/agora/rtc/gl/GlShader.java, line(s) 98,21,42 io/agora/rtc/internal/DeviceUtils.java, line(s) 63,72 io/agora/rtc/internal/RtcEngineImpl.java, line(s) 1225 io/agora/rtc/mediaio/AgoraBufferedCamera2.java, line(s) 102,108,240,246,390,394,431,495 io/agora/rtc/mediaio/AgoraSurfaceView.java, line(s) 130 io/agora/rtc/mediaio/AgoraTextureCamera.java, line(s) 84,134,44,130,99 io/agora/rtc/mediaio/AgoraTextureView.java, line(s) 135 io/agora/rtc/mediaio/BaseVideoRenderer.java, line(s) 249,287 io/agora/rtc/mediaio/SurfaceTextureHelper.java, line(s) 60,117,155,46,88,191 io/agora/rtc/utils/YuvUtils.java, line(s) 135,153,173,339 io/agora/rtc/video/MediaCodecVideoDecoder.java, line(s) 77 io/agora/rtc/video/ViEAndroidGLES20.java, line(s) 118,231,239 io/agora/rtc/video/ViESurfaceRenderer.java, line(s) 66,72,28,43,58,90,99,114,116,123 io/agora/rtc/video/VideoCaptureCamera2.java, line(s) 768,827,883 io/agora/rtc/video/VideoCaptureFactory.java, line(s) 24 org/jivesoftware/smack/ServerTrustManager.java, line(s) 113 org/jivesoftware/smack/util/Base64.java, line(s) 85,86,725,744,787 org/jivesoftware/smack/util/Cache.java, line(s) 285 org/jivesoftware/smack/util/StringUtils.java, line(s) 226,232 org/kobjects/crypt/Crypt.java, line(s) 206 plugins/com/jsict/mobile/plugins/jpush/JpushReceiver.java, line(s) 31,40,52,56,77,91 plugins/com/jsict/mobile/plugins/jpush/Logger.java, line(s) 16,24,8,12,20 plugins/com/jsict/mobile/plugins/jpush/MyReceiver.java, line(s) 34,36,38,40,46,51,23,49 uk/co/senab/photoview/PhotoViewAttacher.java, line(s) 60 uk/co/senab/photoview/log/LoggerDefault.java, line(s) 17,22,47,52,27,32,7,12,37,42
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/alipay/android/app/net/MspX509TrustManager.java, line(s) 41,40,39,39 com/lzy/okgo/https/HttpsUtils.java, line(s) 135,81,133,133
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/gprinter/io/SerialPort.java, line(s) 45
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (yixin.im) 通信。
{'ip': '59.111.179.9', 'country_short': 'CN', 'country_long': 'China', 'region': 'Guangdong', 'city': 'Guangzhou', 'latitude': '23.127361', 'longitude': '113.264252'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (open.weibo.cn) 通信。
{'ip': '36.51.224.49', 'country_short': 'CN', 'country_long': 'China', 'region': 'Beijing', 'city': 'Beijing', 'latitude': '39.907501', 'longitude': '116.397232'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (app.sina.cn) 通信。
{'ip': '49.7.37.16', 'country_short': 'CN', 'country_long': 'China', 'region': 'Beijing', 'city': 'Beijing', 'latitude': '39.907501', 'longitude': '116.397232'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (open.yixin.im) 通信。
{'ip': '59.111.179.9', 'country_short': 'CN', 'country_long': 'China', 'region': 'Guangdong', 'city': 'Guangzhou', 'latitude': '23.127361', 'longitude': '113.264252'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (mobiletestabc.alipaydev.com) 通信。
{'ip': '110.75.132.131', 'country_short': 'CN', 'country_long': 'China', 'region': 'Zhejiang', 'city': 'Hangzhou', 'latitude': '30.293650', 'longitude': '120.161423'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (tsis.jpush.cn) 通信。
{'ip': '124.70.65.163', 'country_short': 'CN', 'country_long': 'China', 'region': 'Guangdong', 'city': 'Guangzhou', 'latitude': '23.127361', 'longitude': '113.264252'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (open.voicecloud.cn) 通信。
{'ip': '42.62.43.219', 'country_short': 'CN', 'country_long': 'China', 'region': 'Beijing', 'city': 'Beijing', 'latitude': '39.907501', 'longitude': '116.397232'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (www.weibo.com) 通信。
{'ip': '106.63.15.10', 'country_short': 'CN', 'country_long': 'China', 'region': 'Yunnan', 'city': 'Kunming', 'latitude': '25.038891', 'longitude': '102.718330'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (bjuser.jpush.cn) 通信。
{'ip': '122.9.15.248', 'country_short': 'CN', 'country_long': 'China', 'region': 'Guangdong', 'city': 'Guangzhou', 'latitude': '23.127361', 'longitude': '113.264252'}