安全分析报告:
安全分数
安全分数 51/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
1
用户/设备跟踪器
调研结果
高危
1
中危
46
信息
4
安全
2
关注
4
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: org/telegram/ui/ArticleViewer.java, line(s) 6756,61,62 org/telegram/ui/Components/EmbedBottomSheet.java, line(s) 741,746,34,35
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Service (org.telegram.messenger.GcmPushListenerService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.GoogleVoiceClientService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (org.telegram.messenger.GoogleVoiceClientActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity-Alias (org.telegram.messenger.DefaultIcon) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity-Alias (org.telegram.messenger.VintageIcon) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity-Alias (org.telegram.messenger.AquaIcon) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity-Alias (org.telegram.messenger.PremiumIcon) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity-Alias (org.telegram.messenger.TurboIcon) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity-Alias (org.telegram.messenger.NoxIcon) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity-Alias (org.telegram.ui.CallsActivity) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.CALL_PHONE [android:exported=true] 发现一个 Activity-Alias被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Activity (org.telegram.ui.ShareActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (org.telegram.ui.ExternalActionActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (org.telegram.ui.ChatsWidgetConfigActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (org.telegram.ui.ContactsWidgetConfigActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (org.telegram.messenger.OpenChatReceiver) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity设置了TaskAffinity属性
(org.telegram.ui.VoIPPermissionActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity设置了TaskAffinity属性
(org.telegram.ui.VoIPFeedbackActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Broadcast Receiver (org.telegram.messenger.SmsReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.AuthenticatorService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.ContactsSyncAdapterService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.BringAppForegroundService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.NotificationsService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.VideoEncodingService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.ImportingService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.LocationSharingService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.MusicPlayerService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.MusicBrowserService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.voip.TelegramConnectionService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_TELECOM_CONNECTION_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (org.telegram.messenger.RefererReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.INSTALL_PACKAGES [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Content Provider (org.telegram.messenger.voip.CallNotificationSoundProvider) 未被保护。
[android:exported=true] 发现 Content Provider与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (androidx.sharetarget.ChooserTargetServiceCompat) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_CHOOSER_TARGET_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 IP地址泄露
IP地址泄露 Files: com/tencent/qimei/c/c.java, line(s) 121 com/tencent/qimei/upload/BuildConfig.java, line(s) 13 cos/MyCOSService.java, line(s) 488,514,497,523,504,530,496,522,501,527,502,528,511,537,509,535,500,526,493,519,510,536,508,534,499,525,492,518,489,515,490,516,491,517,507,533,415,621,498,524,505,531,506,532,495,521,487,513,503,529,494,520 org/telegram/messenger/EmuDetector.java, line(s) 19
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/github/gzuliyujiang/oaid/DeviceID.java, line(s) 309,310 com/hbisoft/hbrecorder/HBRecorder.java, line(s) 153 com/hbisoft/hbrecorder/ScreenRecordService.java, line(s) 165 com/lxj/xpopup/util/XPopupUtils.java, line(s) 323,346 org/telegram/messenger/AndroidUtilities.java, line(s) 643,2738,642,1886,1918,1928,2690,2691 org/telegram/messenger/EmuDetector.java, line(s) 226 org/telegram/messenger/FilesMigrationService.java, line(s) 101,85,197 org/telegram/messenger/MediaController.java, line(s) 3902,3904 org/telegram/messenger/SharedConfig.java, line(s) 1077 org/telegram/messenger/voip/VoIPController.java, line(s) 207 org/telegram/ui/ChatActivity.java, line(s) 4966,11721,11729 org/telegram/ui/Components/ChatAttachAlertDocumentLayout.java, line(s) 966,1168,1168,1168,1171 org/telegram/ui/Components/voip/VoIPHelper.java, line(s) 798,832
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/shubao/xinstall/a/b/b.java, line(s) 46 org/telegram/messenger/BuildVars.java, line(s) 177 org/telegram/messenger/ImageReceiver.java, line(s) 512 org/telegram/messenger/MediaDataController.java, line(s) 222,228,227 org/telegram/messenger/voip/Instance.java, line(s) 230,202,212 org/telegram/ui/Adapters/MentionsAdapter.java, line(s) 672 org/telegram/ui/ArticleViewer.java, line(s) 3443 org/telegram/ui/ChannelCreateActivity.java, line(s) 177 org/telegram/ui/DataAutoDownloadActivity.java, line(s) 76,91,84 org/telegram/ui/PremiumPreviewFragment.java, line(s) 1617,1562 org/telegram/ui/TopicsFragment.java, line(s) 2870,2863
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/tencent/qimei/y/g.java, line(s) 45,42 com/tencent/qimei/y/k.java, line(s) 45,43 org/telegram/ui/ArticleViewer.java, line(s) 6641,6635 org/telegram/ui/Components/BotWebViewContainer.java, line(s) 349,314 org/telegram/ui/Components/EmbedBottomSheet.java, line(s) 720,258 org/telegram/ui/Components/WebPlayerView.java, line(s) 1125,1132 org/telegram/ui/LoginActivity.java, line(s) 1675,3278,1673,3276 org/telegram/ui/WebviewActivity.java, line(s) 228,215
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/github/gzuliyujiang/oaid/impl/OppoImpl.java, line(s) 75 com/shubao/xinstall/a/a/d.java, line(s) 109 com/shubao/xinstall/a/f/c.java, line(s) 14 com/shubao/xinstall/a/f/i.java, line(s) 97 com/tencent/qmsp/oaid2/h0.java, line(s) 72 com/tencent/qmsp/sdk/g/g/e.java, line(s) 74 org/telegram/messenger/Utilities.java, line(s) 335,349 org/telegram/ui/PassportActivity.java, line(s) 2000
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/shubao/xinstall/a/f/c.java, line(s) 40 com/tencent/qimei/j/a.java, line(s) 29 com/tencent/qmsp/oaid2/l.java, line(s) 78 com/tencent/qmsp/sdk/a/c.java, line(s) 42,107 com/tencent/qmsp/sdk/g/b/c.java, line(s) 71 org/telegram/messenger/MessagesController.java, line(s) 5620 org/telegram/messenger/Utilities.java, line(s) 480
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/carrotsearch/randomizedtesting/Xoroshiro128PlusRandom.java, line(s) 3 com/tencent/qimei/j/a.java, line(s) 9 com/tencent/qimei/s/e.java, line(s) 3 com/tencent/qmsp/sdk/f/c.java, line(s) 6 cos/MyCOSService.java, line(s) 25 j$/util/concurrent/ThreadLocalRandom.java, line(s) 18 org/telegram/messenger/Utilities.java, line(s) 17 org/telegram/ui/Components/AudioVisualizerDrawable.java, line(s) 6 org/telegram/ui/Components/AvatarsDrawable.java, line(s) 11 org/telegram/ui/Components/BlobDrawable.java, line(s) 7 org/telegram/ui/Components/CircleBezierDrawable.java, line(s) 7 org/telegram/ui/Components/FlickerLoadingView.java, line(s) 12 org/telegram/ui/Components/GroupCallPipButton.java, line(s) 17 org/telegram/ui/Components/LineBlobDrawable.java, line(s) 6 org/telegram/ui/Components/SharedMediaFastScrollTooltip.java, line(s) 15 org/telegram/ui/EmojiAnimationsOverlay.java, line(s) 11 org/xbill/DNS/Header.java, line(s) 5 q/rorbin/badgeview/BadgeAnimator.java, line(s) 12
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/tencent/qimei/y/g.java, line(s) 43,42 com/tencent/qimei/y/k.java, line(s) 38,43 org/telegram/ui/JMTBaiduMapActivity.java, line(s) 82,77 org/telegram/ui/JMTMapPreviewActivity.java, line(s) 71,65
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: org/telegram/ui/Components/Paint/Slice.java, line(s) 22
中危 应用程序包含隐私跟踪程序
此应用程序有多个1隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 Xinstall推广SDK的=> "com.xinstall.APP_KEY" : "xInstallAppKey" openinstall统计的=> "com.openinstall.APP_KEY" : "c8gqdh" 谷歌地图的=> "com.google.android.maps.v2.API_KEY" : "AIzaSyA-t0jLPjUt2FxrA8VPK2EiYHcYcboIR6k" "UseProxySecret" : "Sleutel" "UseProxySecret" : "Secret" "CancelPasswordResetNo" : "NO" "JMTUsername" : "Username" "UseProxySecret" : "Segreto " "PasswordCode" : "Code" "RestorePasswordNoEmailTitle" : "Spiacenti" "TypePrivateGroup" : "Privat" "UsernameLinkActive" : "positif" "PasswordOn" : "Ein" "AbortPasswordMenu" : "Interromper" "UsernameProfileLinkActive" : "positif" "UseProxyPassword" : "Wachtwoord" "YourPasswordSuccess" : "Kesuksesan!" "UseProxyUsername" : "Usuario" "PasscodePassword" : "Senha" "UseProxyUsername" : "Benutzername" "firebase_database_url" : "https://tmessages2.firebaseio.com" "PasswordOff" : "No" "CheckPasswordPerfect" : "Perfect!" "UsernameProfileLinkActive" : "active" "PaymentPasswordTitle" : "Password" "ReportSpamUser" : "BLOQUEAR" "TypePrivate" : "pribadi" "PasswordOn" : "Activada" "UseProxySecret" : "Clave" "YourPasswordSuccess" : "Success!" "UseProxySecret" : "Segredo" "CancelPasswordResetNo" : "TIDAK" "RestorePasswordNoEmailTitle" : "Sorry" "NotificationHiddenChatUserName" : "Nutzer" "PasswordOn" : "menyalakan" "PasswordRecovery" : "Wachtwoordherstel" "PasswordOff" : "Desactivada" "LoginPassword" : "Senha" "PasswordOff" : "Off" "PasscodePassword" : "Wachtwoord" "google_api_key" : "AIzaSyA-t0jLPjUt2FxrA8VPK2EiYHcYcboIR6k" "Username" : "Gebruikersnaam" "UsernameLinkActive" : "active" "YourPasswordSuccess" : "Gelukt!" "PaymentPasswordTitle" : "Senha" "NotificationHiddenChatUserName" : "User" "TypePrivate" : "Privat" "PasswordCode" : "Codice" "TypePrivateGroup" : "Privado" "LoginPassword" : "Passwort" "TypePrivate" : "Privado" "google_app_id" : "1:760348033671:android:f6afd7b67eae3860" "TypePrivateGroup" : "Private" "CancelPasswordResetYes" : "Ya" "PasswordOn" : "Aan" "UseProxyPassword" : "Passwort" "UseProxyUsername" : "Username" "NotificationHiddenChatUserName" : "Usuario" "PasswordOff" : "Uit" "AutodownloadPrivateChats" : "Chats" "NotificationHiddenChatUserName" : "Gebruiker" "PasswordOn" : "On" "PasscodePassword" : "Passwort" "UseProxyPassword" : "Senha" "UseProxyPassword" : "Password" "NotificationHiddenChatUserName" : "Utente" "ChannelPrivate" : "privat" "ReportSpamUser" : "BLOKKEREN" "PaymentPasswordTitle" : "Passwort" "TypePrivateGroup" : "pribadi" "PasswordOff" : "penutup" "PaymentPasswordEmailTitle" : "Wiederherstellung" "TypePrivate" : "Private" "EncryptionKey" : "Encryptiesleutel" "NotificationHiddenChatUserName" : "Pengguna" "Username" : "Benutzername" "PasscodePassword" : "Password" "google_crash_reporting_api_key" : "AIzaSyA-t0jLPjUt2FxrA8VPK2EiYHcYcboIR6k" "PaymentPasswordEmailTitle" : "Herstel-e-mailadres" "RestorePasswordNoEmailTitle" : "Desculpe" "TerminateWebSessionStop" : "Cahaya%1$s" "LoginPassword" : "Password" "TypePrivate" : "Privato" "UseProxyUsername" : "Gebruiker" "Username" : "Username" "PasswordOff" : "Desativada" "CancelPasswordResetYes" : "YES" "YourPasswordSuccess" : "Geschafft!" "TypePrivateGroup" : "Privato" "LoginPassword" : "Wachtwoord" "PasswordOff" : "Aus" "PaymentPasswordTitle" : "Wachtwoord" "YourPasswordSuccess" : "Fatto!" "CheckPasswordPerfect" : "sempurna!" "PasswordOn" : "Ativada" "UseProxySecret" : "gram" L3N5c3RlbS9ldGMvZXhjbHVkZWQtaW5wdXQtZGV2aWNlcy54bWw= YW5kcm9pZC5oYXJkd2FyZS5ibHVldG9vdGg= C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5B Ldpv3DINc8b4Mg19EF0rkWBg7d2GJMJ3 bGV2ZWxfaXBhX3RzcmlmLnRjdWRvcnAub3I= BvyoNmnTUIqvZufrqy6EPc/QFvgcZwweLUQZMPRjS0yO7ir5gj50GehaWU1uVA== ABVGDE2JZIQKLMNOPRSTUFHC34WXY9678 014b35b6184100b085b0d0572f9b5103 c06c8400-8e06-11e0-9cb6-0002a5d5c51b bb392ec0-8d4d-11e0-a896-0002a5d5c51b YW5kcm9pZC5oYXJkd2FyZS5jYW1lcmEuZmxhc2g= A406AAA462DF6EEC06E61D67
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: cn/jzvd/JZTextureView.java, line(s) 43,70,71 cn/jzvd/JZUtils.java, line(s) 70 cn/jzvd/Jzvd.java, line(s) 110,121,248,392,414,508,613,653,655,664,668,782,818,678,260,384,397,451,469,491,497,541,551,561,567,572,585,611,633,639,645,688,720,842,854,927,936,946 cn/jzvd/JzvdStd.java, line(s) 111,174 com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java, line(s) 1802,1201,1301,1305,1382,1386,583,694,1475,1484,1513,1518,2204 com/davemorrissey/labs/subscaleview/decoder/SkiaPooledImageRegionDecoder.java, line(s) 381 com/github/gzuliyujiang/dialog/DialogLog.java, line(s) 10 com/github/gzuliyujiang/oaid/OAIDLog.java, line(s) 13 com/hbisoft/hbrecorder/ScreenRecordService.java, line(s) 217 com/lxj/xpopup/core/BasePopupView.java, line(s) 877,881,885,889 com/lxj/xpopup/util/KeyboardUtils.java, line(s) 30 com/lxj/xpopup/util/XPermission.java, line(s) 302 com/lxj/xpopup/widget/SmartDivider.java, line(s) 27 com/shubao/xinstall/a/a/a/d.java, line(s) 152,155,150 com/shubao/xinstall/a/a/d.java, line(s) 125 com/shubao/xinstall/a/b/b.java, line(s) 46 com/shubao/xinstall/a/b/d.java, line(s) 69 com/shubao/xinstall/a/c/c.java, line(s) 10 com/shubao/xinstall/a/c/e.java, line(s) 43,52 com/shubao/xinstall/a/f/a.java, line(s) 188,223,228,238,249,261,295,301,310,323 com/shubao/xinstall/a/f/d.java, line(s) 24,28 com/shubao/xinstall/a/f/e.java, line(s) 117 com/shubao/xinstall/a/f/i.java, line(s) 137,140,145,148,153,156 com/shubao/xinstall/a/f/o.java, line(s) 9,17,13 com/shubao/xinstall/b.java, line(s) 12,13,14,15,16 com/tencent/qimei/k/a.java, line(s) 49,14,43 com/tencent/qmsp/oaid2/c.java, line(s) 11,17,23 com/tencent/qmsp/oaid2/j.java, line(s) 32,46 com/tencent/qmsp/oaid2/y.java, line(s) 15 com/tencent/qmsp/sdk/base/c.java, line(s) 11,21,27 com/tencent/qmsp/sdk/f/g.java, line(s) 11,21,27,33 com/tencent/qmsp/sdk/g/b/a.java, line(s) 36,54 com/tencent/qmsp/sdk/g/b/b.java, line(s) 38,47,41 com/tencent/qmsp/sdk/g/e/d.java, line(s) 20 cos/MyCOSService.java, line(s) 180,196,208,236,242,247,295,300,326,335,342,588,592,606,607,613 io/nlopez/smartlocation/utils/LoggerFactory.java, line(s) 49,64,69,54,59 org/telegram/PhoneFormat/PhoneFormat.java, line(s) 111,116,137,144,154,162,212 org/telegram/SQLite/SQLiteCursor.java, line(s) 98,103 org/telegram/SQLite/SQLiteDatabase.java, line(s) 60,77 org/telegram/SQLite/SQLitePreparedStatement.java, line(s) 104,112 org/telegram/messenger/AndroidUtilities.java, line(s) 1797,1934,1959,1964,2562,2696,2703,332,388,471,569,607,933,970,1197,1228,1347,1363,1531,1540,1696,1760,1789,1845,1864,1930,1967,1976,2075,2079,2206,2222,2233,2282,2299,2303,2404,2530,2545,2660,2682,2740,2832,2998,3010,3054,4050,4068,4296,4306,4314,4354,4370,4576,4585,4633 org/telegram/messenger/AnimatedFileDrawableStream.java, line(s) 54,113 org/telegram/messenger/ApplicationLoader.java, line(s) 187,210,235,236,255,376,558,143,386,426,443,457,481,526,550 org/telegram/messenger/AuthTokensHelper.java, line(s) 69 org/telegram/messenger/BillingController.java, line(s) 227,310,314,332,113 org/telegram/messenger/ChatObject.java, line(s) 289,297,487,867,879,903,911,1054,1063,1076,1086,1171 org/telegram/messenger/ChatThemeController.java, line(s) 66,150,296,363,395 org/telegram/messenger/ContactsController.java, line(s) 528,545,561,813,909,918,942,1087,1092,1123,1187,1210,1736,1878,175,184,676,701,864,1421,1429,1673,1677,1686,1973,2637,2669 org/telegram/messenger/ContactsRemoteViewsFactory.java, line(s) 163 org/telegram/messenger/ContactsSyncAdapterService.java, line(s) 49,30 org/telegram/messenger/DatabaseMigrationHelper.java, line(s) 1225,1335,551,604,650,674,698,722,769,985,1239,1243 org/telegram/messenger/DispatchQueue.java, line(s) 52,63,76,89 org/telegram/messenger/DispatchQueuePoolBackground.java, line(s) 122 org/telegram/messenger/DocumentObject.java, line(s) 96 org/telegram/messenger/DownloadController.java, line(s) 1077,1159,1251,1303,1375,1427,1485,1490 org/telegram/messenger/Emoji.java, line(s) 156,166,438,704,716 org/telegram/messenger/EmuInputDevicesDetector.java, line(s) 57 org/telegram/messenger/FeedRemoteViewsFactory.java, line(s) 139 org/telegram/messenger/FileLoadOperation.java, line(s) 825,1100,1102,1150,1303,1305,1391,1471,1587,1610,1632,1636,603,612,673,946,956,966,976,987,1011,1017,1025,1031,1039,1045,1053,1060,1069 org/telegram/messenger/FileLoader.java, line(s) 1602,162,992,1406,1414,1422,1431 org/telegram/messenger/FileLog.java, line(s) 100,101,102,103,135,136,137,394,249,274,421 org/telegram/messenger/FilePathDatabase.java, line(s) 64,74,120,190,224,293,87,140,199,229,291,295,327,343,356,388,425,496 org/telegram/messenger/FileRefController.java, line(s) 706,829,931 org/telegram/messenger/FileStreamLoadOperation.java, line(s) 160 org/telegram/messenger/FileUploadOperation.java, line(s) 113,137,205 org/telegram/messenger/FilesMigrationService.java, line(s) 108,143,148,163,167 org/telegram/messenger/FingerprintController.java, line(s) 32,47,68,73,86,111,129 org/telegram/messenger/GcmPushListenerService.java, line(s) 13,29 org/telegram/messenger/ImageLoader.java, line(s) 1508,311,341,353,372,410,429,450,743,761,1323,1592,1607,1674,1682,1692,2306,2318,2343,2408,2414,2489 org/telegram/messenger/ImageReceiver.java, line(s) 1286,1422,1460,1520,1571,1628 org/telegram/messenger/ImportingService.java, line(s) 38,75 org/telegram/messenger/KeepAliveJob.java, line(s) 28,42,48,65,77 org/telegram/messenger/LanguageDetector.java, line(s) 39,45,51 org/telegram/messenger/LinkifyPort.java, line(s) 42 org/telegram/messenger/LiteMode.java, line(s) 148,161 org/telegram/messenger/LocaleController.java, line(s) 716,1107,1155,1176,2640,2656,2666,2669,2703,2717,2777,2850,2889,2910,2925,2939,2955,2971,3884,553,558,881,1038,1044,1050,1061,1207,1256,1352,1400,2028,2129,2154,2170,2186,2205,2227,2243,2272,2321,2463,2479,2503,2545,2555,2725,2780,3840,3860 org/telegram/messenger/LocationController.java, line(s) 339,415,781,843,928,993,1084 org/telegram/messenger/LocationSharingService.java, line(s) 160 org/telegram/messenger/MediaController.java, line(s) 972,1529,1617,1654,1672,1688,1700,1710,3521,3533,3659,3692,3706,715,855,863,922,927,932,937,955,981,990,1110,1126,1204,1221,1270,1281,1354,1511,1941,1951,1984,2107,2333,2347,2730,2736,2849,2988,3057,3107,3170,3359,3399,3514,3557,3567,3624,3682,3709,3779,3782,3953,3984,4021,4029,4037,4067,4106,4114,4126,4183,4206,4214,4217,4228,4247,4258,4264,4270,4289,4299,4439,4518,4614,4630,4636 org/telegram/messenger/MediaDataController.java, line(s) 4684,622,857,942,1027,1188,1287,1433,1490,1556,1812,1934,1989,2357,2580,2668,3172,3298,3458,3595,3811,4820,4865,5078,5189,5260,5290,5433,5536,5694,5769,5786,5966,6111,6272,6435,7032,7133,7356,7406,7459,7507,7542,7806,7882,7998,8235,8477,8589 org/telegram/messenger/MessageObject.java, line(s) 626,1012,1167,1390,2813,2910,3002,3008 org/telegram/messenger/MessagesController.java, line(s) 5044,7121,7162,7167,7208,7220,7230,7253,7259,7266,7283,7295,9075,9084,10111,10515,10548,10696,10958,11220,11434,11486,11537,11543,11554,13482,13497,13653,13662,13675,13741,13750,13762,14117,920,966,2049,2065,2092,2662,3410,3959,4762,6045,8327,8369,8420,10977,11350,11461,12273,12299,12367,12387,13810,14346,14494,14583,15169,15974,16156,16309 org/telegram/messenger/MessagesStorage.java, line(s) 416,422,702,707,448,456,466,473,529,539,547,730,845,855,858,861,6041 org/telegram/messenger/MusicBrowserService.java, line(s) 202,284,333,460 org/telegram/messenger/MusicPlayerService.java, line(s) 192,427 org/telegram/messenger/NativeLoader.java, line(s) 46,54 org/telegram/messenger/NotificationBadge.java, line(s) 203,490 org/telegram/messenger/NotificationCenter.java, line(s) 1312 org/telegram/messenger/NotificationImageProvider.java, line(s) 113 org/telegram/messenger/NotificationsController.java, line(s) 254,401,457,1376,1443,1458,1502,1517,1564,229,234,241,265,301,376,398,406,1141,1156,1228,1297,1314,1327,1355,1359,1368,1382,1440,1455,1464,1499,1514,1524,1572,1636,1798,1860,1895,1899,1908,1793 org/telegram/messenger/NotificationsDisabledReceiver.java, line(s) 32,36,49,58,72,86 org/telegram/messenger/OpenChatReceiver.java, line(s) 34 org/telegram/messenger/PushListenerController.java, line(s) 126,140,146,150,283,286,313,78,84,305,332 org/telegram/messenger/ScreenReceiver.java, line(s) 13,19 org/telegram/messenger/SecretChatHelper.java, line(s) 699,774,797,889,1080,1213,1463,1492,1536,1553 org/telegram/messenger/SendMessagesHelper.java, line(s) 777,3430,3436,3451,3461,3475,4252,5392,5412,5420,5426,821,826,835,1584,1601,1991,2844,4589,4656,4720,4910,5229 org/telegram/messenger/SharedConfig.java, line(s) 1192,361,441,456,482,496,650,946,1099 org/telegram/messenger/SmsReceiver.java, line(s) 47 org/telegram/messenger/SvgHelper.java, line(s) 455,474,487,500,513,528,542,558,1619 org/telegram/messenger/TopicsController.java, line(s) 108,134,161,1025 org/telegram/messenger/TranslateController.java, line(s) 368,373,378,397,1097,1140 org/telegram/messenger/UserConfig.java, line(s) 244 org/telegram/messenger/UserNameResolver.java, line(s) 36 org/telegram/messenger/Utilities.java, line(s) 111,339,355,384,397,408,420,439,456,487 org/telegram/messenger/VideoEditedInfo.java, line(s) 410 org/telegram/messenger/VideoEncodingService.java, line(s) 36,92,54 org/telegram/messenger/XiaomiUtilities.java, line(s) 45 org/telegram/messenger/browser/Browser.java, line(s) 86,101 org/telegram/messenger/camera/CameraController.java, line(s) 168,203,550,567,586,185,220,261,349,364,369,421,438,464,476,508,540,593,622,683,693,717,746,749,808,813,819,824,832,855 org/telegram/messenger/camera/CameraSession.java, line(s) 198,202,133,192,247,265,322,335,351,356,448 org/telegram/messenger/camera/CameraView.java, line(s) 451,831,1113,1143,1257,1287,1436,1500,1616,839,847,856,869,880,887,906,924,942,951,1005,1015,1236,1469,1540,1549,1559,1567,1680,1758,1763,1771 org/telegram/messenger/ringtone/RingtoneDataStore.java, line(s) 49,367 org/telegram/messenger/secretmedia/ExtendedDefaultDataSource.java, line(s) 194 org/telegram/messenger/support/JobIntentService.java, line(s) 135 org/telegram/messenger/support/customtabsclient/shared/CustomTabsHelper.java, line(s) 70 org/telegram/messenger/support/fingerprint/FingerprintManagerCompatApi23.java, line(s) 38,51,60 org/telegram/messenger/utils/BitmapsCache.java, line(s) 311 org/telegram/messenger/utils/CopyUtilities.java, line(s) 91 org/telegram/messenger/video/AudioRecoder.java, line(s) 62 org/telegram/messenger/video/MediaCodecVideoConvertor.java, line(s) 61 org/telegram/messenger/video/TextureRenderer.java, line(s) 83,85,206 org/telegram/messenger/voip/AudioRecordJNI.java, line(s) 245,64,77,93,112,136,178,210,236,108,218,61,74,90 org/telegram/messenger/voip/AudioTrackJNI.java, line(s) 37,60,114,124,122,31 org/telegram/messenger/voip/Instance.java, line(s) 98 org/telegram/messenger/voip/JNIUtilities.java, line(s) 93 org/telegram/messenger/voip/NativeInstance.java, line(s) 142,276,306 org/telegram/messenger/voip/TelegramConnectionService.java, line(s) 33,70,50,60,18,26 org/telegram/messenger/voip/VideoCapturerDevice.java, line(s) 429 org/telegram/messenger/voip/VoIPServerConfig.java, line(s) 19 org/telegram/messenger/voip/VoIPService.java, line(s) 1255,1710,1967,2088,3092,3108,3128,3233,3460,3867,3883,3920,3927,3934,4054,4069,4199,4242,4383,4420,4427,4435,4551,4609,4767,4991,5002,5030,5042,5049,343,382,390,565,818,879,1174,1228,1253,1276,1313,1758,2001,3027,3266,3453,3576,3630,3698,3715,3777,3858,3940,4110,4122,4165,4266,4275,4321,4351,4393,4573,4603,4906,4917,885,908,1269,1309,1774,3766 org/telegram/tgnet/ConnectionsManager.java, line(s) 377,434,444,446,532,631,639,655,671,674,686,759,797,967,973,976,398,424,456,689,768,850,862,880,982,1022,416 org/telegram/tgnet/NativeByteBuffer.java, line(s) 132,133,148,149,175,176,191,192,212,213,222,223,231,232,268,269,305,306,317,318,355,405,406,424,440,441,455,456,469,470,506,507,537,538,574,575,591,592 org/telegram/tgnet/SerializedData.java, line(s) 70,79,88,97,116,117,140,141,170,171,186,187,202,203,218,219,255,256,267,268,304,305,316,317,327,328,357,384,401,402,417,418,459,460,494,495,511,512,527,528,545,546,566,567 org/telegram/tgnet/TLClassStore.java, line(s) 50 org/telegram/tgnet/TLRPC$ChatPhoto.java, line(s) 101 org/telegram/tgnet/TLRPC$TL_chatPhoto.java, line(s) 39 org/telegram/tgnet/TLRPC$TL_userProfilePhoto.java, line(s) 36 org/telegram/tgnet/TLRPC$UserProfilePhoto.java, line(s) 61 org/telegram/ui/ActionBar/ActionBarLayout.java, line(s) 1304,1161,1165,1835,2648 org/telegram/ui/ActionBar/ActionBarPopupWindow.java, line(s) 177,580,680 org/telegram/ui/ActionBar/AlertDialog.java, line(s) 903,1189 org/telegram/ui/ActionBar/BaseFragment.java, line(s) 283,295,321,336,468,563,575,619,633 org/telegram/ui/ActionBar/BottomSheet.java, line(s) 840,1446,1578,1602 org/telegram/ui/ActionBar/DrawerLayoutContainer.java, line(s) 492 org/telegram/ui/ActionBar/EmojiThemes.java, line(s) 403,472 org/telegram/ui/ActionBar/Theme.java, line(s) 5131,5180,2091,2683,2699,2763,2902,2950,3166,3174,3537,4592,4599,4653,4740,4763,5578,5599,5613,5732,5744,7493,7540,7735,7762,5423 org/telegram/ui/ActionBar/ThemeDescription.java, line(s) 787 org/telegram/ui/ActionIntroActivity.java, line(s) 774,844,931 org/telegram/ui/Adapters/ContactsAdapter.java, line(s) 109 org/telegram/ui/Adapters/DialogsAdapter.java, line(s) 348 org/telegram/ui/Adapters/DialogsSearchAdapter.java, line(s) 743,786,833,859 org/telegram/ui/Adapters/SearchAdapter.java, line(s) 114,135,486 org/telegram/ui/Adapters/SearchAdapterHelper.java, line(s) 334,520,578 org/telegram/ui/ArticleViewer.java, line(s) 1261,4373,4422,4441,4585,4594,4616,4629,6616,6626,6727,6750,6777,9013,9388 org/telegram/ui/BasePermissionsActivity.java, line(s) 100 org/telegram/ui/BubbleActivity.java, line(s) 294,298,89 org/telegram/ui/CacheControlActivity.java, line(s) 308,431,537,544,889,1368,1421 org/telegram/ui/CameraScanActivity.java, line(s) 742,753,1001 org/telegram/ui/Cells/AboutLinkCell.java, line(s) 233,305,526 org/telegram/ui/Cells/AudioPlayerCell.java, line(s) 88,99 org/telegram/ui/Cells/BotHelpCell.java, line(s) 179 org/telegram/ui/Cells/ChatActionCell.java, line(s) 440,819,824 org/telegram/ui/Cells/ChatMessageCell.java, line(s) 3410,4026,4140,4168 org/telegram/ui/Cells/DialogCell.java, line(s) 780,887,1903 org/telegram/ui/Cells/DialogMeUrlCell.java, line(s) 210,225,307 org/telegram/ui/Cells/DrawerActionCell.java, line(s) 99,108 org/telegram/ui/Cells/DrawerProfileCell.java, line(s) 445 org/telegram/ui/Cells/SettingsSuggestionCell.java, line(s) 127 org/telegram/ui/Cells/SharedAudioCell.java, line(s) 175,208 org/telegram/ui/Cells/TextSelectionHelper.java, line(s) 1057,1058 org/telegram/ui/Cells/ThemesHorizontalListCell.java, line(s) 328 org/telegram/ui/ChangeBioActivity.java, line(s) 254,265 org/telegram/ui/ChangeUsernameActivity.java, line(s) 127,1471,1485,1494,1503 org/telegram/ui/ChannelAdminLogActivity.java, line(s) 968,994,349,1743,2503,2512,2521,2530,2539,2548,2557,2566,348,348,352 org/telegram/ui/ChannelCreateActivity.java, line(s) 1186,1327,1341 org/telegram/ui/ChatActivity.java, line(s) 3752,3782,3809,6595,12159,16440,17775,17792,17809,17828,17852,17869,2655,3931,4346,7986,8468,8651,8703,10513,10523,11328,11645,14110,14872,15616,17104,17769,17786,17803,17820,17846,17863,17880,18769,19178,19197,19227,5014,5018,11733 org/telegram/ui/ChatEditActivity.java, line(s) 879 org/telegram/ui/ChatRightsEditActivity.java, line(s) 936,963 org/telegram/ui/ChatUsersActivity.java, line(s) 2041 org/telegram/ui/Components/AlertsCreator.java, line(s) 277,308,355,388,1346,1411,1426,2334,5084,5141,5850 org/telegram/ui/Components/AnimatedEmojiDrawable.java, line(s) 732,241,273 org/telegram/ui/Components/AvatarDrawable.java, line(s) 465 org/telegram/ui/Components/BlockingUpdateView.java, line(s) 280,284 org/telegram/ui/Components/BlurBehindDrawable.java, line(s) 139,391 org/telegram/ui/Components/BotWebViewContainer.java, line(s) 249,700,1037,1047,1057,1104,1131 org/telegram/ui/Components/BotWebViewMenuContainer.java, line(s) 869 org/telegram/ui/Components/BotWebViewSheet.java, line(s) 929 org/telegram/ui/Components/ChatActivityEnterView.java, line(s) 2613,3463,3534,4534,6631,6649,6661,6720,7365,7385,7604,7652 org/telegram/ui/Components/ChatAttachAlertAudioLayout.java, line(s) 614 org/telegram/ui/Components/ChatAttachAlertBotWebViewLayout.java, line(s) 562 org/telegram/ui/Components/ChatAttachAlertDocumentLayout.java, line(s) 212,699,962,969 org/telegram/ui/Components/ChatAttachAlertLocationLayout.java, line(s) 115,133,417,440,458,466 org/telegram/ui/Components/ChatAttachAlertPhotoLayout.java, line(s) 3237,3676,3690 org/telegram/ui/Components/ChatAvatarContainer.java, line(s) 691 org/telegram/ui/Components/ChatThemeBottomSheet.java, line(s) 1155,1334 org/telegram/ui/Components/ClippingImageView.java, line(s) 232 org/telegram/ui/Components/Crop/CropView.java, line(s) 1158,964,1106 org/telegram/ui/Components/EditTextBoldCursor.java, line(s) 345,589,766,840,849 org/telegram/ui/Components/EditTextCaption.java, line(s) 283,414,441,482,548 org/telegram/ui/Components/EditTextEmoji.java, line(s) 146,716,744 org/telegram/ui/Components/EmbedBottomSheet.java, line(s) 224,356,384,398,420,463,536,543,732,751,764,846,872,939 org/telegram/ui/Components/EmojiColorPickerWindow.java, line(s) 442 org/telegram/ui/Components/EmojiPacksAlert.java, line(s) 849,1323,1720 org/telegram/ui/Components/EmojiView.java, line(s) 1304,1740,2071,5929,7200 org/telegram/ui/Components/FilterGLThread.java, line(s) 107,180,213,220,229,240,251,258,334,439 org/telegram/ui/Components/FilterShaders.java, line(s) 950,951 org/telegram/ui/Components/ForegroundDetector.java, line(s) 82,119,89,126 org/telegram/ui/Components/ForwardingPreviewView.java, line(s) 743 org/telegram/ui/Components/GroupCallPipAlertView.java, line(s) 202 org/telegram/ui/Components/GroupVoipInviteAlert.java, line(s) 405 org/telegram/ui/Components/ImageUpdater.java, line(s) 644,677,715,747,1009,1016 org/telegram/ui/Components/InstantCameraView.java, line(s) 590,602,608,1040,1114,1142,1151,1158,1322,1327,1572,1593,1861,2172,530,582,790,898,1145,1155,1185,1198,1230,1242,1335,1342,1351,1362,1373,1403,1430,1435,1441,1450,1504,1675,1680,1688,1925,1948,1957,1968,1976,2095,2144,2242 org/telegram/ui/Components/JoinCallAlert.java, line(s) 230,295 org/telegram/ui/Components/LetterDrawable.java, line(s) 113 org/telegram/ui/Components/LinkActionView.java, line(s) 227,245 org/telegram/ui/Components/MotionBackgroundDrawable.java, line(s) 321,542 org/telegram/ui/Components/Paint/RenderView.java, line(s) 393,400,409,420,431,438,457,616 org/telegram/ui/Components/Paint/Shader.java, line(s) 19,27,82,92 org/telegram/ui/Components/Paint/ShapeDetector.java, line(s) 233,294,607 org/telegram/ui/Components/Paint/Slice.java, line(s) 24,54,88 org/telegram/ui/Components/Paint/Utils.java, line(s) 12 org/telegram/ui/Components/Paint/Views/LPhotoPaintView.java, line(s) 1695,1702,1720,1972,3603,3631 org/telegram/ui/Components/PasscodeView.java, line(s) 176,293,1208,1218,1248,1301,1317,1345,1365,1386,1396 org/telegram/ui/Components/PathAnimator.java, line(s) 101 org/telegram/ui/Components/PhonebookShareAlert.java, line(s) 310,368,804 org/telegram/ui/Components/PhotoViewerCaptionEnterView.java, line(s) 188,552,849,870,895,928,1047 org/telegram/ui/Components/PhotoViewerWebView.java, line(s) 404,581,706 org/telegram/ui/Components/PipRoundVideoView.java, line(s) 267 org/telegram/ui/Components/Premium/GLIcon/GLIconTextureView.java, line(s) 393,400,437 org/telegram/ui/Components/Premium/PremiumAppIconsPreviewView.java, line(s) 40 org/telegram/ui/Components/Premium/PremiumNotAvailableBottomSheet.java, line(s) 68 org/telegram/ui/Components/ProfileGalleryView.java, line(s) 480 org/telegram/ui/Components/ProximitySheet.java, line(s) 565 org/telegram/ui/Components/QRCodeBottomSheet.java, line(s) 164 org/telegram/ui/Components/RLottieDrawable.java, line(s) 370,408,530,664,702,824,904,990,1028,1150,1372,1410,1532,1915 org/telegram/ui/Components/RadioButton.java, line(s) 48,153 org/telegram/ui/Components/RecyclerListView.java, line(s) 906,1164,1178,2172,2178 org/telegram/ui/Components/SeekBar.java, line(s) 345,357 org/telegram/ui/Components/SeekBarView.java, line(s) 504 org/telegram/ui/Components/ShareAlert.java, line(s) 2380 org/telegram/ui/Components/SharedMediaLayout.java, line(s) 1975,4179 org/telegram/ui/Components/SizeNotifierFrameLayout.java, line(s) 670 org/telegram/ui/Components/SlotsDrawable.java, line(s) 71,177 org/telegram/ui/Components/StaticLayoutEx.java, line(s) 99 org/telegram/ui/Components/StickerCategoriesListView.java, line(s) 935 org/telegram/ui/Components/StickersAlert.java, line(s) 1309,1420,1627 org/telegram/ui/Components/TermsOfServiceView.java, line(s) 177 org/telegram/ui/Components/ThemeEditorView.java, line(s) 100,109,1106,1330,1445 org/telegram/ui/Components/TimerDrawable.java, line(s) 125 org/telegram/ui/Components/TranscribeButton.java, line(s) 643,712 org/telegram/ui/Components/UndoView.java, line(s) 128 org/telegram/ui/Components/VideoPlayerSeekBar.java, line(s) 338 org/telegram/ui/Components/VideoTimelinePlayView.java, line(s) 340,410,441 org/telegram/ui/Components/VideoTimelineView.java, line(s) 274,344,376 org/telegram/ui/Components/WallpaperUpdater.java, line(s) 106,109,133,159 org/telegram/ui/Components/WebPlayerView.java, line(s) 462,386,442,513,571,620,681,735,1074,1336,1384,1728,1736,1744,1752,1760,1766,1790 org/telegram/ui/Components/voip/VoIPHelper.java, line(s) 128,197,422,825 org/telegram/ui/Components/voip/VoIPPiPView.java, line(s) 375,640 org/telegram/ui/ContactAddActivity.java, line(s) 290 org/telegram/ui/ContactsActivity.java, line(s) 272,375,402,474,620,651 org/telegram/ui/ContentPreviewViewer.java, line(s) 1190,1260,1436 org/telegram/ui/CountrySelectActivity.java, line(s) 306,452,463 org/telegram/ui/DeviceUtils.java, line(s) 50 org/telegram/ui/DialogsActivity.java, line(s) 2143,2155,2165,2171,2225,2244,2255,2261,2282,2289,2300,2312,2318,2326,2338,2381,2400,2411,2939,4663,7232,8506 org/telegram/ui/EmojiAnimationsOverlay.java, line(s) 775 org/telegram/ui/ExternalActionActivity.java, line(s) 615,619,103,422,468 org/telegram/ui/FilterChatlistActivity.java, line(s) 1483 org/telegram/ui/FilterCreateActivity.java, line(s) 760,1239 org/telegram/ui/FilteredSearchView.java, line(s) 1059 org/telegram/ui/FiltersSetupActivity.java, line(s) 856 org/telegram/ui/GroupCallActivity.java, line(s) 1093,1239 org/telegram/ui/GroupCreateActivity.java, line(s) 815 org/telegram/ui/GroupCreateFinalActivity.java, line(s) 189 org/telegram/ui/GroupInviteActivity.java, line(s) 142,157 org/telegram/ui/GroupStickersActivity.java, line(s) 653 org/telegram/ui/IdenticonActivity.java, line(s) 68 org/telegram/ui/InviteContactsActivity.java, line(s) 595,638,813,839 org/telegram/ui/JMTMatchInfo4Activity.java, line(s) 92,118,143,158 org/telegram/ui/JMTMatchInfo5Activity.java, line(s) 152,179,198,209 org/telegram/ui/LanguageSelectActivity.java, line(s) 252,286 org/telegram/ui/LaunchActivity.java, line(s) 703,1109,1121,4383,5161,5189,5277,5290,5299,5309,5313,5334,5346,335,665,719,1859,1902,2202,2209,2299,2322,2327,2337,2434,2487,2493,2548,2634,2726,2769,2776,3169,3195,3294,3335,3426,3443,3460,3481,3509,3577,3603,3630,3662,3901,3916,3930,3949,4266,4586,4593,5219,5296,5454,5535,5610 org/telegram/ui/LocationActivity.java, line(s) 427,435,543,1555,1622,1629,1741,1966,2009,2036,2061,2189,2264,2613,2643,2666,2769,2878,2951,2965,2990,2999 org/telegram/ui/LoginActivity.java, line(s) 1292,1379,1474,1480,1485,1489,1506,1512,2026,2034,2043,2048,2059,2067,2343,2359,2562,2897,2917,2983,3054,3070,3471,3525,3534,3632,3639,8061,8106,472,553,1220,1479,1511,1943,2840,3441,3844,4206,4287,5466,5802,8265 org/telegram/ui/ManageLinksActivity.java, line(s) 1015,1030 org/telegram/ui/NewContactBottomSheet.java, line(s) 312 org/telegram/ui/NotificationsCustomSettingsActivity.java, line(s) 506 org/telegram/ui/NotificationsSettingsActivity.java, line(s) 299 org/telegram/ui/NotificationsSoundActivity.java, line(s) 532,946 org/telegram/ui/PasscodeActivity.java, line(s) 627,803 org/telegram/ui/PassportActivity.java, line(s) 755,2004,2356,2657,2761,3509,4982,5369,5431,5627,6554,6671 org/telegram/ui/PaymentFormActivity.java, line(s) 280,478,1215,1431,1517,1526,1663,1670,1945,2215 org/telegram/ui/PeopleNearbyActivity.java, line(s) 603,532,768 org/telegram/ui/PhotoCropActivity.java, line(s) 195,200 org/telegram/ui/PhotoViewer.java, line(s) 7528,7536,14067,687,3178,3186,3288,3563,4523,4535,6259,6674,6705,7044,7098,7801,7891,7898,8271,8292,8687,8801,8814,8829,8858,9095,9105,9371,9379,11181,12300,12683,12699,12710,12719,12837,12959,14346 org/telegram/ui/PopupNotificationActivity.java, line(s) 480,1109 org/telegram/ui/PremiumPreviewFragment.java, line(s) 1565,1579,1593,1619 org/telegram/ui/PrivacyControlActivity.java, line(s) 1081 org/telegram/ui/PrivacySettingsActivity.java, line(s) 284,515,617 org/telegram/ui/ProfileActivity.java, line(s) 908,1479,2794,2812,3405,3954,5206,5417,5430,5445,5533,5553,7885,7974,9418 org/telegram/ui/ProfileNotificationsActivity.java, line(s) 292 org/telegram/ui/RestrictedLanguagesSelectActivity.java, line(s) 520,532,555 org/telegram/ui/SecretMediaViewer.java, line(s) 464,470,512,551,883,1029,1159 org/telegram/ui/SelectAnimatedEmojiDialog.java, line(s) 749,819,2933 org/telegram/ui/SessionsActivity.java, line(s) 500,526,1362,1459 org/telegram/ui/ShareActivity.java, line(s) 77,100 org/telegram/ui/StickersActivity.java, line(s) 1069,1091,1487 org/telegram/ui/ThemeActivity.java, line(s) 1519,1531,1619,1624 org/telegram/ui/ThemePreviewActivity.java, line(s) 1530 org/telegram/ui/ThemeSetUrlActivity.java, line(s) 110,128,470,486,717,728 org/telegram/ui/TopicsFragment.java, line(s) 3542,1232 org/telegram/ui/TwoStepVerificationActivity.java, line(s) 154,732 org/telegram/ui/TwoStepVerificationSetupActivity.java, line(s) 1165,1558,1582 org/telegram/ui/VoIPFragment.java, line(s) 888,1503,1714 org/telegram/ui/VoIPPermissionActivity.java, line(s) 34 org/telegram/ui/WallpapersListActivity.java, line(s) 1190 org/telegram/ui/WebviewActivity.java, line(s) 104,155,244,254,408 org/webrtc/AndroidVideoDecoder.java, line(s) 437 org/webrtc/EglRenderer.java, line(s) 208,508 org/webrtc/GlGenericDrawer.java, line(s) 328 org/webrtc/GlShader.java, line(s) 97 org/webrtc/HardwareVideoEncoderFactory.java, line(s) 125 org/webrtc/MediaCodecUtils.java, line(s) 55 org/webrtc/ScreenCapturerAndroid.java, line(s) 85,147 org/webrtc/TextureBufferImpl.java, line(s) 120 org/webrtc/YuvConverter.java, line(s) 116,142 org/webrtc/voiceengine/WebRtcAudioRecord.java, line(s) 158,352,393 org/webrtc/voiceengine/WebRtcAudioTrack.java, line(s) 263,375 repeackage/com/qiku/id/QikuIdmanager.java, line(s) 25
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/shubao/xinstall/a/f/h.java, line(s) 4,70 org/telegram/messenger/AndroidUtilities.java, line(s) 10,2654,2657 org/telegram/ui/ChangeUsernameActivity.java, line(s) 7,122 org/telegram/ui/ChatActivity.java, line(s) 14,15611 org/telegram/ui/Components/EmbedBottomSheet.java, line(s) 10,844 org/telegram/ui/Components/InviteMembersBottomSheet.java, line(s) 12,1170 org/telegram/ui/Components/LinkActionView.java, line(s) 6,220 org/telegram/ui/Components/PhonebookShareAlert.java, line(s) 8,363,385 org/telegram/ui/Components/ShareAlert.java, line(s) 11,2364 org/telegram/ui/GroupInviteActivity.java, line(s) 4,138 org/telegram/ui/ManageLinksActivity.java, line(s) 4,1011 org/telegram/ui/PrivacyControlActivity.java, line(s) 4,1658 org/telegram/ui/ProfileActivity.java, line(s) 12,5203,5423 org/telegram/ui/SessionBottomSheet.java, line(s) 5,298 org/telegram/ui/StickersActivity.java, line(s) 5,1088 org/telegram/ui/ThemeSetUrlActivity.java, line(s) 4,105
信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: org/telegram/ui/ProxySettingsActivity.java, line(s) 62,94,113,5
信息 应用与Firebase数据库通信
该应用与位于 https://tmessages2.firebaseio.com 的 Firebase 数据库进行通信
安全 此应用程序使用Safety Net API。
此应用程序使用Safety Net API。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#safetynet Files: org/telegram/ui/LoginActivity.java, line(s) 76
安全 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/760348033671/namespaces/firebase:fetch?key=AIzaSyA-t0jLPjUt2FxrA8VPK2EiYHcYcboIR6k ) 已禁用。响应内容如下所示: 响应码是 403
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (likeinstall.cn) 通信。
{'ip': '121.199.65.132', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (szcp.mxdx.net) 通信。
{'ip': '27.155.98.155', 'country_short': 'CN', 'country_long': '中国', 'region': '福建', 'city': '福州', 'latitude': '26.061390', 'longitude': '119.306107'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (tun-cos-1258344701.file.myqcloud.com) 通信。
{'ip': '219.159.86.56', 'country_short': 'CN', 'country_long': '中国', 'region': '广西壮族', 'city': '桂林', 'latitude': '25.281914', 'longitude': '110.285187'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (console.cloud.tencenct.com) 通信。
{'ip': '162.159.128.61', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}