安全分析报告:
安全分数
安全分数 40/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
2
用户/设备跟踪器
调研结果
高危
7
中危
13
信息
2
安全
2
关注
1
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/apicloud/devlop/uzAMap/MapAnnotations.java, line(s) 746,1093,16,17 com/uzmap/pkg/openapi/SuperWebview.java, line(s) 508,13 com/uzmap/pkg/uzcore/i/b/f.java, line(s) 143,14
高危 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/alibaba/idst/nui/BuildConfig.java, line(s) 3,8 com/apicloud/glide/BuildConfig.java, line(s) 3,6
高危 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/deepe/c/k/g.java, line(s) 39
高危 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: com/lidroid/xutils/http/client/DefaultSSLSocketFactory.java, line(s) 61,13,14,15 com/lidroid/xutils/util/OtherUtils.java, line(s) 213,213,15,16,17,18,19
高危 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: com/uzmap/pkg/uzcore/i/d.java, line(s) 163,173,158 com/uzmap/pkg/uzmodules/browser/inner/XWebViewClient.java, line(s) 63,56
高危 该文件是World Readable。任何应用程序都可以读取文件
该文件是World Readable。任何应用程序都可以读取文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/deepe/b/f/a.java, line(s) 227
中危 基本配置配置为信任系统证书。
Scope: *
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 高优先级的Intent (1000)
[android:priority] 通过设置一个比另一个Intent更高的优先级,应用程序有效地覆盖了其他请求。
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/deepe/c/g/f.java, line(s) 46 com/deepe/c/j/g.java, line(s) 159 com/deepe/c/l/b/b.java, line(s) 239 com/uzmap/pkg/uzmodules/uzWx/UzWx.java, line(s) 486 com/uzmap/pkg/uzmodules/uzWx/utils/Util.java, line(s) 246
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/deepe/c/i/d.java, line(s) 6 com/deepe/c/j/e/a/c.java, line(s) 10 com/lidroid/xutils/http/client/multipart/MultipartEntity.java, line(s) 11 com/uzmap/pkg/uzcore/UZCoreUtil.java, line(s) 22
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/eclipsesource/v8/NodeJS.java, line(s) 75 com/uzmap/pkg/uzcore/i/b/h.java, line(s) 42 me/nereo/multi_image_selector/utils/FileUtils.java, line(s) 29
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/alibaba/idst/nui/CommonUtils.java, line(s) 331 com/alibaba/idst/nui/FileUtil.java, line(s) 21,28 com/apicloud/a/i/a/d/g.java, line(s) 27 com/deepe/b/f.java, line(s) 35 com/deepe/c/a/j.java, line(s) 21,37,53 com/lidroid/xutils/util/OtherUtils.java, line(s) 82 com/uzmap/pkg/uzcore/g/c.java, line(s) 29 com/uzmap/pkg/uzcore/g/d.java, line(s) 229 com/uzmap/pkg/uzmodules/browser/inner/DownloadHandler.java, line(s) 69 com/uzmap/pkg/uzmodules/browser/inner/XHandler.java, line(s) 176 com/uzmap/pkg/uzmodules/photoBrowser/ImageLoader.java, line(s) 73,78 com/uzmap/pkg/uzmodules/uzFNScanner/Zxing/decoding/Utils.java, line(s) 29 com/uzmap/pkg/uzmodules/uzFNScanner/utlis/ScanUtil.java, line(s) 79,240 com/uzmap/pkg/uzmodules/uzFNScanner/utlis/UriUtils.java, line(s) 22,24 com/uzmap/pkg/uzmodules/uzVideoPlayer/UzVideoPlayer.java, line(s) 101 com/uzmap/pkg/uzmodules/uzWx/UzWx.java, line(s) 88 com/uzmap/pkg/uzmodules/uzimageFilter/uzimageFilter.java, line(s) 170,268,334 me/nereo/multi_image_selector/utils/FileUtils.java, line(s) 18,19,21,39,59
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/deepe/f/a/a.java, line(s) 4,5,14 com/lidroid/xutils/DbUtils.java, line(s) 5,752
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/apicloud/devlop/uzAMap/Constans.java, line(s) 4 com/uzmap/pkg/uzkit/fineHttp/RequestParam.java, line(s) 19 com/uzmap/pkg/uzmodules/uzFNScanner/Zxing/decoding/Intents.java, line(s) 45 com/uzmap/pkg/uzmodules/uzWx/UzWx.java, line(s) 58 compile/Properties.java, line(s) 7
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/apicloud/UIAlbumBrowser/Utils.java, line(s) 21 com/deepe/c/g/f.java, line(s) 14 com/lidroid/xutils/cache/MD5FileNameGenerator.java, line(s) 10 com/uzmap/pkg/uzmodules/photoBrowser/ImageDownLoader.java, line(s) 166 com/uzmap/pkg/uzmodules/photoBrowser/ImageLoader.java, line(s) 226
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/uzmap/pkg/uzmodules/browser/inner/XHandler.java, line(s) 290,266
中危 应用程序包含隐私跟踪程序
此应用程序有多个2隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 高德地图的=> "com.amap.api.v2.apikey" : "ca22988fb60c4b59dde073bafee8cfa3" 极光推送的=> "JPUSH_CHANNEL" : "tuanhtzhjypush" 极光推送的=> "JPUSH_APPKEY" : "c7cf4ed2975d813e71ae5467" "amap_navi_preference_key_tts_speed" : "tts_speed" "amap_navi_preference_key_tts_pitch" : "tts_pitch" "amap_navi_preference_key_tts_volume" : "tts_volume" ZGlzdC9iYXNlL2FwaWJhc2UuanM= 62587239-AD3C-8190-47B4-37DE080D7E9D aHR0cHM6Ly93d3cuZ29vZ2xlLWFuYWx5dGljcy5jb20vY29sbGVjdA== AS9rjr5EkU78OogyNQnV2fT6yydnEkxVA1ISEtTqXeY1yWRUqB bvHBkKdw4ztctPaKncsz1mydOk1P7hQ9ST2 ZGFsdmlrLnN5c3RlbS5aaXBQYXRoVmFsaWRhdG9y Bm0oHnY15QbrdRQ0eMgvPtoIFzDesH2Y2cZt8prHdk9WtySgJzaMicISfLEVdABAEXO 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 97bcbcb30b66e46e9ab33f26c55d15d9 aHR0cHM6Ly93d3cuZ29vZ2xlLWFuYWx5dGljcy5jb20vYmF0Y2g=
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: co/senab/photoview/PhotoViewAttacher.java, line(s) 57 co/senab/photoview/log/LoggerDefault.java, line(s) 18,23,48,53,28,33,8,13,38,43 com/alibaba/idst/nui/CommonUtils.java, line(s) 112,147,171,185,200,238,338 com/alibaba/idst/nui/NativeNui.java, line(s) 87,120,139,152,162,172,182,193,202,211,220,229,244,253,266,275,284,293,302,311,320,329,338,347,365,381,415,426,438,447,456,465,474,487,496 com/alibaba/idst/nui/NuiSpeechRecognizer.java, line(s) 50,56,68 com/alibaba/idst/nui/NuiSpeechTranscriber.java, line(s) 47,53,65 com/apicloud/UIAlbumBrowser/CustomVideoView.java, line(s) 57 com/apicloud/UIAlbumBrowser/MyProvider.java, line(s) 47 com/apicloud/UIAlbumBrowser/TextureVideoPlayer.java, line(s) 117,161,180 com/apicloud/UIAlbumBrowser/UIAlbumBrowser.java, line(s) 368,295 com/apicloud/WXEntryActivity$1.java, line(s) 17,26 com/apicloud/WXEntryActivity.java, line(s) 53,59,66,69,101,137,140,143,149,164,125,127,129,131,119 com/apicloud/a/d/g.java, line(s) 56,89 com/apicloud/a/i/a/ai/a/d.java, line(s) 414 com/apicloud/a/i/a/ai/a/j.java, line(s) 145,250,258 com/apicloud/a/i/a/d/a/c.java, line(s) 135,157,174,178,191,349,696,710 com/apicloud/a/i/a/r/s.java, line(s) 28,34,40,46,58 com/apicloud/a/i/a/v/g.java, line(s) 35,66 com/apicloud/a/i/a/y/a/a/f.java, line(s) 32 com/apicloud/c/a/a/g.java, line(s) 71 com/apicloud/c/a/a/j.java, line(s) 896,977,2285,2312,2687,3420,3805,4128,4185,4499,5181,5241,3966,5262 com/apicloud/c/b/d.java, line(s) 24,44,30,36,33 com/apicloud/devlop/uzAMap/MapAnnotations.java, line(s) 961,253,1057,1149,1150 com/apicloud/devlop/uzAMap/MapLocation.java, line(s) 176 com/apicloud/devlop/uzAMap/MapOffline.java, line(s) 360,226 com/apicloud/devlop/uzAMap/MapSimple.java, line(s) 244 com/apicloud/devlop/uzAMap/overlay/DrivingRouteOverlay.java, line(s) 188 com/apicloud/devlop/uzAMap/test/TestMapSimple.java, line(s) 359 com/apicloud/devlop/uzAMap/utils/LogUtil.java, line(s) 29,37,21,25,41,48,33 com/apicloud/devlop/uzAMap/utils/ViewUtil.java, line(s) 120 com/apicloud/dynamicshortcuts/Utils/LogUtil.java, line(s) 28,36,20,24,40,47,32 com/apicloud/dynamicshortcuts/Utils/ViewUtil.java, line(s) 120 com/apicloud/glide/Glide.java, line(s) 321,108,107,318 com/apicloud/glide/disklrucache/DiskLruCache.java, line(s) 99 com/apicloud/glide/gifdecoder/GifDecoder.java, line(s) 128,141,155,127,140,154,175,184,285 com/apicloud/glide/gifdecoder/GifHeaderParser.java, line(s) 206,240,205,239 com/apicloud/glide/gifencoder/AnimatedGifEncoder.java, line(s) 279,278 com/apicloud/glide/load/data/AssetPathFetcher.java, line(s) 43,44 com/apicloud/glide/load/data/HttpUrlFetcher.java, line(s) 90,89 com/apicloud/glide/load/data/LocalUriFetcher.java, line(s) 44,45 com/apicloud/glide/load/data/MediaStoreThumbFetcher.java, line(s) 69,159,68,158 com/apicloud/glide/load/engine/CacheLoader.java, line(s) 28,33,27,32 com/apicloud/glide/load/engine/DecodeJob.java, line(s) 229,64,69,81,99,105,117,126,144,154,159,228,199 com/apicloud/glide/load/engine/Engine.java, line(s) 73,81,89,99,106 com/apicloud/glide/load/engine/EngineRunnable.java, line(s) 98,47,52,97,48,53 com/apicloud/glide/load/engine/bitmap_recycle/LruBitmapPool.java, line(s) 103,124,132,157,70,77,102,114,123,131,145,156,164,71,78,115,170,146 com/apicloud/glide/load/engine/cache/DiskLruCacheWrapper.java, line(s) 57,84,98,110,60,85,99,111 com/apicloud/glide/load/engine/cache/MemorySizeCalculator.java, line(s) 60,46 com/apicloud/glide/load/engine/executor/FifoPriorityThreadPoolExecutor.java, line(s) 26,25 com/apicloud/glide/load/engine/prefill/BitmapPreFillRunner.java, line(s) 64,63 com/apicloud/glide/load/model/ResourceLoader.java, line(s) 29,30 com/apicloud/glide/load/model/StreamEncoder.java, line(s) 31,30 com/apicloud/glide/load/resource/bitmap/BitmapEncoder.java, line(s) 37,40 com/apicloud/glide/load/resource/bitmap/Downsampler.java, line(s) 235,96,104,110,179,188,195,202,234,97,105,111,180,189,196,205 com/apicloud/glide/load/resource/bitmap/ImageHeaderParser.java, line(s) 101,111,126,132,146,160,166,170,175,181,185,100,110,125,131,145,159,165,169,174,180,184 com/apicloud/glide/load/resource/bitmap/ImageVideoBitmapDecoder.java, line(s) 36,37 com/apicloud/glide/load/resource/bitmap/RecyclableBufferedInputStream.java, line(s) 70,69 com/apicloud/glide/load/resource/bitmap/TransformationUtils.java, line(s) 116,139,67,76,87,115,136,68,77,88,89,90,94 com/apicloud/glide/load/resource/gif/GifResourceDecoder.java, line(s) 91 com/apicloud/glide/load/resource/gif/GifResourceEncoder.java, line(s) 80,68,79,69 com/apicloud/glide/manager/RequestManagerFragment.java, line(s) 92,93 com/apicloud/glide/manager/RequestManagerRetriever.java, line(s) 180,181,189 com/apicloud/glide/manager/SupportRequestManagerFragment.java, line(s) 90,91 com/apicloud/glide/request/GenericRequest.java, line(s) 372,168,276,291,297,364,371,382 com/apicloud/glide/request/target/ViewTarget.java, line(s) 199,200 com/apicloud/glide/util/ByteArrayPool.java, line(s) 35,34 com/apicloud/glide/util/ContentLengthInputStream.java, line(s) 29,28 com/apicloud/wxcardpackage/utils/CBReceiver.java, line(s) 43 com/bangcle/antihijack/base/ProxyInstrumentation.java, line(s) 50,228,233 com/bangcle/antihijack/base/SysHelper.java, line(s) 165,166,167 com/deepe/b/a/a.java, line(s) 38 com/deepe/b/e.java, line(s) 79 com/deepe/b/f.java, line(s) 45 com/deepe/c/b/c/e.java, line(s) 495,659,673,692 com/deepe/c/b/d/b.java, line(s) 1255 com/deepe/c/b/k.java, line(s) 625 com/deepe/c/c/a/a/l.java, line(s) 26,11,21,7 com/deepe/c/j/e/b.java, line(s) 49,50 com/deepe/c/j/s.java, line(s) 52,74 com/deepe/d/a.java, line(s) 85,156,93,169,97,81,90,160,173 com/deepe/f/a/d.java, line(s) 76 com/deepe/f/a/e.java, line(s) 38 com/deepe/f/a/f.java, line(s) 45 com/eclipsesource/v8/debug/V8DebugServer.java, line(s) 305,247,349,396,410,431 com/lidroid/xutils/util/LogUtils.java, line(s) 65,77,89,101,113,125,137,149,161,173,185,197,209,221 com/uzmap/pkg/uzcore/UZCoreUtil.java, line(s) 135 com/uzmap/pkg/uzcore/b/a.java, line(s) 84,126 com/uzmap/pkg/uzcore/i/b/a.java, line(s) 163 com/uzmap/pkg/uzkit/request/Request.java, line(s) 11,36 com/uzmap/pkg/uzmodules/photoBrowser/BitmapToolkit.java, line(s) 31 com/uzmap/pkg/uzmodules/photoBrowser/ImageBrowserAdapter.java, line(s) 81,86,190 com/uzmap/pkg/uzmodules/photoBrowser/ImageLoader.java, line(s) 52,313 com/uzmap/pkg/uzmodules/photoBrowser/ViewUtil.java, line(s) 117 com/uzmap/pkg/uzmodules/photoBrowser/view/largeImage/BlockImageLoader.java, line(s) 102,113,151,172,243,466,486,502,510,555,571,597,620,641,693,729,750 com/uzmap/pkg/uzmodules/photoBrowser/view/largeImage/LargeImageView.java, line(s) 478,498 com/uzmap/pkg/uzmodules/uzFNScanner/UzFNScanner.java, line(s) 538 com/uzmap/pkg/uzmodules/uzFNScanner/Zxing/CaptureActivity.java, line(s) 218,219 com/uzmap/pkg/uzmodules/uzFNScanner/Zxing/camera/AutoFocusCallback.java, line(s) 26 com/uzmap/pkg/uzmodules/uzFNScanner/Zxing/camera/CameraConfigurationManager.java, line(s) 38,40,58,63,110,130,147,195,206,41,65 com/uzmap/pkg/uzmodules/uzFNScanner/Zxing/camera/CameraManager.java, line(s) 185,201,137 com/uzmap/pkg/uzmodules/uzFNScanner/Zxing/camera/FlashlightManager.java, line(s) 18,20,52,63,72,75,78 com/uzmap/pkg/uzmodules/uzFNScanner/Zxing/camera/PreviewCallback.java, line(s) 36 com/uzmap/pkg/uzmodules/uzFNScanner/Zxing/decoding/CaptureActivityHandler.java, line(s) 64,69,88,92 com/uzmap/pkg/uzmodules/uzFNScanner/Zxing/decoding/CaptureActivityHandlerView.java, line(s) 63,68,78,80 com/uzmap/pkg/uzmodules/uzFNScanner/Zxing/decoding/DecodeHandlerView.java, line(s) 80 com/uzmap/pkg/uzmodules/uzFNScanner/utlis/ScanUtil.java, line(s) 246 com/uzmap/pkg/uzmodules/uzVideoPlayer/Debugger.java, line(s) 10,16,22 com/uzmap/pkg/uzmodules/uzWx/UzWx.java, line(s) 409,181,439,406,413,417,438,445,448,461,467 com/uzmap/pkg/uzmodules/uzWx/WxReceiver.java, line(s) 136 com/uzmap/pkg/uzmodules/uzWx/method/WxAuth.java, line(s) 31,63,67,75 com/uzmap/pkg/uzmodules/uzWx/method/WxShare.java, line(s) 222,281,283 com/uzmap/pkg/uzmodules/uzWx/tasks/AccessTokenTask.java, line(s) 82 com/uzmap/pkg/uzmodules/uzWx/tasks/GetUserInfoTask.java, line(s) 61 com/uzmap/pkg/uzmodules/uzWx/utils/Util.java, line(s) 112,114,118,122,133,98 com/uzmap/pkg/uzmodules/uzimageFilter/blur/EasyBlur.java, line(s) 61,64,67,120,334,92,95 com/uzmap/pkg/uzmodules/uzimageFilter/imageFilter/BlackWhiteFilter.java, line(s) 14,18 com/uzmap/pkg/uzmodules/uzimageFilter/imageFilter/Main/FilterFactory.java, line(s) 17 com/uzmap/pkg/uzmodules/uzimageFilter/imageFilter/Main/ProcessImageTask.java, line(s) 75,45,83 com/uzmap/pkg/uzmodules/uzimageFilter/uzimageFilter.java, line(s) 234,102,167 me/nereo/multi_image_selector/MultiImageSelector.java, line(s) 85 me/nereo/multi_image_selector/MultiImageSelectorActivity$3.java, line(s) 44,94 me/nereo/multi_image_selector/MultiImageSelectorFragment.java, line(s) 319,385,410,551,556 me/nereo/multi_image_selector/adapter/ImageAlbumAdapter.java, line(s) 68 me/nereo/multi_image_selector/adapter/ImageGridAdapter.java, line(s) 122,123 me/nereo/multi_image_selector/adapter/ImageGroupAdapter.java, line(s) 37 me/nereo/multi_image_selector/utils/photoUtil.java, line(s) 31 me/nereo/multi_image_selector/view/SquaredImageView.java, line(s) 44,45,46 me/nereo/multi_image_selector/view/largeImage/BlockImageLoader.java, line(s) 103,114,152,173,244,467,487,503,511,556,572,598,621,642,694,730,751 me/nereo/multi_image_selector/view/largeImage/LargeImageView.java, line(s) 527 notchfit/LogUtils.java, line(s) 13,9 org/simple/eventbus/SubsciberMethodHunter.java, line(s) 56
信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/uzmap/pkg/uzmodules/uzclipboard/UzClipBoard.java, line(s) 18,82,82,82,83,84,93,93,94,3
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/deepe/c/a/c.java, line(s) 12,12,12,12,12,12
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/deepe/c/j/c/d.java, line(s) 18,17,16
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (iuap-yonbuilder-mamservice.yyuap.com) 通信。
{'ip': '59.110.247.93', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}