安全分析报告:
安全分数
安全分数 60/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
0
用户/设备跟踪器
调研结果
高危
0
中危
12
信息
2
安全
2
关注
0
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Activity-Alias (com.simplemobiletools.launcher.activities.SplashActivity.Orange) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.simplemobiletools.launcher.activities.SettingsActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.simplemobiletools.launcher.apper.MyReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BROADCAST_SMS [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (com.simplemobiletools.commons.receivers.SharedThemeReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: h0/f1.java, line(s) 23 t4/m.java, line(s) 43 v4/f.java, line(s) 37 v4/f0.java, line(s) 88 v4/y.java, line(s) 85
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: c9/a.java, line(s) 3 c9/b.java, line(s) 3 d7/g.java, line(s) 38 d9/a.java, line(s) 3 g/l0.java, line(s) 29 o1/y0.java, line(s) 7
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: q7/w.java, line(s) 63 r7/j.java, line(s) 71,445,542
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/andrognito/patternlockview/PatternLockView.java, line(s) 704 com/simplemobiletools/commons/views/PinTab.java, line(s) 48
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: h4/b.java, line(s) 4,5,98
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "authenticate" : "Tunnistaudu" "authenticate" : "Autenticar" "password" : "Heslo" "authenticate" : "Autentiser" "password" : "Password" "authenticate" : "Autentificare" "authenticate" : "Godkend" "authenticate" : "Overenie" "authenticate" : "Uwierzytelnij" "authenticate" : "Verificatie" "password" : "Wachtwoord" "authenticate" : "Autentikasi" "authenticate" : "Autentifikacija" "authenticate" : "Identificarse" "authenticate" : "Autentica" "authenticate" : "Authentifizieren" "password" : "Passwort" "authenticate" : "S'identifier" "password" : "Lozinka" "key" : "jksdfhksdjh2342ssd" "authenticate" : "Autentisera" "authenticate" : "Autendi" "authenticate" : "Authenticate" 23cf23e4c1764e7c663df2b9a36fc2e6 WVc1a2NtOXBaQzV3Y205MmFXUmxjaTVVWld4bGNHaHZibmt1VTAxVFgxSkZRMFZKVmtWRQ== e4f4e243ff1a26a7eea22dd5badc1333 a37ad6b27306d974626c808d21c72186 38ee4c5e67d8efd6cd89925eea5da205
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a/l.java, line(s) 198,201,114 b3/n.java, line(s) 22 b5/c.java, line(s) 66,67 c4/k.java, line(s) 179,245,247 c4/m.java, line(s) 31 c4/p.java, line(s) 75,162 c4/q.java, line(s) 55,69 c4/u.java, line(s) 127 c4/v.java, line(s) 35,39 c5/b.java, line(s) 55,54,64,94,95 c5/c.java, line(s) 43,44 c5/g0.java, line(s) 175,176 c5/i.java, line(s) 21,26,22,29 c5/i0.java, line(s) 100,125,159,164,99,124,158,163 c5/k.java, line(s) 22,29,123,133,145,155,177,187,211,218,225,229,232,235,21,28,122,132,144,154,176,186,210,217,224,228,231,234 c5/o.java, line(s) 86,275,365,85,274,346,364,397,422,539,553,398,423,514 c5/t.java, line(s) 69,75,81,87,93,107,116,70,76,82,88,94,117,108 c5/z.java, line(s) 42,51,58,43,52,59,60,61,64 com/simplemobiletools/launcher/activities/MainActivity.java, line(s) 365,1366 com/simplemobiletools/launcher/activities/PP.java, line(s) 31,47 com/simplemobiletools/launcher/apper/MainScreen.java, line(s) 195,244,287 d/h.java, line(s) 96,103 e5/a.java, line(s) 47,123,140,146,151,48,124,141,147,152 e5/j.java, line(s) 56,57 e6/d.java, line(s) 432,437,442 f3/a1.java, line(s) 224,194,223 f3/c.java, line(s) 81 f3/c2.java, line(s) 79,96,70 f3/o0.java, line(s) 75 f3/s.java, line(s) 31,44,91,153,192,209,233 f3/w1.java, line(s) 31 f3/x1.java, line(s) 201,200 f3/y1.java, line(s) 32,44,51,60 f6/b.java, line(s) 225 f8/e.java, line(s) 103,104 fa/l.java, line(s) 39,39 g/e0.java, line(s) 669,1205,1848,1850,1852,762,978,981,1257,1269,1711 g/l.java, line(s) 430,274,283 g/o0.java, line(s) 273,275 g/q.java, line(s) 41 g/z.java, line(s) 65,82,111 g5/t.java, line(s) 200,201 ga/e.java, line(s) 36 h0/f2.java, line(s) 319 h4/e.java, line(s) 47,152 h6/c.java, line(s) 104,138 i/j.java, line(s) 85,122,134,144 i/k.java, line(s) 165 i3/b.java, line(s) 40 i4/a.java, line(s) 57 i5/g.java, line(s) 425,21,314,325 i6/a.java, line(s) 33 j/i.java, line(s) 433 j/o.java, line(s) 510 j3/u.java, line(s) 17,16 j5/c.java, line(s) 25,55,26,56 j5/d.java, line(s) 40,41 j5/h.java, line(s) 39,40 k2/d.java, line(s) 392 k3/c.java, line(s) 38 k6/h.java, line(s) 227 k8/f.java, line(s) 1251,1277,4025,821 l9/v.java, line(s) 659,1507,2647,2656,1521,1531,1738,1750 m/e0.java, line(s) 38 m/h0.java, line(s) 89 m/o.java, line(s) 78,87,349,401,403,437,212,216,238,264,645,839,1034,1229,1424,1619 m/r.java, line(s) 30,47,75 n2/f.java, line(s) 735,780,813 n3/e.java, line(s) 301 o/f.java, line(s) 87,109 o1/n2.java, line(s) 29 o1/o0.java, line(s) 853 o1/w.java, line(s) 1666 o3/b.java, line(s) 85 o5/a.java, line(s) 1869 org/joda/time/tz/DateTimeZoneBuilder.java, line(s) 410,411,436 org/joda/time/tz/ZoneInfoCompiler.java, line(s) 57,272,273,274,275,276,300,311,317,333,413,432,445,463,468,534 p/v.java, line(s) 25,34,41,50 p4/i.java, line(s) 280,1765 p6/b.java, line(s) 169,171 q2/b.java, line(s) 71,110,119 q2/d.java, line(s) 377,386 q2/e.java, line(s) 51 q2/f.java, line(s) 103 q2/i.java, line(s) 340,400,403 q2/m.java, line(s) 549,992,1450,1457,1458,1459,1467,1530,317,641,1074,1081,1362 q3/d.java, line(s) 258,310,307 q7/j.java, line(s) 152,154 r4/d.java, line(s) 56,92,105,120,57,106,93,121 r4/e.java, line(s) 81 r5/c.java, line(s) 44 r7/f.java, line(s) 1333,5493,1436,1440,1444 s3/b.java, line(s) 127 s3/c.java, line(s) 200,208,256,268,280,292,304,316,328,340,347,358,370,353 s3/g.java, line(s) 191,262,268,330,406,421,442,449,644,843,894,914,928,962,980,1040,1079,1082,1120,1146,1153,1175,1190,1221,1235,1243,1248,1296,1308,1327,1332,1339,1425,1430,1436,1451,1464,1475,1482,1577,44,215,304,309,818,1398,1402,1406,1512,1520 s4/d.java, line(s) 180,207,179,206 s4/e.java, line(s) 102,122,139,101,121,138 u0/e.java, line(s) 22 u2/f.java, line(s) 62 u2/g.java, line(s) 50 u3/a.java, line(s) 61,87,97,109 u3/a0.java, line(s) 82,96 u3/c0.java, line(s) 35,41,58,68,74,84 u3/d1.java, line(s) 28 u3/f1.java, line(s) 59,79,89,101,115 u3/g0.java, line(s) 30 u3/g1.java, line(s) 73,131,149 u3/i.java, line(s) 459,528,558,563 u3/k0.java, line(s) 329,415,106,141,210,372,547,620,629,643,663,690,732,839,847,861,872,953,1064,1073,1138,1146 u3/m.java, line(s) 163,189,271,273,318 u3/n0.java, line(s) 30,38,42 u3/q.java, line(s) 413,500 u3/q0.java, line(s) 43,50,125,260,300,369,397,457,477,509,560,639,712,756,834,862,250,352,585,602,608,648,685,778,910 u3/r0.java, line(s) 92,102 u4/c.java, line(s) 66,109,147,65,108,146 v4/h0.java, line(s) 41,118,40,108,117,109 v4/m.java, line(s) 528,121,157,527,283 v4/n.java, line(s) 161,162 v4/q.java, line(s) 10,45 w2/o.java, line(s) 42,64,73 w4/h.java, line(s) 61,141,62,142 w4/i.java, line(s) 102,136,148,172,72,75,81,101,112,115,125,135,138,147,171,73,82,91,113,126 x2/g.java, line(s) 41,46 x2/i.java, line(s) 54 x2/j.java, line(s) 54,103 x4/i.java, line(s) 53,38 z4/g.java, line(s) 53,52 z4/i.java, line(s) 131,130 z4/l.java, line(s) 61,66,74,86,130,62,69,77,89,131 z9/b.java, line(s) 297,296,341
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: k8/f.java, line(s) 8,515,516
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: fa/d.java, line(s) 69,68,67 fa/g.java, line(s) 80,70,90,78,78 fa/k.java, line(s) 70,69,68,68 fa/l.java, line(s) 139,127,137,137
安全 此应用程序没有隐私跟踪程序
此应用程序不包括任何用户或设备跟踪器。在静态分析期间没有找到任何跟踪器。