安全分析报告:
安全分数
安全分数 38/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
13
用户/设备跟踪器
调研结果
高危
9
中危
16
信息
1
安全
2
关注
3
高危 应用程序存在Janus漏洞
应用程序使用了v1签名方案进行签名,如果只使用v1签名方案,那么它就容易受到安卓5.0-8.0上的Janus漏洞的攻击。在安卓5.0-7.0上运行的使用了v1签名方案的应用程序,以及同时使用了v2/v3签名方案的应用程序也同样存在漏洞。
高危 Activity (com.prime31.UnityPlayerNativeActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.prime31.UnityPlayerNativeActivity) 容易受到 Android Task Hijacking/StrandHogg 的攻击。
活动不应将启动模式属性设置为“singleTask”。 然后,其他应用程序可以将恶意活动放置在活动栈顶部,从而导致任务劫持/StrandHogg 1.0 漏洞。 这使应用程序成为网络钓鱼攻击的易受攻击目标。 可以通过将启动模式属性设置为“singleInstance”或设置空 taskAffinity (taskAffinity="") 属性来修复此漏洞。 您还可以将应用的目标 SDK 版本 (25) 更新到 28 或更高版本以在平台级别修复此问题。
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/adcolony/sdk/bi.java, line(s) 101,107,29,30 com/adcolony/sdk/bz.java, line(s) 89,16,17 com/adcolony/sdk/cj.java, line(s) 450,14,15 com/chartboost/sdk/impl/bn.java, line(s) 60,8 com/chartboost/sdk/impl/bo.java, line(s) 61,5,6 com/chartboost/sdk/impl/w.java, line(s) 50,6,7 com/fyber/ads/interstitials/a/b.java, line(s) 69,14,15 com/tapjoy/TJAdUnit.java, line(s) 120,139,324,14 com/tapjoy/TJAdUnitJSBridge.java, line(s) 335,27 com/tapjoy/mraid/view/MraidView.java, line(s) 778,862,1770,34,35 com/unity3d/ads/webview/WebViewApp.java, line(s) 243,9,256,262,268
高危 已启用远程WebView调试
已启用远程WebView调试 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/chartboost/sdk/impl/bo.java, line(s) 59,5,6 com/inmobi/rendering/RenderView.java, line(s) 768,32,33 com/tapjoy/TapjoyLog.java, line(s) 49,8
高危 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/prime31/InAppBilling/BuildConfig.java, line(s) 3,4
高危 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
com/adcolony/sdk/ck.java, line(s) 307,334,356,399,417
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/unity3d/plugin/downloader/c/a.java, line(s) 21,23
高危 应用程序包含隐私跟踪程序
此应用程序有多个13隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 应用程序数据存在被泄露的风险
未设置[android:allowBackup]标志 这个标志 [android:allowBackup]应该设置为false。默认情况下它被设置为true,允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Broadcast Receiver (com.google.android.gms.gcm.GcmReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (com.inmobi.commons.core.utilities.uid.ImIdShareBroadCastReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.shortround.rivalgears.NotificationAlarmReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.shortround.rivalgears.InstallReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/adcolony/sdk/bg.java, line(s) 899 com/fyber/ads/interstitials/mediation/InterstitialMediationAdapter.java, line(s) 15,17 com/fyber/ads/ofw/OfferWallActivity.java, line(s) 26,27,28 com/fyber/mediation/applovin/AppLovinMediationAdapter.java, line(s) 23,25 com/fyber/mediation/chartboost/ChartboostMediationAdapter.java, line(s) 25,26,27,28,32,31 com/fyber/mediation/flurry/FlurryMediationAdapter.java, line(s) 22 com/fyber/mediation/tapjoy/TapjoyMediationAdapter.java, line(s) 25 com/fyber/mediation/unityads/UnityAdsMediationAdapter.java, line(s) 25 com/fyber/unity/ads/AdWrapper.java, line(s) 19,21,24 com/fyber/unity/requesters/RequesterWrapper.java, line(s) 25,28,27,31,32,34,35,36,39 com/prime31/EtceteraPlugin.java, line(s) 80,82,81 com/prime31/TwitterSession.java, line(s) 9,12,13,10 com/tapjoy/TapjoyConstants.java, line(s) 49,52 com/tapjoy/mraid/view/MraidView.java, line(s) 63 com/unity3d/plugin/downloader/UnityDownloaderService.java, line(s) 6 org/scribe/model/OAuthConstants.java, line(s) 9,7,10,22
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/inmobi/commons/core/c/b.java, line(s) 6,7,134 com/tapjoy/internal/i.java, line(s) 5,53 com/unity3d/plugin/downloader/b/u.java, line(s) 6,7,8,9,10,29 com/unity3d/plugin/downloader/b/w.java, line(s) 4,5,19
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/inmobi/ads/b.java, line(s) 12 com/inmobi/commons/core/d/a.java, line(s) 18 com/inmobi/commons/core/utilities/uid/d.java, line(s) 8 com/inmobi/rendering/a/a.java, line(s) 7 com/unity3d/plugin/downloader/a/m.java, line(s) 12 org/scribe/services/TimestampServiceImpl.java, line(s) 3
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/adcolony/sdk/aw.java, line(s) 204,144 com/adcolony/sdk/bi.java, line(s) 241,231 com/adcolony/sdk/bz.java, line(s) 88,85 com/adcolony/sdk/cj.java, line(s) 422,420 com/fyber/ads/videos/b.java, line(s) 178,167 com/inmobi/rendering/RenderView.java, line(s) 790,785 com/tapjoy/TJAdUnitJSBridge.java, line(s) 117,330 com/unity3d/ads/webview/WebView.java, line(s) 71,47
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/adcolony/sdk/aw.java, line(s) 152,144 com/adcolony/sdk/bi.java, line(s) 229,231 com/adcolony/sdk/bz.java, line(s) 83,85 com/adcolony/sdk/cj.java, line(s) 418,420 com/chartboost/sdk/impl/bn.java, line(s) 32,24 com/prime31/WebViewActivity.java, line(s) 79,75 com/shortround/android/SRWebViewActivity.java, line(s) 61,59 com/unity3d/ads/webview/WebView.java, line(s) 21,47
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/adcolony/sdk/ao.java, line(s) 149,155,156 com/applovin/impl/sdk/y.java, line(s) 400 com/chartboost/sdk/impl/g.java, line(s) 36,40 com/fyber/utils/f.java, line(s) 29,32 com/inmobi/rendering/mraid/b.java, line(s) 69 com/prime31/EtceteraPlugin.java, line(s) 801,802,836,837 com/prime31/EtceteraProxyActivity.java, line(s) 80,81 com/tapjoy/TapjoyCache.java, line(s) 49,50,51 com/tapjoy/internal/w.java, line(s) 12 com/tapjoy/mraid/controller/Assets.java, line(s) 50,50,55 com/unity3d/ads/cache/CacheDirectory.java, line(s) 27 com/unity3d/plugin/downloader/a/m.java, line(s) 71,92,100,124
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/prime31/EtceteraProxyActivity.java, line(s) 71
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/adcolony/sdk/ck.java, line(s) 244,266 com/shortround/android/TokenGenerator.java, line(s) 32 com/tapjoy/mraid/controller/Assets.java, line(s) 182,231
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/adcolony/sdk/au.java, line(s) 205 com/adcolony/sdk/bb.java, line(s) 31 com/adcolony/sdk/ck.java, line(s) 201,811 com/chartboost/sdk/Libraries/b.java, line(s) 17 com/fyber/utils/q.java, line(s) 39 com/inmobi/commons/core/utilities/a/b.java, line(s) 72 com/tapjoy/internal/cl.java, line(s) 9 com/unity3d/plugin/downloader/c/o.java, line(s) 55 org/scribe/services/HMACSha1SignatureService.java, line(s) 30
中危 IP地址泄露
IP地址泄露 Files: com/unity3d/plugin/downloader/b/k.java, line(s) 155
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 AppLovin广告SDK的=> "applovin.sdk.key" : "q2qqXyV3DqKAZIO0I6LhaluJrgtTRSuFVh41ea5sPQ1ziP-_VJg53TPuEGMfiFwDy-EaZKQzlSwRtuRMC7SFgs" 凭证信息=> "com.google.android.gms.appstate.APP_ID" : "\ 688593092377" 凭证信息=> "com.google.android.gms.games.APP_ID" : "\ 688593092377" nOPakmwovMTMz81JZWZm+oKDAkJiYGENk3o2NjSVYgsXFxbHc3NxCMXX5KYRkFRU2XzEajQZUxSQS 599f2bef1acd76c77ae101213551529424c87e00 nXpnVan0ZiUSSoiimiCgBP4UXfD4fozpsbW2NhP7+/vdDQ0MvFLBkMnmBfQEuHhwclOHMbDbXhOAM nCQ6HY8Lr9Tr8fv9ji8Xy6PDw8CKTyUh4LoNzUBkg9l/I4OCg2ePxkNPpfOB2u0cbGhoeQuJZsVjk npBw3LkqubDqdvs1xQNqt1iHucygGshBEh0LQQREBY2fHx8F2HLfkcl1OJKaut1vtCiEGy6M9V/Yg nCnnR4eEhYdd62Wz2MxRtYaYMWI9LyE8YjcZUIl789brdLmFVuLXOxsbGe6vV+g7CglDokSSJqtXq ndBAdSC2HG7SVlJRoT7ssaXt7e+3k5KSLiIiQJgRFMBgUmpzIqE97enq+lJaWhrbciYwRKE+NW32G nd15eXmrYqbKmpiZzuNAnRXJ3d7eVStjc3OQo7ZXos7OC5ImjZAA1EE0nSbRarUYulzNoxeCfb/gW nWbHLrMTbYBVIb2/vhMvlMttsNurs7CSj0Si32+0W7D0BRMthOKuAS5cw6brEvyCQQk1NTdTY2Eht njckH6fkL0/f3NwMPHz8jKxsbAw0AQIABAGYHPKslk98oAAAAAElFTkSuQmCC nPDs7K3Ldm5ubhP9UKBS4vFuzlqtUqnPo+7i0tGTFpeMfqALXjSEijHdF+13BV/MzNjamWVhYyM7P nFzsSJB6L6ZnMdHFtZeVFbrbgxBMa/Pi+BaeCeL1eZ3529tWT8vr9iwsLdiKVhka9BqZBuvtDIRJ2 n67MixouMFLFY7AeOnCuoTsMYkV6vJ41GwxugR1cnNzY2POvr66/qhlzPChlRS0tLHuuv6F74XpCq nTMLGs2AwGIeSAUEoFCKLxUJqtZpEUfyTaJiDapiDU6lUBmKx2CM03YAKiRNAESFg0ul0BJunvWzM nOV4rVoXx9a0QbjKZjJRKJWm1WjIYDIRRMKJeT/ECQzQazZTLZZ4Vb0D5Tsh1mFqtJp1ORyaTSejr n1p961QpmjJWOj48/rKysvBsfHz+bm5tji4uLBBBls1nCzaeamUD3F1Tf3dHR8RoFPQ0GgywUCtHe nr98Hoij993E5jgPoAvSjI1A8ngPT0B+JMGIwV263G2RZhulU8lNle/vdyBAWc4XCdijgv7deKr1n nLdoEA21azN6NzG9oIGE2bdwERYggrdqI2SLb5G5o0VwYRZGZ0a/zig5WNo4PHF4+5DnvOed9Htnq 5e8f16062ea3cd2c4a0d547876baa6f38cabf625 nVyAicqfTyaHhenNzc1Eo0VF5F2traz+srKwIRFtbW3xoaMjW1tZ2X9Q12WazcZfLxefn53lXV9fb nmbKhEpter78GGy+gYgUklEgkiOdhs9lIo9H8l+CUCDcJaHjsdDpf+nw+3cgGvgnkgyDPU2xvb6+L a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc nIVgcHx9/TSaTMfAxkLsx2ywge40J8zV8bP8VYACAQuluULZPjQAAAABJRU5ErkJggg== afcc232a034726649153ea72aa2c9ac55c7dfab9 nkmw287xcKj2eKczZqqZBs97AthKg2N5B48zjvLOnCzJO6LWrV95g330bG6/XtPS0zeo+aLeBoH3n C10F7968CFE2C76AC6F0650C877806D4514DE58FC239592D2385BCE5609A84B2A0FBDAF29B05505EAD1FDFEF3D7209ACBF34B5D0A806DF18147EA9C0337D6B5B nUADSo43SMCLKQimS0GKDTqfLys7OvlldXZ2Vnp4uy8nJuZGWlmacnp52ejyeANZ4AB/AQ4kigSQg nCdvb2/tJZAfLy8uDyI4pFApmMpkKNRpNJr7rxEaWiaS0NhrQAuk1NTVPoDWDiRmS2RweHrYK9aO0 E72409364B865B757E1D6B8DB73011BBB1D20C1A9F931ADD3C4C09E2794CE102F8AA7F2D50EB88F9880A576E6C7B0E95712CAE9416F7BACB798564627846E93B niooKjZjIsVAkJSXdIw1IFyqvt7d3pLy8PCFksXJgYIAPDg5aGxsbs8OzCY2E+vr692tra4LIFovl n877Ped5Xyv4dEYAMSK2rq/tkt9tlXq83Cu9BwC8+zyQ4B5wHLgAG4M7IyAgfHR31FhcXv8F7EXAZ 7bf3a1e7bbd31e612eda3310c2cdb8075c43c6b5 nbWFnZVJlYWR5ccllPAAAA2NJREFUeNqMVF1Ik1EYPm7TpsIca84pGs6VrboYaeRPpFgXKUzBH4S8 026ae9c9824b3e483fa6c71fa88f57ae27816141 nsLoIMVCpRERCAgfSZXpR2ZVJCEIgaIQm+MdCIkXRTTTnQG0qorCFm21zp+f9+IQ5NHvh4eP7vnOe nYRg/7e7uvh0eHo7wwsrvE5zP53cQPIr6PMcV+T41NVUZvrog6MTPeDz+BoXn1yI0MzMjLS8v09bW 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 nzzOMcSXw5OSESqUS1ft5/C3AAL39YeI2ufApAAAAAElFTkSuQmCC nhgTMAXauAs13gXsgmOMEUEQul4sMBgMx9q8RNnxOPWDlBHa7/TpufQobbn47J0GoZDKZCApJEISJ 3i2ndDfv2rTHiSisAbouNdArYfORhtTPEefj3q2f Y29tLmFuZHJvaWQudmVuZGluZy5saWNlbnNpbmcuSUxpY2Vuc2luZ1NlcnZpY2U= 8ace5ca5da6b9adb3c0f055aad4a98c2aedf4bd7 nu7Ftt+5mBF0Go8sIBvsTtggqGgODboK66aIwNi0lJ7p+2TT89b7Pvo/LaKucHTj4+LzP+bzne855 nB29AZrS2tibX6/XvqVTqdqFQuPUNBcuDC8+09ndxq7wR+yRD6Q+o28IDHMDuCmyr+UOM2+XWJhKN nbWFnZVJlYWR5ccllPAAAAq5JREFUeNqUlN9LmmEUx4++/ihKy6yZGEMjlExdEjgqQmm78ioGu41g n+3w+4RkIBPhRHB4e8u3tbd7f38+rqqpM2CcJ1YhKu4Vsvq2urnKIzN1uN3c4HHxqaso1Pj7+Y3d3 n6irNUuVymeHQARbA5XA4vDirbAYCBQ4NYAIuarXacDQafbK0tJRqNBr32TkIBBxKwAgsKBQKTzgc ny3QBsSyPMqbcUFX1UrPRqJimyUAOgw2F9GzhOsLQFXNHiBmMRCeXg8FgfG939wtmtLnszMwuJ4gR nbW3U1dWlxr6rp6dnJJVKldLpdBEx8kuJYrVeNyAcwE0QBGpubqb29nbq7u7WDgwMjABs39/fz+Ry nbWFnZVJlYWR5ccllPAAAAqNJREFUeNqUlEtrE1EUx8+8EjNT27zTaMw0k6RJGpu+VqIi4k7rQtyK
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/adcolony/sdk/aa.java, line(s) 181 com/adcolony/sdk/ag.java, line(s) 51,63 com/adcolony/sdk/ai.java, line(s) 292,281,299,309,450 com/adcolony/sdk/ak.java, line(s) 44 com/adcolony/sdk/aq.java, line(s) 28,31,32,33,44 com/adcolony/sdk/ar.java, line(s) 22,23,24,29,30,31,32 com/adcolony/sdk/ck.java, line(s) 75 com/adcolony/sdk/p.java, line(s) 33 com/adcolony/sdk/u.java, line(s) 26,49,74,96,114,132,150,162,174,186 com/adcolony/sdk/w.java, line(s) 37,43,39,77,41 com/applovin/adview/AppLovinAdView.java, line(s) 39,91 com/applovin/adview/AppLovinIncentivizedInterstitial.java, line(s) 50 com/applovin/adview/AppLovinInterstitialActivity.java, line(s) 622,625 com/applovin/impl/adview/AdViewControllerImpl.java, line(s) 133,136,139,142,145,266,301,378 com/applovin/impl/adview/q.java, line(s) 15 com/applovin/impl/sdk/AppLovinSdkImpl.java, line(s) 56,233,237,240,258,52 com/applovin/impl/sdk/NativeAdImpl.java, line(s) 189 com/applovin/impl/sdk/dd.java, line(s) 33 com/applovin/impl/sdk/k.java, line(s) 28,43,67,53,81 com/applovin/sdk/AppLovinSdk.java, line(s) 44,68 com/applovin/sdk/AppLovinSdkUtils.java, line(s) 53 com/chartboost/sdk/Libraries/CBLogging.java, line(s) 20,26,32,38,68,44,50,56,62 com/chartboost/sdk/impl/bm.java, line(s) 52,184,188,204,201 com/chartboost/sdk/impl/bp.java, line(s) 51,62,106,157 com/fyber/Fyber.java, line(s) 334 com/fyber/reporters/Reporter.java, line(s) 63 com/fyber/reporters/a/c.java, line(s) 16 com/fyber/utils/FyberLogger.java, line(s) 52,38,59,86,66,45,73,80 com/inmobi/ads/NativeStrandVideoView.java, line(s) 734,740 com/inmobi/commons/core/utilities/Logger.java, line(s) 23,30,46,49,59,62,20,43 com/moat/analytics/mobile/inm/af.java, line(s) 21,94 com/moat/analytics/mobile/inm/au.java, line(s) 27 com/moat/analytics/mobile/inm/be.java, line(s) 34,156,173,177 com/moat/analytics/mobile/inm/bf.java, line(s) 13,32,47,20,40 com/moat/analytics/mobile/inm/bi.java, line(s) 30 com/moat/analytics/mobile/inm/c.java, line(s) 18 com/moat/analytics/mobile/inm/e.java, line(s) 28,42,52,66,76 com/moat/analytics/mobile/inm/f.java, line(s) 74,135 com/moat/analytics/mobile/inm/n.java, line(s) 34,52,70,84,92,100,40,120 com/moat/analytics/mobile/inm/p.java, line(s) 22,38 com/moat/analytics/mobile/inm/w.java, line(s) 30,25 com/moat/analytics/mobile/inm/x.java, line(s) 32,27,38 com/moat/analytics/mobile/inm/y.java, line(s) 31,26 com/moat/analytics/mobile/inm/z.java, line(s) 20 com/moat/analytics/mobile/tjy/af.java, line(s) 21,94 com/moat/analytics/mobile/tjy/au.java, line(s) 27 com/moat/analytics/mobile/tjy/bi.java, line(s) 34,157,174,178 com/moat/analytics/mobile/tjy/bj.java, line(s) 13,32,43,20,41 com/moat/analytics/mobile/tjy/bm.java, line(s) 33 com/moat/analytics/mobile/tjy/c.java, line(s) 18 com/moat/analytics/mobile/tjy/e.java, line(s) 28,42,52,66,76 com/moat/analytics/mobile/tjy/f.java, line(s) 74,135 com/moat/analytics/mobile/tjy/n.java, line(s) 34,52,70,84,92,100,40,120 com/moat/analytics/mobile/tjy/p.java, line(s) 22,38 com/moat/analytics/mobile/tjy/w.java, line(s) 30,25 com/moat/analytics/mobile/tjy/x.java, line(s) 32,27,38 com/moat/analytics/mobile/tjy/y.java, line(s) 31,26 com/moat/analytics/mobile/tjy/z.java, line(s) 20 com/prime31/ActivityProxyObjectHelper.java, line(s) 36,45,34,43 com/prime31/AlarmManagerReceiver.java, line(s) 116,28,31,35,65,67,70,76,78,80,83,88,91,98,119,128,132,141 com/prime31/ContactFetcher.java, line(s) 19 com/prime31/EtceteraPlugin.java, line(s) 236,242,251,259,494,496,688,701,727,753,102,149,174,201,428,445,447,459,506,511,516,528,540,543,551,564,652,675,678,705,708,741,773,783,790,812,823,870,888,911,920,929,974,987,999,1011,1045,1050,1052,1055,1150,1192,1198,1204,1212,1240,472,473 com/prime31/EtceteraPluginBase.java, line(s) 48,108,35,37,39,53,80,83,86,91 com/prime31/EtceteraProxyActivity.java, line(s) 83,179,109,132,38,57,73,110,123,142,145,149,158,161,164,166,181,185,190,195,199,214,218,223,246,252,87 com/prime31/FacebookPlugin.java, line(s) 129,303,329,411,441,63,69,75,81,86,94,105,111,112,113,115,117,200,224,252,261,262,272,293,311,322,372,382,393,404,445,450,458,466,474,482 com/prime31/FacebookPluginBase.java, line(s) 55,103,117,123,137,143,150,42,44,46,60,75,78,81,86,169,174,193,198,211 com/prime31/GoogleIABPlugin.java, line(s) 180,54,87,101,109,130,134,153,161,176,191,226,246,105,114,157 com/prime31/GoogleIABPluginBase.java, line(s) 48,96,35,37,39,53,68,71,74,79,108,123 com/prime31/GoogleIABProxyActivity.java, line(s) 59,69,72,78,39,52,21,29,35,36 com/prime31/IABConstants.java, line(s) 11,17,23,36 com/prime31/ImageUtils.java, line(s) 31,33,37,40,53 com/prime31/P31VideoPlayerActivity.java, line(s) 239,249,254,260,132,165,225,57,61,84,92,102,104,113,141,145,200,213,215,269,223 com/prime31/SamsungCameraHack.java, line(s) 17,25,32,37,39,44,46,50,54 com/prime31/TwitterDialog.java, line(s) 103,107,120,127,56,87 com/prime31/TwitterPlugin.java, line(s) 44,47,48,67,88,99,114,133,156,174,177,181,183,188,257,300,304,309,315,323,326,333,349,375,306 com/prime31/TwitterPluginBase.java, line(s) 47,101,34,36,38,52,67,70,73,82 com/prime31/UnityPlayerNativeActivity.java, line(s) 19 com/prime31/WebViewActivity.java, line(s) 146,39,89,151,164 com/prime31/util/IabHelper.java, line(s) 711,108,198,588,650,715 com/prime31/util/Inventory.java, line(s) 25,38,50 com/prime31/util/Security.java, line(s) 23,27,40,45,56,61,64,67,70 com/shortround/android/SRWebView.java, line(s) 28,18,20,22,33 com/shortround/android/SRWebViewActivity.java, line(s) 96,37,120 com/shortround/rivalgears/SRBiService.java, line(s) 135,154,195,200,203,213,222 com/shortround/rivalgears/SRGcmListenerService.java, line(s) 33,34,36,51,55,62,67 com/shortround/rivalgears/SRGoogleCloudMessaging.java, line(s) 22,14,18 com/shortround/rivalgears/SRRegistrationIntentService.java, line(s) 30,38,40 com/tapjoy/HmacSignature.java, line(s) 31,60 com/tapjoy/TJAdUnit.java, line(s) 152,273,307,311,323,327,441,646,672,683,707,718,141,482,538,106,371,384,417,461,518,528,548,237 com/tapjoy/TJAdUnitActivity.java, line(s) 43,59,153,159,171,189,218,122,243 com/tapjoy/TJAdUnitJSBridge.java, line(s) 108,127,264,269,470,508,590,636,721,778,816,834,838,846,853,871,895,909,912,925,92,983,87,379,391,408,432,502,522,706 com/tapjoy/TJCurrency.java, line(s) 46,63,108,111,114,118,141,150,154,177,183,187,100,145,181 com/tapjoy/TJEventOptimizer.java, line(s) 37,76,91,71,45 com/tapjoy/TJPlacement.java, line(s) 221,516,536,622,626,173,181,189,215,309,395,399,482,487,491,611,614,128,132,197,263,267,291,297,318,331,335,340,361,376,383,393,461,471,544,283,403,407 com/tapjoy/TJPlacementManager.java, line(s) 102,106 com/tapjoy/TJWebViewJSInterface.java, line(s) 29,33,56,80,112,119 com/tapjoy/TapjoyAdIdClient.java, line(s) 33 com/tapjoy/TapjoyAppSettings.java, line(s) 21,30,36,39,47,47,55,56,70,81,57 com/tapjoy/TapjoyCache.java, line(s) 56,74,80,92,103,128,154,159,184,187,259,260,261,262,305,315,353,58,77,88,113,121,124,145,171,359,400 com/tapjoy/TapjoyCacheMap.java, line(s) 41,66 com/tapjoy/TapjoyCachedAssetData.java, line(s) 101,113 com/tapjoy/TapjoyConnectCore.java, line(s) 260,278,291,309,359,380,403,674,678,681,817,822,824,939,991,1000,1049,1072,1073,1093,1211,1275,1284,1287,1302,1326,1350,1364,1480,1484,244,257,280,283,297,299,305,322,328,340,412,416,684,695,975,981,987,1052,1078,1097,1135,1165,1173,1182,1191,1378,1385,1438,1505,289,355,376,449,656,657,659,661,662,663,751,1128,1215,1271,1281,1310,1322,1368,1390,1411,1498,209,901,912,973,979,333,723,791,793 com/tapjoy/TapjoyGpsHelper.java, line(s) 20,22,23,28,30,35,36,39,42 com/tapjoy/TapjoyLog.java, line(s) 48 com/tapjoy/TapjoyURLConnection.java, line(s) 166,175,63,79,143,172,55,82,83,84,86,88,102,103,104,152,153,154,156,158 com/tapjoy/TapjoyUtil.java, line(s) 110,111,112,155,163,366,77 com/tapjoy/internal/ee.java, line(s) 62,111,116,408,98,106,47,84,399 com/tapjoy/internal/ej.java, line(s) 35,44 com/tapjoy/internal/er.java, line(s) 119,121 com/tapjoy/internal/hb.java, line(s) 50 com/tapjoy/mediation/TJMediationSettings.java, line(s) 13,40,27,33 com/tapjoy/mraid/controller/Assets.java, line(s) 50,57,58,59,64,66,344,351,104 com/tapjoy/mraid/controller/Display.java, line(s) 120,126,132,142,188,212,218,224,252,270,278,283,87,89 com/tapjoy/mraid/controller/MraidLocation.java, line(s) 54,62,95,100 com/tapjoy/mraid/controller/MraidSensor.java, line(s) 57,63,69,74 com/tapjoy/mraid/controller/Network.java, line(s) 55,95 com/tapjoy/mraid/controller/Utility.java, line(s) 71,73,89,100,113,201,288,312,352 com/tapjoy/mraid/util/MraidPlayer.java, line(s) 57,106 com/tapjoy/mraid/view/Browser.java, line(s) 127,146 com/tapjoy/mraid/view/MraidView.java, line(s) 216,246,267,312,316,329,341,506,536,557,602,606,619,631,706,722,727,733,827,858,969,999,1020,1065,1069,1082,1094,1192,1222,1382,1415,1469,1507,1822,1838,768,1762,371,372,381,388,661,662,671,678,1124,1125,1134,1141,1460,1767,1773 com/unity3d/ads/UnityAds.java, line(s) 67,71,79,104,166,176,192,87,89,97,157,208,210 com/unity3d/ads/adunit/AdUnitActivity.java, line(s) 43,87,101,115,130,159,236,287 com/unity3d/ads/api/AdUnit.java, line(s) 54,57,79,71,83,88,93,124,215 com/unity3d/ads/api/Cache.java, line(s) 49,64,69,81 com/unity3d/ads/api/DeviceInfo.java, line(s) 161,188,197,209 com/unity3d/ads/api/Intent.java, line(s) 83,102,120 com/unity3d/ads/api/Request.java, line(s) 35,47,69,81,100,112 com/unity3d/ads/api/Sdk.java, line(s) 15,23,60,42,54,48 com/unity3d/ads/api/VideoPlayer.java, line(s) 52,70,88,106,124,160 com/unity3d/ads/broadcast/BroadcastEventReceiver.java, line(s) 37 com/unity3d/ads/cache/CacheDirectory.java, line(s) 31,35,41,72,78,80,86,91,44 com/unity3d/ads/cache/CacheThread.java, line(s) 28 com/unity3d/ads/cache/CacheThreadHandler.java, line(s) 67,69,72,190,193,196,119,128,136,143,151,158,166,178 com/unity3d/ads/configuration/Configuration.java, line(s) 80 com/unity3d/ads/configuration/EnvironmentCheck.java, line(s) 23,44,25,30,33,36,47 com/unity3d/ads/configuration/InitializeThread.java, line(s) 75,124,205,220,293,378,390,410,135,142,267,301,304,333,364,414,177,212,246 com/unity3d/ads/connectivity/ConnectivityMonitor.java, line(s) 99,115,138 com/unity3d/ads/device/AdvertisingId.java, line(s) 160,49 com/unity3d/ads/device/Device.java, line(s) 67,157,292,296,305,314,342 com/unity3d/ads/device/Storage.java, line(s) 50,189,35,45,62,72,112,133,212,231,237 com/unity3d/ads/log/DeviceLog.java, line(s) 158,202,208 com/unity3d/ads/metadata/MetaData.java, line(s) 59 com/unity3d/ads/misc/Utilities.java, line(s) 116,46,86,93,98,110,145,166,174,180 com/unity3d/ads/misc/ViewUtilities.java, line(s) 16,31 com/unity3d/ads/properties/ClientProperties.java, line(s) 67,88,106,109 com/unity3d/ads/request/WebRequest.java, line(s) 223,150,156,165 com/unity3d/ads/request/WebRequestHandler.java, line(s) 31,39,44,52,80 com/unity3d/ads/request/WebRequestResultReceiver.java, line(s) 25,41 com/unity3d/ads/request/WebRequestThread.java, line(s) 30,110,125 com/unity3d/ads/video/VideoPlayerView.java, line(s) 40,56,85,91,133,144,163 com/unity3d/ads/webview/WebView.java, line(s) 80,28,106,110 com/unity3d/ads/webview/WebViewApp.java, line(s) 89,95,115,144,258,263,300,108,137,181,220,234,241,271,274,277,294 com/unity3d/ads/webview/bridge/Invocation.java, line(s) 44 com/unity3d/ads/webview/bridge/NativeCallback.java, line(s) 40 com/unity3d/ads/webview/bridge/WebViewBridge.java, line(s) 110 com/unity3d/ads/webview/bridge/WebViewBridgeInterface.java, line(s) 11,30 com/unity3d/ads/webview/bridge/WebViewCallback.java, line(s) 48 com/unity3d/plugin/downloader/UnityDownloaderActivity.java, line(s) 180,183 com/unity3d/plugin/downloader/b/a.java, line(s) 226 com/unity3d/plugin/downloader/b/d.java, line(s) 26 com/unity3d/plugin/downloader/b/f.java, line(s) 48 com/unity3d/plugin/downloader/b/g.java, line(s) 21,23 com/unity3d/plugin/downloader/b/k.java, line(s) 383,221,174,418,456,487,490,495,500,502,523,530,533,555,562,565,587,594,597,623,625 com/unity3d/plugin/downloader/b/p.java, line(s) 290,294,554,223,260,346,515 com/unity3d/plugin/downloader/b/r.java, line(s) 31 com/unity3d/plugin/downloader/b/t.java, line(s) 51,79 com/unity3d/plugin/downloader/b/w.java, line(s) 57 com/unity3d/plugin/downloader/c/b.java, line(s) 45,58,71,92 com/unity3d/plugin/downloader/c/j.java, line(s) 51,60,65,93,123,77,110,115,81,147 com/unity3d/plugin/downloader/c/k.java, line(s) 17,24 com/unity3d/plugin/downloader/c/l.java, line(s) 18 com/unity3d/plugin/downloader/c/m.java, line(s) 27 com/unity3d/plugin/downloader/c/o.java, line(s) 59,91,96,101,105,109,114,119,165,147,151,155 com/unity3d/plugin/downloader/c/s.java, line(s) 38 org/fmod/FMODAudioDevice.java, line(s) 71 org/fmod/a.java, line(s) 82 org/scribe/oauth/OAuth10aServiceImpl.java, line(s) 44,51,52,54,73,81,82,84 org/scribe/utils/StreamUtils.java, line(s) 30
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/chartboost/sdk/Libraries/CBUtility.java, line(s) 113,121,117,121,121,121,121
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/inmobi/commons/core/a/a.java, line(s) 60,63
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api.t.sina.com.cn) 通信。
{'ip': '49.7.37.118', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (pagead2.googlesyndication.com) 通信。
{'ip': '49.7.37.118', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api.kaixin001.com) 通信。
{'ip': '34.107.157.36', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}