移动应用安全检测报告:
安全基线评分
安全基线评分 55/100
综合风险等级
风险等级评定
- A
- B
- C
- F
漏洞与安全项分布(%)
隐私风险
1
检测到的第三方跟踪器数量
检测结果分布
高危安全漏洞
1
中危安全漏洞
14
安全提示信息
2
已通过安全项
2
重点安全关注
1
高危安全漏洞 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
中危安全漏洞 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危安全漏洞 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危安全漏洞 Activity (com.zhubo.zhubo001.mvp.ui.activity.MainActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Service (com.blankj.utilcode.util.MessengerUtils$ServerService) 未被保护。
存在一个intent-filter。 发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/re/ng/yhqp/GameActivity.java, line(s) 302,340,258,303
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/re/ng/yhqp/GameActivity.java, line(s) 261,306,258,303 com/zhubo/zhubo001/mvp/ui/activity/GameWebActivity.java, line(s) 64,57 com/zhubo/zhubo001/mvp/ui/activity/WebActivity.java, line(s) 109,102
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: bin/mt/signature/KillerApplication.java, line(s) 69 com/aaaa/commonutil/cache/DiskUtils.java, line(s) 269 com/arialyy/aria/util/CommonUtil.java, line(s) 250,247,254 com/arialyy/aria/util/FileUtil.java, line(s) 45,302 com/danikula/videocache/StorageUtils.java, line(s) 23,40 com/danikula/videocache3/file/SDCardUtils.java, line(s) 40,45,50,55,60 com/danikula/videocache3/file/strategy/FileHelper.java, line(s) 64 com/danikula/videocache3/log/LogUtil.java, line(s) 76,79 com/danikula/videocache3/server/StorageUtils.java, line(s) 28,45 com/jess/arms/c/c.java, line(s) 19,39 com/maning/updatelibrary/c/c.java, line(s) 20 com/zhubo/zhubo001/a/a.java, line(s) 8,9,10,12,14,16,18,20,22,23 com/zhubo/zhubo001/app/GlobalConfiguration.java, line(s) 60 com/zhubo/zhubo001/c/a/f.java, line(s) 20 com/zhubo/zhubo001/e/e0.java, line(s) 60,36,217,243,247,248 com/zhubo/zhubo001/e/h1.java, line(s) 77,79,85,86 com/zhubo/zhubo001/e/j1/b.java, line(s) 56 com/zhubo/zhubo001/e/j1/e.java, line(s) 68 com/zhubo/zhubo001/e/m0.java, line(s) 89 com/zhubo/zhubo001/e/q0.java, line(s) 24 com/zhubo/zhubo001/e/t.java, line(s) 42,78 com/zhubo/zhubo001/mvp/ui/fragment/ChatFunctionFragment.java, line(s) 33,84 com/zhubo/zhubo001/mvp/ui/fragment/ScanningTorrentFragment.java, line(s) 73 me/pqpo/librarylog4a/appender/FileAppender.java, line(s) 43,43,41
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/arialyy/aria/orm/DelegateFind.java, line(s) 4,83,85,221,535,547,563 com/arialyy/aria/orm/DelegateUpdate.java, line(s) 4,80 com/arialyy/aria/orm/DelegateWrapper.java, line(s) 4,61 com/arialyy/aria/orm/SqlHelper.java, line(s) 5,6,55,70,90,201,238 com/arialyy/aria/orm/SqlUtil.java, line(s) 5,74,425 com/danikula/videocache/sourcestorage/DatabaseSourceInfoStorage.java, line(s) 6,7,55 com/danikula/videocache3/sourcestorage/DatabaseSourceInfoStorage.java, line(s) 6,7,132 com/zaaach/citypicker/b/a.java, line(s) 5,80,99 com/zhubo/zhubo001/mvp/model/gen/AnalysisJuBeanDao.java, line(s) 4,46,54 com/zhubo/zhubo001/mvp/model/gen/AnalysisTaskIdBeanDao.java, line(s) 4,46,54 com/zhubo/zhubo001/mvp/model/gen/CollectBeanDao.java, line(s) 4,63,71 com/zhubo/zhubo001/mvp/model/gen/DownLoadBeanDao.java, line(s) 4,76,84 com/zhubo/zhubo001/mvp/model/gen/FavoriteBeanDao.java, line(s) 4,46,54 com/zhubo/zhubo001/mvp/model/gen/MovieRecordBeanDao.java, line(s) 4,62,70 com/zhubo/zhubo001/mvp/model/gen/OnlineMovieBeanDao.java, line(s) 4,75,83 com/zhubo/zhubo001/mvp/model/gen/SearchRecordBeanDao.java, line(s) 4,44,52 com/zhubo/zhubo001/mvp/model/gen/UserBeanDao.java, line(s) 4,72,80 org/greenrobot/greendao/a.java, line(s) 6,7,253 org/greenrobot/greendao/h/g.java, line(s) 5,16
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/common/use/util/c.java, line(s) 3 com/zhubo/zhubo001/mvp/ui/widget/LoveView.java, line(s) 19 q/rorbin/badgeview/b.java, line(s) 12
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/zhubo/zhubo001/e/m0.java, line(s) 81
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个1隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "google_app_id" : "1:101876805224:android:23a421ec01779a1cb795dd" "google_api_key" : "AIzaSyCRc8szL69glSRuZzE_vG7ukJ6xrMdBApg" "pwd_limit" : "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" "token_erc" : "ERC-20" "token_trc" : "TRC-20" "google_crash_reporting_api_key" : "AIzaSyCRc8szL69glSRuZzE_vG7ukJ6xrMdBApg"
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: bin/mt/signature/KillerApplication.java, line(s) 113,124,159 com/aaaa/commonutil/cache/DiskUtils.java, line(s) 228 com/aaaa/commonutil/log/DefaultLog.java, line(s) 24,55,31,40,46,61,68 com/aaaa/commonutil/log/Log4s.java, line(s) 14,18,22,26,42,46 com/aaaa/commonutil/log/filelog/FileLog.java, line(s) 55,98 com/aaaa/commonutil/log/filelog/FileLog4a.java, line(s) 71,111,81,101,121,131 com/alibaba/a/C0016.java, line(s) 44,156 com/alibaba/b/C0017.java, line(s) 43,133 com/arialyy/aria/core/Aria.java, line(s) 49 com/arialyy/aria/core/AriaConfig$1.java, line(s) 27,34 com/arialyy/aria/core/AriaConfig.java, line(s) 55,127 com/arialyy/aria/core/AriaManager.java, line(s) 254,225 com/arialyy/aria/core/WidgetLiftManager.java, line(s) 52,66,44 com/arialyy/aria/core/command/AbsGroupCmd.java, line(s) 43 com/arialyy/aria/core/command/AddCmd.java, line(s) 24 com/arialyy/aria/core/command/CancelAllCmd.java, line(s) 39 com/arialyy/aria/core/command/HighestPriorityCmd.java, line(s) 28 com/arialyy/aria/core/command/ResumeAllCmd.java, line(s) 27 com/arialyy/aria/core/command/ResumeThread.java, line(s) 131,116 com/arialyy/aria/core/command/StopCmd.java, line(s) 26 com/arialyy/aria/core/common/AbsNormalTarget.java, line(s) 107,68 com/arialyy/aria/core/common/FtpOption.java, line(s) 165,169,181,188,194,199,203,213,225,241,273,282 com/arialyy/aria/core/common/HttpOption.java, line(s) 94,34,38,50 com/arialyy/aria/core/common/RecordHandler.java, line(s) 97,135 com/arialyy/aria/core/common/RecordHelper.java, line(s) 157,47,51,53,56,70,75,80,151,160,105,144 com/arialyy/aria/core/common/SFtpOption.java, line(s) 41,45,56,65,74,83,92 com/arialyy/aria/core/common/controller/FeatureController.java, line(s) 87 com/arialyy/aria/core/common/controller/NormalController.java, line(s) 84,82 com/arialyy/aria/core/config/BaseConfig.java, line(s) 35 com/arialyy/aria/core/config/BaseTaskConfig.java, line(s) 151 com/arialyy/aria/core/config/DGroupConfig.java, line(s) 63 com/arialyy/aria/core/config/DownloadConfig.java, line(s) 50 com/arialyy/aria/core/config/UploadConfig.java, line(s) 37 com/arialyy/aria/core/config/XMLReader.java, line(s) 221,388,396 com/arialyy/aria/core/download/CheckDEntityUtil.java, line(s) 38,42,46,52,103,109,119,159,94,141,144,150 com/arialyy/aria/core/download/CheckDGEntityUtil.java, line(s) 168,71,85,98,144,159,252,63,88,208 com/arialyy/aria/core/download/CheckFtpDirEntityUtil.java, line(s) 60,93,121,52 com/arialyy/aria/core/download/DownloadEntity.java, line(s) 87 com/arialyy/aria/core/download/DownloadReceiver.java, line(s) 88,115,216,237,307 com/arialyy/aria/core/download/M3U8Entity.java, line(s) 79 com/arialyy/aria/core/download/m3u8/M3U8LiveOption.java, line(s) 29 com/arialyy/aria/core/download/m3u8/M3U8Option.java, line(s) 86,65 com/arialyy/aria/core/download/m3u8/M3U8VodOption.java, line(s) 33,42,51 com/arialyy/aria/core/download/target/DNormalConfigHandler.java, line(s) 99,104 com/arialyy/aria/core/download/target/GroupBuilderTarget.java, line(s) 52 com/arialyy/aria/core/download/target/GroupNormalTarget.java, line(s) 60 com/arialyy/aria/core/download/target/HttpGroupConfigHandler.java, line(s) 68 com/arialyy/aria/core/download/target/M3U8NormalTarget.java, line(s) 29,33 com/arialyy/aria/core/download/tcp/TcpDelegate.java, line(s) 28,34,43,52 com/arialyy/aria/core/event/EventMsgUtil.java, line(s) 118 com/arialyy/aria/core/group/AbsGroupLoader.java, line(s) 221,99 com/arialyy/aria/core/group/AbsGroupLoaderUtil.java, line(s) 76 com/arialyy/aria/core/group/AbsSubDLoadUtil.java, line(s) 44,129 com/arialyy/aria/core/group/SimpleSchedulers.java, line(s) 39,40,64,89,112,83,127,110,121 com/arialyy/aria/core/group/SimpleSubQueue.java, line(s) 89,120,125,142,147,154,159,72,77 com/arialyy/aria/core/inf/AbsReceiver.java, line(s) 68 com/arialyy/aria/core/inf/AbsTarget.java, line(s) 48 com/arialyy/aria/core/listener/BaseListener.java, line(s) 84,105 com/arialyy/aria/core/listener/DownloadGroupListener.java, line(s) 50 com/arialyy/aria/core/loader/AbsNormalLoader$1.java, line(s) 31,34,27 com/arialyy/aria/core/loader/AbsNormalLoader.java, line(s) 86,149,150,191,209,215,183,199 com/arialyy/aria/core/loader/AbsNormalLoaderUtil.java, line(s) 105 com/arialyy/aria/core/loader/GroupSubThreadStateManager.java, line(s) 91,102 com/arialyy/aria/core/loader/NormalTTBuilder.java, line(s) 90,114,130,66,117 com/arialyy/aria/core/loader/NormalThreadStateManager.java, line(s) 64,75 com/arialyy/aria/core/loader/SubLoader.java, line(s) 77,82,203,204,89,94,225,170,261 com/arialyy/aria/core/manager/SubTaskManager.java, line(s) 29,34,40 com/arialyy/aria/core/manager/TaskWrapperManager.java, line(s) 71,91,105 com/arialyy/aria/core/manager/ThreadTaskManager.java, line(s) 126,172,187,214,223,226,241 com/arialyy/aria/core/queue/AbsTaskQueue.java, line(s) 184,195,146,158,170,138,256,61,163,201,205,221,250,253,286,294,306,320,338 com/arialyy/aria/core/queue/DGroupTaskQueue.java, line(s) 43 com/arialyy/aria/core/queue/DTaskQueue.java, line(s) 113,45 com/arialyy/aria/core/queue/UTaskQueue.java, line(s) 42 com/arialyy/aria/core/queue/pool/BaseCachePool.java, line(s) 81,42,67,94,105,71 com/arialyy/aria/core/queue/pool/BaseExecutePool.java, line(s) 83,41,91,95,111,121,57 com/arialyy/aria/core/queue/pool/DLoadExecutePool.java, line(s) 46,53,32 com/arialyy/aria/core/scheduler/FailureTaskHandler$2.java, line(s) 33 com/arialyy/aria/core/scheduler/TaskSchedulers.java, line(s) 134,141,151,156,68,73,78,285,368,396,406,334 com/arialyy/aria/core/task/AbsTask.java, line(s) 182,193,49,153,177,190,204,155 com/arialyy/aria/core/task/ThreadTask.java, line(s) 138,219,234,359,126,270,92,97,109,111,214,246,249,355,357,366,121,129,143,151 com/arialyy/aria/core/upload/CheckUEntityUtil.java, line(s) 70,104,115 com/arialyy/aria/core/upload/UploadReceiver.java, line(s) 129,141,186 com/arialyy/aria/core/upload/target/HttpNormalTarget.java, line(s) 41 com/arialyy/aria/http/ChunkedInputStream.java, line(s) 29,34,62,64 com/arialyy/aria/http/ConnectionHelp.java, line(s) 68 com/arialyy/aria/http/download/HttpDFileInfoTask.java, line(s) 104,140,207,275,316,326,348,68,320,218,258,313 com/arialyy/aria/http/download/HttpDGInfoTask.java, line(s) 59,92,150,46 com/arialyy/aria/http/download/HttpDThreadTaskAdapter.java, line(s) 138,141 com/arialyy/aria/http/upload/HttpULoader.java, line(s) 88 com/arialyy/aria/http/upload/HttpUThreadTaskAdapter.java, line(s) 88 com/arialyy/aria/m3u8/BaseM3U8Loader.java, line(s) 59 com/arialyy/aria/m3u8/M3U8InfoTask.java, line(s) 123,126,170,178,191,235 com/arialyy/aria/m3u8/M3U8ThreadTaskAdapter.java, line(s) 83,180 com/arialyy/aria/m3u8/live/LiveStateManager$1.java, line(s) 52,58 com/arialyy/aria/m3u8/live/LiveStateManager.java, line(s) 66,51 com/arialyy/aria/m3u8/live/M3U8LiveLoader$3.java, line(s) 31 com/arialyy/aria/m3u8/live/M3U8LiveLoader.java, line(s) 240,152,242,75 com/arialyy/aria/m3u8/vod/M3U8VodLoader.java, line(s) 205,334,352,525,555,559,176,182,186,497,551,189,580,581,282 com/arialyy/aria/m3u8/vod/VodRecordHandler.java, line(s) 79 com/arialyy/aria/m3u8/vod/VodStateManager.java, line(s) 71,91,101,200,227,228,180 com/arialyy/aria/orm/DelegateFind.java, line(s) 101,377,542,283,439,475,503 com/arialyy/aria/orm/DelegateUpdate.java, line(s) 91,110,131,149 com/arialyy/aria/orm/SqlHelper.java, line(s) 116,125,231,267,305,308,286 com/arialyy/aria/orm/SqlUtil.java, line(s) 88,97,209 com/arialyy/aria/util/ALog.java, line(s) 42 com/arialyy/aria/util/AriaServiceLoader.java, line(s) 63 com/arialyy/aria/util/CheckUtil.java, line(s) 30,43,56,73,86,114,119,33,46,89 com/arialyy/aria/util/CommonUtil.java, line(s) 284,287,386,424,445,106,123,147,463,561,598,495,550 com/arialyy/aria/util/ComponentUtil.java, line(s) 131 com/arialyy/aria/util/DeleteDGRecord.java, line(s) 58,92,64 com/arialyy/aria/util/DeleteDRecord.java, line(s) 53,65,93 com/arialyy/aria/util/DeleteM3u8Record.java, line(s) 77,91,107 com/arialyy/aria/util/DeleteURecord.java, line(s) 45,69 com/arialyy/aria/util/FileUtil.java, line(s) 162,169,171,660,686,187,254,543,705 com/arialyy/aria/util/RecordUtil.java, line(s) 29,77,83 com/arialyy/aria/util/SSLContextUtil.java, line(s) 139 com/common/use/util/NetworkUtils.java, line(s) 93,96 com/danikula/videocache/HttpProxyCacheDebuger.java, line(s) 44,50,60,71,82 com/danikula/videocache3/file/FFConcatHelper.java, line(s) 48 com/danikula/videocache3/hls/FileUtils.java, line(s) 81 com/danikula/videocache3/log/LogUtil.java, line(s) 92 com/danikula/videocache3/net/OkHttpUrlSource.java, line(s) 146 com/jess/arms/b/c.java, line(s) 89,88 com/jess/arms/c/e.java, line(s) 13 com/maning/updatelibrary/a.java, line(s) 96,122 com/maning/updatelibrary/b/b.java, line(s) 149,173 com/re/ng/yhqp/Client.java, line(s) 72 com/re/ng/yhqp/GameActivity.java, line(s) 115,120,284,329,337,345,378,413,592,689,694 com/re/ng/yhqp/GameListActivity.java, line(s) 76 com/re/ng/yhqp/GameListDialogActivity.java, line(s) 121 com/tbruyelle/rxpermissions3/RxPermissionsFragment.java, line(s) 55,83 com/zhubo/zhubo001/app/BaseApplication.java, line(s) 136,64 com/zhubo/zhubo001/app/service/DownLoadService.java, line(s) 93,120,214,237,248 com/zhubo/zhubo001/c/a/d.java, line(s) 149,173 com/zhubo/zhubo001/e/e0.java, line(s) 64,143 com/zhubo/zhubo001/e/j1/b.java, line(s) 130,138,156,166,176,122 com/zhubo/zhubo001/e/j1/e.java, line(s) 150 com/zhubo/zhubo001/e/j1/i.java, line(s) 35,37,138,150 com/zhubo/zhubo001/e/j1/j.java, line(s) 27 com/zhubo/zhubo001/e/v.java, line(s) 94 com/zhubo/zhubo001/mvp/model/enity/netbean/KeyBean.java, line(s) 81 com/zhubo/zhubo001/mvp/model/gen/DaoMaster.java, line(s) 35,62 com/zhubo/zhubo001/mvp/ui/fragment/ChatFunctionFragment.java, line(s) 210,213,199 com/zhubo/zhubo001/mvp/ui/fragment/NormalUserInfoFragment.java, line(s) 85 com/zhubo/zhubo001/mvp/ui/itemdecoratiom/DownloadItemDecoration.java, line(s) 31 com/zhubo/zhubo001/mvp/ui/widget/WarpRadioGroup.java, line(s) 93 com/zhubo/zhubo001/mvp/ui/widget/chat/BubbleImageView.java, line(s) 107,108,109,110 com/zhubo/zhubo001/mvp/ui/widget/chat/b.java, line(s) 389,400,414,386 com/zhubo/zhubo001/mvp/ui/widget/exo/GSYExo2PlayerView.java, line(s) 688 com/zhubo/zhubo001/mvp/ui/widget/exo/TriangleLayout.java, line(s) 66 com/zhubo/zhubo001/mvp/ui/widget/u.java, line(s) 68,78 com/zhubo/zhubo001/utils/network/websocket/i.java, line(s) 66,215,258,69,158,160,175,187,199,207,291,302 d/a/b/a/a/a.java, line(s) 166,152,230 d/b/a/a/a/a/a.java, line(s) 127,179 d/b/a/a/a/a/d.java, line(s) 37,55,64,74 io/rx_cache2/internal/w/m.java, line(s) 33 me/jessyan/lifecyclemodel/HolderFragment.java, line(s) 43,62 me/jessyan/retrofiturlmanager/RetrofitUrlManager.java, line(s) 184 me/jessyan/rxerrorhandler/handler/RetryWithDelay.java, line(s) 44 me/jessyan/rxerrorhandler/handler/RetryWithDelayOfFlowable.java, line(s) 44 me/pqpo/librarylog4a/LogBuffer.java, line(s) 35,56,67,94,106 org/greenrobot/eventbus/e.java, line(s) 45,50 org/greenrobot/greendao/d.java, line(s) 17,21,25,29,33,37 org/lsposed/hiddenapibypass/HiddenApiBypass.java, line(s) 89,331 org/wavefar/lib/scanner/CaptureActivity.java, line(s) 363,171,152,162,165 org/wavefar/lib/scanner/c.java, line(s) 50 org/wavefar/lib/scanner/camera/a.java, line(s) 61,71,81 org/wavefar/lib/scanner/camera/b.java, line(s) 63,71,80,85,98,123,134,161,212,224,57,158,163,184 org/wavefar/lib/scanner/camera/c.java, line(s) 84,165,185,186,187,126,125,134 org/wavefar/lib/scanner/camera/d.java, line(s) 34,37,21 org/wavefar/lib/scanner/camera/e.java, line(s) 38 org/wavefar/lib/scanner/d.java, line(s) 39,107,113 org/wavefar/lib/scanner/decode/CaptureActivityHandler.java, line(s) 90,98,116,124,132,142 org/wavefar/lib/scanner/decode/e.java, line(s) 58 razerdp/basepopup/BasePopupWindow.java, line(s) 474 razerdp/basepopup/g.java, line(s) 45,68 razerdp/basepopup/h.java, line(s) 282 razerdp/util/log/PopupLog.java, line(s) 145,149,161,154,157 rjsv/floatingmenu/floatingmenubutton/FloatingMenuButton.java, line(s) 166,522 rjsv/floatingmenu/floatingmenubutton/general/Utils.java, line(s) 30 rx/internal/util/c.java, line(s) 25 rx/n/c.java, line(s) 366
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/zhubo/zhubo001/e/u.java, line(s) 4,36
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/arialyy/aria/util/SSLContextUtil.java, line(s) 75,68,70,75,102,66,67,67 com/danikula/videocache/HttpUrlSource.java, line(s) 105,102,107 com/danikula/videocache3/net/OkHttpManager.java, line(s) 113,112,113,100,111,111 com/jess/arms/a/b/h.java, line(s) 95,104 com/zhubo/zhubo001/app/v.java, line(s) 16,16
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/101876805224/namespaces/firebase:fetch?key=AIzaSyCRc8szL69glSRuZzE_vG7ukJ6xrMdBApg ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (alj1s9j1.com) 通信。
{'ip': '221.228.32.13', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '无锡', 'latitude': '31.569349', 'longitude': '120.288788'}