应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
𝄢𝕄∙𝓊♪s𝒾𝒞▹ v9.6.6
51
安全评分
安全基线评分
51/100
低风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
1
高危
46
中危
4
信息
2
安全
隐私风险评估
1
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
1
中危安全漏洞
46
安全提示信息
4
已通过安全项
2
重点安全关注
6
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: org/telegram/ui/ArticleViewer.java, line(s) 6832,61,62 org/telegram/ui/Components/EmbedBottomSheet.java, line(s) 741,746,34,35
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Service (org.telegram.messenger.GcmPushListenerService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (org.telegram.messenger.GoogleVoiceClientService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (org.telegram.messenger.GoogleVoiceClientActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity-Alias (org.telegram.messenger.DefaultIcon) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity-Alias (org.telegram.messenger.VintageIcon) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity-Alias (org.telegram.messenger.AquaIcon) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity-Alias (org.telegram.messenger.PremiumIcon) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity-Alias (org.telegram.messenger.TurboIcon) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity-Alias (org.telegram.messenger.NoxIcon) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity-Alias (org.telegram.ui.CallsActivity) 受权限保护,但应检查权限保护级别。
Permission: android.permission.CALL_PHONE [android:exported=true] 检测到 Activity-Alias 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (org.telegram.ui.ShareActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (org.telegram.ui.ExternalActionActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (org.telegram.ui.ChatsWidgetConfigActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (org.telegram.ui.ContactsWidgetConfigActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (org.telegram.messenger.OpenChatReceiver) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(org.telegram.ui.VoIPPermissionActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(org.telegram.ui.VoIPFeedbackActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Broadcast Receiver (org.telegram.messenger.SmsReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (org.telegram.messenger.AuthenticatorService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (org.telegram.messenger.ContactsSyncAdapterService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (org.telegram.messenger.BringAppForegroundService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (org.telegram.messenger.NotificationsService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (org.telegram.messenger.VideoEncodingService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (org.telegram.messenger.ImportingService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (org.telegram.messenger.LocationSharingService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (org.telegram.messenger.MusicPlayerService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (org.telegram.messenger.MusicBrowserService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (org.telegram.messenger.voip.TelegramConnectionService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_TELECOM_CONNECTION_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (org.telegram.messenger.RefererReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.INSTALL_PACKAGES [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Content Provider (org.telegram.messenger.voip.CallNotificationSoundProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (androidx.sharetarget.ChooserTargetServiceCompat) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_CHOOSER_TARGET_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/github/gzuliyujiang/oaid/DeviceID.java, line(s) 309,310 com/hbisoft/hbrecorder/HBRecorder.java, line(s) 153 com/hbisoft/hbrecorder/ScreenRecordService.java, line(s) 165 com/lxj/xpopup/util/XPopupUtils.java, line(s) 323,346 org/telegram/messenger/AndroidUtilities.java, line(s) 643,2738,642,1886,1918,1928,2690,2691 org/telegram/messenger/EmuDetector.java, line(s) 226 org/telegram/messenger/FilesMigrationService.java, line(s) 101,85,197 org/telegram/messenger/MediaController.java, line(s) 3874,3876 org/telegram/messenger/SharedConfig.java, line(s) 1077 org/telegram/messenger/voip/VoIPController.java, line(s) 207 org/telegram/ui/ChatActivity.java, line(s) 5093,11842,11850 org/telegram/ui/Components/ChatAttachAlertDocumentLayout.java, line(s) 961,1163,1163,1163,1166 org/telegram/ui/Components/voip/VoIPHelper.java, line(s) 776,810
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/carrotsearch/randomizedtesting/Xoroshiro128PlusRandom.java, line(s) 3 com/tencent/qimei/j/a.java, line(s) 9 com/tencent/qimei/s/e.java, line(s) 3 com/tencent/qmsp/sdk/f/c.java, line(s) 6 cos/MyCOSService.java, line(s) 24 j$/util/concurrent/ThreadLocalRandom.java, line(s) 18 org/telegram/messenger/Utilities.java, line(s) 17 org/telegram/ui/Components/AudioVisualizerDrawable.java, line(s) 6 org/telegram/ui/Components/AvatarsDrawable.java, line(s) 11 org/telegram/ui/Components/BlobDrawable.java, line(s) 7 org/telegram/ui/Components/CircleBezierDrawable.java, line(s) 7 org/telegram/ui/Components/FlickerLoadingView.java, line(s) 12 org/telegram/ui/Components/GroupCallPipButton.java, line(s) 17 org/telegram/ui/Components/LineBlobDrawable.java, line(s) 6 org/telegram/ui/Components/SharedMediaFastScrollTooltip.java, line(s) 15 org/telegram/ui/EmojiAnimationsOverlay.java, line(s) 10 org/xbill/DNS/Header.java, line(s) 5 q/rorbin/badgeview/BadgeAnimator.java, line(s) 12
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/github/gzuliyujiang/oaid/impl/OppoImpl.java, line(s) 75 com/shubao/xinstall/a/a/d.java, line(s) 109 com/shubao/xinstall/a/f/c.java, line(s) 14 com/shubao/xinstall/a/f/i.java, line(s) 97 com/tencent/qmsp/oaid2/h0.java, line(s) 72 com/tencent/qmsp/sdk/g/g/e.java, line(s) 74 org/telegram/messenger/Utilities.java, line(s) 335,349 org/telegram/ui/PassportActivity.java, line(s) 2105
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/shubao/xinstall/a/f/c.java, line(s) 40 com/tencent/qimei/j/a.java, line(s) 29 com/tencent/qmsp/oaid2/l.java, line(s) 78 com/tencent/qmsp/sdk/a/c.java, line(s) 42,107 com/tencent/qmsp/sdk/g/b/c.java, line(s) 71 org/telegram/messenger/MessagesController.java, line(s) 5621 org/telegram/messenger/Utilities.java, line(s) 480
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/tencent/qimei/c/c.java, line(s) 121 com/tencent/qimei/upload/BuildConfig.java, line(s) 13 cos/MyCOSService.java, line(s) 469,494,520,545,473,498,524,549,466,491,517,542,463,488,514,539,472,497,523,548,484,509,535,560,474,499,525,550,471,496,522,547,468,493,519,544,479,504,530,555,475,500,526,551,467,492,518,543,482,507,533,558,476,501,527,552,387,646,470,495,521,546,477,502,528,553,483,508,534,559,480,505,531,556,464,489,515,540,486,511,537,562,481,506,532,557,462,487,513,538,485,510,536,561,465,490,516,541,478,503,529,554 org/telegram/messenger/EmuDetector.java, line(s) 19
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/shubao/xinstall/a/b/b.java, line(s) 46 org/telegram/messenger/BuildVars.java, line(s) 172 org/telegram/messenger/ImageReceiver.java, line(s) 512 org/telegram/messenger/MediaDataController.java, line(s) 222,228,227 org/telegram/messenger/voip/Instance.java, line(s) 230,202,212 org/telegram/ui/Adapters/MentionsAdapter.java, line(s) 672 org/telegram/ui/ArticleViewer.java, line(s) 3510 org/telegram/ui/ChannelCreateActivity.java, line(s) 192 org/telegram/ui/DataAutoDownloadActivity.java, line(s) 76,91,84 org/telegram/ui/PremiumPreviewFragment.java, line(s) 1626,1568 org/telegram/ui/TopicsFragment.java, line(s) 2884,2877
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/tencent/qimei/y/g.java, line(s) 45,42 com/tencent/qimei/y/k.java, line(s) 45,43 org/telegram/ui/ArticleViewer.java, line(s) 6717,6711 org/telegram/ui/Components/BotWebViewContainer.java, line(s) 342,307 org/telegram/ui/Components/EmbedBottomSheet.java, line(s) 720,257 org/telegram/ui/Components/WebPlayerView.java, line(s) 1124,1131 org/telegram/ui/LoginActivity.java, line(s) 1739,3351,1737,3349 org/telegram/ui/WebviewActivity.java, line(s) 229,216
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/tencent/qimei/y/g.java, line(s) 43,42 com/tencent/qimei/y/k.java, line(s) 38,43 org/telegram/ui/JMTBaiduMapActivity.java, line(s) 82,77 org/telegram/ui/JMTMapPreviewActivity.java, line(s) 68,62
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: org/telegram/ui/Components/Paint/Slice.java, line(s) 22
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个1隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 谷歌地图的=> "com.google.android.maps.v2.API_KEY" : "AIzaSyA-t0jLPjUt2FxrA8VPK2EiYHcYcboIR6k" openinstall统计的=> "com.openinstall.APP_KEY" : "openInstallAppKey" Xinstall推广SDK的=> "com.xinstall.APP_KEY" : "xInstallAppKey" "YourPasswordSuccess" : "Gelukt!" "ReportSpamUser" : "BLOKKEREN" "TypePrivate" : "Privato" "PasswordOff" : "penutup" "PasscodePassword" : "Passwort" "PaymentPasswordTitle" : "Passwort" "UsernameLinkActive" : "active" "PasswordOn" : "Ein" "TypePrivate" : "pribadi" "TypePrivateGroup" : "Private" "PasswordOff" : "Desactivada" "CancelPasswordResetNo" : "NO" "LoginPassword" : "Senha" "LoginPassword" : "Password" "NotificationHiddenChatUserName" : "Utente" "PasswordOff" : "Off" "PaymentPasswordTitle" : "Password" "NotificationHiddenChatUserName" : "Nutzer" "UsernameLinkActive" : "positif" "PasswordRecovery" : "Wachtwoordherstel" "Username" : "Gebruikersnaam" "AbortPasswordMenu" : "Interromper" "PasswordOn" : "Activada" "CheckPasswordPerfect" : "sempurna!" "PaymentPasswordEmailTitle" : "Wiederherstellung" "PasswordOn" : "Aan" "UseProxyPassword" : "Wachtwoord" "UseProxySecret" : "Secret" "LoginPassword" : "Wachtwoord" "ReportSpamUser" : "BLOQUEAR" "LoginPassword" : "Passwort" "PasswordOff" : "Aus" "UseProxySecret" : "Sleutel" "Username" : "Benutzername" "PasswordCode" : "Codice" "PasswordOn" : "menyalakan" "PasswordCode" : "Code" "UseProxyPassword" : "Senha" "UseProxyUsername" : "Username" "PasswordOn" : "Ativada" "PaymentPasswordTitle" : "Wachtwoord" "PasswordOff" : "Uit" "Username" : "Username" "EncryptionKey" : "Encryptiesleutel" "UseProxySecret" : "gram" "PasscodePassword" : "Wachtwoord" "JMTUsername" : "Username" "UseProxySecret" : "Segreto " "PasscodePassword" : "Senha" "PaymentPasswordTitle" : "Senha" "google_crash_reporting_api_key" : "AIzaSyA-t0jLPjUt2FxrA8VPK2EiYHcYcboIR6k" "NotificationHiddenChatUserName" : "Usuario" "google_api_key" : "AIzaSyA-t0jLPjUt2FxrA8VPK2EiYHcYcboIR6k" "YourPasswordSuccess" : "Geschafft!" "UseProxyUsername" : "Gebruiker" "TypePrivateGroup" : "Privat" "TypePrivateGroup" : "Privato" "PasswordOff" : "Desativada" "CheckPasswordPerfect" : "Perfect!" "google_app_id" : "1:760348033671:android:f6afd7b67eae3860" "UseProxyUsername" : "Usuario" "TerminateWebSessionStop" : "Cahaya%1$s" "CancelPasswordResetYes" : "YES" "YourPasswordSuccess" : "Success!" "PasswordOn" : "On" "TypePrivate" : "Privat" "PaymentPasswordEmailTitle" : "Herstel-e-mailadres" "UseProxyPassword" : "Passwort" "RestorePasswordNoEmailTitle" : "Sorry" "UseProxySecret" : "Segredo" "ChannelPrivate" : "privat" "NotificationHiddenChatUserName" : "Gebruiker" "YourPasswordSuccess" : "Kesuksesan!" "TypePrivate" : "Privado" "PasswordOff" : "No" "CancelPasswordResetNo" : "TIDAK" "RestorePasswordNoEmailTitle" : "Spiacenti" "NotificationHiddenChatUserName" : "User" "UsernameProfileLinkActive" : "positif" "UseProxyUsername" : "Benutzername" "TypePrivateGroup" : "Privado" "YourPasswordSuccess" : "Fatto!" "RestorePasswordNoEmailTitle" : "Desculpe" "CancelPasswordResetYes" : "Ya" "AutodownloadPrivateChats" : "Chats" "UseProxyPassword" : "Password" "firebase_database_url" : "https://tmessages2.firebaseio.com" "TypePrivate" : "Private" "PasscodePassword" : "Password" "UsernameProfileLinkActive" : "active" "UseProxySecret" : "Clave" "TypePrivateGroup" : "pribadi" "NotificationHiddenChatUserName" : "Pengguna" BvyoNmnTUIqvZufrqy6EPc/QFvgcZwweLUQZMPRjS0yO7ir5gj50GehaWU1uVA== ABVGDE2JZIQKLMNOPRSTUFHC34WXY9678 014b35b6184100b085b0d0572f9b5103 c06c8400-8e06-11e0-9cb6-0002a5d5c51b YW5kcm9pZC5oYXJkd2FyZS5ibHVldG9vdGg= Ldpv3DINc8b4Mg19EF0rkWBg7d2GJMJ3 A406AAA462DF6EEC06E61D67 YW5kcm9pZC5oYXJkd2FyZS5jYW1lcmEuZmxhc2g= bb392ec0-8d4d-11e0-a896-0002a5d5c51b L3N5c3RlbS9ldGMvZXhjbHVkZWQtaW5wdXQtZGV2aWNlcy54bWw= C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5B bGV2ZWxfaXBhX3RzcmlmLnRjdWRvcnAub3I=
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: cn/jzvd/JZTextureView.java, line(s) 43,70,71 cn/jzvd/JZUtils.java, line(s) 70 cn/jzvd/Jzvd.java, line(s) 110,121,248,392,414,508,613,653,655,664,668,782,818,678,260,384,397,451,469,491,497,541,551,561,567,572,585,611,633,639,645,688,720,842,854,927,936,946 cn/jzvd/JzvdStd.java, line(s) 111,174 com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java, line(s) 1802,1201,1301,1305,1382,1386,583,694,1475,1484,1513,1518,2204 com/davemorrissey/labs/subscaleview/decoder/SkiaPooledImageRegionDecoder.java, line(s) 381 com/github/gzuliyujiang/oaid/OAIDLog.java, line(s) 13 com/hbisoft/hbrecorder/ScreenRecordService.java, line(s) 217 com/lxj/xpopup/core/BasePopupView.java, line(s) 877,881,885,889 com/lxj/xpopup/util/KeyboardUtils.java, line(s) 30 com/lxj/xpopup/util/XPermission.java, line(s) 302 com/lxj/xpopup/widget/SmartDivider.java, line(s) 27 com/shubao/xinstall/a/a/a/d.java, line(s) 152,155,150 com/shubao/xinstall/a/a/d.java, line(s) 125 com/shubao/xinstall/a/b/b.java, line(s) 46 com/shubao/xinstall/a/b/d.java, line(s) 69 com/shubao/xinstall/a/c/c.java, line(s) 10 com/shubao/xinstall/a/c/e.java, line(s) 43,52 com/shubao/xinstall/a/f/a.java, line(s) 188,223,228,238,249,261,295,301,310,323 com/shubao/xinstall/a/f/d.java, line(s) 24,28 com/shubao/xinstall/a/f/e.java, line(s) 117 com/shubao/xinstall/a/f/i.java, line(s) 137,140,145,148,153,156 com/shubao/xinstall/a/f/o.java, line(s) 9,17,13 com/shubao/xinstall/b.java, line(s) 12,13,14,15,16 com/tencent/qimei/k/a.java, line(s) 49,14,43 com/tencent/qmsp/oaid2/c.java, line(s) 11,17,23 com/tencent/qmsp/oaid2/j.java, line(s) 32,46 com/tencent/qmsp/oaid2/y.java, line(s) 15 com/tencent/qmsp/sdk/base/c.java, line(s) 11,21,27 com/tencent/qmsp/sdk/f/g.java, line(s) 11,21,27,33 com/tencent/qmsp/sdk/g/b/a.java, line(s) 36,54 com/tencent/qmsp/sdk/g/b/b.java, line(s) 38,47,41 com/tencent/qmsp/sdk/g/e/d.java, line(s) 20 cos/MyCOSService.java, line(s) 175,191,203,245,254,260,272,299,308,315,613,617,631,632,638 io/nlopez/smartlocation/utils/LoggerFactory.java, line(s) 49,64,69,54,59 org/telegram/PhoneFormat/PhoneFormat.java, line(s) 111,116,137,144,154,162,212 org/telegram/SQLite/SQLiteCursor.java, line(s) 98,103 org/telegram/SQLite/SQLiteDatabase.java, line(s) 60,77 org/telegram/SQLite/SQLitePreparedStatement.java, line(s) 104,112 org/telegram/messenger/AndroidUtilities.java, line(s) 1797,1934,1959,1964,2562,2696,2703,332,388,471,569,607,933,970,1197,1228,1347,1363,1531,1540,1696,1760,1789,1845,1864,1930,1967,1976,2075,2079,2206,2222,2233,2282,2299,2303,2404,2530,2545,2660,2682,2740,2832,2998,3010,3054,4050,4068,4295,4305,4313,4353,4369,4575,4584,4632 org/telegram/messenger/AnimatedFileDrawableStream.java, line(s) 54,113 org/telegram/messenger/ApplicationLoader.java, line(s) 187,210,235,236,254,375,557,143,385,425,442,456,480,525,549 org/telegram/messenger/AuthTokensHelper.java, line(s) 69 org/telegram/messenger/BillingController.java, line(s) 227,310,314,332,113 org/telegram/messenger/ChatObject.java, line(s) 289,297,487,867,879,903,911,1054,1063,1076,1086,1171 org/telegram/messenger/ChatThemeController.java, line(s) 66,150,296,363,395 org/telegram/messenger/ContactsController.java, line(s) 536,553,569,821,917,926,950,1095,1100,1131,1195,1218,1744,1886,183,192,684,709,872,1429,1437,1681,1685,1694,1981,2582,2614 org/telegram/messenger/ContactsRemoteViewsFactory.java, line(s) 163 org/telegram/messenger/ContactsSyncAdapterService.java, line(s) 49,30 org/telegram/messenger/DatabaseMigrationHelper.java, line(s) 1225,1335,551,604,650,674,698,722,769,985,1239,1243 org/telegram/messenger/DispatchQueue.java, line(s) 52,63,76,89 org/telegram/messenger/DispatchQueuePoolBackground.java, line(s) 122 org/telegram/messenger/DocumentObject.java, line(s) 96 org/telegram/messenger/DownloadController.java, line(s) 1077,1159,1251,1303,1375,1427,1485,1490 org/telegram/messenger/Emoji.java, line(s) 156,166,438,704,716 org/telegram/messenger/EmuInputDevicesDetector.java, line(s) 57 org/telegram/messenger/FeedRemoteViewsFactory.java, line(s) 139 org/telegram/messenger/FileLoadOperation.java, line(s) 825,1100,1102,1150,1303,1305,1391,1471,1587,1610,1632,1636,603,612,673,946,956,966,976,987,1011,1017,1025,1031,1039,1045,1053,1060,1069 org/telegram/messenger/FileLoader.java, line(s) 1602,162,992,1406,1414,1422,1431 org/telegram/messenger/FileLog.java, line(s) 100,101,102,103,135,136,137,394,249,274,421 org/telegram/messenger/FilePathDatabase.java, line(s) 64,74,120,190,224,293,87,140,199,229,291,295,327,343,356,388,425,496 org/telegram/messenger/FileRefController.java, line(s) 693,816,918 org/telegram/messenger/FileStreamLoadOperation.java, line(s) 159 org/telegram/messenger/FileUploadOperation.java, line(s) 113,137,205 org/telegram/messenger/FilesMigrationService.java, line(s) 108,143,148,163,167 org/telegram/messenger/FingerprintController.java, line(s) 32,47,68,73,86,111,129 org/telegram/messenger/GcmPushListenerService.java, line(s) 13,29 org/telegram/messenger/ImageLoader.java, line(s) 1508,311,341,353,372,410,429,450,743,761,1323,1592,1607,1674,1682,1692,2306,2318,2343,2408,2414,2489 org/telegram/messenger/ImageReceiver.java, line(s) 1286,1422,1460,1520,1571,1628 org/telegram/messenger/ImportingService.java, line(s) 38,75 org/telegram/messenger/KeepAliveJob.java, line(s) 28,42,48,65,77 org/telegram/messenger/LanguageDetector.java, line(s) 39,45,51 org/telegram/messenger/LinkifyPort.java, line(s) 42 org/telegram/messenger/LiteMode.java, line(s) 148,161 org/telegram/messenger/LocaleController.java, line(s) 707,1098,1146,1167,2628,2644,2654,2657,2691,2705,2765,2838,2877,2898,2913,2927,2943,2959,3872,544,549,872,1029,1035,1041,1052,1198,1247,1343,1391,2019,2120,2145,2161,2177,2196,2218,2234,2263,2312,2454,2470,2494,2536,2546,2713,2768,3828,3848 org/telegram/messenger/LocationController.java, line(s) 339,415,781,843,928,993,1084 org/telegram/messenger/LocationSharingService.java, line(s) 160 org/telegram/messenger/MediaController.java, line(s) 971,1528,1616,1653,1671,1687,1699,1709,3493,3505,3631,3664,3678,714,854,862,921,926,931,936,954,980,989,1109,1125,1203,1220,1269,1280,1353,1510,1940,1950,1983,2106,2332,2346,2729,2735,2842,2978,3038,3088,3145,3331,3371,3486,3529,3539,3596,3654,3681,3751,3754,3925,3956,3993,4001,4009,4039,4078,4086,4098,4155,4178,4186,4192,4200,4219,4230,4236,4242,4261,4271,4411,4490,4586,4602,4608 org/telegram/messenger/MediaDataController.java, line(s) 4684,622,857,942,1027,1188,1287,1433,1490,1556,1812,1934,1989,2357,2580,2668,3172,3298,3458,3595,3811,4820,4865,5078,5189,5260,5290,5433,5536,5694,5769,5786,5966,6111,6272,6435,7032,7133,7356,7406,7459,7507,7542,7806,7882,7998,8235,8477,8589 org/telegram/messenger/MessageObject.java, line(s) 626,1012,1167,1390,2812,2909,3001,3007 org/telegram/messenger/MessagesController.java, line(s) 5045,7115,7156,7161,7202,7214,7224,7247,7253,7260,7277,7289,9069,9078,10105,10509,10542,10690,10952,11214,11428,11480,11531,11537,11548,13464,13479,13635,13644,13657,13723,13732,13744,14099,921,967,2050,2066,2093,2663,3411,3960,4763,6046,8321,8363,8414,10971,11344,11455,12267,12293,12361,12381,13792,14328,14476,14565,15151,15956,16138,16291 org/telegram/messenger/MessagesStorage.java, line(s) 416,422,702,707,448,456,466,473,529,539,547,730,845,855,858,861,6041 org/telegram/messenger/MusicBrowserService.java, line(s) 202,284,333,460 org/telegram/messenger/MusicPlayerService.java, line(s) 191,426 org/telegram/messenger/NativeLoader.java, line(s) 46,54 org/telegram/messenger/NotificationBadge.java, line(s) 203,490 org/telegram/messenger/NotificationCenter.java, line(s) 1312 org/telegram/messenger/NotificationImageProvider.java, line(s) 113 org/telegram/messenger/NotificationsController.java, line(s) 253,400,456,1375,1442,1457,1501,1516,1563,228,233,240,264,300,375,397,405,1140,1155,1227,1296,1313,1326,1354,1358,1367,1381,1439,1454,1463,1498,1513,1523,1571,1635,1797,1859,1894,1898,1907,1792 org/telegram/messenger/NotificationsDisabledReceiver.java, line(s) 32,36,49,58,72,86 org/telegram/messenger/OpenChatReceiver.java, line(s) 34 org/telegram/messenger/PushListenerController.java, line(s) 126,140,146,150,283,286,313,78,84,305,332 org/telegram/messenger/ScreenReceiver.java, line(s) 13,19 org/telegram/messenger/SecretChatHelper.java, line(s) 699,774,797,889,1080,1213,1463,1492,1536,1553 org/telegram/messenger/SendMessagesHelper.java, line(s) 779,3421,3427,3442,3452,3466,4243,5383,5403,5411,5417,823,828,837,1586,1603,1993,2835,4580,4647,4711,4901,5220 org/telegram/messenger/SharedConfig.java, line(s) 1192,361,441,456,482,496,650,946,1099 org/telegram/messenger/SmsReceiver.java, line(s) 47 org/telegram/messenger/SvgHelper.java, line(s) 455,474,487,500,513,528,542,558,1619 org/telegram/messenger/TopicsController.java, line(s) 108,134,161,1025 org/telegram/messenger/TranslateController.java, line(s) 367,372,377,396,1096,1139 org/telegram/messenger/UserConfig.java, line(s) 244 org/telegram/messenger/UserNameResolver.java, line(s) 36 org/telegram/messenger/Utilities.java, line(s) 111,339,355,384,397,408,420,439,456,487 org/telegram/messenger/VideoEditedInfo.java, line(s) 410 org/telegram/messenger/VideoEncodingService.java, line(s) 36,92,54 org/telegram/messenger/XiaomiUtilities.java, line(s) 45 org/telegram/messenger/browser/Browser.java, line(s) 86,101 org/telegram/messenger/camera/CameraController.java, line(s) 168,203,550,567,586,185,220,261,349,364,369,421,438,464,476,508,540,593,622,683,693,717,746,749,808,813,819,824,832,855 org/telegram/messenger/camera/CameraSession.java, line(s) 198,202,133,192,247,265,322,335,351,356,448 org/telegram/messenger/camera/CameraView.java, line(s) 450,830,1112,1142,1256,1286,1435,1499,1615,838,846,855,868,879,886,905,923,941,950,1004,1014,1235,1468,1539,1548,1558,1566,1679,1757,1762,1770 org/telegram/messenger/ringtone/RingtoneDataStore.java, line(s) 49,367 org/telegram/messenger/secretmedia/ExtendedDefaultDataSource.java, line(s) 194 org/telegram/messenger/support/JobIntentService.java, line(s) 135 org/telegram/messenger/support/customtabsclient/shared/CustomTabsHelper.java, line(s) 70 org/telegram/messenger/support/fingerprint/FingerprintManagerCompatApi23.java, line(s) 38,51,60 org/telegram/messenger/utils/BitmapsCache.java, line(s) 311 org/telegram/messenger/utils/CopyUtilities.java, line(s) 91 org/telegram/messenger/video/AudioRecoder.java, line(s) 62 org/telegram/messenger/video/MediaCodecVideoConvertor.java, line(s) 61 org/telegram/messenger/video/TextureRenderer.java, line(s) 82,84,205 org/telegram/messenger/voip/AudioRecordJNI.java, line(s) 245,64,77,93,112,136,178,210,236,108,218,61,74,90 org/telegram/messenger/voip/AudioTrackJNI.java, line(s) 37,60,114,124,122,31 org/telegram/messenger/voip/Instance.java, line(s) 98 org/telegram/messenger/voip/JNIUtilities.java, line(s) 93 org/telegram/messenger/voip/NativeInstance.java, line(s) 142,276,306 org/telegram/messenger/voip/TelegramConnectionService.java, line(s) 33,70,50,60,18,26 org/telegram/messenger/voip/VideoCapturerDevice.java, line(s) 420 org/telegram/messenger/voip/VoIPServerConfig.java, line(s) 19 org/telegram/messenger/voip/VoIPService.java, line(s) 1250,1705,1962,2083,3087,3103,3123,3228,3455,3862,3878,3915,3922,3929,4049,4064,4194,4237,4378,4415,4422,4430,4546,4604,4762,4986,4997,5025,5037,5044,342,381,389,564,813,874,1169,1223,1248,1271,1308,1753,1996,3022,3261,3448,3571,3625,3693,3710,3772,3853,3935,4105,4117,4160,4261,4270,4316,4346,4388,4568,4598,4901,4912,880,903,1264,1304,1769,3761 org/telegram/tgnet/ConnectionsManager.java, line(s) 377,434,444,446,532,631,639,655,671,674,686,759,797,967,973,976,398,424,456,689,768,850,862,880,982,1022,416 org/telegram/tgnet/NativeByteBuffer.java, line(s) 132,133,148,149,175,176,191,192,212,213,222,223,231,232,268,269,305,306,317,318,355,405,406,424,440,441,455,456,469,470,506,507,537,538,574,575,591,592 org/telegram/tgnet/SerializedData.java, line(s) 70,79,88,97,116,117,140,141,170,171,186,187,202,203,218,219,255,256,267,268,304,305,316,317,327,328,357,384,401,402,417,418,459,460,494,495,511,512,527,528,545,546,566,567 org/telegram/tgnet/TLClassStore.java, line(s) 50 org/telegram/tgnet/TLRPC$ChatPhoto.java, line(s) 101 org/telegram/tgnet/TLRPC$TL_chatPhoto.java, line(s) 39 org/telegram/tgnet/TLRPC$TL_userProfilePhoto.java, line(s) 36 org/telegram/tgnet/TLRPC$UserProfilePhoto.java, line(s) 61 org/telegram/ui/ActionBar/ActionBarLayout.java, line(s) 1303,1160,1164,1834,2648 org/telegram/ui/ActionBar/ActionBarPopupWindow.java, line(s) 177,580,680 org/telegram/ui/ActionBar/AlertDialog.java, line(s) 908,1194 org/telegram/ui/ActionBar/BaseFragment.java, line(s) 283,295,321,336,468,563,575,619,633 org/telegram/ui/ActionBar/BottomSheet.java, line(s) 845,1451,1583,1607 org/telegram/ui/ActionBar/DrawerLayoutContainer.java, line(s) 492 org/telegram/ui/ActionBar/EmojiThemes.java, line(s) 403,472 org/telegram/ui/ActionBar/Theme.java, line(s) 5131,5180,2091,2683,2699,2763,2902,2950,3166,3174,3537,4592,4599,4653,4740,4763,5578,5599,5613,5732,5744,7493,7535,7730,7757,5423 org/telegram/ui/ActionBar/ThemeDescription.java, line(s) 787 org/telegram/ui/ActionIntroActivity.java, line(s) 779,849,935 org/telegram/ui/Adapters/ContactsAdapter.java, line(s) 109 org/telegram/ui/Adapters/DialogsAdapter.java, line(s) 350 org/telegram/ui/Adapters/DialogsSearchAdapter.java, line(s) 747,790,837,863 org/telegram/ui/Adapters/SearchAdapter.java, line(s) 114,135,487 org/telegram/ui/Adapters/SearchAdapterHelper.java, line(s) 334,520,578 org/telegram/ui/ArticleViewer.java, line(s) 1333,4441,4490,4509,4655,4664,4686,4699,6692,6702,6803,6826,6853,9080,9453 org/telegram/ui/BasePermissionsActivity.java, line(s) 100 org/telegram/ui/BubbleActivity.java, line(s) 286,290,81 org/telegram/ui/CacheControlActivity.java, line(s) 312,434,540,547,891,1366,1419 org/telegram/ui/CameraScanActivity.java, line(s) 737,748,996 org/telegram/ui/Cells/AboutLinkCell.java, line(s) 233,305,526 org/telegram/ui/Cells/AudioPlayerCell.java, line(s) 87,98 org/telegram/ui/Cells/BotHelpCell.java, line(s) 179 org/telegram/ui/Cells/ChatActionCell.java, line(s) 435,814,819 org/telegram/ui/Cells/ChatMessageCell.java, line(s) 3413,4035,4149,4177 org/telegram/ui/Cells/DialogCell.java, line(s) 779,886,1903 org/telegram/ui/Cells/DialogMeUrlCell.java, line(s) 210,225,307 org/telegram/ui/Cells/DrawerActionCell.java, line(s) 99,108 org/telegram/ui/Cells/DrawerProfileCell.java, line(s) 446 org/telegram/ui/Cells/SettingsSuggestionCell.java, line(s) 127 org/telegram/ui/Cells/SharedAudioCell.java, line(s) 173,206 org/telegram/ui/Cells/TextSelectionHelper.java, line(s) 1057,1058 org/telegram/ui/Cells/ThemesHorizontalListCell.java, line(s) 329 org/telegram/ui/ChangeBioActivity.java, line(s) 258,269 org/telegram/ui/ChangeUsernameActivity.java, line(s) 137,1486,1500,1509,1518 org/telegram/ui/ChannelAdminLogActivity.java, line(s) 1005,1031,389,1776,2474,2483,2492,2501,2510,2519,2528,2537,388,388,392 org/telegram/ui/ChannelCreateActivity.java, line(s) 1193,1332,1346 org/telegram/ui/ChatActivity.java, line(s) 3873,3903,3930,6723,12280,16554,17883,17900,17917,17936,17960,17977,2772,4052,4470,8115,8596,8779,8830,10635,10645,11450,11766,14220,14982,15727,17225,17877,17894,17911,17928,17954,17971,17988,18842,19231,19250,19280,5141,5145,11854 org/telegram/ui/ChatEditActivity.java, line(s) 912 org/telegram/ui/ChatRightsEditActivity.java, line(s) 948,975 org/telegram/ui/ChatUsersActivity.java, line(s) 2126 org/telegram/ui/Components/AlertsCreator.java, line(s) 206,237,284,317,1274,1326,1341,2239,4967,5024,5732 org/telegram/ui/Components/AnimatedEmojiDrawable.java, line(s) 724,240,272 org/telegram/ui/Components/AvatarDrawable.java, line(s) 463 org/telegram/ui/Components/BlockingUpdateView.java, line(s) 274,278 org/telegram/ui/Components/BlurBehindDrawable.java, line(s) 139,391 org/telegram/ui/Components/BotWebViewContainer.java, line(s) 242,693,1028,1038,1048,1095,1122 org/telegram/ui/Components/BotWebViewMenuContainer.java, line(s) 861 org/telegram/ui/Components/BotWebViewSheet.java, line(s) 912 org/telegram/ui/Components/ChatActivityEnterView.java, line(s) 2557,3407,3478,4478,6575,6593,6605,6664,7309,7329,7548,7596 org/telegram/ui/Components/ChatAttachAlertAudioLayout.java, line(s) 603 org/telegram/ui/Components/ChatAttachAlertBotWebViewLayout.java, line(s) 553 org/telegram/ui/Components/ChatAttachAlertDocumentLayout.java, line(s) 203,694,957,964 org/telegram/ui/Components/ChatAttachAlertLocationLayout.java, line(s) 112,130,412,435,453,461 org/telegram/ui/Components/ChatAttachAlertPhotoLayout.java, line(s) 3226,3665,3679 org/telegram/ui/Components/ChatAvatarContainer.java, line(s) 683 org/telegram/ui/Components/ChatThemeBottomSheet.java, line(s) 1154,1332 org/telegram/ui/Components/ClippingImageView.java, line(s) 232 org/telegram/ui/Components/Crop/CropView.java, line(s) 1157,963,1105 org/telegram/ui/Components/EditTextBoldCursor.java, line(s) 344,588,765,839,848 org/telegram/ui/Components/EditTextCaption.java, line(s) 282,413,440,481,547 org/telegram/ui/Components/EditTextEmoji.java, line(s) 142,715,743 org/telegram/ui/Components/EmbedBottomSheet.java, line(s) 223,355,383,397,419,462,535,542,732,751,765,847,873,943 org/telegram/ui/Components/EmojiColorPickerWindow.java, line(s) 442 org/telegram/ui/Components/EmojiPacksAlert.java, line(s) 829,1304,1706 org/telegram/ui/Components/EmojiView.java, line(s) 1268,1704,2035,5889,7161 org/telegram/ui/Components/FilterGLThread.java, line(s) 107,180,213,220,229,240,251,258,334,439 org/telegram/ui/Components/FilterShaders.java, line(s) 948,949 org/telegram/ui/Components/ForegroundDetector.java, line(s) 82,119,89,126 org/telegram/ui/Components/ForwardingPreviewView.java, line(s) 739 org/telegram/ui/Components/GroupCallPipAlertView.java, line(s) 196 org/telegram/ui/Components/GroupVoipInviteAlert.java, line(s) 377 org/telegram/ui/Components/ImageUpdater.java, line(s) 635,668,706,738,999,1006 org/telegram/ui/Components/InstantCameraView.java, line(s) 586,598,604,1036,1110,1138,1147,1154,1318,1323,1566,1587,1855,2166,526,578,786,894,1141,1151,1181,1194,1226,1238,1331,1338,1347,1358,1369,1399,1426,1431,1437,1446,1500,1669,1674,1682,1919,1942,1951,1962,1970,2089,2138,2236 org/telegram/ui/Components/JoinCallAlert.java, line(s) 223,287 org/telegram/ui/Components/LetterDrawable.java, line(s) 113 org/telegram/ui/Components/LinkActionView.java, line(s) 222,240 org/telegram/ui/Components/MotionBackgroundDrawable.java, line(s) 317,538 org/telegram/ui/Components/Paint/RenderView.java, line(s) 391,398,407,418,429,436,455,614 org/telegram/ui/Components/Paint/Shader.java, line(s) 19,27,82,92 org/telegram/ui/Components/Paint/ShapeDetector.java, line(s) 232,293,606 org/telegram/ui/Components/Paint/Slice.java, line(s) 24,54,88 org/telegram/ui/Components/Paint/Utils.java, line(s) 12 org/telegram/ui/Components/Paint/Views/LPhotoPaintView.java, line(s) 1702,1709,1727,1979,3611,3639 org/telegram/ui/Components/PasscodeView.java, line(s) 176,293,1207,1217,1247,1300,1315,1340,1360,1381,1391 org/telegram/ui/Components/PathAnimator.java, line(s) 101 org/telegram/ui/Components/PhonebookShareAlert.java, line(s) 304,362,775 org/telegram/ui/Components/PhotoViewerCaptionEnterView.java, line(s) 183,547,859,880,905,938,1057 org/telegram/ui/Components/PhotoViewerWebView.java, line(s) 404,581,706 org/telegram/ui/Components/PipRoundVideoView.java, line(s) 266 org/telegram/ui/Components/Premium/GLIcon/GLIconTextureView.java, line(s) 393,400,437 org/telegram/ui/Components/Premium/PremiumAppIconsPreviewView.java, line(s) 40 org/telegram/ui/Components/Premium/PremiumNotAvailableBottomSheet.java, line(s) 68 org/telegram/ui/Components/ProfileGalleryView.java, line(s) 475 org/telegram/ui/Components/ProximitySheet.java, line(s) 564 org/telegram/ui/Components/QRCodeBottomSheet.java, line(s) 164 org/telegram/ui/Components/RLottieDrawable.java, line(s) 368,406,528,662,700,822,902,988,1026,1148,1370,1408,1530,1913 org/telegram/ui/Components/RadioButton.java, line(s) 48,153 org/telegram/ui/Components/RecyclerListView.java, line(s) 904,1162,1176,2169,2175 org/telegram/ui/Components/SeekBar.java, line(s) 345,357 org/telegram/ui/Components/SeekBarView.java, line(s) 503 org/telegram/ui/Components/ShareAlert.java, line(s) 2368 org/telegram/ui/Components/SharedMediaLayout.java, line(s) 1942,4144 org/telegram/ui/Components/SizeNotifierFrameLayout.java, line(s) 670 org/telegram/ui/Components/SlotsDrawable.java, line(s) 70,176 org/telegram/ui/Components/StaticLayoutEx.java, line(s) 99 org/telegram/ui/Components/StickerCategoriesListView.java, line(s) 926 org/telegram/ui/Components/StickersAlert.java, line(s) 1279,1390,1596 org/telegram/ui/Components/TermsOfServiceView.java, line(s) 172 org/telegram/ui/Components/ThemeEditorView.java, line(s) 99,108,1107,1331,1446 org/telegram/ui/Components/TimerDrawable.java, line(s) 124 org/telegram/ui/Components/TranscribeButton.java, line(s) 636,703 org/telegram/ui/Components/UndoView.java, line(s) 124 org/telegram/ui/Components/VideoPlayerSeekBar.java, line(s) 337 org/telegram/ui/Components/VideoTimelinePlayView.java, line(s) 340,410,441 org/telegram/ui/Components/VideoTimelineView.java, line(s) 274,344,376 org/telegram/ui/Components/WallpaperUpdater.java, line(s) 106,109,133,159 org/telegram/ui/Components/WebPlayerView.java, line(s) 461,385,441,512,570,619,680,734,1073,1335,1383,1727,1735,1743,1751,1759,1765,1789 org/telegram/ui/Components/voip/VoIPHelper.java, line(s) 108,177,401,803 org/telegram/ui/Components/voip/VoIPPiPView.java, line(s) 371,631 org/telegram/ui/ContactAddActivity.java, line(s) 302 org/telegram/ui/ContactsActivity.java, line(s) 271,374,400,472,617,647 org/telegram/ui/ContentPreviewViewer.java, line(s) 1195,1265,1441 org/telegram/ui/CountrySelectActivity.java, line(s) 297,443,454 org/telegram/ui/DeviceUtils.java, line(s) 50 org/telegram/ui/DialogsActivity.java, line(s) 2167,2180,2186,2194,2783,4546,7111,8387 org/telegram/ui/EmojiAnimationsOverlay.java, line(s) 787 org/telegram/ui/ExternalActionActivity.java, line(s) 614,618,100,421,467 org/telegram/ui/FilterChatlistActivity.java, line(s) 1495 org/telegram/ui/FilterCreateActivity.java, line(s) 777,1260 org/telegram/ui/FilteredSearchView.java, line(s) 1075 org/telegram/ui/FiltersSetupActivity.java, line(s) 861 org/telegram/ui/GroupCallActivity.java, line(s) 1143,1289 org/telegram/ui/GroupCreateActivity.java, line(s) 819 org/telegram/ui/GroupCreateFinalActivity.java, line(s) 193 org/telegram/ui/GroupInviteActivity.java, line(s) 143,158 org/telegram/ui/GroupStickersActivity.java, line(s) 647 org/telegram/ui/IdenticonActivity.java, line(s) 71 org/telegram/ui/InviteContactsActivity.java, line(s) 591,634,808,834 org/telegram/ui/LanguageSelectActivity.java, line(s) 245,279 org/telegram/ui/LaunchActivity.java, line(s) 776,1182,1194,4473,5252,5280,5370,5383,5392,5402,5406,5427,5439,405,735,792,1934,1977,2280,2287,2377,2401,2406,2416,2513,2566,2572,2627,2714,2806,2850,2857,3252,3279,3379,3420,3512,3529,3546,3567,3595,3663,3689,3716,3749,3990,4005,4019,4038,4356,4676,4683,5312,5389,5547,5628,5702 org/telegram/ui/LocationActivity.java, line(s) 442,450,556,1564,1631,1638,1750,1976,2019,2046,2071,2201,2276,2624,2654,2677,2782,2890,2961,2975,2998,3007 org/telegram/ui/LoginActivity.java, line(s) 1354,1442,1538,1544,1549,1553,1570,1576,2090,2099,2108,2113,2124,2132,2410,2427,2631,2966,2987,3054,3125,3142,3543,3597,3607,3705,3713,8160,8208,539,618,1281,1543,1575,2010,2912,3516,3919,4282,4363,5552,5891,8367 org/telegram/ui/ManageLinksActivity.java, line(s) 1035,1050 org/telegram/ui/NewContactBottomSheet.java, line(s) 319 org/telegram/ui/NotificationsCustomSettingsActivity.java, line(s) 506 org/telegram/ui/NotificationsSettingsActivity.java, line(s) 295 org/telegram/ui/NotificationsSoundActivity.java, line(s) 536,944 org/telegram/ui/PasscodeActivity.java, line(s) 621,796 org/telegram/ui/PassportActivity.java, line(s) 833,2109,2463,2764,2868,3616,5095,5481,5540,5736,5754,5918,6664,6782 org/telegram/ui/PaymentFormActivity.java, line(s) 322,518,1255,1472,1556,1565,1713,1720,1996,2268 org/telegram/ui/PeopleNearbyActivity.java, line(s) 615,544,779 org/telegram/ui/PhotoCropActivity.java, line(s) 194,199 org/telegram/ui/PhotoViewer.java, line(s) 7558,7566,14099,725,3213,3221,3323,3599,4559,4571,6289,6704,6735,7074,7128,7831,7921,7928,8301,8322,8717,8831,8844,8859,8888,9125,9135,9401,9409,11211,12332,12715,12731,12742,12751,12869,12991,14378 org/telegram/ui/PopupNotificationActivity.java, line(s) 486,1115 org/telegram/ui/PremiumPreviewFragment.java, line(s) 1571,1586,1601,1628 org/telegram/ui/PrivacyControlActivity.java, line(s) 1110 org/telegram/ui/PrivacySettingsActivity.java, line(s) 298,530,633 org/telegram/ui/ProfileActivity.java, line(s) 991,1561,2875,2893,3488,4037,5303,5515,5528,5543,5631,5651,7971,8069,9511 org/telegram/ui/ProfileNotificationsActivity.java, line(s) 294 org/telegram/ui/RestrictedLanguagesSelectActivity.java, line(s) 515,527,550 org/telegram/ui/SecretMediaViewer.java, line(s) 467,473,515,554,885,1031,1161 org/telegram/ui/SelectAnimatedEmojiDialog.java, line(s) 758,828,2960 org/telegram/ui/SessionsActivity.java, line(s) 538,564,1428,1523 org/telegram/ui/ShareActivity.java, line(s) 77,100 org/telegram/ui/StickersActivity.java, line(s) 1072,1094,1480 org/telegram/ui/ThemeActivity.java, line(s) 1515,1527,1615,1620 org/telegram/ui/ThemePreviewActivity.java, line(s) 1567 org/telegram/ui/ThemeSetUrlActivity.java, line(s) 116,134,471,487,723,734 org/telegram/ui/TopicsFragment.java, line(s) 3553,1246 org/telegram/ui/TwoStepVerificationActivity.java, line(s) 176,778 org/telegram/ui/TwoStepVerificationSetupActivity.java, line(s) 1189,1580,1604 org/telegram/ui/VoIPFragment.java, line(s) 899,1514,1725 org/telegram/ui/VoIPPermissionActivity.java, line(s) 34 org/telegram/ui/WallpapersListActivity.java, line(s) 1216 org/telegram/ui/WebviewActivity.java, line(s) 108,158,245,255,408 org/webrtc/AndroidVideoDecoder.java, line(s) 436 org/webrtc/EglRenderer.java, line(s) 207,507 org/webrtc/GlGenericDrawer.java, line(s) 328 org/webrtc/GlShader.java, line(s) 97 org/webrtc/HardwareVideoEncoderFactory.java, line(s) 125 org/webrtc/MediaCodecUtils.java, line(s) 55 org/webrtc/ScreenCapturerAndroid.java, line(s) 85,147 org/webrtc/TextureBufferImpl.java, line(s) 120 org/webrtc/YuvConverter.java, line(s) 116,142 org/webrtc/voiceengine/WebRtcAudioRecord.java, line(s) 161,355,396 org/webrtc/voiceengine/WebRtcAudioTrack.java, line(s) 266,375 repeackage/com/qiku/id/QikuIdmanager.java, line(s) 24
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/shubao/xinstall/a/f/h.java, line(s) 4,70 org/telegram/messenger/AndroidUtilities.java, line(s) 10,2654,2657 org/telegram/ui/ChangeUsernameActivity.java, line(s) 7,132 org/telegram/ui/ChatActivity.java, line(s) 14,15722 org/telegram/ui/Components/EmbedBottomSheet.java, line(s) 10,845 org/telegram/ui/Components/InviteMembersBottomSheet.java, line(s) 12,1169 org/telegram/ui/Components/LinkActionView.java, line(s) 6,215 org/telegram/ui/Components/PhonebookShareAlert.java, line(s) 8,357,379 org/telegram/ui/Components/ShareAlert.java, line(s) 11,2352 org/telegram/ui/GroupInviteActivity.java, line(s) 4,139 org/telegram/ui/ManageLinksActivity.java, line(s) 4,1031 org/telegram/ui/PrivacyControlActivity.java, line(s) 4,1681 org/telegram/ui/ProfileActivity.java, line(s) 12,5300,5521 org/telegram/ui/SessionBottomSheet.java, line(s) 5,301 org/telegram/ui/StickersActivity.java, line(s) 5,1091 org/telegram/ui/ThemeSetUrlActivity.java, line(s) 4,111
安全提示信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: org/telegram/ui/ProxySettingsActivity.java, line(s) 64,96,115,5
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://tmessages2.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序使用Safety Net API。
此应用程序使用Safety Net API。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#safetynet Files: org/telegram/ui/LoginActivity.java, line(s) 76
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/760348033671/namespaces/firebase:fetch?key=AIzaSyA-t0jLPjUt2FxrA8VPK2EiYHcYcboIR6k ) 已禁用。响应内容如下所示: 响应码是 403
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (xinstall.top) 通信。
{'ip': '58.216.4.204', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (tun-cos-1258344701.file.myqcloud.com) 通信。
{'ip': '58.216.4.204', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '常州', 'latitude': '31.783331', 'longitude': '119.966667'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (likeinstall.cn) 通信。
{'ip': '121.199.65.132', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (szcp.mxdx.net) 通信。
{'ip': '27.155.98.155', 'country_short': 'CN', 'country_long': '中国', 'region': '福建', 'city': '福州', 'latitude': '26.061390', 'longitude': '119.306107'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (bit.909321.xyz) 通信。
{'ip': '221.228.32.13', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '无锡', 'latitude': '31.569349', 'longitude': '120.288788'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (console.cloud.tencenct.com) 通信。
{'ip': '43.199.0.6', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}
综合安全基线评分总结
𝄢𝕄∙𝓊♪s𝒾𝒞▹ v9.6.6
Android APK
51
综合安全评分
中风险