移动应用安全检测报告:
安全基线评分
安全基线评分 40/100
综合风险等级
风险等级评定
- A
- B
- C
- F
漏洞与安全项分布(%)
隐私风险
2
检测到的第三方跟踪器数量
检测结果分布
高危安全漏洞
6
中危安全漏洞
16
安全提示信息
3
已通过安全项
1
重点安全关注
11
高危安全漏洞 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: com/rdweb/websdk/MyWebViewClient.java, line(s) 112,111 com/tls/baselib/ui/activity/H5PayInAppActivity$1.java, line(s) 26,25 com/tls/yr/activity/PrivacyAgreementAct$1.java, line(s) 22,21 com/tls/yr/activity/UserAgreementAct$1.java, line(s) 22,21 com/tls/yr/activity/WebviewAppActivity$5.java, line(s) 31,30 com/tls/yr/activity/WebviewAppActivity1.java, line(s) 127,126 com/tls/yr/fragment/AgreementFg$1.java, line(s) 22,21 com/tls/yr/fragment/YeQuLiveFg$3.java, line(s) 22,21
高危安全漏洞 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/joooonho/BuildConfig.java, line(s) 3,6
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/chuanglan/shanyan_sdk/utils/b.java, line(s) 117 com/sdk/base/framework/f/i/a.java, line(s) 60,89
高危安全漏洞 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
com/tls/baselib/utils/AESUtil.java, line(s) 11,19
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/just/agentweb/UrlLoaderImpl.java, line(s) 68,5 com/tls/yr/activity/WebviewAppActivity1.java, line(s) 152,21,22
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/just/agentweb/AgentWebConfig.java, line(s) 47,10 com/tls/yr/activity/WebviewAppActivity1.java, line(s) 113,21,22
中危安全漏洞 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危安全漏洞 应用程序数据存在被泄露的风险
未设置[android:allowBackup]标志 这个标志 [android:allowBackup]应该设置为false。默认情况下它被设置为true,允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危安全漏洞 Broadcast Receiver (com.netease.nimlib.service.NimReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危安全漏洞 Broadcast Receiver (com.netease.nim.avchatkit2.receiver.IncomingCallReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危安全漏洞 Activity设置了TaskAffinity属性
() 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/chuanglan/shanyan_sdk/a/e.java, line(s) 6,55 com/chuanglan/shanyan_sdk/a/f.java, line(s) 4,38,39 com/com/yz/beijing/greendao/ImChatBeanDao.java, line(s) 4,27,35 com/com/yz/beijing/greendao/ImUserInfoBeanDao.java, line(s) 4,28,36 com/com/yz/beijing/greendao/SearchHistoryBeanDao.java, line(s) 4,27,35 com/danikula/videocache/sourcestorage/DatabaseSourceInfoStorage.java, line(s) 6,7,28 com/github/yuweiguocn/library/greendao/MigrationHelper.java, line(s) 5,180 org/greenrobot/greendao/AbstractDao.java, line(s) 6,7,118,122,144,420,554 org/greenrobot/greendao/DbUtils.java, line(s) 6,15,50 org/greenrobot/greendao/database/StandardDatabase.java, line(s) 5,14,15
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: bin/mt/file/content/MTDataFilesProvider.java, line(s) 55 com/chuanglan/shanyan_sdk/a/c.java, line(s) 25,25 com/danikula/videocache/StorageUtils.java, line(s) 21,38 com/imbiz/utils/FileUtils.java, line(s) 106 com/imbiz/utils/storage/ExternalStorage.java, line(s) 56,114,115 com/imbiz/utils/storage/StorageUtil.java, line(s) 57,59 com/just/agentweb/AgentWebUtils.java, line(s) 154,431 com/lxj/xpopup/util/XPopupUtils$2.java, line(s) 29 com/rdweb/websdk/JSHtml5Activity.java, line(s) 78 com/rdweb/websdk/JSHtml5Fragment.java, line(s) 82 com/tls/baselib/net/AppConfig.java, line(s) 16 com/tls/baselib/utils/CacheUtils.java, line(s) 12,20 com/tls/live/net/AppConfig.java, line(s) 19 com/tls/yr/activity/WebviewAppActivity.java, line(s) 116 com/tls/yr/activity/WebviewAppActivity1.java, line(s) 159 com/tls/yr/helper/UIHelper.java, line(s) 46 com/tls/yr/receiver/DownloadCompleteReceiver.java, line(s) 17,18 com/tls/yr/utils/UpdateUtils.java, line(s) 19,23,43,40 com/yalantis/ucrop/PictureMultiCuttingActivity.java, line(s) 116,179 com/yalantis/ucrop/util/FileUtils.java, line(s) 52 com/yanzhenjie/album/util/AlbumUtils.java, line(s) 38,44,45,90,94,106,110 com/yanzhenjie/permission/FileProvider.java, line(s) 227,162 com/yanzhenjie/permission/checker/StorageReadTest.java, line(s) 13,16 com/yanzhenjie/permission/checker/StorageWriteTest.java, line(s) 20,17 np/protect/assets/C0054.java, line(s) 251 np/protect/assets/C0161.java, line(s) 252
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: cn/yzsci/im/sdk/util/EncryptUtils.java, line(s) 15 com/chuanglan/shanyan_sdk/utils/u.java, line(s) 110,122,134,146,68,78,89,99 com/com/yz/beijing/greendao/entity/ImUserInfoBean.java, line(s) 28 com/meituan/android/walle/ChannelReader.java, line(s) 11 com/tls/baselib/base/Constants.java, line(s) 133 com/tls/baselib/net/AppConfig.java, line(s) 10 com/tls/baselib/net/oss/ApiService.java, line(s) 26 com/tls/baselib/net/oss/OssConfig.java, line(s) 5 com/tls/baselib/utils/AESUtil.java, line(s) 8 com/tls/live/bean/LoginResponseBean$UserInfoBean.java, line(s) 222,222,222 com/tls/live/helper/AppConstants.java, line(s) 20 com/tls/live/net/AppConfig$HttpKey.java, line(s) 8 com/tls/live/net/AppConfig.java, line(s) 9,13
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/hjq/permissions/PermissionFragment.java, line(s) 11 com/sdk/base/framework/f/i/a.java, line(s) 6 com/tls/drawguess/ui/DrawGuessFg.java, line(s) 88 org/greenrobot/greendao/test/DbTest.java, line(s) 7 org/xbill/DNS/Header.java, line(s) 5
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/chuanglan/shanyan_sdk/b.java, line(s) 57 com/chuanglan/shanyan_sdk/b/a.java, line(s) 118,119 com/chuanglan/shanyan_sdk/tool/a.java, line(s) 55 com/chuanglan/shanyan_sdk/tool/e.java, line(s) 155 com/chuanglan/shanyan_sdk/tool/g.java, line(s) 85,88,106 com/chuanglan/shanyan_sdk/tool/h.java, line(s) 52 com/chuanglan/shanyan_sdk/tool/k.java, line(s) 43 com/chuanglan/shanyan_sdk/utils/q.java, line(s) 22,22,22,22 com/danikula/videocache/HttpProxyCacheServer.java, line(s) 20 org/xbill/DNS/tools/jnamed.java, line(s) 147
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/chuanglan/shanyan_sdk/tool/f.java, line(s) 27 com/chuanglan/shanyan_sdk/utils/b.java, line(s) 23 com/danikula/videocache/ProxyCacheUtils.java, line(s) 70 com/just/agentweb/AgentWebUtils.java, line(s) 716 com/opensource/svgaplayer/SVGACache.java, line(s) 63 com/rdweb/websdk/AppUtils.java, line(s) 37 com/rdweb/websdk/Utils.java, line(s) 226 com/sdk/base/framework/f/a/a.java, line(s) 153 com/tls/baselib/utils/SoLoadUtils.java, line(s) 105 com/tls/baselib/utils/VideoUtil.java, line(s) 50 com/yanzhenjie/album/util/AlbumUtils.java, line(s) 220
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/chuanglan/shanyan_sdk/utils/b.java, line(s) 41 com/tls/baselib/utils/DeviceUtils.java, line(s) 64 org/xbill/DNS/DNSSEC.java, line(s) 769 org/xbill/DNS/NSEC3Record.java, line(s) 147
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/chuanglan/shanyan_sdk/view/CTCCPrivacyProtocolActivity.java, line(s) 60,62 com/just/agentweb/AbsAgentWebSettings.java, line(s) 60,37 com/rdweb/websdk/JSWebView.java, line(s) 50,59
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/tls/yr/activity/WebviewAppActivity1.java, line(s) 112,111 wendu/dsbridge/DWebView.java, line(s) 92,85
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个2隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 高德地图的=> "com.amap.api.v2.apikey" : "7bb6c503902bcd4e3480ee7af13413fb" openinstall统计的=> "com.openinstall.APP_KEY" : "q0l37l" 8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14 MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgdQaZgBcrXGxxD6F1TVVXAzvbB3xpoyk2AFMNj4vOcDWZoH1b3Mx5aVcEd0BZPZR6Icb8yi8ecMUVChGCRe20O8EQWLh1aCwR8JazNL+koD3Tn6TIwVwjVEQWy9w6DeXxMtQuFBL/jAChJcU7aDwMsSD1jYpdET37aB4p8Lvn2QIDAQAB 5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B 4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5 AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7 3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F qKxUlxUmBS0kqZ36coYnAj5IdJqejT 8d042b8b1ce208e5b193244e3b69cf45 7065726D697373696F6E40676D61696C2E636F6D B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF 6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296 0000016742C00BDA259000000168CE0F13200000016588840DCE7118A0002FBF1C31C3275D78 aHR0cHM6Ly9tbS1hbmNob3Iub3NzLWNuLXNoZW56aGVuLmFsaXl1bmNzLmNvbS9zeXN0ZW0v FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551 631777c788ccdf4b7e24e56d
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: cn/yzsci/im/sdk/IMClient.java, line(s) 313 cn/yzsci/im/sdk/msg/receive/MessageHandler.java, line(s) 71,62,92,95,98,106,115 cn/yzsci/im/sdk/msg/send/GateMessageTask.java, line(s) 60 cn/yzsci/im/sdk/util/Lg.java, line(s) 9,17,13 com/barnettwong/dragfloatactionbuttonlibrary/view/DragFloatActionButton.java, line(s) 91 com/bun/miitmdid/core/MdidSdkHelper.java, line(s) 59,65 com/bun/miitmdid/core/Utils.java, line(s) 72,75,35,41,46 com/chuanglan/shanyan_sdk/utils/m.java, line(s) 35,15,45,55,25 com/com/yz/beijing/greendao/DaoMaster$DevOpenHelper.java, line(s) 19 com/com/yz/beijing/greendao/DaoMaster$OpenHelper.java, line(s) 19 com/contrarywind/view/WheelView.java, line(s) 323 com/danikula/videocache/HttpProxyCacheDebuger.java, line(s) 50,57,63,28,39 com/github/yuweiguocn/library/greendao/MigrationHelper.java, line(s) 218,78,167 com/imbiz/msg/receiver/ChatMsgReceiver$1.java, line(s) 233,415 com/imbiz/ui/emoji/EmoticonPickerView.java, line(s) 90,198 com/imbiz/ui/emoji/StickerManager.java, line(s) 36 com/imbiz/ui/primsg/activity/PriMsgVideoPlayAct.java, line(s) 72 com/imbiz/ui/primsg/adapter/BaseFetchLoadAdapter.java, line(s) 120,216,405,410,413 com/imbiz/ui/recent/RecentContactsPresenter$1.java, line(s) 22 com/imbiz/ui/recent/RecentContactsPresenter.java, line(s) 31 com/imbiz/utils/FileUtils.java, line(s) 298,228 com/imbiz/utils/file/FileUtil.java, line(s) 40 com/imbiz/utils/storage/ExternalStorage.java, line(s) 136,142,153 com/joooonho/SelectableRoundedImageView$SelectableRoundedCornerDrawable.java, line(s) 97 com/joooonho/SelectableRoundedImageView.java, line(s) 161 com/just/agentweb/AgentWebUtils.java, line(s) 350,330,343,362,363 com/just/agentweb/AgentWebView$AgentWebChrome.java, line(s) 24,35 com/just/agentweb/AgentWebView$AgentWebClient.java, line(s) 19,33 com/just/agentweb/AgentWebView.java, line(s) 66,54,58 com/just/agentweb/DefaultChromeClient.java, line(s) 197,203 com/just/agentweb/JsCallJava.java, line(s) 183,64,40,77 com/just/agentweb/JsCallback.java, line(s) 46 com/just/agentweb/LogUtils.java, line(s) 28,32,37,14,20 com/kk/taurus/playerbase/AVPlayer$5.java, line(s) 36,45 com/kk/taurus/playerbase/AVPlayer.java, line(s) 66,67,68,69,70,76 com/kk/taurus/playerbase/assist/OnAssistPlayEventHandler.java, line(s) 49 com/kk/taurus/playerbase/assist/OnVideoViewEventHandler.java, line(s) 49 com/kk/taurus/playerbase/assist/RelationAssist$6.java, line(s) 17,24 com/kk/taurus/playerbase/config/AppContextAttach.java, line(s) 19 com/kk/taurus/playerbase/event/BundlePool.java, line(s) 25 com/kk/taurus/playerbase/extension/NetworkEventProducer$1.java, line(s) 25 com/kk/taurus/playerbase/log/DebugLog.java, line(s) 126,169 com/kk/taurus/playerbase/log/PLog.java, line(s) 10,22,16 com/kk/taurus/playerbase/player/SysMediaPlayer$1.java, line(s) 17,30 com/kk/taurus/playerbase/player/SysMediaPlayer$4.java, line(s) 18,24,31,34,40,46,52,56,60,67 com/kk/taurus/playerbase/player/SysMediaPlayer$5.java, line(s) 16 com/kk/taurus/playerbase/player/SysMediaPlayer$6.java, line(s) 16 com/kk/taurus/playerbase/player/SysMediaPlayer.java, line(s) 141,144 com/kk/taurus/playerbase/player/TimerCounterProxy.java, line(s) 24,27 com/kk/taurus/playerbase/receiver/BaseLevelCoverContainer.java, line(s) 26,30,34 com/kk/taurus/playerbase/receiver/BaseReceiver.java, line(s) 74 com/kk/taurus/playerbase/receiver/DefaultLevelCoverContainer.java, line(s) 39,44,48 com/kk/taurus/playerbase/render/RenderMeasure.java, line(s) 26 com/kk/taurus/playerbase/render/RenderSurfaceView$InternalSurfaceHolderCallback.java, line(s) 16,24,32 com/kk/taurus/playerbase/render/RenderSurfaceView.java, line(s) 77,83,53 com/kk/taurus/playerbase/render/RenderTextureView$InternalRenderHolder.java, line(s) 43,53,60 com/kk/taurus/playerbase/render/RenderTextureView$InternalSurfaceTextureListener.java, line(s) 21,29,37 com/kk/taurus/playerbase/render/RenderTextureView.java, line(s) 72,80,86 com/kk/taurus/playerbase/touch/BaseGestureCallbackHandler.java, line(s) 45 com/kk/taurus/playerbase/widget/BaseVideoView$4.java, line(s) 31,48 com/kk/taurus/playerbase/widget/BaseVideoView$5.java, line(s) 20 com/kk/taurus/playerbase/widget/BaseVideoView$6.java, line(s) 17,24 com/kk/taurus/playerbase/widget/BaseVideoView.java, line(s) 137,145,272 com/kk/taurus/playerbase/widget/SuperContainer.java, line(s) 158,191,166 com/lxj/xpopup/util/XPermission$PermissionActivity.java, line(s) 45 com/makeramen/roundedimageview/RoundedDrawable.java, line(s) 117 com/makeramen/roundedimageview/RoundedImageView.java, line(s) 232,272 com/moxun/tagcloudlib/view/TagCloudView.java, line(s) 170,263,273 com/opensource/svgaplayer/utils/log/DefaultLogCat.java, line(s) 24,36,42,49,18,12,30 com/rdweb/websdk/DragFloatActionButton.java, line(s) 90 com/rdweb/websdk/JSCallAndroid.java, line(s) 16,22,28,34 com/rdweb/websdk/JSCallAndroidForFragment.java, line(s) 16,22,28,34 com/rdweb/websdk/JSGameWebviewActivity.java, line(s) 41,44,118,139 com/rdweb/websdk/JSWebviewActivity.java, line(s) 45,67 com/rdweb/websdk/JSWebviewFragment.java, line(s) 80 com/rdweb/websdk/MyWebChromeClient.java, line(s) 49 com/rdweb/websdk/MyWebViewClient.java, line(s) 39,92,97 com/rdweb/websdk/MyWebViewDownLoadListener.java, line(s) 16 com/rdweb/websdk/Utils.java, line(s) 165,48,51,151,217 com/sdk/base/framework/a/a/c.java, line(s) 98,29,125 com/sdk/base/framework/a/f.java, line(s) 90 com/sdk/base/framework/f/a.java, line(s) 13 com/tls/baselib/base/AppCache.java, line(s) 45 com/tls/baselib/net/oss/ApiService.java, line(s) 46,50,60,65,67,70,77,83,88 com/tls/baselib/net/utils/Log$1.java, line(s) 59,71,79,53,47,65 com/tls/baselib/net/utils/Log.java, line(s) 88,86 com/tls/baselib/utils/LogUtils.java, line(s) 25,18,32,11,39 com/tls/baselib/utils/SoLoadUtils.java, line(s) 38,39,45,79 com/tls/baselib/utils/sensitivewdfilter/FilterSet.java, line(s) 82 com/tls/baselib/widget/easyswipe/EasySwipeMenuLayout.java, line(s) 222 com/tls/baseres/receiver/DownloadSoManager$2.java, line(s) 15 com/tls/baseres/receiver/DownloadSoManager.java, line(s) 62,72,76,84 com/tls/yr/HomeActivity$13.java, line(s) 18,24 com/tls/yr/HomeActivity.java, line(s) 224,307,311,733,745 com/tls/yr/activity/AlbumVideoPlayAct.java, line(s) 79 com/tls/yr/activity/GuizuiRechargeAct$7.java, line(s) 20 com/tls/yr/activity/LoginAct.java, line(s) 253 com/tls/yr/activity/RechargeChatCoinAct.java, line(s) 408 com/tls/yr/activity/RechargeDiamondAct$6.java, line(s) 20 com/tls/yr/activity/RegisterAct.java, line(s) 227 com/tls/yr/activity/RegisterInfoAct.java, line(s) 443 com/tls/yr/activity/SplashAct$3.java, line(s) 20,23,36,37 com/tls/yr/activity/SplashAct.java, line(s) 73,245 com/tls/yr/activity/UserMessageAct$3.java, line(s) 18,22 com/tls/yr/activity/UserMessageAct.java, line(s) 146 com/tls/yr/activity/VideoPlayActivity.java, line(s) 51 com/tls/yr/activity/VipRechargeAct$7.java, line(s) 20 com/tls/yr/activity/WebviewAppActivity$4.java, line(s) 31,37,42 com/tls/yr/activity/WebviewAppActivity.java, line(s) 137,143,149,159,167,174 com/tls/yr/activity/WebviewAppActivity1$5.java, line(s) 36,42,47 com/tls/yr/activity/WebviewAppActivity1.java, line(s) 180,186,192,202,210,217 com/tls/yr/fragment/FuliMainFg.java, line(s) 85 com/tls/yr/fragment/P2PMsgFg$19.java, line(s) 26,28,35 com/tls/yr/fragment/P2PMsgFg$3$2.java, line(s) 31 com/tls/yr/fragment/P2PMsgFg$3.java, line(s) 19 com/tls/yr/fragment/P2PMsgFg.java, line(s) 419,754,795,798,802,814,830,946 com/tls/yr/helper/ActiveUtil$2.java, line(s) 27 com/tls/yr/helper/ActiveUtil$3.java, line(s) 27 com/tls/yr/helper/ActiveUtil.java, line(s) 30 com/tls/yr/helper/MiitHelper.java, line(s) 32 com/tls/yr/presenter/AppInstallPresenterImpl.java, line(s) 13 com/tls/yr/presenter/NicknamePresenterImpl.java, line(s) 25 com/tls/yr/presenter/RegisterPresenterImpl.java, line(s) 15 com/tls/yr/utils/CheckChatUtils$1.java, line(s) 26,30,41,45,49,54,63 com/tls/yr/utils/CheckChatUtils$2.java, line(s) 42,52,56,64 com/tls/yr/utils/CheckChatUtils$4.java, line(s) 21 com/tls/yr/utils/CheckChatUtils$5.java, line(s) 40 com/tls/yr/utils/CheckChatUtils$9.java, line(s) 44,79 com/tls/yr/utils/CheckChatUtils.java, line(s) 49,62,89,91,96,145,189 com/tls/yr/utils/DNSJavaResolver.java, line(s) 24,32,51,60 com/tls/yr/widget/GetZfTypeSheet$4.java, line(s) 20 com/tls/yr/widget/percentlayout/PercentLayoutHelper$PercentLayoutInfo.java, line(s) 37,68,36,67 com/tls/yr/widget/percentlayout/PercentLayoutHelper.java, line(s) 47,52,59,64,122,164,371,376,397,411,46,51,58,63,121,163,172,182,195,231,242,250,258,266,274,284,370,375,396,410,173,183,196,232,243,251,259,267,275,285 com/tls/yr/widget/previewlibrary/view/BasePhotoFragment$4.java, line(s) 14 com/tls/yr/widget/previewlibrary/wight/BezierBannerView.java, line(s) 340,349,360 com/tls/yr/widget/uk/co/senab/photoview/PhotoViewAttacher.java, line(s) 56 com/tls/yr/widget/uk/co/senab/photoview/log/LoggerDefault.java, line(s) 15,19,39,43,23,27,7,11,31,35 com/wdullaer/materialdatetimepicker/date/DayPickerView.java, line(s) 126,138,120,137 com/wdullaer/materialdatetimepicker/time/AmPmCirclesView.java, line(s) 54 com/wdullaer/materialdatetimepicker/time/CircleView.java, line(s) 35 com/wdullaer/materialdatetimepicker/time/RadialPickerLayout.java, line(s) 124,409,415 com/wdullaer/materialdatetimepicker/time/RadialSelectorView.java, line(s) 58,185,195 com/wdullaer/materialdatetimepicker/time/RadialTextsView.java, line(s) 72,241,250 com/wdullaer/materialdatetimepicker/time/TimePickerDialog.java, line(s) 958,1178 com/yalantis/ucrop/UCropActivity.java, line(s) 156 com/yalantis/ucrop/task/BitmapCropTask.java, line(s) 122 com/yalantis/ucrop/task/BitmapLoadTask.java, line(s) 118,158,201,81,124,138,145 com/yalantis/ucrop/util/BitmapLoadUtils.java, line(s) 103,51,82 com/yalantis/ucrop/util/EglUtils.java, line(s) 27 com/yalantis/ucrop/util/FileUtils.java, line(s) 60 com/yalantis/ucrop/util/ImageHeaderParser.java, line(s) 43,50,61,69,101,111,123,137,151,157,161,166,172,176,205,42,49,60,68,100,110,122,136,150,156,160,165,171,175 com/yalantis/ucrop/view/TransformImageView$1.java, line(s) 24 com/yalantis/ucrop/view/TransformImageView.java, line(s) 186,203,67 com/yanzhenjie/album/Album.java, line(s) 53 com/zhangyf/gift/RewardLayout$1.java, line(s) 17 com/zhangyf/gift/RewardLayout$GiftBasket.java, line(s) 19,24 com/zhangyf/gift/RewardLayout.java, line(s) 458 np/protect/assets/ShellApplication.java, line(s) 52 np/protect/assets/a/C0006.java, line(s) 1192,1435 np/protect/assets/a/C0009.java, line(s) 27 np/protect/assets/a/C0113.java, line(s) 272,798,1127,2178,2499,2797,3184 np/protect/assets/a/C0114.java, line(s) 79 np/protect/assets/a/C0115.java, line(s) 184 np/protect/assets/a/C0116.java, line(s) 27 np/protect/assets/a/C0118.java, line(s) 242 org/greenrobot/eventbus/Logger$SystemOutLogger.java, line(s) 7,11 org/greenrobot/eventbus/util/ErrorDialogConfig.java, line(s) 34 org/greenrobot/eventbus/util/ErrorDialogManager.java, line(s) 70 org/greenrobot/eventbus/util/ExceptionToResourceMapping.java, line(s) 25 org/greenrobot/greendao/AbstractDao.java, line(s) 282,683 org/greenrobot/greendao/DaoException.java, line(s) 28,29 org/greenrobot/greendao/DaoLog.java, line(s) 35,39,67,15,43,47,27,31,51,55,59,63 org/greenrobot/greendao/DbUtils.java, line(s) 88,30 org/greenrobot/greendao/async/AsyncOperationExecutor.java, line(s) 129 org/greenrobot/greendao/internal/LongHashMap.java, line(s) 120 org/greenrobot/greendao/query/QueryBuilder.java, line(s) 241,244 org/greenrobot/greendao/test/AbstractDaoTest.java, line(s) 54,56,46 org/greenrobot/greendao/test/AbstractDaoTestLongPk.java, line(s) 31,34 org/greenrobot/greendao/test/AbstractDaoTestSinglePk.java, line(s) 303 org/greenrobot/greendao/test/DbTest.java, line(s) 85 org/xbill/DNS/tools/dig$1.java, line(s) 23 org/xbill/DNS/tools/dig.java, line(s) 12,13,18,19,20 org/xbill/DNS/tools/jnamed.java, line(s) 68,137,155,158,166,411,536,546,581,595,601 org/xbill/DNS/tools/lookup.java, line(s) 10,12,14,17,19,21,24,28 org/xbill/DNS/tools/primary.java, line(s) 9,45,50,53,56 org/xbill/DNS/tools/update.java, line(s) 40,68,239,241,243,245,443,445,451,454,458,461,464,467,471,474,477,480,483,486,489,492,495,498,501,504,507,510,513,516,519,522,525,528,531,542 org/xbill/DNS/tools/xfrin.java, line(s) 12,13,68,72,85,87,91,96,98,99,102,104,107,113 razerdp/basepopup/BasePopupHelper.java, line(s) 552,558 razerdp/basepopup/BasePopupUnsafe.java, line(s) 97 razerdp/basepopup/BasePopupWindow.java, line(s) 1020,371,489,1016 razerdp/basepopup/PopupWindowProxy.java, line(s) 74 razerdp/basepopup/QuickPopupConfig.java, line(s) 76 razerdp/basepopup/WindowManagerProxy$PopupWindowQueueManager.java, line(s) 50,66,76 razerdp/basepopup/WindowManagerProxy$WindowFlagCompat$Api30Impl.java, line(s) 24 razerdp/basepopup/WindowManagerProxy$WindowFlagCompat$BeforeApi30Impl.java, line(s) 22 razerdp/basepopup/WindowManagerProxy.java, line(s) 50,75,96,138 razerdp/blur/BlurHelper.java, line(s) 82,123,59,62,96,99,110,113,127,147 razerdp/blur/BlurImageView$CacheAction.java, line(s) 20 razerdp/blur/BlurImageView$CreateBlurBitmapRunnable.java, line(s) 23,26 razerdp/blur/BlurImageView.java, line(s) 81,93,97,121,86,91,134,157,203,219,221 razerdp/util/PopupUiUtils.java, line(s) 46,142,150 razerdp/util/animation/BaseAnimationConfig.java, line(s) 109,110 razerdp/util/log/PopupLog.java, line(s) 40,44,48,56,52,54 top/zibin/luban/Luban.java, line(s) 82,81 wendu/dsbridge/DWebView$1.java, line(s) 13 wendu/dsbridge/DWebView.java, line(s) 248
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/tls/yr/activity/DateDetailAct.java, line(s) 4,485 com/tls/yr/activity/UserDetailAct.java, line(s) 4,606 com/tls/yr/activity/UserMessageAct.java, line(s) 4,452 com/tls/yr/activity/game/RecordBetFragment$5$1.java, line(s) 4,21 com/tls/yr/activity/game/RecordRecharFragment$3$1.java, line(s) 4,21 com/tls/yr/activity/game/RecordWithdrawFragment$3$1.java, line(s) 4,21 com/tls/yr/fragment/P2PMsgFg$8.java, line(s) 4,28
安全提示信息 此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密
此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密 Files: org/greenrobot/greendao/database/SqlCipherEncryptedHelper.java, line(s) 15,4,5
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/chuanglan/shanyan_sdk/c/c.java, line(s) 43,45 com/danikula/videocache/HttpUrlSource.java, line(s) 135,131,137 com/tls/baselib/net/factory/ServiceFactory.java, line(s) 168,172,180,188,221,225,168,172,180,188,221,225 com/tls/baselib/net/utils/HttpsUtils.java, line(s) 66,130,33,65,86,129,54,64,64,128,128 com/tls/live/net/HttpsUtils.java, line(s) 107,56,73,106,94,105,105 com/tls/live/net/factory/ServiceFactory.java, line(s) 176,176
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (upload.yuezan168.cn) 通信。
{'ip': '61.160.192.94', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '常州', 'latitude': '31.783331', 'longitude': '119.966667'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (oss.jj2y.cn) 通信。
{'ip': '221.228.32.13', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '无锡', 'latitude': '31.569349', 'longitude': '120.288788'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (auth.wosms.cn) 通信。
{'ip': '47.101.5.82', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (so.yuezan168.cn) 通信。
{'ip': '49.67.73.247', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '南通', 'latitude': '32.030296', 'longitude': '120.874779'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (qp.mengxingwl.cn) 通信。
{'ip': '221.228.32.13', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '无锡', 'latitude': '31.569349', 'longitude': '120.288788'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (ad.yuezan168.cn) 通信。
{'ip': '61.147.88.100', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (wap.cmpassport.com) 通信。
{'ip': '101.133.104.19', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '广州', 'latitude': '23.127361', 'longitude': '113.264572'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (sy.cl2009.com) 通信。
{'ip': '101.133.104.19', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (e.189.cn) 通信。
{'ip': '47.101.5.82', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (sysdk.cl2009.com) 通信。
{'ip': '101.133.104.19', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (admonitor.shang0898.com) 通信。
{'ip': '121.42.43.148', 'country_short': 'CN', 'country_long': '中国', 'region': '山东', 'city': '青岛', 'latitude': '36.098610', 'longitude': '120.371941'}