安全分析报告:
安全分数
安全分数 26/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
1
用户/设备跟踪器
调研结果
高危
25
中危
21
信息
3
安全
2
关注
5
高危 Activity (com.tencent.mm.ui.PasswordSettingActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.HomeActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.RegisterLoginActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.VideoListActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.MyUpdateActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.TagsVideoActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.VideoContentActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.ChatDetailActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.VideoChoiceActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.im.ChatActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.SelCoverTimeActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.workmanage.WorkManagerActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.VideoDetailPlayerActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.LoginActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.TagDetailListActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.tencent.mm.ui.SeeMorePlayerActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.alipay.sdk.app.PayResultActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.alipay.sdk.app.AlipayResultActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: c/a/b/j/c.java, line(s) 78,96,85
高危 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/bumptech/glide/BuildConfig.java, line(s) 2,5 com/bumptech/glide/gifdecoder/BuildConfig.java, line(s) 2,5 com/bumptech/glide/integration/okhttp/BuildConfig.java, line(s) 2,5
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: c/a/c/a/a/a/a/c.java, line(s) 28,77 com/ta/utdid2/a/a/a.java, line(s) 35,42
高危 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
jaygoo/library/m3u8downloader/p/a.java, line(s) 18,32
高危 WebView域控制不严格漏洞
WebView域控制不严格漏洞 Files: com/tencent/mm/ui/H5Activity.java, line(s) 182,174,175,176,177,178,179,180,181,182,185,186 com/tencent/mm/ui/WebViewActivity.java, line(s) 175,167,168,169,170,171,172,173,174,175,177,178 com/tencent/mm/ui/game/WebActivity.java, line(s) 320,314
高危 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: com/tencent/mm/ui/game/WebActivity.java, line(s) 53,51
高危 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: com/alipay/android/phone/mrpc/core/b.java, line(s) 106,16,3
中危 应用程序存在Janus漏洞
应用程序使用了v1签名方案进行签名,如果只使用v1签名方案,那么它就容易受到安卓5.0-8.0上的Janus漏洞的攻击。在安卓5.0-7.0上运行的使用了v1签名方案的应用程序,以及同时使用了v2/v3签名方案的应用程序也同样存在漏洞。
中危 应用程序可以安装在有漏洞的已更新 Android 版本上
Android 4.4-4.4.4, [minSdk=19] 该应用程序可以安装在具有多个未修复漏洞的旧版本 Android 上。这些设备不会从 Google 接收合理的安全更新。支持 Android 版本 => 10、API 29 以接收合理的安全更新。
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Broadcast Receiver (com.tencent.mm.im.websocket.NotificationReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Service (com.tencent.mm.im.websocket.JWebSocketClientService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Activity (com.tencent.mm.ui.H5Activity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.tencent.mm.ui.WebViewActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.alipay.sdk.app.PayResultActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Activity (com.alipay.sdk.app.AlipayResultActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 高优先级的Intent (2147483647)
[android:priority] 通过设置一个比另一个Intent更高的优先级,应用程序有效地覆盖了其他请求。
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: c/a/c/a/a/b/b.java, line(s) 529,815,816 c/a/c/a/a/c/c.java, line(s) 9,23,27 c/b/a/a/i/d.java, line(s) 136,164 c/c/a/c.java, line(s) 41 c/e/c/a/d/b.java, line(s) 56 com/canking/minipay/d.java, line(s) 135 com/danikula/videocache/s.java, line(s) 15,32 com/flurry/sdk/bo.java, line(s) 371 com/fynnjason/utils/q.java, line(s) 77 com/github/mikephil/charting/charts/Chart.java, line(s) 295,343 com/jiajunhui/xapp/medialoader/g/e.java, line(s) 49 com/luck/picture/lib/i/e.java, line(s) 132,132,145,145,237,296,309 com/lxj/xpopup/e/c.java, line(s) 157 com/lzy/okgo/convert/FileConvert.java, line(s) 47,55 com/lzy/okserver/OkDownload.java, line(s) 129 com/sunfusheng/GlideAppMoudle.java, line(s) 66,67 com/ta/utdid2/b/a/c.java, line(s) 54,222,264,321 com/tencent/mm/c.java, line(s) 47,45 com/tencent/mm/camera/stmobileapi/d.java, line(s) 175 com/tencent/mm/camera/stmobileapi/e.java, line(s) 86 com/tencent/mm/camera/utils/a.java, line(s) 9 com/tencent/mm/im/d/a.java, line(s) 22 com/tencent/mm/im/d/b.java, line(s) 14 com/tencent/mm/l/d.java, line(s) 25,26 com/tencent/mm/ui/LaunchActivity.java, line(s) 700,710 com/tencent/mm/ui/game/WebActivity.java, line(s) 241 com/tencent/mm/uitls/a0.java, line(s) 20,21 com/tencent/mm/uitls/d1.java, line(s) 23,44 com/tencent/mm/uitls/i.java, line(s) 61,70 com/tencent/mm/uitls/j0.java, line(s) 77,79,81,24,40,84 com/tencent/mm/uitls/l1.java, line(s) 71,72 com/tencent/mm/uitls/u1.java, line(s) 142 com/tencent/mm/uitls/y0.java, line(s) 75 com/tencent/mm/uitls/z.java, line(s) 17 com/vector/update_app/c.java, line(s) 178,188 com/watermark/androidwm/utils/a.java, line(s) 66 com/yalantis/ucrop/f/e.java, line(s) 122 jaygoo/library/m3u8downloader/f.java, line(s) 28 sj/keyboard/b.java, line(s) 11
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: c/e/a/b/e/b.java, line(s) 366 c/e/c/a/b/c.java, line(s) 42,101 c/e/c/a/d/a.java, line(s) 16 c/e/c/a/f/b/c.java, line(s) 69 com/danikula/videocache/p.java, line(s) 45 com/fynnjason/utils/d.java, line(s) 20 com/szcx/lib/encrypt/b.java, line(s) 12 com/szcx/lib/encrypt/e/a.java, line(s) 8 com/szcx/lib/encrypt/e/b.java, line(s) 20 com/szcx/lib/encrypt/e/c.java, line(s) 23 com/tencent/cos/xml/i/f/b0.java, line(s) 46 com/tencent/cos/xml/i/f/f.java, line(s) 77 com/tencent/cos/xml/j/c.java, line(s) 53 com/tencent/mm/uitls/l1.java, line(s) 132 com/tencent/mm/uitls/q1.java, line(s) 59 com/vector/update_app/f/d.java, line(s) 41 jaygoo/library/m3u8downloader/p/c.java, line(s) 8
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: c/a/c/a/a/a/a/b.java, line(s) 10 c/a/c/a/a/a/a/c.java, line(s) 27,76 c/a/c/a/a/a/b.java, line(s) 83 c/e/c/a/f/f/e.java, line(s) 106 com/flurry/sdk/ce.java, line(s) 65 com/ta/utdid2/device/c.java, line(s) 255 com/tencent/cos/xml/j/c.java, line(s) 33,104,133,164 com/tencent/mm/ui/LaunchActivity.java, line(s) 584 f/b/n/b.java, line(s) 171
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/bumptech/glide/load/Option.java, line(s) 68 com/bumptech/glide/load/engine/DataCacheKey.java, line(s) 34 com/bumptech/glide/load/engine/EngineResource.java, line(s) 100 com/bumptech/glide/load/engine/ResourceCacheKey.java, line(s) 65 com/bumptech/glide/manager/RequestManagerRetriever.java, line(s) 37 com/lzy/okgo/cache/CacheEntity.java, line(s) 12,84 com/lzy/okgo/exception/CacheException.java, line(s) 14,10 com/tencent/mm/bean/AppStartBean.java, line(s) 113
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: c/a/b/d/b.java, line(s) 20 c/a/b/j/c.java, line(s) 8 c/e/a/b/e/b.java, line(s) 22 c/e/a/e/b.java, line(s) 7 com/flurry/sdk/fc.java, line(s) 6 com/lahm/library/j.java, line(s) 25 com/sackcentury/shinebuttonlib/ShineView.java, line(s) 16 com/scwang/smartrefresh/header/FunGameBattleCityHeader.java, line(s) 16 com/scwang/smartrefresh/header/TaurusHeader.java, line(s) 27 com/scwang/smartrefresh/header/b/a.java, line(s) 8 com/ta/utdid2/a/a/e.java, line(s) 7 com/ta/utdid2/device/c.java, line(s) 13 com/tencent/mm/e/f/b.java, line(s) 7 com/tencent/mm/uitls/q1.java, line(s) 12 com/tencent/mm/view/LikeView.java, line(s) 20 com/tencent/mm/view/LoveView.java, line(s) 17 com/tencent/mm/view/MusicalNoteLayout.java, line(s) 27 com/tencent/mm/view/ShortVideoPlayer.java, line(s) 22 com/tencent/qmsp/sdk/f/c.java, line(s) 6 com/vector/update_app/f/b.java, line(s) 5 f/b/n/b.java, line(s) 22 org/greenrobot/greendao/n/f.java, line(s) 7 q/rorbin/badgeview/b.java, line(s) 12
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/sun/jna/Native.java, line(s) 1042 com/tencent/mm/ui/RecordActivity.java, line(s) 609 org/junit/e/j.java, line(s) 14,70 org/nanohttpd/protocols/http/g/a.java, line(s) 13
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: c/e/a/b/d/c.java, line(s) 5,6,25 c/e/a/e/h.java, line(s) 5,6,27 com/danikula/videocache/v/a.java, line(s) 6,7,82 com/lzy/okgo/db/DBHelper.java, line(s) 4,5,31 com/lzy/okgo/db/DBUtils.java, line(s) 4,15 org/greenrobot/greendao/j/f.java, line(s) 5,60
中危 IP地址泄露
IP地址泄露 Files: com/alipay/android/phone/mrpc/core/q.java, line(s) 305 com/danikula/videocache/i.java, line(s) 18 com/lahm/library/f.java, line(s) 92 com/lahm/library/i.java, line(s) 111 com/lahm/library/j.java, line(s) 40,195 org/nanohttpd/protocols/http/b.java, line(s) 606
中危 应用程序包含隐私跟踪程序
此应用程序有多个1隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "auth_google_play_services_client_google_display_name" : "Google" "auth_google_play_services_client_facebook_display_name" : "Facebook" "login_auth_ing" : "正在授權登錄" "library_roundedimageview_authorWebsite" : "https://github.com/vinc3m1" f30dd5f2f09c405c98e7eb6c06c89928 uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc= 57baaaeaad4e4fda8bdaceafdb9d45c2 cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM= ac655948c705413b8a63a7aaefd4cde9 UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4= JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg= MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEUIHE6WoN5aYqD4IWDdIUPN0JyceObw3beer5bNRRL9CfYa6b6ZPm8TOBvrzGI7rdhvVKcWEr8K19H+p6ULitNOhVi2khe0Q2eY277x8J2RYreFsBLn2VpamllAPWP/ug 1aec3637270f465faae52713a7c191c8 81d7beac44a86f4337f534ec93328370 A2B55680-6F43-11E0-9A3F-0002A5D5C51B MjISMmVRV3NjVF1FSFBcUHkAc0NLB3dKe0YEWUZTS1RwcWh3IS0hHz8XCyMREQ== 6BBBBAAD-3430-406E-A937-F47917E51112 9A04F079-9840-4286-AB92-E65BE0885F95 f6221d5fb903924aa6bc0b9653415e4316318839 SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4= 9d451a2da3cf42b0a049ba3e249222bc 63F06F99D823D33AAB89A0A93DECFEE0 0000016742C00BDA259000000168CE0F13200000016588840DCE7118A0002FBF1C31C3275D78 QrMgt8GGYI6T52ZY5AnhtxkLzb8egpFn3j5JELI8H6wtACbUnZ5cc3aYTsTRbmkAkRJeYbtx92LPBWm7nBO9UIl7y5i5MQNmUZNf5QENurR5tGyo7yJ2G0MBjWvy6iAtlAbacKP0SwOUeUWx5dsBdyhxa7Id1APtybSdDgicBDuNjI0mlZFUzZSS9dmN8lBD0WTVOMz0pRZbR3cysomRXOO1ghqjJdTcyDIxzpNAEszN8RMGjrzyU7Hjbmwi6YNK 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18= Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw= BwcnBzRjN2U/MmZhYjRmND4xPjI+NWQwZWU0YmI2MWQ3YjAzKw8cEywsIS4BIg== 75bc6c5227314e63bbfd5d9f0c5c28e4 e4c8836bfe154d76a808da38d0733304 c36e048e284c459686133e66a79e2eba b6cbad6cbd5ed0d209afc69ad3b7a617efaae9b3c47eabe0be42d924936fa78c8001b1fd74b079e5ff9690061dacfa4768e981a526b9ca77156ca36251cf2f906d105481374998a7e6e6e18f75ca98b8ed2eaf86ff402c874cca0a263053f22237858206867d210020daa38c48b20cc9dfd82b44a51aeb5db459b22794e2d649 e096db7c006958f226bc469c27237b65 e392fd6aa2abf5633a4f06bc82b85535 ca3a2848d4e4417eb6ebfbffdc1f3212 04c9fb02a8c30ae84aa2f943e873af2d DQ0dDWk4aT5rOzs4OD00Pms/OjoyCjAhITEJKjIl
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: c/b/a/a/h/p.java, line(s) 111 c/b/a/a/i/d.java, line(s) 32,54,67,91,115,127,158,169,180 c/b/a/a/i/k.java, line(s) 85,174,189 c/b/c/a/a/b.java, line(s) 242,103,297 c/e/a/b/e/c.java, line(s) 24,30,36,67,52,111,131 c/e/b/a/a/a.java, line(s) 10,12,17,19,24,26,64,31,33,38,40 c/e/c/a/f/b/a.java, line(s) 38,56 c/e/c/a/f/b/b.java, line(s) 18,27,21 cn/bingoogolapple/qrcode/core/a.java, line(s) 45,55 com/alexvasilkov/gestures/e/c.java, line(s) 64,80,101,164,178,269,322,343,396,481,499,506,513,525,533,541,549 com/alexvasilkov/gestures/f/d.java, line(s) 40,26,28 com/alexvasilkov/gestures/g/c.java, line(s) 41,57,107,138 com/alexvasilkov/gestures/g/e.java, line(s) 59,69,87,115,146,177,207 com/alipay/android/phone/mrpc/core/b.java, line(s) 79 com/bumptech/glide/GeneratedAppGlideModuleImpl.java, line(s) 15,16,14 com/bumptech/glide/Glide.java, line(s) 383,392,364,176,363,382,389,177 com/bumptech/glide/gifdecoder/GifHeaderParser.java, line(s) 93,121,92,120 com/bumptech/glide/gifdecoder/StandardGifDecoder.java, line(s) 621,642,657,620,641,656,700,709 com/bumptech/glide/load/data/AssetPathFetcher.java, line(s) 53,52 com/bumptech/glide/load/data/HttpUrlFetcher.java, line(s) 57,159,56,158,162,167,174,171,175 com/bumptech/glide/load/data/LocalUriFetcher.java, line(s) 54,53 com/bumptech/glide/load/data/mediastore/ThumbFetcher.java, line(s) 114,113 com/bumptech/glide/load/data/mediastore/ThumbnailStreamOpener.java, line(s) 76,75 com/bumptech/glide/load/engine/DecodeJob.java, line(s) 590,241,255,589,634 com/bumptech/glide/load/engine/DecodePath.java, line(s) 57,58 com/bumptech/glide/load/engine/Engine.java, line(s) 31,204 com/bumptech/glide/load/engine/GlideException.java, line(s) 125 com/bumptech/glide/load/engine/SourceGenerator.java, line(s) 36,37 com/bumptech/glide/load/engine/bitmap_recycle/LruArrayPool.java, line(s) 112,150,113,151 com/bumptech/glide/load/engine/bitmap_recycle/LruBitmapPool.java, line(s) 136,179,189,259,96,135,145,168,178,188,228,235,258,102,146,229,236,169 com/bumptech/glide/load/engine/cache/DiskLruCacheWrapper.java, line(s) 58,70,82,88,117,127,83,118,59,71,89,128 com/bumptech/glide/load/engine/cache/MemorySizeCalculator.java, line(s) 165,149 com/bumptech/glide/load/engine/executor/GlideExecutor.java, line(s) 84,81 com/bumptech/glide/load/engine/executor/RuntimeCompat.java, line(s) 37,36 com/bumptech/glide/load/engine/prefill/BitmapPreFillRunner.java, line(s) 93,92 com/bumptech/glide/load/model/ByteBufferEncoder.java, line(s) 21,20 com/bumptech/glide/load/model/ByteBufferFileLoader.java, line(s) 51,50 com/bumptech/glide/load/model/FileLoader.java, line(s) 106,105 com/bumptech/glide/load/model/ResourceLoader.java, line(s) 100,101 com/bumptech/glide/load/model/StreamEncoder.java, line(s) 40,39 com/bumptech/glide/load/resource/bitmap/BitmapEncoder.java, line(s) 77,76,93,94 com/bumptech/glide/load/resource/bitmap/DefaultImageHeaderParser.java, line(s) 221,231,243,252,259,328,335,354,372,376,381,390,393,398,220,230,242,251,258,327,334,353,371,375,380,389,392,397 com/bumptech/glide/load/resource/bitmap/Downsampler.java, line(s) 105,129,304,104,128,210,250,266,303,211,251,381 com/bumptech/glide/load/resource/bitmap/DrawableToBitmapConverter.java, line(s) 47,52,48,53 com/bumptech/glide/load/resource/bitmap/HardwareConfigState.java, line(s) 44,45 com/bumptech/glide/load/resource/bitmap/TransformationUtils.java, line(s) 300,121,126,171,180,187,299,122,127,172,181,188,189,190,194 com/bumptech/glide/load/resource/bitmap/VideoDecoder.java, line(s) 122,121 com/bumptech/glide/load/resource/gif/ByteBufferGifDecoder.java, line(s) 77,126,131,136,78,127,132,137 com/bumptech/glide/load/resource/gif/GifDrawableEncoder.java, line(s) 27,28 com/bumptech/glide/load/resource/gif/StreamGifDecoder.java, line(s) 42,43 com/bumptech/glide/manager/DefaultConnectivityMonitor.java, line(s) 24,23,50,69,51,70 com/bumptech/glide/manager/DefaultConnectivityMonitorFactory.java, line(s) 17,16 com/bumptech/glide/manager/RequestManagerFragment.java, line(s) 144,145 com/bumptech/glide/manager/RequestManagerRetriever.java, line(s) 248,249,257 com/bumptech/glide/manager/RequestTracker.java, line(s) 109,110 com/bumptech/glide/manager/SupportRequestManagerFragment.java, line(s) 140,141 com/bumptech/glide/module/ManifestParser.java, line(s) 50,57,68,73,49,56,61,67,72,62 com/bumptech/glide/request/SingleRequest.java, line(s) 464,64,180,424 com/bumptech/glide/request/target/CustomViewTarget.java, line(s) 57,98,99,58 com/bumptech/glide/request/target/ViewTarget.java, line(s) 56,97,98,57 com/bumptech/glide/signature/ApplicationVersionSignature.java, line(s) 26 com/bumptech/glide/util/ContentLengthInputStream.java, line(s) 41,40 com/bumptech/glide/util/pool/FactoryPools.java, line(s) 37,38 com/coremedia/iso/boxes/sampleentry/AudioSampleEntry.java, line(s) 186 com/danikula/videocache/h.java, line(s) 34,40,50,61,72 com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java, line(s) 633,208,212,385,389,455,781,790,819,824,1768,1981,2320 com/davemorrissey/labs/subscaleview/decoder/SkiaPooledImageRegionDecoder.java, line(s) 120 com/dhh/websocket/d.java, line(s) 58,152,190,223,203 com/fynnjason/utils/j.java, line(s) 9 com/fynnjason/utils/q.java, line(s) 106,194,196 com/github/mikephil/charting/charts/BarChart.java, line(s) 127 com/github/mikephil/charting/charts/BarLineChartBase.java, line(s) 185,333,465,199,293,299,708,797,801 com/github/mikephil/charting/charts/Chart.java, line(s) 705,857,203,252,610,615,656 com/github/mikephil/charting/charts/CombinedChart.java, line(s) 136 com/github/mikephil/charting/charts/HorizontalBarChart.java, line(s) 189,165,169 com/github/mikephil/charting/charts/PieRadarChartBase.java, line(s) 342 com/github/mikephil/charting/components/a.java, line(s) 218 com/github/mikephil/charting/data/LineDataSet.java, line(s) 149,157 com/github/mikephil/charting/data/PieEntry.java, line(s) 17,25 com/github/mikephil/charting/data/k.java, line(s) 175 com/github/mikephil/charting/data/l.java, line(s) 43,50,57 com/github/mikephil/charting/listener/a.java, line(s) 255 com/itheima/roundedimageview/RoundedImageView.java, line(s) 135,153 com/itheima/roundedimageview/b.java, line(s) 222 com/jiajunhui/xapp/medialoader/b.java, line(s) 57,77,87,128 com/jiajunhui/xapp/medialoader/bean/a.java, line(s) 58,92 com/kk/taurus/playerbase/d/a.java, line(s) 17 com/kk/taurus/playerbase/f/b.java, line(s) 9,15,21 com/lahm/library/j.java, line(s) 52,64 com/luck/picture/lib/PictureSelectorActivity.java, line(s) 630 com/luck/picture/lib/i/e.java, line(s) 355,259,354 com/luck/picture/lib/permissions/RxPermissionsFragment.java, line(s) 36,46 com/luck/picture/lib/widget/longimage/SubsamplingScaleImageView.java, line(s) 1248,389,393,568,572,634,1354,239,1478,1487,1516,1521,1992,2189 com/lxj/xpermission/XPermission.java, line(s) 124 com/lzy/okgo/utils/OkLogger.java, line(s) 41,52,58,64,70 com/lzy/widget/tab/TabTitleIndicator.java, line(s) 289,489,532 com/makeramen/roundedimageview/RoundedDrawable.java, line(s) 146 com/makeramen/roundedimageview/RoundedImageView.java, line(s) 135,153 com/mcxtzhang/indexlib/suspension/SuspensionDecoration.java, line(s) 104 com/nineoldandroids/animation/PropertyValuesHolder.java, line(s) 65,93,161,163,200,202,268,286,288,377,379,466,468 com/sackcentury/shinebuttonlib/PorterImageView.java, line(s) 107 com/sackcentury/shinebuttonlib/ShineButton.java, line(s) 252,355 com/scwang/smartrefresh/header/waveswipe/WaveView.java, line(s) 168 com/scwang/smartrefresh/layout/internal/pathview/a.java, line(s) 758,763 com/sun/jna/Native.java, line(s) 432,479,444,449,457,472,477,486,499,503,565,995,1018,1029 com/sun/jna/r.java, line(s) 388,396,407,413,416,427,438,446,451,458,463,471,476,504 com/sunfusheng/widget/NineImageView.java, line(s) 173 com/szcx/lib/encrypt/d.java, line(s) 9 com/tbruyelle/rxpermissions/RxPermissionsFragment.java, line(s) 35,45 com/tencent/cos/xml/j/d.java, line(s) 36 com/tencent/mm/TrafficStats/TrafficBean.java, line(s) 112,128,200,215,81,106,123,141,145,159,105,118,140,154,194,206,227,239 com/tencent/mm/adapter/GridImageAdapter.java, line(s) 133,134,136,139 com/tencent/mm/adapter/UploadAdapter.java, line(s) 291,295,306 com/tencent/mm/adapter/community/GridImageNoAddAdapter.java, line(s) 116,117,119,122 com/tencent/mm/base/i.java, line(s) 18 com/tencent/mm/bean/hot/HotBean.java, line(s) 57,62 com/tencent/mm/camera/stmobileapi/d.java, line(s) 87,94,101,112,128,137,148,153,167,54,82 com/tencent/mm/camera/stmobileapi/e.java, line(s) 126,140,159,164,177,209,223,32,55,82,103,110,117,149,186,193,200 com/tencent/mm/camera/utils/b.java, line(s) 105,110,119,30,134 com/tencent/mm/camera/utils/c.java, line(s) 49,55,66 com/tencent/mm/camera/widget/MagicImageView.java, line(s) 40 com/tencent/mm/database/a.java, line(s) 18,35 com/tencent/mm/database/d.java, line(s) 30 com/tencent/mm/e/c/a/a.java, line(s) 101,110,197,52,42,88 com/tencent/mm/e/c/a/b.java, line(s) 84,108 com/tencent/mm/e/c/b/a.java, line(s) 147,45,37 com/tencent/mm/e/c/b/b.java, line(s) 111,116,121,240,261,75,197,264 com/tencent/mm/e/c/b/c.java, line(s) 58,66,89 com/tencent/mm/e/d/a/e/n.java, line(s) 75,93 com/tencent/mm/g/c.java, line(s) 15,25,35,45,55,65,74 com/tencent/mm/im/ChatActivity.java, line(s) 105,114,288,322 com/tencent/mm/im/websocket/NotificationReceiver.java, line(s) 16,18,27 com/tencent/mm/im/websocket/WebSocketImReceiver.java, line(s) 10 com/tencent/mm/im/websocket/a.java, line(s) 14,19,24,29 com/tencent/mm/l/a.java, line(s) 17,28 com/tencent/mm/l/d.java, line(s) 40,45,50,55,171 com/tencent/mm/l/i.java, line(s) 76,120 com/tencent/mm/location/AlxLocationService.java, line(s) 35,41,60,66,85,91,124,127,129,131,151,158,168,174,183,203,212,215,218,224,227,235,237,250,256 com/tencent/mm/network/d.java, line(s) 1863,1926,1996,2230,3058 com/tencent/mm/ui/ChangeCodeActivity.java, line(s) 62 com/tencent/mm/ui/ChatDetailActivity.java, line(s) 58 com/tencent/mm/ui/ContentEditActivity.java, line(s) 150 com/tencent/mm/ui/CunstomDetailActivity.java, line(s) 47,53,101 com/tencent/mm/ui/H5Activity.java, line(s) 47 com/tencent/mm/ui/ImagesActivity.java, line(s) 96 com/tencent/mm/ui/LaunchActivity.java, line(s) 756 com/tencent/mm/ui/MyAccountActivity.java, line(s) 52,58 com/tencent/mm/ui/OrderUploadImgActivity.java, line(s) 48 com/tencent/mm/ui/ScanQrCodeActivity.java, line(s) 161 com/tencent/mm/ui/VideoChoiceActivity.java, line(s) 60 com/tencent/mm/ui/VideoListActivity.java, line(s) 206,214,221 com/tencent/mm/ui/WebViewActivity.java, line(s) 194 com/tencent/mm/ui/game/WebActivity.java, line(s) 65,71,76,92,172,181,188,198,204,210 com/tencent/mm/ui/game/f/c.java, line(s) 111,34,51,68,85,107,168,222 com/tencent/mm/ui/game/f/e/a.java, line(s) 34,40,43,62,65 com/tencent/mm/ui/game/f/e/b.java, line(s) 37,40 com/tencent/mm/ui/game/f/e/c.java, line(s) 26,45,48,59,60,75,87,99,119 com/tencent/mm/ui/game/f/e/d.java, line(s) 26,45,48 com/tencent/mm/ui/game/f/e/e.java, line(s) 49,69,74,79,91 com/tencent/mm/ui/game/f/g/c.java, line(s) 55,67,79,91,116,128,140,152,164,176,188,200,212,224 com/tencent/mm/ui/gif/CreateGifActivity.java, line(s) 138 com/tencent/mm/ui/home/ShareFragment.java, line(s) 214 com/tencent/mm/uitls/a0.java, line(s) 147 com/tencent/mm/uitls/e.java, line(s) 66,152 com/tencent/mm/uitls/o.java, line(s) 77,91,108,473,103 com/tencent/mm/uitls/q0.java, line(s) 16,11 com/tencent/mm/uitls/s.java, line(s) 41,44,50 com/tencent/mm/uitls/y1/b.java, line(s) 64,67,70,73,77,120,142,193 com/tencent/mm/uitls/y1/c.java, line(s) 27,56,79,84,88,107,122,136 com/tencent/mm/uitls/y1/d.java, line(s) 21,60,72,85 com/tencent/mm/uitls/y1/e.java, line(s) 60 com/tencent/mm/uitls/y1/f.java, line(s) 46,54 com/tencent/mm/uitls/y1/h.java, line(s) 17,21,32 com/tencent/mm/uitls/y1/i.java, line(s) 20,112 com/tencent/mm/videoplayer/ContentVideoPlayer.java, line(s) 576,1123,1273,1312,1563 com/tencent/mm/videoplayer/NormalVideoPlayer.java, line(s) 296,715 com/tencent/mm/view/BubbleImageView.java, line(s) 100,101,102,103 com/tencent/mm/view/ChoiceCover.java, line(s) 105 com/tencent/mm/view/JudgeNestedScrollView.java, line(s) 37 com/tencent/mm/view/VerticalViewPager.java, line(s) 1334,2063,2069,2081 com/tencent/mm/view/update/OkGoUpdateHttpUtil.java, line(s) 35 com/tencent/qmsp/sdk/base/e.java, line(s) 10,20,26 com/tencent/qmsp/sdk/f/g.java, line(s) 10,20,26,32 com/tencent/qmsp/sdk/g/e/d.java, line(s) 19 com/transitionseverywhere/p.java, line(s) 124,552,557 com/transitionseverywhere/utils/j.java, line(s) 33,130,142 com/vector/update_app/c.java, line(s) 347 com/vincent/videocompressor/VideoController.java, line(s) 64,440,448,451,455,456,457,508,521,547,567,575,580,584,585,586,595,601,602,603,825,845,849,850,851,869,889,893,894,895,908,928,932,933,934,957,977,981,982,983,996,1016,1020,1021,1022,1098,1118,1122,1123,1124,1138,1198,1218,1222,1223,1224,1260,1263,1294,1314,1318,1319,1320,1348,1368,1372,1373,1374,1392,1397,1417,1421,1422,1423,1436,1477,1493,1513,1517,1518,1519,1542,1546,1596,1603,1623,1627,1628,1629,1644,1693,1869,1874,1878,1879,1880,1895,1909,1914,1918,1919,1920,1931,1943,1946,2010,2015,2016,2017 com/wang/avi/AVLoadingIndicatorView.java, line(s) 333 com/yalantis/ucrop/PictureMultiCuttingActivity.java, line(s) 713 com/yalantis/ucrop/UCropActivity.java, line(s) 576 com/yalantis/ucrop/e/a.java, line(s) 93 com/yalantis/ucrop/e/b.java, line(s) 48,89,123,134,141,171 com/yalantis/ucrop/f/a.java, line(s) 61,109,119 com/yalantis/ucrop/f/c.java, line(s) 77 com/yalantis/ucrop/f/e.java, line(s) 93 com/yalantis/ucrop/f/f.java, line(s) 136,171,181,193,207,223,227,232,241,244,249,260,267,277,284,170,180,192,206,222,226,231,240,243,248,259,266,276,283 com/yalantis/ucrop/view/TransformImageView.java, line(s) 140,186,54,227 com/yhao/floatwindow/i.java, line(s) 11,15 com/youngfeng/snake/d/h.java, line(s) 13,20 com/youth/banner/Banner.java, line(s) 103,274,302,308,576 d/a/a/a/a.java, line(s) 21,27,34,40,73,80,86,97,103,110,116 e/b/a.java, line(s) 261 e/b/c.java, line(s) 11 e/c/b.java, line(s) 26,124 f/c/a/d.java, line(s) 19,25 fr/tvbarthel/lib/blurdialogfragment/a.java, line(s) 206,207,208,209,222 fr/tvbarthel/lib/blurdialogfragment/d.java, line(s) 39 g/a/b.java, line(s) 215,233 jaygoo/library/m3u8downloader/p/b.java, line(s) 10,16 jaygoo/library/m3u8downloader/p/e.java, line(s) 17 me/jessyan/autosize/AutoSize.java, line(s) 136 me/jessyan/autosize/AutoSizeConfig.java, line(s) 321,334,347,243 me/jessyan/autosize/DefaultAutoAdaptStrategy.java, line(s) 20,29,32,14,26 me/jessyan/autosize/utils/AutoSizeLog.java, line(s) 14,20,34 org/greenrobot/eventbus/b.java, line(s) 39 org/greenrobot/eventbus/c.java, line(s) 183,130,133,138,443 org/greenrobot/eventbus/util/ErrorDialogManager.java, line(s) 169 org/greenrobot/eventbus/util/a.java, line(s) 33 org/greenrobot/eventbus/util/b.java, line(s) 42 org/greenrobot/eventbus/util/d.java, line(s) 29 org/greenrobot/greendao/d.java, line(s) 14,18,26,34,38,42,50,54,22,58,62,66 org/joda/time/tz/a.java, line(s) 387,388,413 org/joda/time/tz/f.java, line(s) 52,275,276,277,278,279,301,312,417,473,540 pub/devrel/easypermissions/EasyPermissions.java, line(s) 133,135,35 pub/devrel/easypermissions/e/a.java, line(s) 37 pub/devrel/easypermissions/e/c.java, line(s) 19 tv/danmaku/ijk/media/exo/demo/EventLogger.java, line(s) 47,52,73,78,93,103,139,144,149,154,43,108,115,128 tv/danmaku/ijk/media/exo/demo/player/DashRendererBuilder.java, line(s) 162 tv/danmaku/ijk/media/exo2/demo/EventLogger.java, line(s) 105,108,111,114,117,120,122,125,132,137,142,147,152,166,171,176,196,218,231,233,238,248,253,262,267,272,277,284,287,290,294,297,299,308,311,322,329,335,339,349,352,358,368,376,383,387,391,393,402,407,412,417,422,97,243 tv/danmaku/ijk/media/player/IjkMediaCodecInfo.java, line(s) 200,202 tv/danmaku/ijk/media/player/IjkMediaPlayer.java, line(s) 149,155,235,248,144,158,180,243,410,177,260,792,806 tv/danmaku/ijk/media/player/pragma/DebugLog.java, line(s) 13,17,65,21,25,69,29,33,73,49,53,77,57,61,81
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: c/e/a/g/g.java, line(s) 4,32 com/tencent/mm/adapter/PayFriendAdapter.java, line(s) 5,26 com/tencent/mm/adapter/RechargeListAdapter.java, line(s) 5,26 com/tencent/mm/ui/ShareActivity.java, line(s) 6,142 com/tencent/mm/ui/WebViewActivity.java, line(s) 6,143 com/tencent/mm/ui/dialog/ComicSharePopup.java, line(s) 5,32 com/tencent/mm/ui/dialog/ShareButtomDialog.java, line(s) 5,82 com/tencent/mm/ui/dialog/ShareFanGroupDialog.java, line(s) 5,60 com/tencent/mm/ui/dialog/ShareSeeMoreDialog.java, line(s) 5,66 com/tencent/mm/ui/dialog/VideoShareHPopup.java, line(s) 5,32 com/tencent/mm/ui/dialog/VideoSharePopup.java, line(s) 5,32 com/tencent/mm/ui/home/ShareFragment.java, line(s) 5,80 com/tencent/mm/uitls/l.java, line(s) 4,36
信息 此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密
此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密 Files: org/greenrobot/greendao/j/b.java, line(s) 18,6,14
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: c/a/b/i/b.java, line(s) 22,22,22,22,22,22 c/e/a/b/e/d.java, line(s) 44,33 com/lahm/library/i.java, line(s) 45,45,45,45,45
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/flurry/sdk/t.java, line(s) 236,214,212,212 com/lzy/okgo/https/HttpsUtils.java, line(s) 125,74,123,123 org/nanohttpd/protocols/http/NanoHTTPD.java, line(s) 159,137,156,156
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (h5.m.taobao.com) 通信。
{'ip': '121.228.130.197', 'country_short': 'CN', 'country_long': 'China', 'region': 'Jiangsu', 'city': 'Suzhou', 'latitude': '31.311390', 'longitude': '120.618057'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (mobilegw.alipaydev.com) 通信。
{'ip': '110.75.132.131', 'country_short': 'CN', 'country_long': 'China', 'region': 'Zhejiang', 'city': 'Hangzhou', 'latitude': '30.293650', 'longitude': '120.161423'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (open-image.nosdn.127.net) 通信。
{'ip': '180.101.197.251', 'country_short': 'CN', 'country_long': 'China', 'region': 'Jiangsu', 'city': 'Suzhou', 'latitude': '31.311390', 'longitude': '120.618057'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (api.t.sina.com.cn) 通信。
{'ip': '49.7.37.118', 'country_short': 'CN', 'country_long': 'China', 'region': 'Beijing', 'city': 'Beijing', 'latitude': '39.907501', 'longitude': '116.397232'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (mov.bn.netease.com) 通信。
{'ip': '58.221.32.109', 'country_short': 'CN', 'country_long': 'China', 'region': 'Jiangsu', 'city': 'Nantong', 'latitude': '32.030281', 'longitude': '120.874718'}