页面标题
页面副标题
移动应用安全检测报告
东京热 v8.57
47
安全评分
安全基线评分
47/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
4
高危
16
中危
3
信息
2
安全
隐私风险评估
1
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
4
中危安全漏洞
16
安全提示信息
3
已通过安全项
2
重点安全关注
5
高危安全漏洞 该文件是World Readable。任何应用程序都可以读取文件
该文件是World Readable。任何应用程序都可以读取文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/cloudwise/agent/app/util/DeviceUtil.java, line(s) 359,363
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: a4/j.java, line(s) 52,4 a4/r.java, line(s) 27,4
高危安全漏洞 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: com/cloudwise/agent/app/mobile/h5/webview/CWWebViewClient.java, line(s) 48,22,23,24 com/cloudwise/agent/app/mobile/h5/x5webview/CWX5WebViewClient.java, line(s) 50,23,24,25 com/cloudwise/agent/app/mobile/h5/xwalkview/CWXWalkResourceClient.java, line(s) 50,115,19,20,21
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: v4/a.java, line(s) 56
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: c4/b0.java, line(s) 8 com/cloudwise/agent/app/minidns/client/AbstractDnsClient.java, line(s) 27 com/cloudwise/agent/app/minidns/core/constants/DnsRootServer.java, line(s) 9 com/cloudwise/agent/app/minidns/core/util/CollectionsUtil.java, line(s) 4 com/cloudwise/agent/app/minidns/resolver/iterative/IterativeDnsClient.java, line(s) 28 h0/h.java, line(s) 11 s4/z.java, line(s) 4 vd/a.java, line(s) 3 vd/b.java, line(s) 3 wd/a.java, line(s) 3
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: ch/qos/logback/classic/joran/action/ConfigurationAction.java, line(s) 20 ch/qos/logback/classic/sift/ContextBasedDiscriminator.java, line(s) 7 ch/qos/logback/core/CoreConstants.java, line(s) 14,21,30,32,48,72,73 ch/qos/logback/core/net/ssl/SSL.java, line(s) 4 ch/qos/logback/core/rolling/helper/DateTokenConverter.java, line(s) 12 ch/qos/logback/core/rolling/helper/IntegerTokenConverter.java, line(s) 7 coil/memory/MemoryCache.java, line(s) 80 com/cloudwise/agent/app/constant/SDKConst.java, line(s) 55,80 com/cloudwise/agent/app/db/EventsDatasource.java, line(s) 17 com/cloudwise/agent/app/encryption/AES128Encode.java, line(s) 22 com/cloudwise/agent/app/util/DeviceUtil.java, line(s) 33 com/paulkman/nova/data/json/StationInfoResponse.java, line(s) 105 com/paulkman/nova/data/remote/SignInRequestBody.java, line(s) 72 com/paulkman/nova/data/remote/SignUpRequestBody.java, line(s) 72 com/paulkman/nova/feature/comic/data/json/ComicChapterKeyResponse.java, line(s) 77 com/paulkman/nova/feature/novel/data/json/NovelChapterKeyResponse.java, line(s) 77 h2/d.java, line(s) 32 ve/a1.java, line(s) 56
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: ch/qos/logback/core/android/AndroidContextUtil.java, line(s) 60,65,74 com/cf/msc/sdk/AppVest.java, line(s) 151,216 com/cloudwise/agent/app/log/CLog.java, line(s) 11 com/cloudwise/agent/app/util/CWFileUtil.java, line(s) 84 com/cloudwise/agent/app/util/DeviceUUIDProcessor.java, line(s) 101 com/cloudwise/agent/app/util/DeviceUtil.java, line(s) 485,472,473,485 org/acra/file/Directory.java, line(s) 46,55 u3/a.java, line(s) 20,23
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: r2/h0.java, line(s) 32
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/cloudwise/agent/app/minidns/client/DnsClient.java, line(s) 91 hg/e.java, line(s) 28,29,22,30,31,32,15 vf/a.java, line(s) 6,7 wf/a.java, line(s) 16 xf/a.java, line(s) 16,9,17,18,19,10,11,12,13,14,15,20 yf/a.java, line(s) 81,102,95,50,51,52,53,54,55,151,150,148,149,130,131
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: ch/qos/logback/classic/android/SQLiteAppender.java, line(s) 3,4,5,244,304,305,306 com/cloudwise/agent/app/db/EventsDatasource.java, line(s) 7,156 com/cloudwise/agent/app/db/MySQLiteHelper.java, line(s) 4,5,27,28,33,34 com/cloudwise/agent/app/mobile/sqlite/SQLiteProcessor.java, line(s) 6,46,89,91,94,179,181,184 r1/c.java, line(s) 6,7,8,9,10,89,195
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/cloudwise/agent/app/mobile/h5/mpaas/MPaasWebViewProcessor.java, line(s) 42,35 com/cloudwise/agent/app/mobile/h5/webview/WebViewProcessor.java, line(s) 22,19 com/cloudwise/agent/app/mobile/h5/x5webview/X5WebViewProcessor.java, line(s) 22,19
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/cf/msc/sdk/SignCheck.java, line(s) 55 v3/l.java, line(s) 56
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: ah/d.java, line(s) 23 com/cloudwise/agent/app/util/CWUtil.java, line(s) 45 s8/b.java, line(s) 42
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/cf/msc/sdk/CheckHook.java, line(s) 34,50,63,50
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个1隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296 UqUQGSpX2QzmCKOEK3ispMnkmKDFAdr/XWMQC128o x2DpdYovEassychzsGWFZ8kmioiAYtX2 WvMdMN4yBoqmMzKkDbh3j2gbkTbU2RB6 UqUQGSpX29OR5v9xSNrjA8POfTG4BpwSqisODzsOt 802443c833c02ce100920450f4bf93b2 4f54469a6638ef9d031c23cd6709bcf9 8KRbusRNkDfqGxNQpE4AoBrPLvH3grBF AtXomf2xN7aBaLm4gKGhDqg3cvrgDWv2 FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551 5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B 9hjMdRG7xw4HTmtkmqFgqpzVghebXCAf b6DJcbmjsY9hRVectvudzVGG22QjFwAy 7uRiKdPHVyethgJ7KXJAMNnU8VwpAKeY 2Z7nvdpg6kfXrseLqqhGujyCuDZPjbtg AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7 Ec9MFUJPYGkB6PhfpNmds7btM9aUTtvM B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF gTiNNx283v7mLNheaqQ2PJXiL2c8RVfd 8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14 XQtvQtVh4XuBYAZdqpZxsiJVvfzgcd7R 8ffc8ca8aeac08dc2fecffe1002dda3d 3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F b6173d737d32962dd07cbca48f5994af fWXqhsDKMXkn4QYB4oyrD8o3bPTCw8nn 8pDGinZYrkoD7z3LVonE9yZeLxgkhQ34 2Rb66zkKEEC9KdtVwcvYrVBqNFFGo2dM 3uzXKrjeZsdZzN6YcHnG6RUEgJMA8DuB AatReniqn4vxW36cysWFzXj7MARcnDfM 8138e8a0fcf3a4e84a771d40fd305d7f4aa59306d7251de54d98af8fe95729a1f73d893fa424cd2edc8636a6c3285e022b0e3866a565ae8108eed8591cd4fe8d2ce86165a978d719ebf647f362d33fca29cd179fb42401cbaf3df0c614056f9c8f3cfd51e474afb6bc6974f78db8aba8e9e517fded658591ab7502bd41849462f ZUjQ2ZwDN76oQvLqtv8XHHKAEw8YMWmJ UqUQGSpX2jhnlIu4l1n1704Kv3HcqC7zhHywfFHhr 7IbA0ZLUUSx2h8alnUPbLq07XQ2fF+DN27Q2gL4C7+WZXNvXzwjK9bcy2uQV2kfMYYnB51AN0okBsMNBVI0r+Jh7ShQn+5VMbF3qTa/7+IULt4SPg2aM0ISj8p33GNVLOqgm2UnSAVSzLl2m4ApyQ88GFE6qK5RdkGbSWf8FnBj6tVNvG8E0SBhJKayq+cAVpMGfsOnv5GD2ZhIUJLAYBt1b+EGuDUm5Idz7rL4htFzhiRL3Dt+9g7bO vcBxuNR22dZyhfxF6Cu6amN7LPkQR9pr UqUQGSpX2VUF/zJhHtHrDfJ95OOR1IurxAWXpTScL 77ecf5b9a365be72fdadf6a86f4195fa 4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5 edef8ba9-79d6-4ace-a3c8-27dcd51d21ed 1628686155461064465348252249725010996177649738666492500572664444461532807739744536029771810659241049343994038053541290419968870563183856865780916376571550372513476957870843322273120879361960335192976656756972171258658400305760429696147778001233984421619267530978084631948434496468785021389956803104620471232008587410372348519229650742022804219634190734272506220018657920136902014393834092648785514548876370028925405557661759399901378816916683122474038734912535425670533237815676134840739565610963796427401855723026687073600445461090736240030247906095053875491225879656640052743394090544036297390104110989318819106653199917493
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: ah/i.java, line(s) 55 b0/c.java, line(s) 20 cf/d.java, line(s) 49 ch/qos/logback/classic/android/LogcatAppender.java, line(s) 30,53,22,29,36,37,43,52,23,44 ch/qos/logback/classic/pattern/TargetLengthBasedClassNameAbbreviator.java, line(s) 28,37 ch/qos/logback/classic/spi/ThrowableProxy.java, line(s) 57 ch/qos/logback/core/joran/util/ConfigurationWatchListUtil.java, line(s) 24 ch/qos/logback/core/net/DefaultSocketConnector.java, line(s) 24 ch/qos/logback/core/net/SocketConnectorBase.java, line(s) 29 ch/qos/logback/core/recovery/ResilientOutputStreamBase.java, line(s) 45 ch/qos/logback/core/spi/ContextAwareBase.java, line(s) 44 ch/qos/logback/core/spi/ContextAwareImpl.java, line(s) 44 com/cf/msc/sdk/AppVest.java, line(s) 140 com/cf/msc/sdk/NetHelper.java, line(s) 83,100 com/cloudwise/agent/app/CWSDK.java, line(s) 229,70,124,143,67,235,236,240,258,260,165,170 com/cloudwise/agent/app/base/AbstractBaseThread.java, line(s) 54 com/cloudwise/agent/app/base/AbstractRetryThread.java, line(s) 42,73 com/cloudwise/agent/app/callback/CWActivityLifecycleCallbacks.java, line(s) 17,28,37,49,60 com/cloudwise/agent/app/config/ConfManager.java, line(s) 23,36,21,22,15 com/cloudwise/agent/app/config/ConfigModel.java, line(s) 293,297,358,321,325,329,333,362 com/cloudwise/agent/app/config/ConfigOption.java, line(s) 13 com/cloudwise/agent/app/config/JSCodeWorker.java, line(s) 46,49,33 com/cloudwise/agent/app/config/LocalConfig.java, line(s) 66,69 com/cloudwise/agent/app/config/ManualConfig.java, line(s) 19,20 com/cloudwise/agent/app/config/SPConfig.java, line(s) 134,149,172,195,210,223,288,167,207,170 com/cloudwise/agent/app/config/SPJSCode.java, line(s) 48,65 com/cloudwise/agent/app/config/SPQuitSession.java, line(s) 51,79 com/cloudwise/agent/app/config/SPQuitView.java, line(s) 51,79 com/cloudwise/agent/app/config/SPStartupConfig.java, line(s) 50,75,47 com/cloudwise/agent/app/config/ServerCdn.java, line(s) 49,45 com/cloudwise/agent/app/config/ServerCdnWorker.java, line(s) 53,56,34,45 com/cloudwise/agent/app/config/ServerConfig.java, line(s) 141,172 com/cloudwise/agent/app/config/ServerConfigWorker.java, line(s) 94,97,48,75,81,87,89 com/cloudwise/agent/app/data/DataProcessor.java, line(s) 42,32,35,19,23,27 com/cloudwise/agent/app/data/DataSendImpl.java, line(s) 156,158,231,234,47,52,118,171,173,176,185,223,224,225,260,262,264,281,283,63,68,78,125,134,148,161,166,256,288,290 com/cloudwise/agent/app/data/DataSendWorker.java, line(s) 14 com/cloudwise/agent/app/data/SendPolicyUtil.java, line(s) 28,14,25,17,21,24 com/cloudwise/agent/app/data/UserInfoSendWorker.java, line(s) 91,94,70,83,84,110,39,57 com/cloudwise/agent/app/db/CloudwiseSharedPreferences.java, line(s) 35,42,53 com/cloudwise/agent/app/db/EventsDatasource.java, line(s) 198,74,91,104,117,130,160,180,183,200,208,221,234 com/cloudwise/agent/app/log/CLog.java, line(s) 106,109,135,137,115,118,97,100,124,127 com/cloudwise/agent/app/minidns/client/AbstractDnsClient.java, line(s) 277 com/cloudwise/agent/app/minidns/client/source/NetworkDataSource.java, line(s) 124,157 com/cloudwise/agent/app/mobile/anr/ANRWatchDog.java, line(s) 38,89 com/cloudwise/agent/app/mobile/anr/AnrListener.java, line(s) 58,59,60,64,137,175,51,56,147,148,150,151,169,139 com/cloudwise/agent/app/mobile/app/AppProcessor.java, line(s) 233,235,55,71,97 com/cloudwise/agent/app/mobile/caton/CatonOrAnrWatchDog.java, line(s) 108,109,111,110,64,103,107,207,213 com/cloudwise/agent/app/mobile/crash/CrashManager.java, line(s) 24,32 com/cloudwise/agent/app/mobile/crash/CrashUtil.java, line(s) 26,144,158,179,58,91,153,194,253,258,266,75,79 com/cloudwise/agent/app/mobile/crash/JavaCrash.java, line(s) 47,27,31,36,46 com/cloudwise/agent/app/mobile/crash/NativeHandler.java, line(s) 42 com/cloudwise/agent/app/mobile/dialing/DialingManager.java, line(s) 29 com/cloudwise/agent/app/mobile/dialing/PingProcessor.java, line(s) 140,28,29,30,31,42,43,52,61,76 com/cloudwise/agent/app/mobile/dialing/PingSharedPreferences.java, line(s) 34,41,52 com/cloudwise/agent/app/mobile/dialing/PingTaskWorker.java, line(s) 44,46,48,50,52,54,57,63 com/cloudwise/agent/app/mobile/h5/CalledByWebview.java, line(s) 119,125,151,50,57,65,192,208,215 com/cloudwise/agent/app/mobile/h5/H5DataWorker.java, line(s) 38,44,52 com/cloudwise/agent/app/mobile/h5/H5Util.java, line(s) 24,28 com/cloudwise/agent/app/mobile/h5/mpaas/CWMPaasH5WebViewClient.java, line(s) 48,50,25,32,37,41,59,65,94 com/cloudwise/agent/app/mobile/h5/mpaas/MPaasWebViewProcessor.java, line(s) 46,26,31,43 com/cloudwise/agent/app/mobile/h5/webview/CWWebView.java, line(s) 19 com/cloudwise/agent/app/mobile/h5/webview/CWWebViewClient.java, line(s) 93,95,127,129,33,38,43,49,57,84,89,105,112,120,139,145 com/cloudwise/agent/app/mobile/h5/webview/WebViewProcessor.java, line(s) 24,21 com/cloudwise/agent/app/mobile/h5/x5webview/CWX5Utils.java, line(s) 33 com/cloudwise/agent/app/mobile/h5/x5webview/CWX5WebView.java, line(s) 19 com/cloudwise/agent/app/mobile/h5/x5webview/CWX5WebViewClient.java, line(s) 95,97,34,38,40,45,51,59,86,91,112,118 com/cloudwise/agent/app/mobile/h5/x5webview/X5WebViewProcessor.java, line(s) 24,21 com/cloudwise/agent/app/mobile/h5/xwalkview/CWXWalkResourceClient.java, line(s) 95,97,156,158,190,192,35,39,45,51,59,86,91,105,110,116,120,147,152,168,175,183,199,209 com/cloudwise/agent/app/mobile/h5/xwalkview/CWXWalkView.java, line(s) 20 com/cloudwise/agent/app/mobile/http/HttpCDNUtil.java, line(s) 48,50,97,99,126,129,156,178,180,46,55,61,65,81,108,112,122,141,150,153,71,74 com/cloudwise/agent/app/mobile/http/HttpHeaderUtil.java, line(s) 58,60,109,111,21,23,35,47,83,86,93,100,119,128 com/cloudwise/agent/app/mobile/http/HttpIPUtil.java, line(s) 43,55,108,135,163,166,181,22,25,27,32,35,49,61,64,67,71,74,80,83,90,93,97,100,104,114,128,143,170,177 com/cloudwise/agent/app/mobile/http/HttpManager.java, line(s) 143,145 com/cloudwise/agent/app/mobile/http/HttpUtil.java, line(s) 75,125,136 com/cloudwise/agent/app/mobile/http/okhttp2/CloudwiseCall.java, line(s) 66 com/cloudwise/agent/app/mobile/http/urlconnection/HttpUrlConnectionDelegate.java, line(s) 39 com/cloudwise/agent/app/mobile/http/urlconnection/HttpsUrlConnectionDelegate.java, line(s) 48 com/cloudwise/agent/app/mobile/http/urlconnection/URLConnectionProcessor.java, line(s) 18,25,31,41,48,54 com/cloudwise/agent/app/mobile/interaction/InteractionManager.java, line(s) 39,41 com/cloudwise/agent/app/mobile/logcat/LogcatProcessor.java, line(s) 48,44,45 com/cloudwise/agent/app/mobile/screenrecord/ScreenShotCheckProcessor.java, line(s) 27,45,64 com/cloudwise/agent/app/mobile/screenrecord/ScreenShotManager.java, line(s) 58,74,85,94,108,121,78,112 com/cloudwise/agent/app/mobile/screenrecord/ScreenShotUploadWorker.java, line(s) 123,78,86,100 com/cloudwise/agent/app/mobile/session/SessionProcessor.java, line(s) 69,124,94,120,141 com/cloudwise/agent/app/mobile/socket/CloudwiseInputStream.java, line(s) 76,105 com/cloudwise/agent/app/mobile/socket/CloudwiseOutputStream.java, line(s) 100,127 com/cloudwise/agent/app/mobile/socket/CloudwiseSocket.java, line(s) 56,87,110,351 com/cloudwise/agent/app/mobile/socket/NIOSocketProcessor.java, line(s) 174,219,287,326,368,410,35 com/cloudwise/agent/app/mobile/socket/SocketProcessor.java, line(s) 58 com/cloudwise/agent/app/mobile/view/ViewProcessor.java, line(s) 45,250,252,289,368,38,73,154,159,167,237,240 com/cloudwise/agent/app/util/BroadcastListener.java, line(s) 21,33,30,58,60,63 com/cloudwise/agent/app/util/CWCDNPingUtil.java, line(s) 42,54,60,64 com/cloudwise/agent/app/util/CWFileUtil.java, line(s) 101 com/cloudwise/agent/app/util/CWUtil.java, line(s) 162,191 com/cloudwise/agent/app/util/CloudwiseTimer.java, line(s) 59,61,63,65,115,118,126,129,51,78 com/cloudwise/agent/app/util/CpuMemMonitor.java, line(s) 91,97,106,115,121,136 com/cloudwise/agent/app/util/DeviceUUIDProcessor.java, line(s) 126,144,166,200,213,222,225,46,52,58 com/cloudwise/agent/app/util/DeviceUtil.java, line(s) 166,256,139,164,208,243,276,288,331,408,430,442,454,523,631,465,526,575 com/cloudwise/agent/app/util/GzipUtils.java, line(s) 29 com/cloudwise/agent/app/util/NetworkUtil.java, line(s) 25,27 com/cloudwise/agent/app/util/PacketLossMonitor.java, line(s) 50,64,71,74 com/cloudwise/agent/app/util/UploadUtil.java, line(s) 12,15,26,29 com/paulkman/nova/core/logging/NovaLoggerManager.java, line(s) 68,71,66 d6/d.java, line(s) 112,140 e1/a.java, line(s) 200,607,705,711,724,735,742,838,924,1000,1077,1127,1147,1161,1195,1213,1276,1321,1324,1376,1423,1493,1642,1647,1653,1670,1740,72,772,781,883,888,1052,1365,1385,1393,1613,1617,1621 e6/b.java, line(s) 49 e8/b.java, line(s) 117 eb/g7.java, line(s) 21 g/f.java, line(s) 139,190,202,354 g1/b.java, line(s) 69,68 g6/f.java, line(s) 112 h8/j2.java, line(s) 27,26 h8/q3.java, line(s) 22 i2/t.java, line(s) 41 j1/d1.java, line(s) 85,82 j1/q0.java, line(s) 129,132 j1/q1.java, line(s) 23,26 j1/s1.java, line(s) 61,39 j1/v1.java, line(s) 86,83 k5/p.java, line(s) 45,51,61,67 l5/h.java, line(s) 53,96 m1/m.java, line(s) 309,396,398 m1/n.java, line(s) 61,64 m1/o.java, line(s) 241,141 m5/g.java, line(s) 63 m5/i.java, line(s) 125,131,137,143 m8/i.java, line(s) 53 ni/i.java, line(s) 17 o/b0.java, line(s) 1087 o5/d.java, line(s) 35 pa/c1.java, line(s) 39 q1/c.java, line(s) 43,47 r1/d.java, line(s) 122,234 s1/a.java, line(s) 60 s3/c.java, line(s) 19,29 sc/h0.java, line(s) 29,28 u/h0.java, line(s) 12,19 u/v0.java, line(s) 13,20,27,34,43,53,60 u1/a.java, line(s) 29 v/j0.java, line(s) 40,42,46,53,58 v1/r.java, line(s) 83,118 w0/c.java, line(s) 252 y1/l.java, line(s) 19,26,33,40,47 z1/l0.java, line(s) 43 z1/p0.java, line(s) 39 z9/q.java, line(s) 53
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: g8/c.java, line(s) 122 gf/a.java, line(s) 27,27 kf/a.java, line(s) 81,81 lf/b.java, line(s) 32,32 org/acra/collector/DropBoxCollector.java, line(s) 128 org/acra/collector/LogCatCollector.java, line(s) 129 org/acra/collector/SharedPreferencesCollector.java, line(s) 89,70,89
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: o8/a1.java, line(s) 4,123
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/cloudwise/agent/app/util/DeviceUtil.java, line(s) 72,55,59,59,59,59,59,59
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: ch/qos/logback/core/net/ssl/SSLContextFactoryBean.java, line(s) 37,55,79,54,54,55,56 com/cloudwise/agent/app/minidns/sec/dane/X509TrustManagerUtil.java, line(s) 21,20,17,19
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (seagull-data.toushibao.com) 通信。
{'ip': '139.162.3.159', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (portal.toushibao.com) 通信。
{'ip': '139.162.3.159', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (exoplayer.dev) 通信。
{'ip': '119.3.240.48', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '无锡', 'latitude': '31.569349', 'longitude': '120.288788'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (app.nova-traffic-1688.com) 通信。
{'ip': '119.3.240.48', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '无锡', 'latitude': '31.569349', 'longitude': '120.288788'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.mmtv.com.cn) 通信。
{'ip': '180.168.88.65', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
综合安全基线评分总结
东京热 v8.57
Android APK
47
综合安全评分
中风险