安全分析报告:
安全分数
安全分数 40/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
6
用户/设备跟踪器
调研结果
高危
8
中危
27
信息
1
安全
1
关注
3
高危 使用弱加密算法
使用弱加密算法 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: prod/apptest/com/utils/EncryptUtils.java, line(s) 27,55
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: prod/apptest/com/utils/EncryptUtils.java, line(s) 27,55
高危 已启用远程WebView调试
已启用远程WebView调试 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/zoloz/webcontainer/WebCActivity.java, line(s) 126,19,20 prod/apptest/com/activity/BaseNativeWebActivity.java, line(s) 524,34,35 prod/apptest/com/activity/WebActivity.java, line(s) 566,35,36
高危 WebView域控制不严格漏洞
WebView域控制不严格漏洞 Files: com/zoloz/webcontainer/WebCActivity.java, line(s) 106,104,163 prod/apptest/com/activity/BaseNativeWebActivity.java, line(s) 770,335,336,339,517,518,519,520,521,587,765 prod/apptest/com/activity/WebActivity.java, line(s) 811,377,378,381,559,560,561,562,563,629,807 prod/apptest/com/utils/ProgressWebView.java, line(s) 57,56
高危 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/alipay/mobile/security/bio/workspace/Env.java, line(s) 56
高危 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: prod/apptest/com/activity/BaseNativeWebActivity.java, line(s) 565,564 prod/apptest/com/activity/BaseVasSonicWebActivity.java, line(s) 1438,1437 prod/apptest/com/activity/WebActivity.java, line(s) 607,606
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: prod/apptest/com/base/VideoEnabledWebView.java, line(s) 71,9
高危 应用程序包含隐私跟踪程序
此应用程序有多个6隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 应用程序存在Janus漏洞
应用程序使用了v1签名方案进行签名,如果只使用v1签名方案,那么它就容易受到安卓5.0-8.0上的Janus漏洞的攻击。在安卓5.0-7.0上运行的使用了v1签名方案的应用程序,以及同时使用了v2/v3签名方案的应用程序也同样存在漏洞。
中危 应用程序可以安装在有漏洞的已更新 Android 版本上
Android 6.0-6.0.1, [minSdk=23] 该应用程序可以安装在具有多个未修复漏洞的旧版本 Android 上。这些设备不会从 Google 接收合理的安全更新。支持 Android 版本 => 10、API 29 以接收合理的安全更新。
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Activity (cn.jpush.android.ui.PopWinActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Activity (cn.jpush.android.ui.PushActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Activity (com.facebook.CustomTabActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Activity (com.google.firebase.auth.internal.GenericIdpActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Activity (com.google.firebase.auth.internal.RecaptchaActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (cn.jpush.android.service.DaemonService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Activity设置了TaskAffinity属性
(cn.jpush.android.service.DActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity (cn.jpush.android.service.DActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Content Provider (cn.jpush.android.service.DownloadProvider) 未被保护。
[android:exported=true] 发现 Content Provider与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Activity设置了TaskAffinity属性
(cn.jpush.android.service.JNotifyActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity (cn.jpush.android.service.JNotifyActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 高优先级的Intent (1000)
[android:priority] 通过设置一个比另一个Intent更高的优先级,应用程序有效地覆盖了其他请求。
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/alipay/zoloz/hardware/camera/impl/TestUtil.java, line(s) 49,138,142,187 com/alipay/zoloz/toyger/face/FrameProcessor.java, line(s) 50,153,164,172 com/lzy/okgo/convert/FileConvert.java, line(s) 25,42 com/zoloz/dfp/StorageUtils.java, line(s) 15,49 com/zoloz/stack/lite/aplog/core/utils/FileUtil.java, line(s) 18 prod/apptest/com/utils/DeviceUuidFactory.java, line(s) 51,52,80 prod/apptest/com/utils/DownloadApk.java, line(s) 38 prod/apptest/com/utils/FileManager.java, line(s) 44,54,58,63 prod/apptest/com/utils/FileUtils.java, line(s) 65 prod/apptest/com/utils/GetDeviceId.java, line(s) 136,137 pushlive/lbd/com/updateapp/UpdateAppManager.java, line(s) 364,372
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/alipay/mobile/security/bio/common/record/impl/BioRecordServiceImpl.java, line(s) 14 com/alipay/mobile/security/bio/utils/StressTestUtil.java, line(s) 7 com/alipay/mobile/security/bio/workspace/Env.java, line(s) 11,12 com/alipay/zoloz/config/ConfigConstants.java, line(s) 4,5,7 com/alipay/zoloz/hardware/camera/impl/TestUtil.java, line(s) 21,20 com/alipay/zoloz/toyger/ToygerService.java, line(s) 26,23 com/alipay/zoloz/toyger/blob/BlobStatic.java, line(s) 10 com/alipay/zoloz/zface/services/ZFaceRecordService.java, line(s) 23 com/ap/zoloz/hummer/api/ZLZConstants.java, line(s) 13 com/ap/zoloz/hummer/biz/HummerConstants.java, line(s) 6,35,66,107,114 com/ap/zoloz/hummer/ekyc/biz/HummerEkycConstants.java, line(s) 3,10 com/ap/zoloz/hummer/h5/ZolozEkycH5Handler.java, line(s) 41 com/appsflyer/AppsFlyerProperties.java, line(s) 15 com/lzy/okgo/cache/CacheEntity.java, line(s) 12,84 com/lzy/okgo/exception/CacheException.java, line(s) 6,10 com/zhy/http/okhttp/builder/PostFormBuilder.java, line(s) 52 io/grpc/internal/DnsNameResolver.java, line(s) 75,73,74,76 io/grpc/internal/TransportFrameUtil.java, line(s) 32 prod/apptest/com/AppTestApp.java, line(s) 81,69 prod/apptest/com/jpush/ExampleUtil.java, line(s) 18 prod/apptest/com/utils/DeviceUuidFactory.java, line(s) 26 pushlive/lbd/com/updateapp/UpdateAppManager.java, line(s) 26,27,28,24 rx/internal/schedulers/NewThreadWorker.java, line(s) 26,36
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/alipay/mobile/security/zim/biz/RecordProcessor.java, line(s) 21 io/grpc/internal/DnsNameResolver.java, line(s) 35 io/grpc/internal/ExponentialBackoffPolicy.java, line(s) 5 io/grpc/internal/RetriableStream.java, line(s) 22 io/grpc/okhttp/OkHttpClientTransport.java, line(s) 74 io/grpc/util/OutlierDetectionLoadBalancer.java, line(s) 26 io/grpc/util/RoundRobinLoadBalancer.java, line(s) 20 java8/util/concurrent/ThreadLocalRandom.java, line(s) 7 pushlive/lbd/com/updateapp/utils/ColorUtil.java, line(s) 5
中危 IP地址泄露
IP地址泄露 Files: io/grpc/okhttp/OkHttpClientTransport.java, line(s) 222 io/grpc/okhttp/OkHttpServerTransport.java, line(s) 580,595,601,686
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/alipay/mobile/security/bio/utils/SignHelper.java, line(s) 29,47 com/appsflyer/internal/af.java, line(s) 28 com/zoloz/android/phone/zdoc/fragment/ZdocAlgorithmFragment.java, line(s) 288 com/zoloz/stack/lite/aplog/core/utils/MD5Util.java, line(s) 13 com/zoloz/webcontainer/util/SecurityUtil.java, line(s) 14 prod/apptest/com/utils/GetDeviceId.java, line(s) 110 prod/apptest/com/webview/utils/MD5Utils.java, line(s) 11 pushlive/lbd/com/updateapp/utils/Md5Util.java, line(s) 29 ren/yale/android/cachewebviewlib/utils/MD5Utils.java, line(s) 11
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/alipay/mobile/security/bio/utils/SignHelper.java, line(s) 8 com/alipay/zoloz/config/util/SecurityUtil.java, line(s) 23 com/appsflyer/internal/af.java, line(s) 13 com/zoloz/rpc/SigApiUtil.java, line(s) 47 com/zoloz/webcontainer/util/SecurityUtil.java, line(s) 50
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/lzy/okgo/db/DBHelper.java, line(s) 4,5,43 com/lzy/okgo/db/DBUtils.java, line(s) 4,9
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: prod/apptest/com/activity/BaseNativeWebActivity.java, line(s) 509,510,511,512,513,514,515,516,519,766 prod/apptest/com/activity/WebActivity.java, line(s) 551,552,553,554,555,556,557,558,561,808 prod/apptest/com/base/VideoEnabledWebView.java, line(s) 64,70,76,82,86,90,55
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "facebook_client_token" : "46e10f14cb35feac73932cfe02b7dfe8" "com_facebook_device_auth_instructions" : "访问<b>facebook.com/device</b>并输入上方显示的验证码。" "app_gcm_token" : "GCMToken" "com_facebook_device_auth_instructions" : "<b>facebook.com/device</b>にアクセスして、上記のコードを入力してください。" "google_api_key" : "AIzaSyCsfErtTAjOHvXGe-hbk4J0ZJAhyp7IwGg" "google_crash_reporting_api_key" : "AIzaSyCsfErtTAjOHvXGe-hbk4J0ZJAhyp7IwGg" c56fb7d591ba6704df047fd98f535372fea00211 16a09e667f3bcc908b2fb1366ea957d3e3adec17512775099da2f590b0667322a b97bea014531123f94c3ba7b7afbaad2 FBA3AF4E7757D9016E953FB3EE4671CA2BD9AF725F9A53D52ED4A38EAAA08901 E3F9E1E0CF99D0E56A055BA65E241B3399F7CEA524326B0CDD6EC1327ED0FDC1 df6b721c8b4d3b6eb44c861d4415007e5a35fc95 5e5398f0546d1d7afd62641edb14d82894f11ddc41bce363a0c8d0dac82c9c5a eyJ6ZmFjZSI6eyJuYW1lIjoiZmFjZUNoZXJyeVppc2EiLCJpbmRleCI6IjEiLCJ2ZXJzaW9uIjoiMSJ9LCJkcmFnb25mbHkiOnsibmFtZSI6ImZhY2VHYXJmaWVsZCIsImluZGV4IjoiNCIsInZlcnNpb24iOiIxIn0sIm11bHRpIjp7Im5hbWUiOiJmYWNlTXVsdGlBY3Rpb24iLCJpbmRleCI6IjEyIiwidmVyc2lvbiI6IjIifSwicGhvdGludXMiOnsibmFtZSI6ImZhY2VQaG90aW51cyIsImluZGV4IjoiMjIiLCJ2ZXJzaW9uIjoiMiJ9LCJmYWxjb24iOnsibmFtZSI6ImZhbGNvbkFsZ28iLCJpbmRleCI6IjI2IiwidmVyc2lvbiI6IjIifSwiZmFuY3lmcmFtZSI6eyJuYW1lIjoiZmFuY3lGcmFtZVNjYW4iLCJpbmRleCI6IjE2IiwidmVyc2lvbiI6IjEifSwiemRvYyI6eyJuYW1lIjoiZG9jU2ltcGxlU2NhbiIsImluZGV4IjoiOCIsInZlcnNpb24iOiIxIn0sImZhbmN5Ijp7Im5hbWUiOiJkb2NGYW5jeVNjYW4iLCJpbmRleCI6IjE0IiwidmVyc2lvbiI6IjEifX0= 3BAF59A2E5331C30675FAB35FF5FFF0D116142D3D4664F1C3CB804068B40614F 9b8f518b086098de3d77736f9458a3d2f6f95a37 FFE391E0EA186D0734ED601E4E70E3224B7309D48E2075BAC46D8C667EAE7212 42a7e8825d72df7e5abe5e84c45bce74 a2xqMTQzOThhamhyMXVVWSUyOCpRSjRPSE9VUFklMjglMjElMjYlMjQ4cmlxd2V1cmFoZGZxbzEz cc2751449a350f668590264ed76692694a80308a a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 bbe4f792e50a9c34aca9da6f2344c96f
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/alipay/biometrics/ui/widget/CircleFrameLayout.java, line(s) 65 com/alipay/biometrics/ui/widget/PromptTextView.java, line(s) 59 com/alipay/biometrics/ui/widget/RoundProgressBar.java, line(s) 71 com/alipay/biometrics/ui/widget/WaveView.java, line(s) 198 com/alipay/mobile/security/bio/common/record/impl/BioRecordServiceImpl.java, line(s) 91,74,40 com/alipay/mobile/security/bio/common/record/impl/ZimRecordServiceImpl.java, line(s) 104,83 com/alipay/mobile/security/bio/common/statistics/RecordExtServiceImpl.java, line(s) 74 com/alipay/mobile/security/bio/runtime/FrameworkDesc.java, line(s) 44 com/alipay/mobile/security/bio/runtime/ModuleDesc.java, line(s) 91,112 com/alipay/mobile/security/bio/runtime/Runtime.java, line(s) 65,54,145,295,207,221,235,274,339,355,364,76,85,161,170,180,192,240,245,293,423 com/alipay/mobile/security/bio/security/RSAEncrypt.java, line(s) 69,91,113 com/alipay/mobile/security/bio/sensor/SensorCollectWorker.java, line(s) 56,31,34,44,59 com/alipay/mobile/security/bio/sensor/SensorCollectors.java, line(s) 53 com/alipay/mobile/security/bio/service/BioService.java, line(s) 15,17,21,24 com/alipay/mobile/security/bio/service/BioServiceManager.java, line(s) 116,41,57,60,69,72,76,82,96 com/alipay/mobile/security/bio/service/impl/BioServiceManagerImpl.java, line(s) 118,119,273,103,105,107,181,228,288,304,134,147,154,163,271 com/alipay/mobile/security/bio/service/impl/BioStoreServiceImpl.java, line(s) 23,44,61 com/alipay/mobile/security/bio/service/impl/BioTaskServiceImpl.java, line(s) 48 com/alipay/mobile/security/bio/service/impl/BioUploadServiceCoreZhubPb.java, line(s) 38,65,67,89 com/alipay/mobile/security/bio/service/impl/BioUploadWatchThread.java, line(s) 30,123,49,58,62,66,68,71,75,82,93,106,141,146 com/alipay/mobile/security/bio/service/local/dynamicrelease/DynamicReleaseService.java, line(s) 10 com/alipay/mobile/security/bio/service/local/language/LanguageService.java, line(s) 21,26,29 com/alipay/mobile/security/bio/service/msgchannel/pb/BioUploadServiceCoreMessageChannel.java, line(s) 29,33,35,45,66 com/alipay/mobile/security/bio/service/msgchannel/pb/ZimMessageChannelCallbackImpl.java, line(s) 110,42,63,82,27 com/alipay/mobile/security/bio/thread/WatchLogThread.java, line(s) 79,71 com/alipay/mobile/security/bio/thread/WatchThread.java, line(s) 28,30 com/alipay/mobile/security/bio/utils/BioLog.java, line(s) 21,36,26,16,31 com/alipay/mobile/security/bio/utils/BitmapHelper.java, line(s) 205,208,221,169 com/alipay/mobile/security/bio/utils/CamParaUtil.java, line(s) 43,61,120,131,142 com/alipay/mobile/security/bio/utils/DeviceUtil.java, line(s) 104,107 com/alipay/mobile/security/bio/utils/DisplayUtil.java, line(s) 11 com/alipay/mobile/security/bio/utils/FileUtil.java, line(s) 61,114,149,184,220,243,279,298,303,309,319,369,96,98,383,403,417,427 com/alipay/mobile/security/bio/utils/HanziToPinyin.java, line(s) 70,55 com/alipay/mobile/security/bio/utils/InputStreamUtils.java, line(s) 22 com/alipay/mobile/security/bio/utils/NetworkUtil.java, line(s) 56 com/alipay/mobile/security/bio/utils/OutputStreamUtils.java, line(s) 11 com/alipay/mobile/security/bio/utils/RSASign.java, line(s) 26,29 com/alipay/mobile/security/bio/utils/RotateBitmapHelper.java, line(s) 15,18,33,48,51 com/alipay/mobile/security/bio/utils/ScreenUtil.java, line(s) 13,22,30 com/alipay/mobile/security/bio/utils/SignHelper.java, line(s) 10 com/alipay/mobile/security/bio/utils/ViewUtil.java, line(s) 9 com/alipay/mobile/security/bio/workspace/BaseBioParameterToBioApp.java, line(s) 72,79,90,97,76,94 com/alipay/mobile/security/bio/workspace/BioFragment.java, line(s) 18 com/alipay/mobile/security/bio/workspace/BioFragmentContainer.java, line(s) 115,38,68,171,180,184,190,84,101,131,244,275,295,315 com/alipay/mobile/security/bio/workspace/BioTransfer.java, line(s) 103,106,143,146,85,90,97,126,131,138,162,317,71,175,189,280,299,307,366,256,282,289,292,301,354,387 com/alipay/mobile/security/bio/workspace/PbBioParameterToBioApp.java, line(s) 46,120,122,124,126,159,176 com/alipay/mobile/security/bio/workspace/PbToBioApp.java, line(s) 46,60,87,136 com/alipay/mobile/security/zim/api/ZIMFacade.java, line(s) 225,235,200,94,99,105,240,263,77,89,163,228,255 com/alipay/mobile/security/zim/biz/RecordProcessor.java, line(s) 258,77,177,193 com/alipay/mobile/security/zim/biz/ZimComponentCallbacks.java, line(s) 33,38,43,22 com/alipay/mobile/security/zim/biz/ZimPlatform.java, line(s) 107,160,195,304,416,429,73,145,354,431,498,96,98,198,219,290,445,454,297,474,479 com/alipay/mobile/security/zim/gw/BioUploadServiceCoreZhub.java, line(s) 18,24 com/alipay/mobile/security/zim/gw/PbGwService.java, line(s) 34,38,48,81,95,41 com/alipay/zoloz/config/ConfigCenter.java, line(s) 247,254,260,266,268,274,278,280,62,76,103,128,54,177,192,295 com/alipay/zoloz/config/ConfigDataParser.java, line(s) 25,48,58,83,41 com/alipay/zoloz/config/RSAKeyParser.java, line(s) 17 com/alipay/zoloz/config/util/ConfigLog.java, line(s) 13,25,31,37,19 com/alipay/zoloz/config/util/FileUtil.java, line(s) 32,52,74,235,239,244,253,258,350 com/alipay/zoloz/hardware/HardwareMetaInfo.java, line(s) 20 com/alipay/zoloz/hardware/camera/impl/AbsCameraImpl.java, line(s) 239,279,297,627,341,392,395 com/alipay/zoloz/hardware/camera/impl/AndroidGlImpl.java, line(s) 39 com/alipay/zoloz/hardware/camera/impl/AndroidImpl.java, line(s) 27,36 com/alipay/zoloz/hardware/camera/impl/PermissionAndroidImpl.java, line(s) 422,441,72,335,411,431,449,466,532,204,542 com/alipay/zoloz/hardware/camera/impl/TestUtil.java, line(s) 70,82,95,102,124,146 com/alipay/zoloz/hardware/camera/preview/CameraTextureRender.java, line(s) 94,164,197,180,184 com/alipay/zoloz/hardware/camera/utils/AndroidCameraUtil.java, line(s) 274,82,104,168,179,190 com/alipay/zoloz/hardware/camera/widget/CameraSurfaceView.java, line(s) 134,136,138,140,69,93,116,214,217 com/alipay/zoloz/hardware/camera/widget/FocusView.java, line(s) 146 com/alipay/zoloz/hardware/camera/widget/PermissionCameraSurfaceView.java, line(s) 93,115,136 com/alipay/zoloz/hardware/log/Log.java, line(s) 20,35,25,15,30 com/alipay/zoloz/isp/ToygerIsp.java, line(s) 36,72,76,18,33,70,86 com/alipay/zoloz/monitor/ZLZCrashHandler.java, line(s) 97,90,37,47,86 com/alipay/zoloz/toyger/ToygerService.java, line(s) 55,64 com/alipay/zoloz/toyger/blob/BitmapHelper.java, line(s) 293 com/alipay/zoloz/toyger/blob/GenericBlobManagerImpl.java, line(s) 55,80,93 com/alipay/zoloz/toyger/doc/ToygerScanDocService.java, line(s) 155,289,92,98,106,219,271 com/alipay/zoloz/toyger/face/FrameProcessor.java, line(s) 56,160,143,182,52,69,71,89,113,155,166,189 com/alipay/zoloz/toyger/face/ToygerFaceService.java, line(s) 257,279,409,425,80,142,157,264,321,339,396,101,105,148,155,168,297,306,318,350,371,374,383,386,90,94 com/alipay/zoloz/toyger/monitor/NineshotService.java, line(s) 61 com/alipay/zoloz/toyger/photinus/VideoWriter.java, line(s) 120,141,173,186,460,469,509,510,516,321,498,423,440,448,453,473,479,482 com/alipay/zoloz/video/PhotinusEmulator.java, line(s) 284 com/alipay/zoloz/zface/action/ZFacePhotinusActionPresenter.java, line(s) 86,121,47,68 com/alipay/zoloz/zface/group/ZFaceGroupActivity.java, line(s) 129 com/alipay/zoloz/zface/group/ZFaceGroupPresenter.java, line(s) 54,81,139,186,208,268,108,146,298,87,173 com/alipay/zoloz/zface/manager/UploadChannelImpl.java, line(s) 34,48 com/alipay/zoloz/zface/manager/UploadManager.java, line(s) 49,52 com/alipay/zoloz/zface/presenter/ZFaceBasePresenter.java, line(s) 297,361,376,437,453,502,519,521,553,585,629,669,688,703,717,734,745,802,821,826,167,117,120,123,264,272,277,366,371,491,128,150,214,334,339,355,382,445 com/alipay/zoloz/zface/presenter/ZFaceBaseVideoPresenter.java, line(s) 102,104,106,128,130,135,141,143,149,155,157,168,171,194 com/alipay/zoloz/zface/services/ToygerIspService.java, line(s) 121,85,73,77,111 com/alipay/zoloz/zface/ui/BaseFaceActivity.java, line(s) 75,114,142 com/alipay/zoloz/zface/ui/BodyMotionActionActionView.java, line(s) 216,49,66,80,105,162,245,258 com/alipay/zoloz/zface/ui/PhotinusActionView.java, line(s) 36 com/alipay/zoloz/zface/ui/SurfaceScaleActionView.java, line(s) 49 com/alipay/zoloz/zface/ui/ZFaceActivity.java, line(s) 462,464,468,293 com/alipay/zoloz/zface/ui/activity/BaseCameraPermissionActivity.java, line(s) 161 com/alipay/zoloz/zface/ui/animation/AnimationManager.java, line(s) 62,103 com/alipay/zoloz/zface/ui/animation/LottieAnimation.java, line(s) 43 com/alipay/zoloz/zface/ui/widget/AlgorithmScheduleProgressBar.java, line(s) 84 com/alipay/zoloz/zface/util/FalconUtil.java, line(s) 165 com/alipay/zoloz/zface/utils/ObjectUtil.java, line(s) 24 com/alipay/zoloz/zface/utils/ToygerMonitor.java, line(s) 22,33,37,45,49 com/ap/zoloz/hot/download/FileUtils.java, line(s) 27,52 com/ap/zoloz/hot/download/ModelLoadManager.java, line(s) 79,132,145 com/ap/zoloz/hot/download/impl/ModelLoadServiceImpl.java, line(s) 42,36 com/ap/zoloz/hummer/biz/HummerLogger.java, line(s) 90,105,95,85,100 com/ap/zoloz/hummer/connect/api/ConnectFacade.java, line(s) 57,192 com/ap/zoloz/hummer/h5/ZolozEkycH5Handler.java, line(s) 271 com/appsflyer/AFLogger.java, line(s) 49,80,130,47,13,69,62 com/lzy/okgo/utils/OkLogger.java, line(s) 33,63,43,23,53 com/tbruyelle/rxpermissions3/RxPermissionsFragment.java, line(s) 87,44 com/wang/avi/AVLoadingIndicatorView.java, line(s) 204 com/xiasuhuei321/loadingdialog/view/LoadingDialog.java, line(s) 176,181 com/zhy/http/okhttp/cookie/store/PersistentCookieStore.java, line(s) 140,149,152 com/zhy/http/okhttp/intercepter/HttpLoggingInterceptor.java, line(s) 36 com/zhy/http/okhttp/utils/OkHttpLog.java, line(s) 9 com/zhy/http/okhttp/utils/Platform.java, line(s) 13 com/zoloz/android/phone/zbehavior/activities/BehaviorActivity.java, line(s) 58,61,101,139,177,181,232,363,377 com/zoloz/android/phone/zbehavior/fragment/BaseBehaviorFragment.java, line(s) 86,103,182,195,317,544,575,427,505 com/zoloz/android/phone/zbehavior/fragment/BaseFragment.java, line(s) 43 com/zoloz/android/phone/zbehavior/fragment/ZbehaviorBaseCaptchaFragment.java, line(s) 65,80,109,119,135,203,249,281 com/zoloz/android/phone/zbehavior/fragment/ZbehaviorCaptchaFlipFragment.java, line(s) 46 com/zoloz/android/phone/zbehavior/fragment/ZbehaviorCaptchaPressFragment.java, line(s) 35,112,170 com/zoloz/android/phone/zbehavior/fragment/ZbehaviorCaptchaShakeFragment.java, line(s) 67 com/zoloz/android/phone/zbehavior/fragment/ZbehaviorCaptchaSwipeFragment.java, line(s) 139 com/zoloz/android/phone/zbehavior/fragment/ZbehaviorScreenFragment.java, line(s) 71,76,103,225,315,343,359,380 com/zoloz/android/phone/zbehavior/manager/BehaviorBlobManager.java, line(s) 55 com/zoloz/android/phone/zbehavior/sensor/SensorCollectWorker.java, line(s) 101,54,57,88,104 com/zoloz/android/phone/zbehavior/sensor/SensorCollectors.java, line(s) 55 com/zoloz/android/phone/zbehavior/sensor/impl/SensorCollectionServiceImpl.java, line(s) 85 com/zoloz/android/phone/zbehavior/upload/UploadManager.java, line(s) 53,58,76,81,102,41 com/zoloz/android/phone/zbehavior/view/TraceView.java, line(s) 77,53 com/zoloz/android/phone/zdoc/activities/FalconCardNativeActivityNew.java, line(s) 59,62,89,121,198,202 com/zoloz/android/phone/zdoc/bean/ZDocRemoteDeserializer.java, line(s) 23,29 com/zoloz/android/phone/zdoc/fragment/BaseCameraPermissionFragment.java, line(s) 38 com/zoloz/android/phone/zdoc/fragment/BaseDocFragment.java, line(s) 102,361,864,164,170,282,552 com/zoloz/android/phone/zdoc/fragment/BaseDocWithNineCaptureFragment.java, line(s) 89 com/zoloz/android/phone/zdoc/fragment/ZdocAlgorithmFragment.java, line(s) 136,250,49,143,154,216,225,227 com/zoloz/android/phone/zdoc/fragment/ZdocCaptureFragment.java, line(s) 86 com/zoloz/android/phone/zdoc/fragment/ZdocScanFancyFragment.java, line(s) 450,128,138,421,445,462,511,525,542,553,557,564,567,141 com/zoloz/android/phone/zdoc/fragment/ZdocScanTasksFragment.java, line(s) 361,42,58,114,131,139,181,185,193,195,373 com/zoloz/android/phone/zdoc/mgr/ScanTaskMgr.java, line(s) 78 com/zoloz/android/phone/zdoc/presenter/ControlPanelPresenter.java, line(s) 39,46,83,113,121,127 com/zoloz/android/phone/zdoc/presenter/ScanLitePanelPresenter.java, line(s) 114,131,57 com/zoloz/android/phone/zdoc/service/DocMonitorFrameManager.java, line(s) 42 com/zoloz/android/phone/zdoc/ui/BaseLiteMaskView.java, line(s) 161 com/zoloz/android/phone/zdoc/ui/ScanLiteMaskView.java, line(s) 91,182,191,202 com/zoloz/android/phone/zdoc/ui/ScanMaskView.java, line(s) 268,127,202,302 com/zoloz/android/phone/zdoc/ui/UIFacade.java, line(s) 156 com/zoloz/android/phone/zdoc/upload/UploadManager.java, line(s) 59,64,82,87,108,47 com/zoloz/android/phone/zdoc/utils/LocationTools.java, line(s) 19,22,28,29,52,64,77,81,85 com/zoloz/android/phone/zdoc/utils/ZdocRecordManager.java, line(s) 45,293,301 com/zoloz/builder/service/LogServiceProxy.java, line(s) 141,161,170,44,144,159,80,147,166,126 com/zoloz/builder/service/RpcServiceProxy.java, line(s) 76,26 com/zoloz/builder/service/WebServiceProxy.java, line(s) 75,77,79,81,83 com/zoloz/dfp/DfpGenerator.java, line(s) 137,68,78,103,122 com/zoloz/dfp/Signer.java, line(s) 27,21 com/zoloz/dfp/StorageUtils.java, line(s) 29 com/zoloz/rpc/LiteInvocationHandler.java, line(s) 122,148,45,72,75,84 com/zoloz/rpc/NormalRequest.java, line(s) 102,105,108,111,115,121,135,37,49,55,84,92,96,97 com/zoloz/rpc/RpcProxyUtil.java, line(s) 9 com/zoloz/rpc/SigApiUtil.java, line(s) 51 com/zoloz/rpc/pb/PbInvocationHandler.java, line(s) 39,42 com/zoloz/stack/lite/aplog/core/appender/BehaviorFileLogAppender.java, line(s) 64 com/zoloz/stack/lite/aplog/core/logcat/TraceLogger.java, line(s) 12,19,27 com/zoloz/stack/lite/aplog/core/utils/DeviceHWInfo.java, line(s) 232,243,263 com/zoloz/stack/lite/aplog/core/utils/FileUtil.java, line(s) 20,109,134 com/zoloz/stack/lite/aplog/core/utils/MD5Util.java, line(s) 17,20 com/zoloz/webcontainer/H5Log.java, line(s) 7,19,25,31,13 com/zoloz/webcontainer/ResourceUtil.java, line(s) 34,39,54,72 com/zoloz/webcontainer/WebCActivity.java, line(s) 56,190,195,201,357,110,155,178 com/zoloz/webcontainer/WebContainerKit.java, line(s) 75,87 com/zoloz/webcontainer/bridge/impl/BridgeCallbackImpl.java, line(s) 20 com/zoloz/webcontainer/bridge/impl/ZolozJSBridgeImpl.java, line(s) 41,57,81,100,120,140,67,70,86,89,105,108,145,148 com/zoloz/webcontainer/env/H5Environment.java, line(s) 47,58,38,53 com/zoloz/webcontainer/mgr/H5OfflineManager.java, line(s) 38,42,45,67,73,25,64 com/zoloz/webcontainer/mgr/H5PluginManager.java, line(s) 42 com/zoloz/webcontainer/mgr/H5SessionManager.java, line(s) 34,37,61,68 com/zoloz/webcontainer/plugin/BaseBridgePlugin.java, line(s) 8 com/zoloz/webcontainer/plugin/impl/H5PushPlugin.java, line(s) 36 com/zoloz/webcontainer/util/FileUtil.java, line(s) 32,52,74,154,220,228,233,238,243,342 com/zoloz/webcontainer/util/H5Utils.java, line(s) 86,217,231,243,153 com/zoloz/webcontainer/web/H5WebChromeClient.java, line(s) 50,58,74,92,99,117,122,128,134,140,146,152,160,71 io/grpc/android/AndroidChannelBuilder.java, line(s) 41,44,48,52,119 io/grpc/okhttp/internal/Platform.java, line(s) 69 prod/apptest/com/activity/BaseNativeWebActivity.java, line(s) 128,133,139,141,146,151,154,206,214,225,235,237,277,282,310,345,352,379,388,397,401,410,430,460,477,498,503,538,571,577,583,584,594,608,613,620,812,823,825,843,854,865,876,882,884,890,897,902,913,924,935,941,943,949,956,996,1010,1034,1049,1074,1121,1145,126,291,325,327,333,425,536,852,863,874,880,888,895,911,922,933,939,947,954,974,980,982,1020,1043,1060,1083,1097,1107,1131,1155,800 prod/apptest/com/activity/BaseVasSonicWebActivity.java, line(s) 1656,1658,1684,1823,1477,1484,1491,1499 prod/apptest/com/activity/WebActivity.java, line(s) 147,152,158,160,165,170,173,198,200,226,228,233,247,255,266,277,279,319,324,352,387,394,421,430,439,443,452,472,502,519,540,545,580,613,619,625,626,636,650,655,662,843,854,856,874,885,896,907,913,915,921,928,933,944,955,966,972,974,980,987,1027,1041,1065,1080,1105,1152,1176,145,333,367,369,375,467,578,883,894,905,911,919,926,942,953,964,970,978,985,1005,1011,1013,1051,1074,1091,1114,1128,1138,1162,1186,831 prod/apptest/com/base/VideoEnabledWebView.java, line(s) 21 prod/apptest/com/jpush/ExampleUtil.java, line(s) 92 prod/apptest/com/jpush/MyReceiver.java, line(s) 200,208,218,135 prod/apptest/com/js/JSAndroid.java, line(s) 37,47,57,70,82,92,98,108,119,125,131,141,146,153,41,51,64,76,86,102,113,157,162,184,189 prod/apptest/com/net/HttpVolley.java, line(s) 48 prod/apptest/com/utils/Calculation.java, line(s) 30 prod/apptest/com/utils/DeviceUuidFactory.java, line(s) 74,93,90 prod/apptest/com/utils/LogUtils.java, line(s) 28,36,44,51,57,63,70,76,83,91,99,107,113,121,129,135 prod/apptest/com/utils/ProgressWebView.java, line(s) 161 prod/apptest/com/utils/UiUtils.java, line(s) 115 prod/apptest/com/webview/CacheWebViewLog.java, line(s) 11 prod/apptest/com/webview/WebViewCacheInterceptor.java, line(s) 241,262,264 pushlive/lbd/com/updateapp/UpdateAppManager.java, line(s) 110 ren/yale/android/cachewebviewlib/CacheWebViewLog.java, line(s) 11 ren/yale/android/cachewebviewlib/WebViewCacheInterceptor.java, line(s) 241,250,264,266 rx/internal/util/IndexedRingBuffer.java, line(s) 39 rx/internal/util/RxRingBuffer.java, line(s) 46 zoloz/ap/com/toolkit/ui/GenenalDialog.java, line(s) 280
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/lzy/okgo/https/HttpsUtils.java, line(s) 132,81,130,130 com/zhy/http/okhttp/https/HttpsUtils.java, line(s) 32,28,30,30 io/grpc/okhttp/OkHttpChannelBuilder.java, line(s) 415,416,502,429,500,500 io/grpc/okhttp/OkHttpServerBuilder.java, line(s) 261,262,275 io/grpc/util/AdvancedTlsX509TrustManager.java, line(s) 107,97,105,105,124 prod/apptest/com/api/RetrofitClient.java, line(s) 81,81,87
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (pagead2.googlesyndication.com) 通信。
{'ip': '180.163.151.38', 'country_short': 'CN', 'country_long': 'China', 'region': 'Shanghai', 'city': 'Shanghai', 'latitude': '31.224333', 'longitude': '121.469139'}
关注 应用程序可能与位于OFAC制裁国家 (Hong Kong) 的服务器 (facebook.com) 通信。
{'ip': '157.240.211.35', 'country_short': 'HK', 'country_long': 'Hong Kong', 'region': 'Hong Kong', 'city': 'Hong Kong', 'latitude': '22.285521', 'longitude': '114.157692'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (www.linkedin.com) 通信。
{'ip': '52.130.75.155', 'country_short': 'CN', 'country_long': 'China', 'region': 'Shanghai', 'city': 'Shanghai', 'latitude': '31.224333', 'longitude': '121.469139'}