安全分析报告:
安全分数
安全分数 37/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
16
用户/设备跟踪器
调研结果
高危
18
中危
35
信息
2
安全
3
关注
0
高危 Activity (com.movieshubinpire.android.PaypalPaymentGatway) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危 Activity (com.movieshubinpire.android.LiveTVSearch) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危 Activity (com.movieshubinpire.android.Splash) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危 Activity (com.razorpay.CheckoutActivity) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危 Activity (com.google.firebase.auth.internal.GenericIdpActivity) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危 Activity (com.google.firebase.auth.internal.RecaptchaActivity) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危 Activity (com.onesignal.NotificationOpenedActivityHMS) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危 Activity (com.onesignal.NotificationOpenedReceiver) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危 Activity (com.onesignal.NotificationOpenedReceiverAndroid22AndOlder) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危 Activity (com.facebook.CustomTabActivity) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: co/notix/interstitial/WebViewInterstitialActivity.java, line(s) 69,5 co/notix/ir.java, line(s) 63,8 com/applovin/impl/adview/b.java, line(s) 116,13 com/applovin/impl/sdk/e/t.java, line(s) 37,4 com/mbridge/msdk/click/h.java, line(s) 122,13,14 com/mbridge/msdk/mbbanner/common/bridge/BannerExpandDialog.java, line(s) 181,13 com/mbridge/msdk/mbbanner/common/c/c.java, line(s) 272,13 com/mbridge/msdk/nativex/view/MBMediaView.java, line(s) 987,2175,24,25 com/mbridge/msdk/video/bt/module/MBridgeBTWebView.java, line(s) 298,14 com/mbridge/msdk/video/module/MBridgeAlertWebview.java, line(s) 94,6 com/mbridge/msdk/video/module/MBridgeH5EndCardView.java, line(s) 466,17 com/razorpay/B$$W$.java, line(s) 338,343,15,16 com/razorpay/CheckoutActivity.java, line(s) 50,5 com/razorpay/CheckoutPresenterImpl.java, line(s) 485,17 com/startapp/sdk/ads/splash/SplashHtml.java, line(s) 85,7,8 com/startapp/sdk/ads/splash/g.java, line(s) 108,8 com/startapp/wb.java, line(s) 525,24 com/unity3d/services/core/webview/WebViewApp.java, line(s) 296,298,10,339,368,374,380
高危 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/braintreepayments/api/PersistentStore.java, line(s) 12 com/ironsource/mediationsdk/utils/IronSourceUtils.java, line(s) 464
高危 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/onesignal/WebViewManager.java, line(s) 452,10 easypay/appinvoke/actions/EasypayBrowserFragment.java, line(s) 194,24,735,736
高危 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: com/startapp/networkTest/net/WebApiClient.java, line(s) 68,16,17,18,19
高危 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: paytm/assist/easypay/easypay/appinvoke/BuildConfig.java, line(s) 3,6
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/ironsource/mediationsdk/utils/IronSourceAES.java, line(s) 70,136
高危 Malicious domain found - telegram.dog
{'ip': '35.176.189.140', 'country_short': 'GB', 'country_long': '大不列颠及北爱尔兰联合王国', 'region': '英格兰', 'city': '伦敦', 'latitude': '51.508530', 'longitude': '-0.125740'}
高危 应用程序包含隐私跟踪程序
此应用程序有多个16隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Activity (com.movieshubinpire.android.PaypalPaymentGatway) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.movieshubinpire.android.LiveTVSearch) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.razorpay.RzpTokenReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.razorpay.CheckoutActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.google.firebase.auth.internal.GenericIdpActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.google.firebase.auth.internal.RecaptchaActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.onesignal.FCMBroadcastReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Activity (com.onesignal.NotificationOpenedActivityHMS) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.onesignal.NotificationDismissReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.onesignal.BootUpReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.onesignal.UpgradeReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.onesignal.NotificationOpenedReceiver) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.onesignal.NotificationOpenedReceiverAndroid22AndOlder) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.facebook.CustomTabActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (com.startapp.sdk.adsbase.remoteconfig.BootCompleteListener) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 高优先级的Intent (999) - {2} 个命中
[android:priority] 通过设置一个比另一个Intent更高的优先级,应用程序有效地覆盖了其他请求。
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/applovin/impl/mediation/b/a/a.java, line(s) 36 com/applovin/impl/sdk/o.java, line(s) 1565 com/applovin/mediation/ads/MaxAdView.java, line(s) 110,105 com/applovin/mediation/ads/MaxAppOpenAd.java, line(s) 86,81 com/applovin/mediation/ads/MaxInterstitialAd.java, line(s) 123,118 com/applovin/mediation/ads/MaxRewardedAd.java, line(s) 113,108 com/applovin/mediation/ads/MaxRewardedInterstitialAd.java, line(s) 117,112 com/applovin/mediation/nativeAds/MaxNativeAdLoader.java, line(s) 103,98 com/applovin/sdk/AppLovinSdk.java, line(s) 242 com/applovin/sdk/AppLovinSdkSettings.java, line(s) 185 com/applovin/sdk/AppLovinWebViewActivity.java, line(s) 23 com/braintreepayments/api/BrowserSwitchPersistentStore.java, line(s) 10,11 com/braintreepayments/api/PersistentStore.java, line(s) 6 com/flutterwave/raveandroid/banktransfer/BankTransferPresenter.java, line(s) 27 com/flutterwave/raveandroid/rave_cache/SharedPrefsRepo.java, line(s) 15 com/flutterwave/raveandroid/rave_java_commons/Payload.java, line(s) 529 com/flutterwave/raveandroid/rave_java_commons/RaveConstants.java, line(s) 16,46 com/flutterwave/raveutils/verification/web/WebFragment.java, line(s) 29 com/ironsource/adapters/ironsource/IronSourceAdapter.java, line(s) 77,78,651,186 com/ironsource/adapters/supersonicads/SupersonicAdsAdapter.java, line(s) 86,269,737 com/ironsource/adapters/supersonicads/SupersonicConfig.java, line(s) 23 com/ironsource/mediationsdk/C0078d.java, line(s) 219,334 com/ironsource/mediationsdk/CachedResponse.java, line(s) 42 com/ironsource/mediationsdk/InitConfig.java, line(s) 38 com/ironsource/mediationsdk/J.java, line(s) 1440,1423 com/ironsource/mediationsdk/server/ServerURL.java, line(s) 27,51 com/ironsource/mediationsdk/utils/IronSourceConstants.java, line(s) 79,89 com/mbridge/msdk/MBridgeConstans.java, line(s) 14,54 com/mbridge/msdk/click/b/a.java, line(s) 33 com/mbridge/msdk/foundation/db/l.java, line(s) 47,39 com/mbridge/msdk/foundation/download/core/DownloadCommon.java, line(s) 21 com/mbridge/msdk/foundation/download/core/DownloaderReporter.java, line(s) 14 com/mbridge/msdk/foundation/entity/CampaignEx.java, line(s) 38 com/mbridge/msdk/foundation/entity/n.java, line(s) 466,470,586,657,666,490,502,599,604,620,625,584,440,569,445,571,554,514,537,676 com/mbridge/msdk/foundation/same/report/e.java, line(s) 35 com/mbridge/msdk/foundation/same/report/k.java, line(s) 126 com/mbridge/msdk/playercommon/exoplayer2/drm/DefaultDrmSessionManager.java, line(s) 30 com/mbridge/msdk/reward/b/a.java, line(s) 185 com/mbridge/msdk/video/dynview/moffer/MOfferModel.java, line(s) 111 com/movieshubinpire/android/bKashActivity.java, line(s) 240,240 com/onesignal/FCMBroadcastReceiver.java, line(s) 16 com/onesignal/NotificationBundleProcessor.java, line(s) 19,18 com/onesignal/OSEmailSubscriptionState.java, line(s) 6 com/onesignal/OSInAppMessageController.java, line(s) 25 com/onesignal/OSInAppMessageLocationPrompt.java, line(s) 6 com/onesignal/OSInAppMessagePrompt.java, line(s) 24 com/onesignal/OSInAppMessagePushPrompt.java, line(s) 6 com/onesignal/OSInAppMessageRepository.java, line(s) 18 com/onesignal/OSNotification.java, line(s) 454 com/onesignal/OSNotificationController.java, line(s) 9,10 com/onesignal/OSPermissionState.java, line(s) 6,7 com/onesignal/OSSMSSubscriptionState.java, line(s) 6 com/onesignal/OSSubscriptionState.java, line(s) 7 com/onesignal/OneSignalHmsEventBridge.java, line(s) 12,13 com/onesignal/OneSignalNotificationManager.java, line(s) 19 com/onesignal/OneSignalRemoteParams.java, line(s) 15 com/onesignal/UserState.java, line(s) 408 com/onesignal/UserStateSynchronizer.java, line(s) 26,25,36,37 com/onesignal/WebViewManager.java, line(s) 155,156,157,150 com/razorpay/AnalyticsConstants.java, line(s) 105,119,57 com/razorpay/BaseConstants.java, line(s) 20,27 com/razorpay/Constants.java, line(s) 8 com/razorpay/OtpElfData.java, line(s) 7 com/startapp/networkTest/startapp/NetworkTester.java, line(s) 19,21,20 com/unity3d/ads/metadata/InAppPurchaseMetaData.java, line(s) 6 com/unity3d/services/core/device/reader/DeviceInfoReaderFilterProvider.java, line(s) 11,12 com/unity3d/services/core/device/reader/JsonStorageKeyNames.java, line(s) 4,6,7,8,9,5,10,11,12 com/unity3d/services/core/properties/SdkProperties.java, line(s) 24 com/vungle/warren/log/LogManager.java, line(s) 24,25,26,27 com/vungle/warren/log/LogSender.java, line(s) 22,23 com/vungle/warren/model/Cookie.java, line(s) 21,22 easypay/appinvoke/manager/Constants.java, line(s) 44,43,84,85 org/jsoup/helper/W3CDom.java, line(s) 203 org/jsoup/nodes/DocumentType.java, line(s) 13,14,16 org/libtorrent4j/SessionManager.java, line(s) 45
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/andrognito/pinlockview/ShuffleArrayUtils.java, line(s) 3 com/applovin/exoplayer2/h/z.java, line(s) 4 com/applovin/impl/c/m.java, line(s) 18 com/ironsource/mediationsdk/utils/e.java, line(s) 14 com/ironsource/mediationsdk/utils/g.java, line(s) 6 com/jetradarmobile/snowfall/Randomizer.java, line(s) 3 com/mbridge/msdk/dycreator/baseview/rewardpopview/MBAcquireRewardPopView.java, line(s) 25 com/mbridge/msdk/playercommon/exoplayer2/source/ShuffleOrder.java, line(s) 4 com/mbridge/msdk/playercommon/exoplayer2/trackselection/RandomTrackSelection.java, line(s) 6 com/mbridge/msdk/playercommon/exoplayer2/upstream/cache/CachedContentIndex.java, line(s) 21 com/mbridge/msdk/thrid/okhttp/OkHttpClient.java, line(s) 31 com/mbridge/msdk/thrid/okhttp/internal/ws/RealWebSocket.java, line(s) 28 com/mbridge/msdk/thrid/okhttp/internal/ws/WebSocketWriter.java, line(s) 9 com/movieshubinpire/android/FlutterwavePaymentGatway.java, line(s) 31 com/movieshubinpire/android/Razorpay_Payment_gatway.java, line(s) 35 com/movieshubinpire/android/adepter/AllGenreListAdepter.java, line(s) 18 com/movieshubinpire/android/adepter/GenreListAdepter.java, line(s) 19 com/onesignal/OSUtils.java, line(s) 31 com/startapp/b4.java, line(s) 4 com/startapp/d2.java, line(s) 28 com/startapp/k0.java, line(s) 21 com/startapp/sdk/ads/banner/BannerBase.java, line(s) 29 com/startapp/sdk/adsbase/cache/d.java, line(s) 22 com/startapp/sdk/adsbase/cache/h.java, line(s) 30 com/unity3d/services/core/request/metrics/SDKMetrics.java, line(s) 8 mirrorb/android/providers/C0058.java, line(s) 61 org/jsoup/helper/DataUtil.java, line(s) 16
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: bin/mt/signature/KillerApplication.java, line(s) 77 cd/C0015.java, line(s) 230 com/ironsource/environment/h.java, line(s) 417,221 com/ironsource/mediationsdk/utils/h.java, line(s) 148,254 com/ironsource/sdk/utils/SDKUtils.java, line(s) 232 com/mbridge/msdk/foundation/same/report/b/a.java, line(s) 78 com/mbridge/msdk/foundation/tools/ab.java, line(s) 60,85,108 com/movieshubinpire/android/Downloads.java, line(s) 134 com/movieshubinpire/android/InAppUpdate.java, line(s) 222 com/movieshubinpire/android/fragment/MoreFragment.java, line(s) 330 com/movieshubinpire/android/utils/DownloadHelper.java, line(s) 65 com/movieshubinpire/android/utils/TinyDB.java, line(s) 57,235,239 com/movieshubinpire/android/utils/Utils.java, line(s) 64 com/startapp/p2.java, line(s) 254,351 com/startapp/v2.java, line(s) 40 com/unity3d/services/core/cache/CacheDirectory.java, line(s) 28 com/vungle/warren/VungleApiClient.java, line(s) 721 com/vungle/warren/persistence/CacheManager.java, line(s) 52,54 com/vungle/warren/persistence/Repository.java, line(s) 958,959 com/vungle/warren/utility/platform/AndroidPlatform.java, line(s) 87 easypay/appinvoke/manager/PaytmAssist.java, line(s) 612
中危 IP地址泄露
IP地址泄露 Files: com/applovin/mediation/adapters/MintegralMediationAdapter.java, line(s) 155 com/applovin/mediation/adapters/NimbusMediationAdapter.java, line(s) 30 com/applovin/mediation/adapters/VungleMediationAdapter.java, line(s) 108 com/cloudinject/customview/C0020.java, line(s) 496 com/flutterwave/raveutils/verification/web/WebFragment.java, line(s) 152,162,181 com/github/se_bastiaan/torrentstream/TorrentStream.java, line(s) 388 com/github/se_bastiaan/torrentstreamserver/nanohttpd/NanoHTTPD.java, line(s) 493 com/movieshubinpire/android/Player.java, line(s) 799 com/startapp/d2.java, line(s) 341 com/startapp/v2.java, line(s) 132 mirrorb/android/app/job/C0029.java, line(s) 122 mirrorb/android/app/job/C0032.java, line(s) 377 mirrorb/android/app/role/C0035.java, line(s) 592 mirrorb/android/app/servertransaction/C0038.java, line(s) 126 mirrorb/android/bluetooth/C0042.java, line(s) 310 mirrorb/android/graphics/drawable/C0045.java, line(s) 117 mirrorb/android/hardware/display/C0046.java, line(s) 431 mirrorb/android/media/session/C0048.java, line(s) 556 mirrorb/android/net/wifi/C0053.java, line(s) 131 mirrorb/android/os/storage/C0057.java, line(s) 602 mirrorb/android/providers/C0059.java, line(s) 376 mirrorb/android/rms/C0063.java, line(s) 365 mirrorb/android/rms/C0064.java, line(s) 373 mirrorb/android/security/net/config/C0065.java, line(s) 193 mirrorb/android/service/persistentdata/C0067.java, line(s) 187,263 mirrorb/android/service/persistentdata/C0068.java, line(s) 314 mirrorb/android/view/accessibility/C0072.java, line(s) 317 mirrorb/android/webkit/C0073.java, line(s) 606 mirrorb/android/webkit/C0074.java, line(s) 153 mirrorb/java/io/C0091.java, line(s) 141
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/github/se_bastiaan/torrentstreamserver/nanohttpd/NanoHTTPD.java, line(s) 298,905,1003 com/mbridge/msdk/playercommon/exoplayer2/util/Util.java, line(s) 798
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/flutterwave/raveandroid/data/Utils.java, line(s) 124 com/flutterwave/raveandroid/rave_presentation/data/Utils.java, line(s) 127 com/ironsource/mediationsdk/utils/IronSourceUtils.java, line(s) 365 com/ironsource/sdk/controller/t.java, line(s) 25 com/ironsource/sdk/utils/SDKUtils.java, line(s) 154 com/mbridge/msdk/foundation/download/resource/MBResourceManager.java, line(s) 72 com/mbridge/msdk/foundation/tools/v.java, line(s) 19 com/movieshubinpire/android/LoginSignup.java, line(s) 921 com/movieshubinpire/android/utils/Utils.java, line(s) 86 com/startapp/sdk/ads/video/e.java, line(s) 53 com/tonyodev/fetch2core/FetchCoreUtils.java, line(s) 275,300
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/adcolony/sdk/d1.java, line(s) 28 com/adcolony/sdk/z0.java, line(s) 529 com/applovin/impl/sdk/utils/StringUtils.java, line(s) 167 com/applovin/impl/sdk/utils/r.java, line(s) 366 com/unity3d/services/core/device/Device.java, line(s) 483
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/adcolony/sdk/n.java, line(s) 5,136,254 com/adcolony/sdk/o.java, line(s) 6,267 com/adcolony/sdk/p.java, line(s) 6,41 com/ironsource/b/a.java, line(s) 5,6,127,132 com/ironsource/environment/f.java, line(s) 6,7,25,47,111 com/mbridge/msdk/foundation/db/BatchReportDao.java, line(s) 6,69,127 com/mbridge/msdk/foundation/db/e.java, line(s) 6,305,849,1135 com/mbridge/msdk/foundation/db/g.java, line(s) 4,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91 com/mbridge/msdk/foundation/download/database/DatabaseHelper.java, line(s) 6,212,220,266 com/onesignal/OneSignalDbHelper.java, line(s) 7,8,9,10,11,77,78,492 com/onesignal/outcomes/data/OSOutcomeTableProvider.java, line(s) 3,4,15,16,17,18,19,20,21,26,34,35,36,37,38,43,51,52,53,54,55,60 com/startapp/i7.java, line(s) 6,47,48,49 com/startapp/l4.java, line(s) 6,101 com/tonyodev/fetch2/database/FetchDatabaseManagerImpl.java, line(s) 5,183,200 com/vungle/warren/persistence/DatabaseHelper.java, line(s) 9,10,78 com/vungle/warren/persistence/Repository.java, line(s) 7,935
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/movieshubinpire/android/bKashActivity.java, line(s) 139,132 com/onesignal/WebViewManager.java, line(s) 397,396 com/paytm/pgsdk/PaytmWebView.java, line(s) 82,80 com/razorpay/BaseUtils.java, line(s) 229,208 com/startapp/g5.java, line(s) 281,274 com/startapp/sdk/ads/banner/bannerstandard/BannerStandard.java, line(s) 597,1077 com/startapp/sdk/ads/splash/SplashHtml.java, line(s) 80,76 com/unity3d/services/ads/webplayer/WebPlayerView.java, line(s) 85,69 com/unity3d/services/core/webview/WebView.java, line(s) 59,39
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/adcolony/sdk/b1.java, line(s) 579,573 com/ironsource/sdk/utils/d.java, line(s) 32,34 com/mbridge/msdk/foundation/webview/BrowserView.java, line(s) 167,164 com/mbridge/msdk/mbsignalcommon/base/BaseWebView.java, line(s) 99,96 com/movieshubinpire/android/bKashActivity.java, line(s) 137,132 com/startapp/sdk/ads/splash/SplashHtml.java, line(s) 77,76 com/unity3d/services/core/webview/WebView.java, line(s) 19,39 com/vungle/warren/ui/view/WebSettingsUtils.java, line(s) 14,10
中危 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/movieshubinpire/android/utils/HelperUtils.java, line(s) 98,98,98,98,98 com/startapp/p8.java, line(s) 4,4,4,4,4,4 com/startapp/q8.java, line(s) 48,48,48,48,48
中危 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/1005397943435/namespaces/firebase:fetch?key=AIzaSyCyn-aSaYxz9LrMR5iwq4oVhFypdLhy0CI ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"ALLOW_PRIVATE_DNS": "true",
"ALLOW_ROOT": "true",
"ALLOW_VPN": "true",
"API_KEY": "UyRs7DBd2glz3Kuw",
"FLAG_SECURE": "false",
"RELEASE_SIGNATURE": "TUaYb3jTUt+gOlk9u2vNbm2+kiw=",
"SERVER_URL": "https://m4.techmirrorhublinks.one/",
"VALIDATE_SIGNATURE": "true",
"VERIFY_INSTALLER": "false"
},
"state": "UPDATE",
"templateVersion": "151"
}
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 AppLovin广告SDK的=> "applovin.sdk.key" : "@string/applovin_sdk_key" AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "@string/admob_application_id" "google_app_id" : "1:1005397943435:android:aa251a97505ea861e2e08e" "easypay_password" : "Password" "applovin_sdk_key" : "lEEFO_Gp786QwLGltB3LZSyg2lzbbKNb1pyAyyEJQp97TT8_qC2nKMf_URHTzLFtwxJHLq7OknDDqgxQulbOwb" "facebook_app_id" : "[APP_ID]" "com.google.firebase.crashlytics.mapping_file_id" : "00000000000000000000000000000000" "library_roundedimageview_authorWebsite" : "https://github.com/vinc3m1" "startapp_app_id" : "209411604" "google_crash_reporting_api_key" : "AIzaSyCyn-aSaYxz9LrMR5iwq4oVhFypdLhy0CI" "dyStrategy.privateAddress" : "privateAddress" "notix_public_api_key" : "AIzaSyBQfBRsRT3N8jqnzwzOQPGGT9OC0Fn1ea8" "notix_public_app_id" : "1:105575070626:android:786a2b6f634a6be766d0fb" "google_api_key" : "AIzaSyCyn-aSaYxz9LrMR5iwq4oVhFypdLhy0CI" DFK/HrQgJ+zQW+xUhoPBD+QqJk2MWrfXYN== 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 bb9714020722eb4cf7a169f2 C38FB23A402222A0C17D34A92F971D1F a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 3A757365722F72656C656173652D6B657973 LdxThdi1WBKUL75ULBPBD+QqJk2MWrfXYN== h7KsLkfPW+xUhoPwJ7JgY7K0DkeAWrfXYN== e9225f63e2e203c845ed9d64fca83fe9 28a8c4f590cc4ebf8d8fda2c35a8a954 7bf3a1e7bbd31e612eda3310c2cdb8075c43c6b5 0UXnSvy72rc5EFKeVAmVvFfj9OlBDukM cc2751449a350f668590264ed76692694a80308a nmp2mR4BP5JOp6WcyToSpD21KBHPZwBHHLQLl31g3ucfdZ1wReZIyNnrKM8DKyTSrsJCXjUFCy3JE bb2cf0647ba654d7228dd3f9405bbc6a a6eb6d053a339d42e822fbf422be52aa8471ca8ac129ff72c2dd8478800874fc6a395b94fd08b0a68ed5ac30cdb86aff05f99130107ee9c79724c5b91e6a07d5690cc1436967660cf92a2ce886b5ba8bf1c078a97b3c7da1 Y7c14Z2TDbv/Y+xgHFeXDrcshBPUYFT= PHN2ZyBmaWxsPSIjRkZGRkZGIiBoZWlnaHQ9IjI0IiB2aWV3Qm94PSIwIDAgMjQgMjQiIHdpZHRoPSIyNCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4gICAgPHBhdGggZD0iTTguNTkgMTYuMzRsNC41OC00LjU5LTQuNTgtNC41OUwxMCA1Ljc1bDYgNi02IDZ6Ii8+ICAgIDxwYXRoIGQ9Ik0wLS4yNWgyNHYyNEgweiIgZmlsbD0ibm9uZSIvPjwvc3ZnPg== DFKwWgtuDkKwLZPwD+z8H+N/xj26Vjcdx5KanjKnxVN= com/Vo9wbFH89BbDbWFhUezQZOGPKmfkJSAtIbVWk3QxPbvJwcR8I79EVuI0aB41a 5e9281c13923e708ecd1ff5c8be28c4f nY2htaXJyb3JodWIxFjAUBgNVBAgMDXRlY2htaXJyb3JodWIxFjAUBgNVBAYTDXRlY2htaXJyb3Jo n2W20XqIWX9FRRi/1xGgxd4kxUtRNuIsOzL8755zO6CBO5Luj3osIJfS77PEYUNeuNV9FzC1cqsnl 026ae9c9824b3e483fa6c71fa88f57ae27816141 baA/RgjURU3I0uqH3iRos3NbE8fT+lP8SDXKymsnfdPrMQAEoMBuXtoaQiJ1i5tuBG9EgSEOH1LAZEaAsvwClw== 2F73797374656D2F6C69622F6C69627265666572656E63652D72696C2E736F h7KsLkfPW+xUhoPBD+QqJk2MWrfXYN== 0000016742C00BDA259000000168CE0F13200000016588840DCE7118A0002FBF1C31C3275D78 DFKwWgtuDkKwLZPwD+z8H+N/xjQZxVfV+T2SZVe6V2xS5c5n aHR0cHM6Ly9jbG91ZC50ZWFtLWRvb28uY29tL0Rvb28vYXBpL2dldENvbmZpZy5waHA/Y29kZT0= ed88357b4cdf7ae9d4b35aa77e654afbe2b7b11c nBgNVBAsMDXRlY2htaXJyb3JodWIxFjAUBgNVBAoMDXRlY2htaXJyb3JodWIxFjAUBgNVBAcMDXRl PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c3ZnIHdpZHRoPSIxMnB4IiBoZWlnaHQ9IjE1cHgiIHZpZXdCb3g9IjAgMCAxMiAxNSIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4gICAgICAgIDx0aXRsZT5pYy1sb2NrLTI0cHhAMng8L3RpdGxlPiAgICA8ZGVzYz5DcmVhdGVkIHdpdGggU2tldGNoLjwvZGVzYz4gICAgPGRlZnM+PC9kZWZzPiAgICA8ZyBpZD0iUGFnZS0xIiBzdHJva2U9Im5vbmUiIHN0cm9rZS13aWR0aD0iMSIgZmlsbD0ibm9uZSIgZmlsbC1ydWxlPSJldmVub2RkIj4gICAgICAgIDxnIGlkPSI1LjQiIHRyYW5zZm9ybT0idHJhbnNsYXRlKC0yNi4wMDAwMDAsIC01OTYuMDAwMDAwKSI+ICAgICAgICAgICAgPGcgaWQ9Ikdyb3VwLTciIHRyYW5zZm9ybT0idHJhbnNsYXRlKDE2LjAwMDAwMCwgNTg4LjAwMDAwMCkiPiAgICAgICAgICAgICAgICA8ZyBpZD0iaWMtbG9jay0yNHB4IiB0cmFuc2Zvcm09InRyYW5zbGF0ZSg4LjAwMDAwMCwgOC4wMDAwMDApIj4gICAgICAgICAgICAgICAgICAgIDxwb2x5Z29uIGlkPSJTaGFwZSIgcG9pbnRzPSIwIDAgMTYgMCAxNiAxNiAwIDE2Ij48L3BvbHlnb24+ICAgICAgICAgICAgICAgICAgICA8cGF0aCBkPSJNMTIsNS4zMzMzMzMzMyBMMTEuMzMzMzMzMyw1LjMzMzMzMzMzIEwxMS4zMzMzMzMzLDQgQzExLjMzMzMzMzMsMi4xNiA5Ljg0LDAuNjY2NjY2NjY3IDgsMC42NjY2NjY2NjcgQzYuMTYsMC42NjY2NjY2NjcgNC42NjY2NjY2NywyLjE2IDQuNjY2NjY2NjcsNCBMNC42NjY2NjY2Nyw1LjMzMzMzMzMzIEw0LDUuMzMzMzMzMzMgQzMuMjY2NjY2NjcsNS4zMzMzMzMzMyAyLjY2NjY2NjY3LDUuOTMzMzMzMzMgMi42NjY2NjY2Nyw2LjY2NjY2NjY3IEwyLjY2NjY2NjY3LDEzLjMzMzMzMzMgQzIuNjY2NjY2NjcsMTQuMDY2NjY2NyAzLjI2NjY2NjY3LDE0LjY2NjY2NjcgNCwxNC42NjY2NjY3IEwxMiwxNC42NjY2NjY3IEMxMi43MzMzMzMzLDE0LjY2NjY2NjcgMTMuMzMzMzMzMywxNC4wNjY2NjY3IDEzLjMzMzMzMzMsMTMuMzMzMzMzMyBMMTMuMzMzMzMzMyw2LjY2NjY2NjY3IEMxMy4zMzMzMzMzLDUuOTMzMzMzMzMgMTIuNzMzMzMzMyw1LjMzMzMzMzMzIDEyLDUuMzMzMzMzMzMgWiBNOCwxMS4zMzMzMzMzIEM3LjI2NjY2NjY3LDExLjMzMzMzMzMgNi42NjY2NjY2NywxMC43MzMzMzMzIDYuNjY2NjY2NjcsMTAgQzYuNjY2NjY2NjcsOS4yNjY2NjY2NyA3LjI2NjY2NjY3LDguNjY2NjY2NjcgOCw4LjY2NjY2NjY3IEM4LjczMzMzMzMzLDguNjY2NjY2NjcgOS4zMzMzMzMzMyw5LjI2NjY2NjY3IDkuMzMzMzMzMzMsMTAgQzkuMzMzMzMzMzMsMTAuNzMzMzMzMyA4LjczMzMzMzMzLDExLjMzMzMzMzMgOCwxMS4zMzMzMzMzIFogTTEwLjA2NjY2NjcsNS4zMzMzMzMzMyBMNS45MzMzMzMzMyw1LjMzMzMzMzMzIEw1LjkzMzMzMzMzLDQgQzUuOTMzMzMzMzMsMi44NiA2Ljg2LDEuOTMzMzMzMzMgOCwxLjkzMzMzMzMzIEM5LjE0LDEuOTMzMzMzMzMgMTAuMDY2NjY2NywyLjg2IDEwLjA2NjY2NjcsNCBMMTAuMDY2NjY2Nyw1LjMzMzMzMzMzIFoiIGlkPSJTaGFwZSIgZmlsbD0iI0ZGRkZGRiIgZmlsbC1ydWxlPSJub256ZXJvIj48L3BhdGg+ICAgICAgICAgICAgICAgIDwvZz4gICAgICAgICAgICA8L2c+ICAgICAgICA8L2c+ICAgIDwvZz48L3N2Zz4= nfyu92+Nr3NE3lhWlEdj/kAMfmAeBcJ6fWgXGRpPi2eoLwfyJB3i3uDFuMEkJ16LA8CKINedzIhul 3bde0bc0502fe5a4a1c16935a8e6c5eb66ba1062 0f881b043ed387900000242d50cf1f9f LdxThdi1WBKUL75ULBPwJ7JgY7K0DkeAWrfXYN== DFK/HrQgJ+zQW+xUhoPwJ7JgY7K0DkeAWrfXYN== PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c3ZnIHdpZHRoPSIxNHB4IiBoZWlnaHQ9IjE0cHgiIHZpZXdCb3g9IjAgMCAxNCAxNCIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4gICAgICAgIDx0aXRsZT5Hcm91cCA2PC90aXRsZT4gICAgPGRlc2M+Q3JlYXRlZCB3aXRoIFNrZXRjaC48L2Rlc2M+ICAgIDxkZWZzPjwvZGVmcz4gICAgPGcgaWQ9IlBhZ2UtMSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+ICAgICAgICA8ZyBpZD0iNS4xIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtMjUuMDAwMDAwLCAtNTI1LjAwMDAwMCkiPiAgICAgICAgICAgIDxnIGlkPSJHcm91cC02IiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgyNC4wMDAwMDAsIDUyNC4wMDAwMDApIj4gICAgICAgICAgICAgICAgPHBvbHlnb24gaWQ9IlNoYXBlIiBwb2ludHM9IjAgMCAxNiAwIDE2IDE2IDAgMTYiPjwvcG9seWdvbj4gICAgICAgICAgICAgICAgPHBhdGggZD0iTTEzLjMzMzMzMzMsMS4zMzMzMzMzMyBDMTQuMDY2NjY2NywxLjMzMzMzMzMzIDE0LjY2NjY2NjcsMS45MzMzMzMzMyAxNC42NjY2NjY3LDIuNjY2NjY2NjcgTDE0LjY2NjY2NjcsMTAuNjY2NjY2NyBDMTQuNjY2NjY2NywxMS40IDE0LjA2NjY2NjcsMTIgMTMuMzMzMzMzMywxMiBMNCwxMiBMMS4zMzMzMzMzMywxNC42NjY2NjY3IEwxLjMzMzMzMzMzLDIuNjY2NjY2NjcgQzEuMzMzMzMzMzMsMS45MzMzMzMzMyAxLjkzMzMzMzMzLDEuMzMzMzMzMzMgMi42NjY2NjY2NywxLjMzMzMzMzMzIEwxMy4zMzMzMzMzLDEuMzMzMzMzMzMgWiBNNS4zMzMzMzMzMyw3LjMzMzMzMzMzIEM1LjcwMTUyMzE3LDcuMzMzMzMzMzMgNiw3LjAzNDg1NjUgNiw2LjY2NjY2NjY3IEM2LDYuMjk4NDc2ODMgNS43MDE1MjMxNyw2IDUuMzMzMzMzMzMsNiBDNC45NjUxNDM1LDYgNC42NjY2NjY2Nyw2LjI5ODQ3NjgzIDQuNjY2NjY2NjcsNi42NjY2NjY2NyBDNC42NjY2NjY2Nyw3LjAzNDg1NjUgNC45NjUxNDM1LDcuMzMzMzMzMzMgNS4zMzMzMzMzMyw3LjMzMzMzMzMzIFogTTgsNy4zMzMzMzMzMyBDOC4zNjgxODk4Myw3LjMzMzMzMzMzIDguNjY2NjY2NjcsNy4wMzQ4NTY1IDguNjY2NjY2NjcsNi42NjY2NjY2NyBDOC42NjY2NjY2Nyw2LjI5ODQ3NjgzIDguMzY4MTg5ODMsNiA4LDYgQzcuNjMxODEwMTcsNiA3LjMzMzMzMzMzLDYuMjk4NDc2ODMgNy4zMzMzMzMzMyw2LjY2NjY2NjY3IEM3LjMzMzMzMzMzLDcuMDM0ODU2NSA3LjYzMTgxMDE3LDcuMzMzMzMzMzMgOCw3LjMzMzMzMzMzIFogTTEwLjY2NjY2NjcsNy4zMzMzMzMzMyBDMTEuMDM0ODU2NSw3LjMzMzMzMzMzIDExLjMzMzMzMzMsNy4wMzQ4NTY1IDExLjMzMzMzMzMsNi42NjY2NjY2NyBDMTEuMzMzMzMzMyw2LjI5ODQ3NjgzIDExLjAzNDg1NjUsNiAxMC42NjY2NjY3LDYgQzEwLjI5ODQ3NjgsNiAxMCw2LjI5ODQ3NjgzIDEwLDYuNjY2NjY2NjcgQzEwLDcuMDM0ODU2NSAxMC4yOTg0NzY4LDcuMzMzMzMzMzMgMTAuNjY2NjY2Nyw3LjMzMzMzMzMzIFoiIGlkPSJDb21iaW5lZC1TaGFwZSIgZmlsbD0iI0ZGRkZGRiIgZmlsbC1ydWxlPSJub256ZXJvIj48L3BhdGg+ICAgICAgICAgICAgPC9nPiAgICAgICAgPC9nPiAgICA8L2c+PC9zdmc+ 460643a974555d792b8f5a6e1a5d323c DFKwWgtuDkKwLZPwD+z8H+N/xj26Vjcdx5KyVj5GxVN= df6b721c8b4d3b6eb44c861d4415007e5a35fc95 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 946eca6b182e63ebe50cf82e483715bf MIIDljCCAn4CAQEwDQYJKoZIhvcNAQELBQAwgZAxFjAUBgNVBAMMDXRlY2htaXJyb3JodWIxFjAU 54a900d7cf60919c4bca88fbabcc3ee9 1005f9bcd64ec6829187acc5b6ec28f n/ubyJY4Lmw0pnH6KBG0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEANe3ZS1ueS4VkbI0dmFj06UGC 5eb5a37e-b458-11e3-ac11-000c2940e62c 936dcbdd57fe235fd7cf61c2e93da3c4 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IiB2aWV3Qm94PSIwIDAgMTYwIDMzIiBzdHlsZT0iZW5hYmxlLWJhY2tncm91bmQ6bmV3IDAgMCAxNjAgMzM7IiB4bWw6c3BhY2U9InByZXNlcnZlIj48c3R5bGUgdHlwZT0idGV4dC9jc3MiPi5zdDB7ZmlsbDojMkQyRDJEO308L3N0eWxlPjxnPjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik00OS42LDE0LjZjLTAuNCwwLTAuOCwwLjItMSwwLjVjLTAuMiwwLjQtMC40LDAuOS0wLjQsMS41YzAsMC43LDAuMSwxLjIsMC40LDEuNWMwLjIsMC4zLDAuNiwwLjUsMSwwLjVjMC41LDAsMC45LTAuMSwxLjEtMC40YzAuMi0wLjMsMC40LTAuOCwwLjQtMS40di0wLjJjMC0wLjctMC4xLTEuMy0wLjQtMS42QzUwLjUsMTQuNyw1MC4xLDE0LjYsNDkuNiwxNC42eiIvPjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04Ni4zLDE3LjNjLTAuMiwwLjEtMC40LDAuNS0wLjcsMS4xYy0wLjMsMC42LTAuMywwLjktMC4yLDFjMC4xLDAuMSwwLjUsMC4yLDEuMSwwLjJjMC4zLDAsMC41LDAsMC43LDBjMC4xLDAsMC4zLDAsMC41LDBjMC4yLDAsMC4zLTAuMSwwLjQtMC4xYzAuMS0wLjEsMC4yLTAuMSwwLjMtMC4yYzAuMS0wLjEsMC4yLTAuMiwwLjItMC40bDAuOC0xLjdsLTEuOCwwQzg2LjksMTcuMSw4Ni41LDE3LjEsODYuMywxNy4zeiIvPjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04MC42LDExLjNsLTIuNCwwbC0xLjQsMy4ybDIuNCwwYzAuNywwLDEuMi0wLjEsMS41LTAuM2MwLjMtMC4yLDAuNi0wLjUsMC44LTFsMC40LTAuOGMwLjItMC40LDAuMi0wLjcsMC0wLjlDODEuNiwxMS40LDgxLjIsMTEuMyw4MC42LDExLjN6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTQzLjksMTQuNmMtMC40LDAtMC43LDAuMS0xLDAuNGMtMC4yLDAuMi0wLjQsMC42LTAuNCwxaDIuNmMwLTAuNC0wLjEtMC44LTAuMy0xQzQ0LjYsMTQuNyw0NC4zLDE0LjYsNDMuOSwxNC42eiIvPjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik0yMC4yLDE0LjZjLTAuNSwwLTAuOSwwLjItMS4xLDAuNWMtMC4zLDAuMy0wLjQsMC44LTAuNCwxLjVjMCwwLjcsMC4xLDEuMiwwLjQsMS41YzAuMywwLjMsMC42LDAuNSwxLjEsMC41YzAuNSwwLDAuOS0wLjIsMS4xLTAuNWMwLjMtMC4zLDAuNC0wLjksMC40LTEuNWMwLTAuNy0wLjEtMS4yLTAuNC0xLjVDMjEuMSwxNC44LDIwLjgsMTQuNiwyMC4yLDE0LjZ6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTEwNy40LDEzLjdjLTAuNywwLTEuMiwwLjEtMS42LDAuM2MtMC4zLDAuMi0wLjYsMC41LTAuOCwxbC0xLjUsMy4zYy0wLjIsMC41LTAuMiwwLjgtMC4xLDFjMC4yLDAuMiwwLjYsMC4zLDEuMywwLjNjMC43LDAsMS4zLTAuMSwxLjYtMC4zYzAuMy0wLjIsMC42LTAuNSwwLjgtMWwxLjUtMy4zYzAuMi0wLjUsMC4yLTAuOCwwLjEtMUMxMDguNiwxMy44LDEwOC4yLDEzLjcsMTA3LjQsMTMuN3oiLz48cGF0aCBjbGFzcz0ic3QwIiBkPSJNMTUuMywxMy4yYy0wLjMtMC4yLTAuOC0wLjMtMS40LTAuM0gxM3YyLjdoMC43YzAuNywwLDEuMi0wLjEsMS42LTAuM2MwLjMtMC4yLDAuNS0wLjYsMC41LTEuMUMxNS43LDEzLjgsMTUuNiwxMy41LDE1LjMsMTMuMnoiLz48cGF0aCBjbGFzcz0ic3QwIiBkPSJNMzQuMSwxNC42Yy0wLjQsMC0wLjcsMC4xLTEsMC40Yy0wLjIsMC4yLTAuNCwwLjYtMC40LDFoMi42YzAtMC40LTAuMS0wLjgtMC4zLTFDMzQuOCwxNC43LDM0LjUsMTQuNiwzNC4xLDE0LjZ6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTU4LjcsMTQuNmMtMC41LDAtMC45LDAuMS0xLjEsMC40Yy0wLjIsMC4zLTAuMywwLjgtMC4zLDEuNmMwLDAuNywwLjEsMS4zLDAuNCwxLjZjMC4yLDAuMywwLjYsMC41LDEuMSwwLjVjMC41LDAsMC44LTAuMiwxLTAuNWMwLjItMC4zLDAuNC0wLjksMC40LTEuNWMwLTAuNy0wLjEtMS4yLTAuNC0xLjVDNTkuNiwxNC44LDU5LjIsMTQuNiw1OC43LDE0LjZ6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTE1Ni45LDAuMkgzLjFDMS40LDAuMiwwLDEuNiwwLDMuNHYyNi41QzAsMzEuNiwxLjQsMzMsMy4xLDMzaDE1My43YzEuNywwLDMuMS0xLjQsMy4xLTMuMVYzLjRDMTYwLDEuNiwxNTguNiwwLjIsMTU2LjksMC4yeiBNMTYsMTZjLTAuNSwwLjQtMS4zLDAuNi0yLjIsMC42SDEzdjIuOGgtMVYxMmgyYzEuOSwwLDIuOCwwLjcsMi44LDIuMkMxNi44LDE1LDE2LjUsMTUuNSwxNiwxNnogTTIyLjIsMTguN2MtMC41LDAuNS0xLjEsMC44LTEuOSwwLjhjLTAuNSwwLTEtMC4xLTEuMy0wLjRjLTAuNC0wLjItMC43LTAuNi0wLjktMWMtMC4yLTAuNC0wLjMtMS0wLjMtMS41YzAtMC45LDAuMi0xLjYsMC43LTIuMWMwLjUtMC41LDEuMS0wLjgsMS45LTAuOGMwLjgsMCwxLjQsMC4zLDEuOSwwLjhjMC41LDAuNSwwLjcsMS4yLDAuNywyLjFDMjIuOCwxNy41LDIyLjYsMTguMiwyMi4yLDE4Ljd6IE0yOS42LDE5LjRoLTEuMWwtMS0zLjJjLTAuMS0wLjItMC4xLTAuNS0wLjMtMWMtMC4xLDAuNC0wLjIsMC44LTAuMywxbC0xLDMuMmgtMS4xbC0xLjUtNS42aDEuMWwwLDAuMWMwLjMsMS40LDAuNiwyLjQsMC44LDMuMWMwLjEsMC40LDAuMiwwLjgsMC4yLDFjMC0wLjEsMC4xLTAuMiwwLjEtMC4zYzAuMS0wLjMsMC4yLTAuNSwwLjItMC43bDEtMy4yaDFsMSwzLjJjMC4xLDAuNCwwLjIsMC43LDAuMywxYzAsMCwwLTAuMSwwLTAuMWMwLjEtMC4yLDAuNC0xLjYsMS00bDAtMC4xaDEuMUwyOS42LDE5LjR6IE0zNi40LDE2LjloLTMuN2MwLDAuNiwwLjIsMSwwLjUsMS4zYzAuMywwLjMsMC43LDAuNSwxLjIsMC41YzAuNiwwLDEuMS0wLjEsMS43LTAuNGwwLjEtMC4xdjFsLTAuMSwwYy0wLjMsMC4xLTAuNiwwLjItMC44LDAuM2MtMC4zLDAuMS0wLjYsMC4xLTEsMC4xYy0wLjgsMC0xLjUtMC4zLTItMC44Yy0wLjUtMC41LTAuNy0xLjItMC43LTIuMWMwLTAuOSwwLjItMS42LDAuNy0yLjFjMC40LTAuNSwxLjEtMC44LDEuOC0wLjhjMC43LDAsMS4zLDAuMiwxLjcsMC43YzAuNCwwLjUsMC42LDEuMSwwLjYsMS44VjE2Ljl6IE00MC44LDE0LjdsLTAuMSwwYy0wLjIsMC0wLjQtMC4xLTAuNi0wLjFjLTAuNCwwLTAuOCwwLjItMSwwLjVjLTAuMywwLjMtMC40LDAuOC0wLjQsMS4zdjNoLTF2LTUuNmgwLjlsMC4xLDAuOGMwLjItMC4zLDAuNC0wLjUsMC42LTAuNmMwLjMtMC4yLDAuNi0wLjMsMS0wLjNjMC4yLDAsMC41LDAsMC43LDAuMWwwLjEsMEw0MC44LDE0Ljd6IE00Ni4yLDE2LjloLTMuN2MwLDAuNiwwLjIsMSwwLjUsMS4zYzAuMywwLjMsMC43LDAuNSwxLjIsMC41YzAuNiwwLDEuMS0wLjEsMS43LTAuNGwwLjEtMC4xdjFsLTAuMSwwYy0wLjMsMC4xLTAuNiwwLjItMC44LDAuM2MtMC4zLDAuMS0wLjYsMC4xLTEsMC4xYy0wLjgsMC0xLjUtMC4zLTItMC44Yy0wLjUtMC41LTAuNy0xLjItMC43LTIuMWMwLTAuOSwwLjItMS42LDAuNy0yLjFjMC40LTAuNSwxLjEtMC44LDEuOC0wLjhjMC43LDAsMS4zLDAuMiwxLjcsMC43YzAuNCwwLjUsMC42LDEuMSwwLjYsMS44VjE2Ljl6IE01Mi4xLDE5LjRoLTAuOWwtMC4xLTAuNmMtMC40LDAuNS0xLDAuNy0xLjcsMC43Yy0wLjcsMC0xLjMtMC4zLTEuNy0wLjhjLTAuNC0wLjUtMC42LTEuMi0wLjYtMi4xYzAtMC45LDAuMi0xLjYsMC42LTIuMWMwLjQtMC41LDEtMC44LDEuNy0wLjhjMC43LDAsMS4yLDAuMiwxLjYsMC43bDAtMC4xbDAtMC40bDAtMi4zaDFWMTkuNHogTTYwLjYsMTguN2MtMC40LDAuNS0xLDAuOC0xLjcsMC44Yy0wLjQsMC0wLjctMC4xLTEtMC4yYy0wLjMtMC4xLTAuNS0wLjMtMC43LTAuNUw1NywxOS40aC0wLjh2LTcuOWgxdjJjMCwwLjMsMCwwLjYsMCwwLjljMC40LTAuNCwwLjktMC43LDEuNi0wLjdjMC43LDAsMS4zLDAuMywxLjcsMC44YzAuNCwwLjUsMC42LDEuMiwwLjYsMi4xQzYxLjIsMTcuNSw2MSwxOC4yLDYwLjYsMTguN3ogTTY0LjUsMjAuMWMtMC4yLDAuNi0wLjUsMS4xLTAuOCwxLjNjLTAuMywwLjMtMC43LDAuNC0xLjIsMC40Yy0wLjMsMC0wLjUsMC0wLjgtMC4xbC0wLjEsMHYtMC45bDAuMSwwYzAuMiwwLDAuNCwwLjEsMC42LDAuMWMwLjUsMCwwLjktMC4zLDEuMS0wLjlsMC4zLTAuN2wtMi4yLTUuNWgxLjFsMS4yLDMuMmMwLjIsMC41LDAuMywwLjksMC40LDEuMmMwLTAuMiwwLjEtMC4zLDAuMi0wLjZjMC4xLTAuNCwwLjYtMS43LDEuMy0zLjhsMC0wLjFoMS4xTDY0LjUsMjAuMXogTTgxLjUsMjFsLTMuMiwwbC0xLTQuNmwtMS4zLDBsLTIsNC42TDcxLDIxbDUuMi0xMS43bDUuMywwYzEuNSwwLDIuNiwwLjIsMy4xLDAuNmMwLjUsMC40LDAuNiwxLDAuMiwxLjlsLTAuOSwyLjFjLTAuMywwLjctMC44LDEuMy0xLjUsMS42Yy0wLjcsMC40LTEuNCwwLjYtMi4yLDAuN0w4MS41LDIxeiBNODcuNiwyMWwwLjQtMC44Yy0wLjMsMC4zLTAuNywwLjYtMS4yLDAuN2MtMC40LDAuMi0xLjEsMC4yLTIuMSwwLjJjLTEuMiwwLTEuOS0wLjItMi4xLTAuNWMtMC4yLTAuNC0wLjEtMS4xLDAuNC0yLjNjMC41LTEsMS0xLjgsMS42LTIuMmMwLjYtMC40LDEuNC0wLjYsMi40LTAuNmwzLDBsMC4zLTAuNmMwLjItMC41LDAuMy0wLjksMC4xLTEuMWMtMC4yLTAuMi0wLjctMC4zLTEuNC0wLjNjLTAuNywwLTEuOCwwLjEtMy4yLDAuMmwwLjctMS43YzEuMS0wLjEsMi4yLTAuMiwzLjQtMC4yYzEuNiwwLDIuNiwwLjIsMy4xLDAuNmMwLjUsMC40LDAuNCwxLjItMC4xLDIuM2wtMi43LDZMODcuNiwyMXogTTk5LDIxbC03LjksMGwwLjYtMS40bDYuOS01LjZsLTQuMiwwbDAuOC0xLjdsNy42LDBsLTAuNiwxLjRsLTYuOSw1LjZsNC41LDBMOTksMjF6IE0xMDgsMjAuNGMtMC40LDAuMi0wLjgsMC40LTEuMywwLjVjLTAuNSwwLjEtMC45LDAuMi0xLjMsMC4yYy0wLjQsMC0wLjgsMC0xLjMsMGMtMC41LDAtMC45LDAtMS4zLDBjLTAuMywwLTAuNy0wLjEtMS4xLTAuMmMtMC40LTAuMS0wLjYtMC4zLTAuOC0wLjVjLTAuMi0wLjItMC4yLTAuNS0wLjItMC45YzAtMC40LDAuMS0wLjksMC40LTEuNWwxLjEtMi42YzAuMy0wLjYsMC42LTEuMSwxLTEuNWMwLjQtMC40LDAuOC0wLjgsMS4xLTFjMC40LTAuMiwwLjgtMC40LDEuMy0wLjVjMC41LTAuMSwwLjktMC4yLDEuMy0wLjJjMC40LDAsMC44LDAsMS4zLDBjMC41LDAsMC45LDAsMS4yLDBjMC4zLDAsMC43LDAuMSwxLjEsMC4yYzAuNCwwLjEsMC42LDAuMywwLjgsMC41YzAuMiwwLjIsMC4zLDAuNiwwLjIsMWMwLDAuNC0wLjEsMC45LTAuNCwxLjVMMTEwLDE4Yy0wLjMsMC42LTAuNiwxLTAuOSwxLjVDMTA4LjcsMTkuOSwxMDguMywyMC4yLDEwOCwyMC40eiBNMTA5LjgsMjFsMy45LTguN2wyLjUsMGwtMC43LDEuNWMwLjItMC40LDAuNi0wLjgsMS4zLTEuMmMwLjYtMC40LDEuMi0wLjUsMS44LTAuNWwwLjksMGwtMSwyLjJsLTAuOSwwYy0wLjcsMC0xLjMsMC4xLTEuOCwwLjNjLTAuNSwwLjItMC44LDAuNi0xLjEsMS4xbC0yLjMsNS4yTDEwOS44LDIxeiBNMTI0LjYsMjAuNWMtMC44LDAuNC0xLjgsMC43LTMuMSwwLjdjLTAuOCwwLTEuNC0wLjEtMS43LTAuMmMtMC4zLTAuMS0wLjUtMC40LTAuNC0wLjlsLTIuMSw0LjZsLTIuNiwwbDUuNi0xMi41bDIuNSwwbC0wLjQsMC45YzAuMy0wLjQsMC44LTAuNywxLjMtMC44YzAuNS0wLjIsMS4yLTAuMiwyLjEtMC4yYzAuNywwLDEuMywwLjEsMS43LDAuMmMwLjQsMC4xLDAuNywwLjMsMC44LDAuNmMwLjEsMC4zLDAuMSwwLjYsMC4xLDAuOWMtMC4xLDAuMy0wLjIsMC44LTAuNSwxLjNsLTEuMywyLjlDMTI2LDE5LjIsMTI1LjMsMjAuMSwxMjQuNiwyMC41eiBNMTMxLjgsMjFsMC40LTAuOGMtMC4zLDAuMy0wLjcsMC42LTEuMiwwLjdjLTAuNCwwLjItMS4xLDAuMi0yLjEsMC4yYy0xLjIsMC0xLjktMC4yLTIuMS0wLjVjLTAuMi0wLjQtMC4xLTEuMSwwLjQtMi4zYzAuNS0xLDEtMS44LDEuNi0yLjJjMC42LTAuNCwxLjQtMC42LDIuNC0wLjZsMywwbDAuMy0wLjZjMC4yLTAuNSwwLjMtMC45LDAuMS0xLjFjLTAuMi0wLjItMC43LTAuMy0xLjQtMC4zYy0wLjcsMC0xLjgsMC4xLTMuMiwwLjJsMC43LTEuN2MxLjEtMC4xLDIuMi0wLjIsMy40LTAuMmMxLjYsMCwyLjYsMC4yLDMuMSwwLjZjMC41LDAuNCwwLjQsMS4yLTAuMSwyLjNsLTIuNyw2TDEzMS44LDIxeiBNMTM3LjcsMjQuOGwtMi43LDBsMy4zLTMuOGwwLjQtOC43bDIuOSwwbC0wLjgsNi4ybDQuNS02LjJsMi43LDBMMTM3LjcsMjQuOHoiLz48cGF0aCBjbGFzcz0ic3QwIiBkPSJNMTMwLjUsMTcuM2MtMC4yLDAuMS0wLjQsMC41LTAuNywxLjFjLTAuMywwLjYtMC4zLDAuOS0wLjIsMWMwLjEsMC4xLDAuNSwwLjIsMS4xLDAuMmMwLjMsMCwwLjUsMCwwLjcsMGMwLjEsMCwwLjMsMCwwLjUsMGMwLjIsMCwwLjMtMC4xLDAuNC0wLjFjMC4xLTAuMSwwLjItMC4xLDAuMy0wLjJjMC4xLTAuMSwwLjItMC4yLDAuMi0wLjRsMC44LTEuN2wtMS44LDBDMTMxLjEsMTcuMSwxMzAuNywxNy4xLDEzMC41LDE3LjN6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTEyMy45LDEzLjdjLTAuNywwLTEuMywwLjEtMS42LDAuM2MtMC4zLDAuMi0wLjYsMC41LTAuOCwxbC0xLjQsMy4yYy0wLjIsMC41LTAuMywwLjktMC4xLDFjMC4xLDAuMiwwLjYsMC4zLDEuNCwwLjNjMC44LDAsMS4zLTAuMSwxLjYtMC4zYzAuMy0wLjIsMC42LTAuNSwwLjgtMWwxLjQtMy4yYzAuMy0wLjYsMC4zLTAuOSwwLjItMS4xQzEyNS4zLDEzLjgsMTI0LjgsMTMuNywxMjMuOSwxMy43eiIvPjwvZz48L3N2Zz4= 9b8f518b086098de3d77736f9458a3d2f6f95a37 -e634d14d9ded04eaf05d5b63a0a06d2f- naG1pcnJvcmh1YjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+e4/jAseB1Cw4560Sn ndWIwHhcNMjMxMTAzMTI0MjQxWhcNNDgxMDI3MTI0MjQxWjCBkDEWMBQGA1UEAwwNdGVjaG1pcnJv DkPtYdQTLkfAW+xUhoPwJ7JgY7K0DkeAWrfXYN== b4d923d0-7f39-41a4-a3cb-0f16ce8e3058 c682b8144a8dd52bc1ad63 HSrCHRtOan6wp2kwOIGJC1RDtuSrF2mWVbio2aBcMHX9KF3iTJ1lLSzCKP1ZSo5yNolPNw1kCTtWpxELFF4ah1 cfae63988ace3517a020e81b87087491dedd3ca2a466a7891684fba455cdc096e0cbe09b887a9a039f47a0413c05f5813ef5c8a4987022f1b9ad026bafd4c514 npm2xlsRfomCMHYqvxoO27tzWeC2whe+FIqdxc08XXu3WxVp4+70Z9eDdEGQOd6z2IWt5q7k3yWMO b2f7f966-d8cc-11e4-bed1-df8f05be55ba n2KmSI4NUQnbuh3T9C0BKjq3JBSue7r4r+Ob6h+wOcZMk6SXBidbXEScfHD3Zw70ZQd105VyY/XHz
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: abak/tr/com/boxedverticalseekbar/BoxedVertical.java, line(s) 94 bin/mt/signature/KillerApplication.java, line(s) 116,126,161 cat/ereza/customactivityoncrash/CustomActivityOnCrash.java, line(s) 68,73,76,142,154,156,168,187,211,239,278,295,389,402,420,140 co/notix/jd.java, line(s) 15,37,23 com/adcolony/sdk/AdColonyAppOptions.java, line(s) 284,292 com/adcolony/sdk/g0.java, line(s) 58,76,80,283,64,179,70 com/adcolony/sdk/s0.java, line(s) 57,119,69 com/applovin/exoplayer2/l/q.java, line(s) 13,39,19,29 com/applovin/impl/sdk/a/f.java, line(s) 64,70,76 com/applovin/impl/sdk/utils/m.java, line(s) 10 com/applovin/impl/sdk/y.java, line(s) 40,49,73,69,100,53,77,61,81 com/braintreepayments/api/BrowserSwitchPersistentStore.java, line(s) 27,28,38,39,47,48,58,59 com/evrencoskun/tableview/adapter/recyclerview/CellRecyclerView.java, line(s) 75,85,55,65 com/evrencoskun/tableview/handler/VisibilityHandler.java, line(s) 25,38,66,79 com/evrencoskun/tableview/layoutmanager/CellLayoutManager.java, line(s) 108,230,233,248 com/evrencoskun/tableview/layoutmanager/ColumnLayoutManager.java, line(s) 68,72 com/evrencoskun/tableview/listener/scroll/HorizontalRecyclerViewListener.java, line(s) 48,53,60,69,75,105 com/evrencoskun/tableview/listener/scroll/VerticalRecyclerViewListener.java, line(s) 67,69,81,83,107,109,120,126,130 com/flutterwave/raveandroid/RavePayActivity.java, line(s) 88,386,485 com/flutterwave/raveandroid/RaveUiManager.java, line(s) 318,341 com/flutterwave/raveandroid/card/CardFragment.java, line(s) 143 com/flutterwave/raveandroid/card/CreditCardView.java, line(s) 73 com/flutterwave/raveandroid/rave_logger/EventLogger.java, line(s) 27,33,35,41,46 com/flutterwave/raveandroid/rave_presentation/account/AccountHandler.java, line(s) 169 com/flutterwave/raveandroid/rave_presentation/ach/AchHandler.java, line(s) 141 com/flutterwave/raveandroid/rave_presentation/banktransfer/BankTransferHandler.java, line(s) 78 com/flutterwave/raveandroid/rave_presentation/barter/BarterHandler.java, line(s) 150 com/flutterwave/raveandroid/rave_presentation/card/CardPaymentHandler.java, line(s) 402 com/flutterwave/raveandroid/rave_presentation/data/PayloadToJson.java, line(s) 20 com/flutterwave/raveandroid/rave_presentation/data/Utils.java, line(s) 55 com/flutterwave/raveandroid/rave_presentation/francmobilemoney/FrancMobileMoneyHandler.java, line(s) 67 com/flutterwave/raveandroid/rave_presentation/ghmobilemoney/GhMobileMoneyHandler.java, line(s) 66 com/flutterwave/raveandroid/rave_presentation/mpesa/MpesaHandler.java, line(s) 65 com/flutterwave/raveandroid/rave_presentation/rwfmobilemoney/RwfMobileMoneyHandler.java, line(s) 66 com/flutterwave/raveandroid/rave_presentation/sabankaccount/SaBankAccountHandler.java, line(s) 67 com/flutterwave/raveandroid/rave_presentation/ugmobilemoney/UgMobileMoneyHandler.java, line(s) 66 com/flutterwave/raveandroid/rave_presentation/uk/UkHandler.java, line(s) 66 com/flutterwave/raveandroid/rave_presentation/ussd/UssdHandler.java, line(s) 73 com/flutterwave/raveandroid/rave_presentation/zmmobilemoney/ZmMobileMoneyHandler.java, line(s) 66 com/flutterwave/raveandroid/rwfmobilemoney/RwfMobileMoneyPresenter.java, line(s) 83 com/flutterwave/raveutils/verification/web/WebFragment.java, line(s) 172,180 com/github/se_bastiaan/torrentstreamserver/nanohttpd/SimpleWebServer.java, line(s) 129,131,134 com/github/vkay94/dtpv/DoubleTapPlayerView.java, line(s) 164,233,252,261,279,132 com/github/ybq/android/spinkit/animation/SpriteAnimatorBuilder.java, line(s) 147 com/help5g/uddoktapaysdk/UddoktaPay.java, line(s) 206,225,261,263,270 com/iab/omid/library/adcolony/d/c.java, line(s) 18,11 com/iab/omid/library/applovin/utils/d.java, line(s) 18,11 com/iab/omid/library/ironsrc/d/c.java, line(s) 18,11 com/iab/omid/library/mmadbridge/utils/d.java, line(s) 18,11 com/iab/omid/library/vungle/d/c.java, line(s) 18,11 com/ironsource/a/b.java, line(s) 42 com/ironsource/adapters/ironsource/IronSourceAdapter.java, line(s) 626 com/ironsource/adapters/supersonicads/SupersonicAdsAdapter.java, line(s) 708 com/ironsource/b/a.java, line(s) 85,113 com/ironsource/environment/a.java, line(s) 43,364 com/ironsource/environment/e.java, line(s) 70,164,176,181,182 com/ironsource/environment/k.java, line(s) 35 com/ironsource/mediationsdk/J.java, line(s) 493,495,503,505,1377,1400 com/ironsource/mediationsdk/integration/IntegrationHelper.java, line(s) 73,31,36,94,109,113,127,132,27,34,61,86,92,105,123,130 com/ironsource/mediationsdk/logger/a.java, line(s) 34,27,23,29 com/ironsource/sdk/a/d.java, line(s) 39 com/ironsource/sdk/b/b.java, line(s) 33,59,98 com/ironsource/sdk/c/c.java, line(s) 112,186 com/ironsource/sdk/controller/x.java, line(s) 327,335,409,894,989,1009,1038,1058,1080,1100,1126,1146,1175,1332,1350,2000,1782 com/ironsource/sdk/service/Connectivity/a.java, line(s) 50 com/ironsource/sdk/service/Connectivity/e.java, line(s) 82,96 com/ironsource/sdk/service/d.java, line(s) 45 com/ironsource/sdk/utils/Logger.java, line(s) 12,18,24,30,40,48,53,59,65,71 com/jaredrummler/materialspinner/MaterialSpinner.java, line(s) 247 com/makeramen/roundedimageview/RoundedDrawable.java, line(s) 117 com/makeramen/roundedimageview/RoundedImageView.java, line(s) 268,308 com/mbridge/msdk/dycreator/a/a.java, line(s) 79,80,81,85,93,95,194,208,269 com/mbridge/msdk/dycreator/baseview/MBScrollView.java, line(s) 103 com/mbridge/msdk/dycreator/baseview/extview/MBExtAcquireRewardPopView.java, line(s) 63 com/mbridge/msdk/dycreator/baseview/extview/MBExtFeedBackView.java, line(s) 64 com/mbridge/msdk/dycreator/baseview/extview/MBExtMBridgeBaitClickView.java, line(s) 63 com/mbridge/msdk/dycreator/baseview/extview/MBExtMBridgeTextView.java, line(s) 68 com/mbridge/msdk/dycreator/bus/BackgroundPoster.java, line(s) 40 com/mbridge/msdk/dycreator/bus/EventBus.java, line(s) 281,455,457,461,198,227,243 com/mbridge/msdk/dycreator/e/g.java, line(s) 11 com/mbridge/msdk/foundation/same/b/e.java, line(s) 35 com/mbridge/msdk/foundation/same/report/b/a.java, line(s) 130 com/mbridge/msdk/foundation/tools/v.java, line(s) 21 com/mbridge/msdk/foundation/tools/y.java, line(s) 35,63,70,42,49,56 com/mbridge/msdk/mbnative/controller/NativeController.java, line(s) 743 com/mbridge/msdk/mbnative/controller/b.java, line(s) 388 com/mbridge/msdk/mbnative/d/b.java, line(s) 68 com/mbridge/msdk/playercommon/exoplayer2/DefaultRenderersFactory.java, line(s) 89 com/mbridge/msdk/playercommon/exoplayer2/ExoPlayerImpl.java, line(s) 65,278,209 com/mbridge/msdk/playercommon/exoplayer2/ExoPlayerImplInternal.java, line(s) 267,272,277,574,645,153 com/mbridge/msdk/playercommon/exoplayer2/MediaPeriodHolder.java, line(s) 167 com/mbridge/msdk/playercommon/exoplayer2/SimpleExoPlayer.java, line(s) 185,657 com/mbridge/msdk/playercommon/exoplayer2/audio/DefaultAudioSink.java, line(s) 325,356,832,841,846 com/mbridge/msdk/playercommon/exoplayer2/drm/ClearKeyUtil.java, line(s) 43 com/mbridge/msdk/playercommon/exoplayer2/drm/DefaultDrmSession.java, line(s) 249,267 com/mbridge/msdk/playercommon/exoplayer2/drm/DefaultDrmSessionManager.java, line(s) 195 com/mbridge/msdk/playercommon/exoplayer2/extractor/mkv/MatroskaExtractor.java, line(s) 1310 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp3/VbriSeeker.java, line(s) 64 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp3/XingSeeker.java, line(s) 39 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp4/FragmentedMp4Extractor.java, line(s) 908,1060 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp4/MetadataUtil.java, line(s) 139,153,164,179,197,216,225,265 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp4/PsshAtomUtil.java, line(s) 68,85 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp4/TrackEncryptionBox.java, line(s) 62 com/mbridge/msdk/playercommon/exoplayer2/extractor/ogg/VorbisUtil.java, line(s) 134 com/mbridge/msdk/playercommon/exoplayer2/extractor/ts/AdtsReader.java, line(s) 194 com/mbridge/msdk/playercommon/exoplayer2/extractor/ts/H265Reader.java, line(s) 237 com/mbridge/msdk/playercommon/exoplayer2/extractor/ts/Id3Reader.java, line(s) 55 com/mbridge/msdk/playercommon/exoplayer2/extractor/ts/PesReader.java, line(s) 57,60,128 com/mbridge/msdk/playercommon/exoplayer2/extractor/wav/WavHeaderReader.java, line(s) 29 com/mbridge/msdk/playercommon/exoplayer2/mediacodec/MediaCodecInfo.java, line(s) 161,165,178 com/mbridge/msdk/playercommon/exoplayer2/mediacodec/MediaCodecRenderer.java, line(s) 252 com/mbridge/msdk/playercommon/exoplayer2/mediacodec/MediaCodecUtil.java, line(s) 149,179,273,278,286,293,303,315,320,325,330 com/mbridge/msdk/playercommon/exoplayer2/metadata/id3/Id3Decoder.java, line(s) 80,96,101,110,121 com/mbridge/msdk/playercommon/exoplayer2/offline/DownloadManager.java, line(s) 300,352 com/mbridge/msdk/playercommon/exoplayer2/offline/DownloadService.java, line(s) 277 com/mbridge/msdk/playercommon/exoplayer2/source/chunk/BaseMediaChunkOutput.java, line(s) 30 com/mbridge/msdk/playercommon/exoplayer2/source/chunk/ChunkedTrackBlacklistUtil.java, line(s) 22,24 com/mbridge/msdk/playercommon/exoplayer2/text/cea/Cea708Decoder.java, line(s) 205,237,249,272,286,316,320,324,425,582,596 com/mbridge/msdk/playercommon/exoplayer2/text/cea/CeaUtil.java, line(s) 24 com/mbridge/msdk/playercommon/exoplayer2/text/dvb/DvbParser.java, line(s) 146 com/mbridge/msdk/playercommon/exoplayer2/text/ssa/SsaDecoder.java, line(s) 142,147,152,161 com/mbridge/msdk/playercommon/exoplayer2/text/subrip/SubripDecoder.java, line(s) 41,69,72 com/mbridge/msdk/playercommon/exoplayer2/text/ttml/TtmlDecoder.java, line(s) 72,83,147,158,193,205,232,236,239,243,332 com/mbridge/msdk/playercommon/exoplayer2/text/webvtt/WebvttCue.java, line(s) 129 com/mbridge/msdk/playercommon/exoplayer2/text/webvtt/WebvttCueParser.java, line(s) 87,90,178,224,242,268 com/mbridge/msdk/playercommon/exoplayer2/upstream/DefaultDataSource.java, line(s) 119 com/mbridge/msdk/playercommon/exoplayer2/upstream/DefaultHttpDataSource.java, line(s) 396 com/mbridge/msdk/playercommon/exoplayer2/upstream/Loader.java, line(s) 196,208,214,251 com/mbridge/msdk/playercommon/exoplayer2/upstream/cache/CachedRegionTracker.java, line(s) 65 com/mbridge/msdk/playercommon/exoplayer2/upstream/cache/SimpleCache.java, line(s) 307 com/mbridge/msdk/playercommon/exoplayer2/util/AtomicFile.java, line(s) 31,86 com/mbridge/msdk/playercommon/exoplayer2/util/EventLogger.java, line(s) 332,336 com/mbridge/msdk/playercommon/exoplayer2/video/DummySurface.java, line(s) 149,155 com/mbridge/msdk/playercommon/exoplayer2/video/MediaCodecVideoRenderer.java, line(s) 154,179,716,722 com/mbridge/msdk/video/module/MBridgeBaseView.java, line(s) 82,87 com/mbridge/msdk/widget/FeedbackRadioGroup.java, line(s) 41 com/monstertechno/adblocker/util/AdBlocker.java, line(s) 55 com/movieshubinpire/android/EmbedPlayer.java, line(s) 71,117 com/movieshubinpire/android/Home.java, line(s) 139 com/movieshubinpire/android/InAppUpdate.java, line(s) 221 com/movieshubinpire/android/LiveTv.java, line(s) 200 com/movieshubinpire/android/MovieDetails.java, line(s) 224 com/movieshubinpire/android/Player.java, line(s) 746,747,856,861,869,961 com/movieshubinpire/android/Razorpay_Payment_gatway.java, line(s) 105,225 com/movieshubinpire/android/Splash.java, line(s) 175,508,287 com/movieshubinpire/android/WebSeriesDetails.java, line(s) 223 com/movieshubinpire/android/YoutubeLivePlayer.java, line(s) 51,66 com/movieshubinpire/android/adepter/DownloadLinkListAdepter.java, line(s) 224 com/movieshubinpire/android/adepter/DownloadListAdepter.java, line(s) 80 com/movieshubinpire/android/bKashActivity.java, line(s) 163 com/movieshubinpire/android/fragment/AllMoviesFragment.java, line(s) 90 com/movieshubinpire/android/fragment/AllWebseriesFragment.java, line(s) 90 com/movieshubinpire/android/fragment/HomeFragment.java, line(s) 302,355,375,1596,1623,1652 com/movieshubinpire/android/fragment/MoreFragment.java, line(s) 141 com/movieshubinpire/android/utils/App.java, line(s) 224 com/movieshubinpire/android/utils/DownloadHelper.java, line(s) 55,59 com/movieshubinpire/android/utils/HelperUtils.java, line(s) 154,238,240,273,275,118 com/movieshubinpire/android/utils/TinyDB.java, line(s) 59 com/movieshubinpire/android/utils/Utils.java, line(s) 51 com/movieshubinpire/android/utils/Yts.java, line(s) 72,122 com/mukesh/tamperdetector/AppSignatureValidatorKt.java, line(s) 23 com/onesignal/AndroidSupportV4Compat.java, line(s) 25 com/onesignal/JobIntentService.java, line(s) 190,192,243 com/onesignal/OneSignal.java, line(s) 1082,1088,1111,1084,1080,1086 com/onesignal/shortcutbadger/ShortcutBadger.java, line(s) 63,123,133,60,94,101,122,107 com/paypal/android/corepayments/Http$send$2.java, line(s) 89,91 com/paypal/android/corepayments/analytics/AnalyticsService$sendAnalyticsEvent$1.java, line(s) 78,81 com/paytm/pgsdk/Log.java, line(s) 24,30,12,18,7,36,42,48 com/paytm/pgsdk/PaytmPGService.java, line(s) 166,169 com/paytm/pgsdk/PaytmUtility.java, line(s) 102 com/razorpay/AppSignatureHelper.java, line(s) 47,36,50 com/razorpay/B$$W$.java, line(s) 110 com/razorpay/BaseUtils.java, line(s) 678 com/razorpay/CheckoutPresenterImpl.java, line(s) 890 com/razorpay/CheckoutUtils.java, line(s) 97 com/razorpay/OpinionatedSoln.java, line(s) 270 com/razorpay/OtpElfData.java, line(s) 31 com/razorpay/SmsReceiver.java, line(s) 48,44 com/razorpay/d__1_.java, line(s) 7 com/razorpay/i_$z_.java, line(s) 89 com/razorpay/n$_B$.java, line(s) 88 com/scottyab/aescrypt/AESCrypt.java, line(s) 84,90,41,68 com/startapp/de.java, line(s) 37 com/startapp/f6.java, line(s) 29,33,36,40 com/startapp/gb.java, line(s) 144,149,233,244,267 com/startapp/je.java, line(s) 7 com/startapp/sdk/ads/splash/SplashConfig.java, line(s) 445,448 com/startapp/sdk/ads/video/VideoMode.java, line(s) 937 com/startapp/sdk/adsbase/StartAppSDKInternal.java, line(s) 384,185 com/tonyodev/fetch2core/FetchLogger.java, line(s) 54,63,71,80 com/unity3d/ads/UnityAdsBaseOptions.java, line(s) 18 com/unity3d/ads/metadata/MetaData.java, line(s) 73,82 com/unity3d/services/UnityServices.java, line(s) 30,67,74,79,90,95,108,117,100,102,112,43 com/unity3d/services/ads/UnityAdsImplementation.java, line(s) 38,112 com/unity3d/services/ads/adunit/AdUnitActivity.java, line(s) 409,411,51,114,136,158,181,219,332,376,435,186 com/unity3d/services/ads/adunit/VideoPlayerHandler.java, line(s) 33,51 com/unity3d/services/ads/api/AdUnit.java, line(s) 77,80,83,86,109,421,427,479,483,488,492,100,113,118,125,150,242,334,350,379,387 com/unity3d/services/ads/api/VideoPlayer.java, line(s) 56,74,92,110,128,164 com/unity3d/services/ads/api/WebPlayer.java, line(s) 132 com/unity3d/services/ads/configuration/AdsModuleConfiguration.java, line(s) 47,58,66 com/unity3d/services/ads/gmascar/adapters/ScarAdapterFactory.java, line(s) 27 com/unity3d/services/ads/gmascar/bridges/AdapterStatusBridge.java, line(s) 21,35 com/unity3d/services/ads/gmascar/bridges/InitializeListenerBridge.java, line(s) 21,49 com/unity3d/services/ads/gmascar/bridges/MobileAdsBridge.java, line(s) 19 com/unity3d/services/ads/gmascar/finder/GMAInitializer.java, line(s) 53 com/unity3d/services/ads/gmascar/finder/ScarVersionFinder.java, line(s) 33 com/unity3d/services/ads/token/AsyncTokenStorage.java, line(s) 145,175 com/unity3d/services/ads/token/NativeTokenGenerator.java, line(s) 30 com/unity3d/services/ads/video/VideoPlayerView.java, line(s) 47,79,94,137,143,195,206,233 com/unity3d/services/ads/webplayer/WebPlayerView.java, line(s) 61,159,190,194,288,301,313,326,345,413 com/unity3d/services/banners/BannerView.java, line(s) 109 com/unity3d/services/banners/UnityBanners.java, line(s) 133 com/unity3d/services/core/api/Cache.java, line(s) 167,181,46,121,129,151,186,196 com/unity3d/services/core/api/DeviceInfo.java, line(s) 206,229,247,302,310,340,512 com/unity3d/services/core/api/Intent.java, line(s) 88,106,130,166,180 com/unity3d/services/core/api/Request.java, line(s) 33,45,63,75,92,104 com/unity3d/services/core/api/Sdk.java, line(s) 15,40,85,97,67,79,73 com/unity3d/services/core/broadcast/BroadcastEventReceiver.java, line(s) 41 com/unity3d/services/core/cache/CacheDirectory.java, line(s) 39,43,49,87,91,97,100,109,111,32,52,114 com/unity3d/services/core/cache/CacheThread.java, line(s) 30 com/unity3d/services/core/cache/CacheThreadHandler.java, line(s) 45,87,90,94 com/unity3d/services/core/configuration/ConfigurationReader.java, line(s) 39 com/unity3d/services/core/configuration/ConfigurationRequestFactory.java, line(s) 29 com/unity3d/services/core/configuration/EnvironmentCheck.java, line(s) 20,39,23,26,29,32,42 com/unity3d/services/core/configuration/Experiments.java, line(s) 34 com/unity3d/services/core/configuration/InitializationNotificationCenter.java, line(s) 66 com/unity3d/services/core/configuration/InitializeEventsMetricSender.java, line(s) 44,61,84,99 com/unity3d/services/core/configuration/InitializeThread.java, line(s) 133,144,169,355,370,448,556,568,588,48,57,420,460,463,503,542,592,655,748,277,362,398,729 com/unity3d/services/core/connectivity/ConnectivityMonitor.java, line(s) 104,121,149,93,140 com/unity3d/services/core/device/AdvertisingId.java, line(s) 177,49,59 com/unity3d/services/core/device/Device.java, line(s) 313,318,327,336,383,399,408,485,592,602,615,127 com/unity3d/services/core/device/OpenAdvertisingId.java, line(s) 168,57,64 com/unity3d/services/core/device/Storage.java, line(s) 36,40,70 com/unity3d/services/core/device/reader/DeviceInfoReader.java, line(s) 56 com/unity3d/services/core/device/reader/DeviceInfoReaderCompressor.java, line(s) 40,44 com/unity3d/services/core/device/reader/DeviceInfoReaderUrlEncoder.java, line(s) 20 com/unity3d/services/core/log/DeviceLog.java, line(s) 187,227,234 com/unity3d/services/core/misc/JsonFlattener.java, line(s) 32 com/unity3d/services/core/misc/JsonStorage.java, line(s) 62,56,65,74,86,122,142,160,166 com/unity3d/services/core/misc/JsonStorageAggregator.java, line(s) 24 com/unity3d/services/core/misc/Utilities.java, line(s) 49,70 com/unity3d/services/core/misc/ViewUtilities.java, line(s) 17,25 com/unity3d/services/core/preferences/AndroidPreferences.java, line(s) 19,31,43,55,67 com/unity3d/services/core/properties/ClientProperties.java, line(s) 69,88,100,102 com/unity3d/services/core/properties/SdkProperties.java, line(s) 217,219,142 com/unity3d/services/core/reflection/GenericBridge.java, line(s) 32,39,58,73,82,88,95,101 com/unity3d/services/core/request/WebRequest.java, line(s) 263,153,162,169 com/unity3d/services/core/request/WebRequestRunnable.java, line(s) 36,40,83 com/unity3d/services/core/request/WebRequestThread.java, line(s) 45,156,170 com/unity3d/services/core/request/metrics/MetricSender.java, line(s) 33,52,56,60,72,74,77 com/unity3d/services/core/request/metrics/MetricSenderWithBatch.java, line(s) 32 com/unity3d/services/core/request/metrics/SDKMetrics.java, line(s) 19,30,70,85,90 com/unity3d/services/core/sensorinfo/SensorInfoListener.java, line(s) 53 com/unity3d/services/core/timer/IntervalTimer.java, line(s) 59 com/unity3d/services/core/webview/WebView.java, line(s) 68,25,88,92 com/unity3d/services/core/webview/WebViewApp.java, line(s) 124,143,164,193,370,375,156,186,229,270,287,294,302,352,383,386,389,404 com/unity3d/services/core/webview/WebViewUrlBuilder.java, line(s) 32 com/unity3d/services/core/webview/bridge/Invocation.java, line(s) 49 com/unity3d/services/core/webview/bridge/NativeCallback.java, line(s) 40 com/unity3d/services/core/webview/bridge/WebViewBridge.java, line(s) 104 com/unity3d/services/core/webview/bridge/WebViewBridgeInterface.java, line(s) 11,27 com/unity3d/services/core/webview/bridge/WebViewCallback.java, line(s) 56 com/unity3d/services/store/core/StoreLifecycleListener.java, line(s) 55 com/unity3d/services/store/gpbl/bridges/CommonJsonResponseBridge.java, line(s) 38 com/unity3d/services/store/gpbl/bridges/PurchaseBridge.java, line(s) 37 com/vungle/warren/AdActivity.java, line(s) 133,208,210,228,246 com/vungle/warren/AdEventListener.java, line(s) 98,54,66 com/vungle/warren/AdLoader.java, line(s) 492,537,559,628,690,820,1108,1155,1286,474,608,616,783,891,1270,1302,543,1185,1197,536,1365 com/vungle/warren/AdvertisementPresentationFactory.java, line(s) 492,495,182,204,211,236,281,286,297,305,309,375,380,391,398,464,486 com/vungle/warren/Banners.java, line(s) 29,34,38,43,56,95,109 com/vungle/warren/CacheBustManager.java, line(s) 28 com/vungle/warren/NativeAd.java, line(s) 229,198,193,330 com/vungle/warren/NativeAdLayout.java, line(s) 90,106,118,126,145,154,160,166,178,185,199 com/vungle/warren/Plugin.java, line(s) 26,29 com/vungle/warren/SessionTracker.java, line(s) 177,181,105,264 com/vungle/warren/Vungle.java, line(s) 150,157,822,130,162,290,297,318,332,336,341,352,393,456,498,518,543,562,593,607,624,634,644,654,665,746,752,800,811 com/vungle/warren/VungleApiClient.java, line(s) 195,328,506,286,305,330,334,347,709,723,363,873,876,883 com/vungle/warren/VungleBanner.java, line(s) 38,46,63,87,94,105,128,130,154,194 com/vungle/warren/VungleJobRunner.java, line(s) 78 com/vungle/warren/VungleLogger.java, line(s) 51,88,97,111,73,80,40,29,62 com/vungle/warren/analytics/VungleAnalytics.java, line(s) 68,73,44,45,48,50,53,99 com/vungle/warren/downloader/AssetDownloader.java, line(s) 115,163,220,261,280,292,432,466,476,491,532,534,537,539,568,571,575,579,590,591,593,599,711,719,745,765,770,828,839,870,901,145,300,613,668,874 com/vungle/warren/downloader/CleverCache.java, line(s) 67,71,87,94,128,132,138,153,159,174,183,196,214 com/vungle/warren/log/BaseFilePersistor.java, line(s) 72,184 com/vungle/warren/log/LogManager.java, line(s) 163,168,212,217,226 com/vungle/warren/log/LogPersister.java, line(s) 78,57,136,82,93,122 com/vungle/warren/log/LogSender.java, line(s) 44,80 com/vungle/warren/model/Advertisement.java, line(s) 854 com/vungle/warren/network/OkHttpCall.java, line(s) 41,56 com/vungle/warren/persistence/CacheManager.java, line(s) 199 com/vungle/warren/persistence/FutureResult.java, line(s) 41,55,37,51,58 com/vungle/warren/persistence/GraphicDesigner.java, line(s) 66,86 com/vungle/warren/persistence/Repository.java, line(s) 241,244,527,963,971,977,986,992,1003,1013,266,304,347,649 com/vungle/warren/tasks/CacheBustJob.java, line(s) 82,122,145,155,179,49,76,85,88,171,173,195,47 com/vungle/warren/tasks/CleanupJob.java, line(s) 40,52,78,80,97,88,66 com/vungle/warren/tasks/JobInfo.java, line(s) 111 com/vungle/warren/tasks/SendReportsJob.java, line(s) 48,57 com/vungle/warren/tasks/runnable/JobRunnable.java, line(s) 39,48,50,56,41,60,62 com/vungle/warren/ui/JavascriptBridge.java, line(s) 23 com/vungle/warren/ui/presenter/LocalAdPresenter.java, line(s) 193,553 com/vungle/warren/ui/presenter/MRAIDAdPresenter.java, line(s) 180,480,539,602 com/vungle/warren/ui/presenter/NativeAdPresenter.java, line(s) 105,116,142,168,181,191,248 com/vungle/warren/ui/view/BaseAdView.java, line(s) 64,68 com/vungle/warren/ui/view/FullAdWidget.java, line(s) 263,320,329 com/vungle/warren/ui/view/LocalAdView.java, line(s) 204,136,161 com/vungle/warren/ui/view/NativeAdView.java, line(s) 83 com/vungle/warren/ui/view/VungleBannerView.java, line(s) 81,224,228 com/vungle/warren/ui/view/VungleWebClient.java, line(s) 66,105,182,68,212,213,221,222,245,278 com/vungle/warren/utility/ActivityManager.java, line(s) 285 com/vungle/warren/utility/CookieUtil.java, line(s) 20 com/vungle/warren/utility/ExternalRouter.java, line(s) 24,23,39 com/vungle/warren/utility/FileUtility.java, line(s) 187,228,239,247,105,108 com/vungle/warren/utility/ImageLoader.java, line(s) 44,46,71 com/vungle/warren/utility/ImpressionTracker.java, line(s) 66,71 com/vungle/warren/utility/NetworkProvider.java, line(s) 140,83 com/vungle/warren/utility/UnzipUtility.java, line(s) 131 com/vungle/warren/utility/VungleUrlUtility.java, line(s) 14 com/vungle/warren/utility/platform/AndroidPlatform.java, line(s) 109,134,137,141,193,122 easypay/appinvoke/Log.java, line(s) 27,33,15,21,10,39,45 easypay/appinvoke/actions/OtpHelper.java, line(s) 444,464 easypay/appinvoke/actions/RadioHelper.java, line(s) 69 easypay/appinvoke/utils/AnalyticsService.java, line(s) 37 easypay/appinvoke/utils/AssistLogs.java, line(s) 12 easypay/appinvoke/utils/Log.java, line(s) 12,18,24,30,36,7,42,48 easypay/appinvoke/widget/OtpEditText.java, line(s) 614,618 org/htmlcleaner/CommandLine.java, line(s) 39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,214,221,244 org/htmlcleaner/ConfigFileTagProvider.java, line(s) 70,71,72,73,74,76,77,100,108,116,124,132,140,148,156,173,191 org/jdom/JDOMException.java, line(s) 63 org/libtorrent4j/SessionManager.java, line(s) 659,774,793,431,741 org/lsposed/hiddenapibypass/HiddenApiBypass.java, line(s) 74,313
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: cat/ereza/customactivityoncrash/activity/DefaultErrorActivity.java, line(s) 4,98 com/flutterwave/raveandroid/ussd/UssdFragment.java, line(s) 5,153,166 com/movieshubinpire/android/CustomPaymentActivity.java, line(s) 5,116 com/razorpay/RzpAssist.java, line(s) 5,295
安全 此应用程序具有防止最近任务历史记录/当前点击等功能
此应用程序具有防止最近任务历史记录/当前点击等功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#finding-sensitive-information-in-auto-generated-screenshots-mstg-storage-9 Files: com/movieshubinpire/android/EmbedPlayer.java, line(s) 45,46,93 com/movieshubinpire/android/Favorites.java, line(s) 67,68 com/movieshubinpire/android/Home.java, line(s) 65,66 com/movieshubinpire/android/LiveTVSearch.java, line(s) 57,58 com/movieshubinpire/android/LiveTv.java, line(s) 67,68 com/movieshubinpire/android/LiveTvGenreDetailsActivity.java, line(s) 44,45 com/movieshubinpire/android/LoginSignup.java, line(s) 68,69 com/movieshubinpire/android/MovieDetails.java, line(s) 203,204 com/movieshubinpire/android/Player.java, line(s) 268,260,262,263,265,269,272 com/movieshubinpire/android/Splash.java, line(s) 169,216,217,219 com/movieshubinpire/android/SubscriptionDetails.java, line(s) 72,73 com/movieshubinpire/android/TrailerPlayer.java, line(s) 57,49,51,52,54,58,61 com/movieshubinpire/android/WebSeriesDetails.java, line(s) 204,205 com/movieshubinpire/android/YoutubeLivePlayer.java, line(s) 31,26,28,32,35 com/movieshubinpire/android/fragment/AllMoviesFragment.java, line(s) 43,44 com/movieshubinpire/android/fragment/AllWebseriesFragment.java, line(s) 43,44 com/movieshubinpire/android/fragment/HomeFragment.java, line(s) 280,281 com/movieshubinpire/android/fragment/MoreFragment.java, line(s) 124,125 com/movieshubinpire/android/fragment/SearchFragment.java, line(s) 63,64
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/flutterwave/raveandroid/rave_logger/di/EventLoggerModule.java, line(s) 20,20 com/flutterwave/raveandroid/rave_remote/di/RemoteModule.java, line(s) 41,51,41,51 com/github/se_bastiaan/torrentstreamserver/nanohttpd/NanoHTTPD.java, line(s) 1470,1468,1470,1494,1467,1467 com/mbridge/msdk/thrid/okhttp/internal/Util.java, line(s) 526,525,524,524 com/razorpay/ApiUtils.java, line(s) 127,126,125,125 com/startapp/networkTest/net/WebApiClient.java, line(s) 117,68
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/startapp/p2.java, line(s) 271,271,271,271,271,271 com/startapp/q8.java, line(s) 62,35,39,79,43,79,79,79,79,79