移动应用安全检测报告:
安全基线评分
安全基线评分 48/100
综合风险等级
风险等级评定
- A
- B
- C
- F
漏洞与安全项分布(%)
隐私风险
5
检测到的第三方跟踪器数量
检测结果分布
高危安全漏洞
2
中危安全漏洞
14
安全提示信息
3
已通过安全项
1
重点安全关注
3
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: d5/a.java, line(s) 37
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个5隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: A4/RunnableC0067h.java, line(s) 54 A6/P1.java, line(s) 36 B3/C0170o.java, line(s) 4 B4/C0900a.java, line(s) 15 B7/h.java, line(s) 7 H8/n.java, line(s) 86 I0/C0318d0.java, line(s) 15 I5/C0392p.java, line(s) 6 I7/q.java, line(s) 18 K8/C2986h.java, line(s) 5 K8/i.java, line(s) 15 Lb/m.java, line(s) 6 S8/C3521a.java, line(s) 7 V4/C3929g.java, line(s) 5 V6/J6.java, line(s) 18 X6/l.java, line(s) 47 Y4/c0.java, line(s) 4 ac/a.java, line(s) 3 ac/b.java, line(s) 4 bc/a.java, line(s) 3 ib/f.java, line(s) 7 l8/C3085f.java, line(s) 15 l8/k.java, line(s) 16 u4/C3616A.java, line(s) 28 u4/G.java, line(s) 26 u6/AbstractC3711g4.java, line(s) 12 u6/AbstractC3731j0.java, line(s) 12 u6/AbstractC3735j4.java, line(s) 15 u6/AbstractC3839w5.java, line(s) 12 u6/B5.java, line(s) 12 u6/G.java, line(s) 16 u6/M4.java, line(s) 14 u6/P5.java, line(s) 15 w5/s.java, line(s) 17
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: A6/P1.java, line(s) 193 C3/w.java, line(s) 91 I5/C0392p.java, line(s) 32 N3/o.java, line(s) 31 b6/l.java, line(s) 79 xc/d.java, line(s) 526 xc/g.java, line(s) 214
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: B3/C0894h.java, line(s) 42 V0/L.java, line(s) 43 W/X.java, line(s) 23 d3/e.java, line(s) 38 d3/q.java, line(s) 86 d3/y.java, line(s) 99 u4/a.java, line(s) 64
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: A/m1.java, line(s) 7,412 A6/C0111m.java, line(s) 5,6,230,286,906 A6/J0.java, line(s) 6,7,72 B3/C0169n.java, line(s) 14,116,128 C7/b.java, line(s) 6,67 E7/a.java, line(s) 9,38 P8/C3359o.java, line(s) 7,74 Y4/AbstractC4383a.java, line(s) 8,45 p4/c.java, line(s) 8,70 q4/j.java, line(s) 4,5,72 w2/b.java, line(s) 5,6,47,52 w5/f.java, line(s) 7,65,66 w5/k.java, line(s) 8,9,175,218,219
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: C8/C0995c.java, line(s) 42 H7/g.java, line(s) 115 I0/C0318d0.java, line(s) 78,80,83,86 V6/AbstractC4185z0.java, line(s) 16 j6/b.java, line(s) 176 rc/f.java, line(s) 29
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: M/u.java, line(s) 210 R2/v.java, line(s) 109
中危安全漏洞 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/1041082061253/namespaces/firebase:fetch?key=AIzaSyCv5X6BSu-aWi1Lw_oBW6xXPsx0FSjKucU ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"paywall_variant": "default",
"with_chat_onboarding": "true",
"with_rewarded": "false"
},
"state": "UPDATE",
"templateVersion": "11"
}
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "@string/AD_APP_ID" "AD_APP_ID" : "ca-app-pub-3609782548232699~8119803910" "com.google.firebase.crashlytics.mapping_file_id" : "4efcb2d9c5e1413c905f0c5977b90a31" "facebook_app_id" : "936797744832658" "facebook_client_token" : "f366246c41e1debfd643cd73a415cdfe" "google_api_key" : "AIzaSyCv5X6BSu-aWi1Lw_oBW6xXPsx0FSjKucU" "google_app_id" : "1:1041082061253:android:973e7d0827f8a117573bac" "google_crash_reporting_api_key" : "AIzaSyCv5X6BSu-aWi1Lw_oBW6xXPsx0FSjKucU" ebdb63ffd08793325587d60e337d0f2f d747afd0a2e0405262bf3e65343e4bd3 42229f504e8a1ba95b7653085b8525fe cb5299f62e64e6ca6114c163c88195e2 662519f56202d07b255c1d7c3487c662 470fa2b4ae81cd56ecbcda9735803434cec591fa 82c62205f0ef0ea96608a8 4fd4e72b150d1d1f654ba80f9113ebd8 cc2751449a350f668590264ed76692694a80308a 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 3d2f4ca28181e6ca0ceab17ef121f4d6 edef8ba9-79d6-4ace-a3c8-27dcd51d21ed a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc c103703e120ae8cc73c9248622f3cd1e bbcf447e67c547e29c68572f7885f2b4 xBkDPNxUEiMRX5vPP2wqvCR4Grb8GZQqrKNyC0Y 9b8f518b086098de3d77736f9458a3d2f6f95a37 5ac5ef9b323b73e109df156dcc6e6241 c56fb7d591ba6704df047fd98f535372fea00211 5439c1a459acaeaa07eba27de63a372c B3EEABB8EE11C2BE770B684D95219ECB df6b721c8b4d3b6eb44c861d4415007e5a35fc95 7d384833bcb2ea3178d30d707c41fad4 f3672cd0ce0e79041fdc4dba1ae3ecde d6dc8947b658931d8a7c52247640b093 4a8f90eb470d432bb2eac79e4370ffd4 16a09e667f3bcc908b2fb1366ea957d3e3adec17512775099da2f590b0667322a 48f86b83a15f5fffd04a3a0d33752bfb xJXZd/zR0io4+XWtcwbtnyYutpO4NX7DhE3xBg4 ed1b665448e20eaf769e7931d4594e84
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: A/C0028o.java, line(s) 118 A/m1.java, line(s) 194 A4/AbstractC0799b.java, line(s) 90 A4/C0065f.java, line(s) 153,157 A4/HandlerC0062c.java, line(s) 306,298 A4/RunnableC0067h.java, line(s) 648 A6/A0.java, line(s) 144,143,156,157 A6/C0085d0.java, line(s) 58,64,113,123,59,114,65,126 A6/C0086d1.java, line(s) 111,130,110,129,104,127 A6/C0105k.java, line(s) 982 A6/RunnableC0122p1.java, line(s) 385 A6/RunnableC0132t0.java, line(s) 90,181,192,196,208,210,228,89 A6/S.java, line(s) 177 A6/Z.java, line(s) 199,202,219,265 A9/C0812f.java, line(s) 206 B3/C0157b.java, line(s) 68,73,78 B3/C0160e.java, line(s) 149,137,156 B3/C0169n.java, line(s) 89,177,189,176,188,232,233,269,270,349,373 B3/O.java, line(s) 254,259 B4/AbstractC0920u.java, line(s) 61 B4/C0917r.java, line(s) 54 B5/C0929g.java, line(s) 356,355,144,157,267,431,448,467 B7/e.java, line(s) 31 B7/j.java, line(s) 68 B7/t.java, line(s) 308,309 B8/C0944c.java, line(s) 141,315 C1/C0176b.java, line(s) 81 C1/C0187m.java, line(s) 31,44,90,147,190,207,231 C1/H.java, line(s) 79 C1/T.java, line(s) 125,106,124 C1/l0.java, line(s) 30 C1/m0.java, line(s) 32,44,51,60 C1/q0.java, line(s) 77,94,68 C3/C0969b.java, line(s) 125,156,124,155 C3/i.java, line(s) 48 C3/k.java, line(s) 139 C3/n.java, line(s) 211 C3/r.java, line(s) 293 C3/y.java, line(s) 113,133 C5/u.java, line(s) 20,26,19,25,31,32 C7/C0985e.java, line(s) 31,30 C7/C0991k.java, line(s) 85,44,84,45 C8/C0995c.java, line(s) 35,46 D6/a.java, line(s) 105,128,206,282,294,114,122,135,223 D7/a.java, line(s) 40,39,44 D7/d.java, line(s) 615,616 D7/n.java, line(s) 44,67 D8/C2550c.java, line(s) 230,235,85,86,221,223 D8/h.java, line(s) 649,861,647 D8/j.java, line(s) 104 D8/q.java, line(s) 24 D8/s.java, line(s) 27 E2/j.java, line(s) 372,553,565,371,552,576,577,320,326,392 E3/C2579f.java, line(s) 132,185,200,212,91,97,104,128,144,150,168,180,187,199,211,45,95,112,148,169 E6/C2596d.java, line(s) 270,468 E6/C2605m.java, line(s) 272,342 E6/RunnableC2604l.java, line(s) 165,171,278,281 E6/l.java, line(s) 26 E6/u.java, line(s) 147,151 E7/b.java, line(s) 39,40 E7/c.java, line(s) 47,46 E7/d.java, line(s) 25,39,26,40 E7/e.java, line(s) 76,71,82,88 E9/C2615c.java, line(s) 59 E9/C2616d.java, line(s) 88 F/C2634j.java, line(s) 128,129,297,302 F/l.java, line(s) 93,174,94,175 F/t.java, line(s) 97,101 F2/C2667b.java, line(s) 91,96,103,107,122,130 F2/f.java, line(s) 56,61,70,76,82,92,99 F2/m.java, line(s) 62,64,77,79,122,124,132,134 F5/C2678B.java, line(s) 339,332,338 F5/b.java, line(s) 95,141,242 F5/c.java, line(s) 44,60,69,79 F6/AbstractC2694e.java, line(s) 313,203,209,215,224,341 F6/B.java, line(s) 38 F6/C2696g.java, line(s) 83 F6/D.java, line(s) 39,54 F6/G.java, line(s) 39,44 F6/I.java, line(s) 47 F6/p.java, line(s) 78,81,84,87,90,93,101,104,107,110,149,154 F6/q.java, line(s) 48 G2/C2738C.java, line(s) 513 G2/C2763o.java, line(s) 134,239 G5/i.java, line(s) 41 G7/b.java, line(s) 10,9 G7/e.java, line(s) 51,113,50,112 G7/g.java, line(s) 34,35 H1/b.java, line(s) 42 H3/C2803B.java, line(s) 82,81 H3/C2805b.java, line(s) 66,86,91,99,113,67,87,94,102,116 H3/C2807d.java, line(s) 67,66 H5/RunnableC2815c.java, line(s) 78 H5/h.java, line(s) 92,170,173 H7/g.java, line(s) 48,119 H7/i.java, line(s) 29 H7/n.java, line(s) 102,261,282,300,383,340,356,101,123,260,281,299,330,335,358,372,382,124,331,336,373,296,306,327,361 H7/p.java, line(s) 33,44,45,29 H7/q.java, line(s) 95,116,101,121,123,125,80,94,115,81,89 H7/s.java, line(s) 39,28,32,38 H7/t.java, line(s) 69,68 H7/w.java, line(s) 29,37,44,28,36,43 H7/x.java, line(s) 47,48,69 H8/d.java, line(s) 22,25 H8/f.java, line(s) 58,57 H8/h.java, line(s) 28,27 H8/j.java, line(s) 54,130,91,53,126 H8/k.java, line(s) 54,28,31,43,53,44 H8/n.java, line(s) 422,432,421,431 H8/o.java, line(s) 32,48 H8/p.java, line(s) 21 H8/t.java, line(s) 22,36,21,35 H8/u.java, line(s) 57,104,56,117,130,147,154 H8/w.java, line(s) 22,21 H8/y.java, line(s) 41,45,53,66,83,112,137,91,96,120,40,44,52,65,80,111,136 I0/L.java, line(s) 638 I1/r.java, line(s) 18,17 I5/C0373f0.java, line(s) 21,29,30 I5/C0388n.java, line(s) 450 I7/d.java, line(s) 29,57 I7/g.java, line(s) 144,171,82,143,170,60,73,104,150,200,237,272 I7/m.java, line(s) 40,63 I7/o.java, line(s) 63,93,102,82,85,105,111,114,62,92 I7/q.java, line(s) 132,93 J4/g.java, line(s) 126,108,136 J7/B.java, line(s) 81,304,297,80,290,300,303,291,301 K8/C2979a.java, line(s) 48,64,50,61 K8/b.java, line(s) 212 L1/d.java, line(s) 205 L3/d.java, line(s) 51 L5/G.java, line(s) 16,29,31,39 L5/x.java, line(s) 45 La/b.java, line(s) 62 M/C.java, line(s) 283 M/C3112c.java, line(s) 84,133 M/C3113d.java, line(s) 162 M/u.java, line(s) 532 M1/C3123f.java, line(s) 50 M1/C3125h.java, line(s) 360,375,381 M1/C3129l.java, line(s) 410,545,551,552,553,560,621,443,446,479 M5/f.java, line(s) 83,103,129,128,134,135 M5/i.java, line(s) 78,91,93,101,110,123,125,133,142,155,157,206,168,181,183,191 N3/c.java, line(s) 108,87 N3/n.java, line(s) 63 N4/u.java, line(s) 25,34,41,50,26,35,42,51 N6/C3203d.java, line(s) 56,62,195,220,190,59,139 O/AbstractC3219G.java, line(s) 20 O/AbstractC3260r.java, line(s) 205 O/C3223K.java, line(s) 88,97,188 O/C3258p.java, line(s) 45 O/f0.java, line(s) 192,69,74,175 O/k0.java, line(s) 23 O/r0.java, line(s) 34 P6/e.java, line(s) 136,141,153,260,265,271,283,288,508 P7/d.java, line(s) 21 P7/f.java, line(s) 195,204,122 P8/C3357m.java, line(s) 17,24 P8/O.java, line(s) 56,65,55 P8/Q.java, line(s) 59,71,87,77 P8/S.java, line(s) 37,58,63,94,97 Q0/y.java, line(s) 274 Q2/AbstractC3417D.java, line(s) 130 Q2/C3443t.java, line(s) 148,119 Q2/M.java, line(s) 46 Q2/T.java, line(s) 157 Q3/b.java, line(s) 42 Q3/q.java, line(s) 272,273 R2/p.java, line(s) 110,211,213 R2/q.java, line(s) 101,115 R2/t.java, line(s) 130 R2/v.java, line(s) 70,73,78 R8/C3483c.java, line(s) 30 R8/h.java, line(s) 15,19 R8/k.java, line(s) 15 R8/m.java, line(s) 54,53 S8/C3521a.java, line(s) 51,53,65 Sb/C3525a.java, line(s) 359,363,369,372 T1/AbstractC3531b.java, line(s) 47 T1/b.java, line(s) 127 T1/g.java, line(s) 186,192,256,332,409,459,479,493,527,545,605,646,649,733,738,744,759,769,780,787,882,54,230,235,384,706,710,714,817,825 T3/C0572c.java, line(s) 68,355,67,354 T3/C3549f.java, line(s) 483,26,322,343 T3/q.java, line(s) 72,86 U/C0649w.java, line(s) 62 U1/f.java, line(s) 40,45 U1/h.java, line(s) 66,108,302 U8/b.java, line(s) 55 V1/AbstractC3914c.java, line(s) 29,32,35,71,73,75,110,116 V1/AbstractComponentCallbacksC0693s.java, line(s) 188,280,303,187,279,302,494,495 V1/AnimationAnimationListenerC0683h.java, line(s) 28,41,29,42 V1/C0676a.java, line(s) 57,83,93,105,58,84,94,106 V1/C0679d.java, line(s) 43,44 V1/C0682g.java, line(s) 41,42 V1/C0684i.java, line(s) 135,177,285,308,340,345,368,384,408,420,429,459,475,488,136,178,286,309,341,346,369,385,409,421,430,460,481,494 V1/DialogInterfaceOnCancelListenerC0687l.java, line(s) 157,187,156,186 V1/H.java, line(s) 1371,1057,1058,1066,1074,347,421,561,653,663,677,697,724,773,822,884,902,917,948,1036,1205,1214,1265,1273,1370,348,422,562,654,664,678,698,725,778,823,885,903,920,949,1037,1206,1215,1266,1274 V1/K.java, line(s) 30,66,29,37,48,65,88,92,38,49,89,95 V1/N.java, line(s) 49,63,162,294,336,372,417,482,520,549,558,605,610,659,737,782,858,886,46,62,159,283,291,335,371,402,414,479,517,548,557,589,604,609,619,625,658,667,734,779,794,838,855,883,932,284,403,590,620,626,668,803,839,933 V1/Q.java, line(s) 15 V1/T.java, line(s) 88,107,117,129,144,157,89,108,118,130,145,158 V1/x.java, line(s) 84,101,85,102 V6/AbstractC4093o6.java, line(s) 63,72,62,47,55,69 V6/C4101p5.java, line(s) 116,117,118,119,120,72,85,98,126,138,150,193,206,219,115 V6/E6.java, line(s) 58 V6/F7.java, line(s) 27,31,35,46,22,43,70,83,90 V6/H6.java, line(s) 19 V6/H7.java, line(s) 37 V6/S6.java, line(s) 9,16,8,15 V6/T7.java, line(s) 129,110,142,148 V6/V7.java, line(s) 428,320 V6/Z7.java, line(s) 62,63,64,65,146,46,70,76,82,87,154,93,138,97,112,117,121 V6/a.java, line(s) 19 V6/p8.java, line(s) 117 V6/t8.java, line(s) 84,45,49,92,53,76,57,104,109,112 V6/v8.java, line(s) 23,29,25 V9/f.java, line(s) 56 W/C0733s0.java, line(s) 456 W0/t.java, line(s) 266 W1/d.java, line(s) 23,22 X2/C4331a.java, line(s) 60 X2/c.java, line(s) 173 X5/b.java, line(s) 843,849,983,609 X6/g.java, line(s) 117 Y2/c.java, line(s) 182,209,179,208 Y7/f.java, line(s) 630,467,623,629 Z1/AbstractC4406a.java, line(s) 88 Z6/d.java, line(s) 58 Z6/e.java, line(s) 167,318,165,310 Z6/i.java, line(s) 196,200 Z6/l.java, line(s) 38,37,45 b6/C0938a.java, line(s) 83,100,82,99,147 b6/C0939b.java, line(s) 20,19 b6/d.java, line(s) 46,59,80,45,58,79,76,99,111 b6/f.java, line(s) 14,11 b6/h.java, line(s) 56,55 b6/i.java, line(s) 51,50,64,87,114,134,142,65,88,115,135,143 b6/j.java, line(s) 35,42,34,41 b6/l.java, line(s) 142,141 c6/C0979e.java, line(s) 57,100,107 c6/C0980f.java, line(s) 27 c6/h.java, line(s) 35 c6/i.java, line(s) 259,261,150,183,187,256,52,65 c6/k.java, line(s) 26 c6/n.java, line(s) 49 c6/q.java, line(s) 66,70 d3/i.java, line(s) 516,135,171,515,346 d3/j.java, line(s) 47,48 d3/l.java, line(s) 23,67 d3/s.java, line(s) 82 d3/z.java, line(s) 50,110,49,100,109,101 f3/k.java, line(s) 68,88,103 g3/e.java, line(s) 79,291 g6/b.java, line(s) 35 hc/o0.java, line(s) 77,83 i6/C2909a.java, line(s) 73,92 j0/e.java, line(s) 22 j3/C2920b.java, line(s) 68,69 j3/b.java, line(s) 57,68,78 j6/b.java, line(s) 216,51,215,209 j6/d.java, line(s) 48,55 j8/c.java, line(s) 148,336,154,157,344,369,389,147,335,339,352,340,353,168,177 k3/C2958c.java, line(s) 47,48 k3/i.java, line(s) 23,29,33,43,51,26,30,36,46,52,53,54,57 k3/n.java, line(s) 23,30,124,134,148,158,181,191,215,222,229,233,236,239,22,29,123,133,145,157,180,190,210,221,228,232,235,238 k3/s.java, line(s) 48,51,49,52 k3/v.java, line(s) 63,69,75,81,87,102,114,64,70,76,82,88,115,103 l8/C3081b.java, line(s) 70 m7/a.java, line(s) 121 m7/b.java, line(s) 208,392,639,213,207,285,391,638,286,591,605 n2/c.java, line(s) 161 n7/c.java, line(s) 75,74 o3/C3291a.java, line(s) 51,113,130,136,141,59,114,131,137,142 o3/i.java, line(s) 47,48 p4/c.java, line(s) 101,100 rb/C3499c.java, line(s) 176,271,371,466,561,656 s4/C3510c.java, line(s) 49 t6/C3554b.java, line(s) 323,327,332,951 t6/C3557e.java, line(s) 38,42,51 t6/J.java, line(s) 13,15 t6/L.java, line(s) 27,28 t8/C3570a.java, line(s) 112,136,109,135,59,64,139 t8/a.java, line(s) 17,25 t8/c.java, line(s) 18,26 t8/e.java, line(s) 28,51,61 u4/C3647u.java, line(s) 131,179 u6/E.java, line(s) 22,26,30 u6/U.java, line(s) 61 u6/X6.java, line(s) 7,13,8,14 u6/d.java, line(s) 103,137 w2/f.java, line(s) 46,156 y1/l.java, line(s) 22 y8/b.java, line(s) 301,282 z0/c.java, line(s) 77 z5/g.java, line(s) 54 z5/j.java, line(s) 166,172,178,184 zb/C4428a.java, line(s) 146
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: I0/C0325h.java, line(s) 6,24,127
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: B3/O.java, line(s) 157,157 E2/j.java, line(s) 608,608 R3/b.java, line(s) 82,82 j8/c.java, line(s) 477,477
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: C7/C0991k.java, line(s) 61 G7/g.java, line(s) 51 H7/g.java, line(s) 106,106,107
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (pagead2.googlesyndication.com) 通信。
{'ip': '180.163.151.38', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (dashif.org) 通信。
{'ip': '221.228.32.13', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '无锡', 'latitude': '31.569349', 'longitude': '120.288788'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (app-measurement.com) 通信。
{'ip': '180.163.150.161', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}