导航菜单
登录 注册

页面标题

页面副标题

移动应用安全检测报告

应用图标

Call Management v11

Android APK a2f95e95...
55
安全评分

安全基线评分

55/100

低风险

综合风险等级

风险等级评定
  1. A
  2. B
  3. C
  4. F

应用存在一定安全风险,建议优化

漏洞与安全项分布

0 高危
12 中危
1 信息
1 安全

隐私风险评估

0
第三方跟踪器

隐私安全
未检测到第三方跟踪器


检测结果分布

高危安全漏洞 0
中危安全漏洞 12
安全提示信息 1
已通过安全项 1
重点安全关注 0

中危安全漏洞 Activity (com.android.server.telecom.settings.BlockedNumbersActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.android.server.telecom.components.UserCallActivity) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.CALL_PHONE [android:exported=true]
检测到  Activity 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Activity-Alias (com.android.server.telecom.EmergencyCallActivity) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.CALL_PRIVILEGED [android:exported=true]
检测到  Activity-Alias 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Activity-Alias (com.android.server.telecom.PrivilegedCallActivity) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.CALL_PRIVILEGED [android:exported=true]
检测到  Activity-Alias 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Broadcast Receiver (com.android.server.telecom.components.AppUninstallBroadcastReceiver) 未受保护。 

存在 intent-filter。
检测到  Broadcast Receiver 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Broadcast Receiver 被显式导出,存在安全风险。

中危安全漏洞 Activity (com.android.server.telecom.settings.EnableAccountPreferenceActivity) 未受保护。 

存在 intent-filter。
检测到  Activity 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Activity 被显式导出,存在安全风险。

中危安全漏洞 Activity (com.unisoc.server.telecom.settings.TelecommCallSettings) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Service (com.android.server.telecom.components.BluetoothPhoneService) 未受保护。 

存在 intent-filter。
检测到  Service 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Service 被显式导出,存在安全风险。

中危安全漏洞 Service (com.android.server.telecom.components.TelecomService) 未受保护。 

存在 intent-filter。
检测到  Service 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Service 被显式导出,存在安全风险。

中危安全漏洞 Broadcast Receiver (com.transsion.server.telecom.message.TranMessageReceiver) 未受保护。 

存在 intent-filter。
检测到  Broadcast Receiver 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Broadcast Receiver 被显式导出,存在安全风险。

中危安全漏洞 高优先级 Intent(1000) - {8} 个命中 

[android:priority]
通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。

中危安全漏洞 此应用可能包含硬编码机密信息 

从应用程序中识别出以下机密确保这些不是机密或私人信息
"phone_settings_private_num_txt" : "Private"
"private_dns_mode_off" : "Off"
"private_dns_mode_opportunistic" : "Automatic"
"local_backup_password_title" : "Werkskerm-rugsteunwagwoord"
"phone_settings_private_num_txt" : "Privaat"
"private_dns_mode_off" : "Af"
"private_dns_mode_opportunistic" : "Outomaties"
"wifi_disabled_password_failure" : "Stawingsprobleem"
"private_dns_mode_opportunistic" : "Automaticky"
"phone_settings_private_num_txt" : "Privado"
"private_dns_mode_off" : "Desactivado"
"private_dns_mode_opportunistic" : "Automatyczny"
"phone_settings_private_num_txt" : "Zasebno"
"private_dns_mode_off" : "Izklopljeno"
"private_dns_mode_opportunistic" : "Samodejno"
"phone_settings_private_num_txt" : "Pribado"
"private_dns_mode_off" : "Naka-off"
"private_dns_mode_opportunistic" : "Awtomatiko"
"phone_settings_private_num_txt" : "Pribadi"
"private_dns_mode_off" : "Nonaktif"
"private_dns_mode_opportunistic" : "Otomatis"
"phone_settings_private_num_txt" : "Privat"
"private_dns_mode_off" : "Dezactivat"
"private_dns_mode_opportunistic" : "Automat"
"phone_settings_private_num_txt" : "Private"
"private_dns_mode_off" : "Joaktiv"
"private_dns_mode_opportunistic" : "Automatik"
"private_dns_mode_opportunistic" : "Automatique"
"phone_settings_private_num_txt" : "Privatno"
"private_dns_mode_opportunistic" : "Automatski"
"private_dns_mode_opportunistic" : "Automatski"
"phone_settings_private_num_txt" : "Gizli"
"private_dns_mode_opportunistic" : "Otomatik"
"private_dns_mode_off" : "Vypnuto"
"private_dns_mode_opportunistic" : "Automaticky"
"phone_settings_private_num_txt" : "Privada"
"private_dns_mode_off" : "Desactivado"
"phone_settings_private_num_txt" : "Persendirian"
"private_dns_mode_off" : "Mati"
"private_dns_mode_opportunistic" : "Automatik"
"phone_settings_private_num_txt" : "Privaatne"
"private_dns_mode_opportunistic" : "Automaatne"
"phone_settings_private_num_txt" : "Privatus"
"private_dns_mode_opportunistic" : "Automatinis"
"phone_settings_private_num_txt" : "Particular"
"private_dns_mode_off" : "Desativado"
"private_dns_mode_off" : "Ki"
"private_dns_mode_opportunistic" : "Automatikus"
"phone_settings_private_num_txt" : "Faragha"
"private_dns_mode_off" : "Imezimwa"
"private_dns_mode_opportunistic" : "Otomatiki"
"private_dns_mode_off" : "Deaktiv"
"private_dns_mode_opportunistic" : "Avtomatik"
"private_dns_mode_off" : "Yoqilmagan"
"private_dns_mode_opportunistic" : "Avtomatik"
"private_dns_mode_provider_failure" : "Ulanmadi"
"phone_settings_private_num_txt" : "Private"
"private_dns_mode_off" : "Off"
"private_dns_mode_opportunistic" : "Automatic"
"phone_settings_private_num_txt" : "Private"
"private_dns_mode_off" : "Off"
"private_dns_mode_opportunistic" : "Automatic"
"phone_settings_private_num_txt" : "Private"
"private_dns_mode_off" : "Off"
"private_dns_mode_opportunistic" : "Automatic"
"phone_settings_private_num_txt" : "Privado"
"private_dns_mode_off" : "Desativado"
"phone_settings_private_num_txt" : "Privado"
"private_dns_mode_off" : "Desactivado"
"phone_settings_private_num_txt" : "Privadas"
"private_dns_mode_off" : "Desativado"
"phone_settings_private_num_txt" : "Private"
"private_dns_mode_off" : "Off"
"private_dns_mode_opportunistic" : "Automatic"
"phone_settings_private_num_txt" : "Dhunfaa"

安全提示信息 应用程序记录日志信息,不得记录敏感信息 

应用程序记录日志信息,不得记录敏感信息
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs

Files:
com/transsion/server/telecom/CallConnectedVibrator.java, line(s) 29
com/transsion/server/telecom/MultipleDialerDeviceUtil.java, line(s) 12,19
com/transsion/server/telecom/callfiltering/OsBlockManager.java, line(s) 39,50,55,67,76,93,100,113,121
com/transsion/server/telecom/graduallyring/TranGraduallyRing.java, line(s) 31,39
com/transsion/server/telecom/message/TranMessageReceiver.java, line(s) 29,33
com/transsion/server/telecom/message/TranMessageSendService.java, line(s) 23,28,45,52,59,81
com/unisoc/server/telecom/InCallScreenOffController.java, line(s) 64
com/unisoc/server/telecom/TelecomCmccHelper.java, line(s) 27,54,56,60,82,94,45,109
com/unisoc/server/telecom/TelecomUtils.java, line(s) 96,47,77,99,103,124,136
com/unisoc/server/telecom/WakeupScreenHelper.java, line(s) 44,48
com/unisoc/server/telecom/incallTone/LocalToneHelper.java, line(s) 60,84,152,188,229,276,279,310,328,45,108,124,130,179,181,199,211,218,239,253,308,325,339
com/unisoc/server/telecom/incallTone/RingBackTone.java, line(s) 35,82,143,187,48,55,112,118,125,127,134,155,169
com/unisoc/server/telecom/incallTone/TelcelCallWaitingToneHelper.java, line(s) 23
com/unisoc/server/telecom/sensor/FadeDownRingtoneToVibrate.java, line(s) 29,56,65,52
com/unisoc/server/telecom/sensor/FlipToMute.java, line(s) 35,58,67,73
com/unisoc/server/telecom/sensor/MaxRingingVolumeAndVibrate.java, line(s) 36,62,72,79,41,52
com/unisoc/server/telecom/sensor/PickUpToAnswerIncomingCall.java, line(s) 34,56,65,71
com/unisoc/server/telecom/sensor/TriggerListener.java, line(s) 17

已通过安全项 此应用程序没有隐私跟踪程序 

此应用程序不包括任何用户或设备跟踪器。在静态分析期间没有找到任何跟踪器。

综合安全基线评分总结

应用图标

Call Management v11

Android APK
55
综合安全评分
中风险