导航菜单
登录 注册

页面标题

页面副标题

移动应用安全检测报告

应用图标

True Balance v7.02.00

Android APK a6385748...
51
安全评分

安全基线评分

51/100

低风险

综合风险等级

风险等级评定
  1. A
  2. B
  3. C
  4. F

应用存在一定安全风险,建议优化

漏洞与安全项分布

5 高危
66 中危
4 信息
5 安全

隐私风险评估

9
第三方跟踪器

高隐私风险
检测到大量第三方跟踪器


检测结果分布

高危安全漏洞 5
中危安全漏洞 66
安全提示信息 4
已通过安全项 5
重点安全关注 0

高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 

如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7

Files:
com/payu/custombrowser/d.java, line(s) 911,19
com/razorpay/BaseRazorpay.java, line(s) 1518,1589,15
in/juspay/hypersdk/core/DynamicUI.java, line(s) 244,492,10
in/juspay/hypersdk/safe/JuspayWebView.java, line(s) 58,9,10

高危安全漏洞 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 

不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification

Files:
com/payu/custombrowser/Bank.java, line(s) 1570,968
com/payu/custombrowser/PayUWebViewClient.java, line(s) 89,85

高危安全漏洞 该文件是World Writable。任何应用程序都可以写入文件 

该文件是World Writable。任何应用程序都可以写入文件
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2

Files:
in/juspay/hypersdk/core/AndroidInterface.java, line(s) 664
in/juspay/hypersdk/data/KeyValueStore.java, line(s) 14

高危安全漏洞 已启用远程WebView调试 

已启用远程WebView调试
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing

Files:
com/balancehero/TBApplication$doInitialize$9.java, line(s) 30,3

高危安全漏洞 应用程序包含隐私跟踪程序 

此应用程序有多个9隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。

中危安全漏洞 域配置配置为信任系统证书。 

Scope:
api.truebalance.cc

中危安全漏洞 Activity (com.balancehero.truebalance.recharge.search.SearchMobileNumberActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.account.AccountActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.recharge.bill.list.BillOperatorListActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.giftcard.purchase.select.ui.SelectGiftCardActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.giftcard.purchase.shop.ui.GiftCardShopActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.startup.FilterUriActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.giftcard.redeem.ui.RedeemGiftCardActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.account.upgrade.KycUpgradeResultActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.specialOccasionBanner.activity.OccasionBannerActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (com.appsflyer.MultipleInstallBroadcastReceiver) 未受保护。 

[android:exported=true]
检测到  Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.referandearn.ui.ReferAndEarnActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.referandearn.ui.ReferEarnVideosActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.asset.AssetMainActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.notifications.view.NotificationCentreMainActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.repaylater.TCRepayLaterActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (com.google.android.gms.analytics.CampaignTrackingReceiver) 未受保护。 

[android:exported=true]
检测到  Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (com.google.ads.conversiontracking.InstallReceiver) 未受保护。 

[android:exported=true]
检测到  Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Service (com.balancehero.service.AppFirebaseMessagingService) 未受保护。 

[android:exported=true]
检测到  Service 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.tcloan.cashloan.TCCashLoanActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.tcloan.leveluploan.TCLevelUpLoanActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (in.finbox.mobileriskmanager.sms.inbox.rt.capture.IncomingSmsReceiver) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BROADCAST_SMS [android:exported=true]
检测到  Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.orderhistory.ui.OrderHistoryActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.orderhistory.detail.insurance.ui.InsuranceOrderHistoryDetailActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.walletppi.features.sendmoney.ui.activities.SendMoneyActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity-Alias (com.balancehero.truebalance.walletppi.features.sendmoney.ui.activities.IntentRegistrationActivity) 未受保护。 

[android:exported=true]
检测到  Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.walletppi.features.requestmoney.ui.activity.RequestMoneyActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.membership.main.MembershipMainActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.membership.information.MembershipInformationActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.membership.rewardlist.MembershipRewardListActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.membership.ranking.MembershipRankingActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.account.upgrade.KycUpgradeSelectActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.settings.ui.SettingsActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.help.ui.HelpActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.serviceguide.ui.ServiceGuideActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.balancehero.truebalance.notice.NotificationActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (com.balancehero.truebalance.onboarding.TBBroadcastReceiver) 未受保护。 

[android:exported=true]
检测到  Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (com.balancehero.receiver.TBSmsReceiver) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BROADCAST_SMS [android:exported=true]
检测到  Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。 

Permission: com.google.android.c2dm.permission.SEND [android:exported=true]
检测到  Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Activity (com.google.firebase.auth.internal.GenericIdpActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.google.firebase.auth.internal.RecaptchaActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (androidx.compose.ui.tooling.PreviewActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (in.juspay.hypersdk.core.CustomtabResult) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.moengage.sdk.debugger.MoEDebuggerActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。 

Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
检测到  Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.DUMP [android:exported=true]
检测到  Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.DUMP [android:exported=true]
检测到  Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 Activity (com.onemoney.android.commonsdk.activity.OnemoneyLoginActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.onemoney.android.commonsdk.activity.OnemoneyBanksListActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.onemoney.android.commonsdk.activity.OnemoneyConsentDetailsActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.onemoney.android.commonsdk.activity.ConsentRejectActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.onemoney.android.commonsdk.activity.ConsentApproveActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.onemoney.android.commonsdk.activity.OnemoneyDiscoverLinkedAccountsActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (com.onemoney.android.commonsdk.utility.OTPBroadCastReceiverWithoutPermission) 未受保护。 

[android:exported=true]
检测到  Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 高优先级 Intent(999) - {4} 个命中 

[android:priority]
通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。

中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 

文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10

Files:
co/hyperverge/hypersnapsdk/objects/HVDocConfig.java, line(s) 11
co/hyperverge/hypersnapsdk/objects/HyperKYCConfigs.java, line(s) 136,42
co/hyperverge/hypersnapsdk/objects/HyperSnapSDKConfig.java, line(s) 314
com/amazonaws/auth/CognitoCachingCredentialsProvider.java, line(s) 28,31,27,29,30
com/amazonaws/auth/policy/conditions/ConditionFactory.java, line(s) 8,9,10,11,12,13,14
com/amazonaws/internal/keyvaluestore/AWSKeyValueStore.java, line(s) 255,252
com/amazonaws/internal/keyvaluestore/KeyProvider18.java, line(s) 29
com/amazonaws/mobileconnectors/kinesis/kinesisrecorder/JSONRecordAdapter.java, line(s) 14
com/balancehero/common/permission/ConsentData.java, line(s) 37
com/balancehero/tcloan/enach/data/dto/response/EMandateConfigDataModel.java, line(s) 1005
com/balancehero/tcloan/enach/data/dto/response/EMandateRazorPayCustomDetails.java, line(s) 136
com/balancehero/truebalance/account/upgrade/ekyc/model/CKycDobScreen.java, line(s) 210
com/balancehero/truebalance/account/upgrade/ekyc/model/KYCPanScreen.java, line(s) 261
com/balancehero/truebalance/account/upgrade/ekyc/model/KycAadhaarDetails.java, line(s) 280
com/balancehero/truebalance/base/net/PageExtrasModel.java, line(s) 107
com/balancehero/truebalance/internalkyc/model/CKycVerifyOtpData.java, line(s) 246
com/balancehero/truebalance/internalkyc/model/KycErrorDetail.java, line(s) 247
com/balancehero/truebalance/main/net/model/UserStoryDetails.java, line(s) 123
com/balancehero/truebalance/payment/payu/ui/PayUCardWebViewActivity.java, line(s) 203
com/balancehero/truebalance/payment/razorpay/TBPaymentParams.java, line(s) 76
com/balancehero/truebalance/payment/result/model/PaymentPgConfig.java, line(s) 82
com/payu/custombrowser/util/CBConstant.java, line(s) 94,103,100,112,152,176,227,217
com/payu/india/Payu/PayuConstants.java, line(s) 69,88,193,213,303,77,231,407,347,443,522,525
com/payu/india/Payu/PayuErrors.java, line(s) 25
com/payu/otpparser/Constants.java, line(s) 13,19
com/payu/payuanalytics/analytics/utils/PayUAnalyticsConstant.java, line(s) 13
com/payu/socketverification/util/PayUNetworkConstant.java, line(s) 19,21
com/payu/upisdk/Upi.java, line(s) 316
com/payu/upisdk/a.java, line(s) 409
com/payu/upisdk/util/UpiConstant.java, line(s) 34,37,42,46,48,94,108,147
com/razorpay/AnalyticsConstants.java, line(s) 111,125,62
com/razorpay/BaseConstants.java, line(s) 26,33
com/rudderstack/android/sdk/core/RudderPreferenceManager.java, line(s) 7,8,9,10,11,12,13,15,16,17
com/rudderstack/android/sdk/core/RudderTraits.java, line(s) 11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26
in/finbox/common/constants/Constants.java, line(s) 116,140
zendesk/core/Constants.java, line(s) 13
zendesk/core/LegacyIdentityMigrator.java, line(s) 16,13,20,14,21,23,15,17,24,22,18,19
zendesk/core/ZendeskCoreSettingsStorage.java, line(s) 8,9
zendesk/core/ZendeskIdentityStorage.java, line(s) 10,14,15,16,11,12
zendesk/core/ZendeskMachineIdStorage.java, line(s) 7
zendesk/core/ZendeskStorage.java, line(s) 9
zendesk/support/CreateRequest.java, line(s) 10
zendesk/support/LegacyRequestMigrator.java, line(s) 16
zendesk/support/ZendeskArticleVoteStorage.java, line(s) 8
zendesk/support/ZendeskHelpCenterSettingsProvider.java, line(s) 13
zendesk/support/ZendeskRequestStorage.java, line(s) 16,17,18
zendesk/support/ZendeskSupportSettingsProvider.java, line(s) 14,16
zendesk/support/requestlist/RequestListModel.java, line(s) 17,18
zendesk/support/requestlist/RequestListView.java, line(s) 41,42

中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 

应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2

Files:
com/balancehero/truebalance/database/provider/TrueBalanceDBManager.java, line(s) 4,42,43,48,49,52,55,58,59
com/balancehero/truebalance/giftcard/redeem/auto/db/GiftCardRedeemStatusDBManager.java, line(s) 4,36,41
com/moengage/core/internal/storage/database/DatabaseHelper.java, line(s) 7,8,150
com/rudderstack/android/sdk/core/EventsDbHelper.java, line(s) 5,6,27

中危安全漏洞 应用程序使用不安全的随机数生成器 

应用程序使用不安全的随机数生成器
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators

Files:
co/hyperverge/hvcamera/HVCamUtils.java, line(s) 11
co/hyperverge/hvcamera/magicfilter/utils/Camera2Utils.java, line(s) 15
co/hyperverge/hypersnapsdk/HyperSnapSDK.java, line(s) 38
com/amazonaws/retry/PredefinedRetryPolicies.java, line(s) 9
com/appsflyer/internal/AFb1gSDK.java, line(s) 21
com/balancehero/truebalance/walletppi/common/utils/WalletPpiBindingAdaptersKt.java, line(s) 16
com/balancehero/truebalance/widget/SlotMachineRupiTextView.java, line(s) 20
in/finbox/mobileriskmanager/FinBox.java, line(s) 55
j$/util/concurrent/ThreadLocalRandom.java, line(s) 11

中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 

可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6

Files:
com/balancehero/tcloan/bankstatement/ui/BankStatementWebViewFragment.java, line(s) 319,318
com/balancehero/tcloan/vkyc/ui/VideoKycWebviewActivity.java, line(s) 157,148
in/juspay/hypersdk/safe/Godel.java, line(s) 632,619

中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞 

不安全的Web视图实现。可能存在WebView任意代码执行漏洞
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5

Files:
com/balancehero/tcloan/cashloan/ui/fragment/TCCashLoanApprovalWebViewFragment.java, line(s) 285,277
com/balancehero/tcloan/cashloan/ui/fragment/TCCashLoanWebViewFragment.java, line(s) 525,493
com/balancehero/tcloan/leveluploan/ui/fragment/TCLevelUpLoanApprovalWebViewFragment.java, line(s) 300,294
com/balancehero/tcloan/leveluploan/ui/fragment/TCLevelUpLoanSurveyFragment.java, line(s) 610,604
com/balancehero/tcloan/leveluploan/ui/fragment/TCLevelUpLoanWebViewFragment.java, line(s) 435,438,428
com/balancehero/truebalance/payment/razorpay/RazorPayWebViewFragment.java, line(s) 442,220,406
com/balancehero/truebalance/serviceguide/ui/ServiceGuideActivity.java, line(s) 315,306
com/payu/custombrowser/d.java, line(s) 765,764
com/payu/upisdk/upiintent/PaymentResponseUpiSdkActivity.java, line(s) 83,82
com/payu/upisdk/upiintent/PaymentResponseUpiSdkFragment.java, line(s) 200,199
com/pierfrancescosoffritti/androidyoutubeplayer/core/player/views/YouTubePlayerView.java, line(s) 198,195
com/razorpay/BaseUtils.java, line(s) 925,170
in/juspay/hypersdk/core/DynamicUI.java, line(s) 162,199,293,160
in/juspay/hypersdk/safe/Godel.java, line(s) 374,625,619

中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 

应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage

Files:
co/hyperverge/hypersnapsdk/utils/AppConstants.java, line(s) 15
com/balancehero/truebalance/log/userlog4/category/AutoLog.java, line(s) 120,123
com/balancehero/truebalance/walletppi/features/qr/generateqr/ui/GenerateQrActivity.java, line(s) 174,199
com/balancehero/utils/DownloadFileUtil.java, line(s) 51,113,127
in/finbox/mobileriskmanager/devicedata/utils/StorageSizeUtils.java, line(s) 20,23,40,43

中危安全漏洞 IP地址泄露 

IP地址泄露


Files:
in/finbox/mobileriskmanager/x.java, line(s) 94,94,94

中危安全漏洞 MD5是已知存在哈希冲突的弱哈希 

MD5是已知存在哈希冲突的弱哈希
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
com/amazonaws/util/Md5Utils.java, line(s) 20,63
in/finbox/common/utils/CommonUtil.java, line(s) 153
in/juspay/hypersdk/security/EncryptionHelper.java, line(s) 185,263

中危安全漏洞 此应用程序可能会请求root(超级用户)权限 

此应用程序可能会请求root(超级用户)权限
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1

Files:
co/hyperverge/crashguard/utils/RootChecker.java, line(s) 12,12,12,12,12
in/finbox/mobileriskmanager/n0.java, line(s) 12,12,12,14,12,14,12,12

中危安全漏洞 此应用可能包含硬编码机密信息 

从应用程序中识别出以下机密确保这些不是机密或私人信息
"pathPrefix_kyc_authorized" : "/account.upgrade_result_paperkyc"
"androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Passkey"
"finbox_api_key" : "5JSQq2H7BaaFYUxtdQhAW3ELGmS928ar9prYeZxS"
"firebase_dynamic_link_scheme_https" : "https"
"firebase_dynamic_link_host" : "play.google.com/store/apps/details?id=com.balancehero.truebalance"
"facebook_app_id" : "780496118694940"
"zendesk_oauth_client_id" : "mobile_sdk_client_bd7e2cadf669a632095b"
"firebase_dynamic_link_scheme_http" : "http"
"cb_pwd_btn" : "pwd_btn"
"membership_user" : "User"
"password" : "Password"
"cb_password" : "PASSWORD"
"android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Password"
"com.google.firebase.crashlytics.mapping_file_id" : "0a80e3ed34774ed4b2ad8df067ebb4c8"
"user" : "User"
"firebase_database_url" : "https://true-balance-c2740.firebaseio.com"
"cb_password_small" : "Password"
"mi_push_app_key" : "5171762619734"
"google_api_key" : "AIzaSyAJNilsoFdB8BwKObm7kHFT9e_uvFAJKD4"
"cb_snooze_verify_api_status" : "api_status"
"payu_sentry_key" : "payu_sentry_key"
"google_app_id" : "1:774463934809:android:d94771c18abd0af8"
"google_crash_reporting_api_key" : "AIzaSyAJNilsoFdB8BwKObm7kHFT9e_uvFAJKD4"
"mi_push_app_id" : "2882303761517626734"
"cb_password_value" : "Password"
cc2751449a350f668590264ed76692694a80308a
e0830eb9aa5b924cc21b03b2c24a180f51fee568529d4b169e5c8a25f97e6e0c
3BAF59A2E5331C30675FAB35FF5FFF0D116142D3D4664F1C3CB804068B40614F
2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3
9c72cea07fc4afd979e755f82bdeae11
0030b21a-9796-11e7-b1ed-0211be0c23b5
FragmentLvlCoachMarkStep04BindingImpl
FFE391E0EA186D0734ED601E4E70E3224B7309D48E2075BAC46D8C667EAE7212
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c3ZnIHdpZHRoPSIxNHB4IiBoZWlnaHQ9IjE0cHgiIHZpZXdCb3g9IjAgMCAxNCAxNCIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4gICAgICAgIDx0aXRsZT5Hcm91cCA2PC90aXRsZT4gICAgPGRlc2M+Q3JlYXRlZCB3aXRoIFNrZXRjaC48L2Rlc2M+ICAgIDxkZWZzPjwvZGVmcz4gICAgPGcgaWQ9IlBhZ2UtMSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+ICAgICAgICA8ZyBpZD0iNS4xIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtMjUuMDAwMDAwLCAtNTI1LjAwMDAwMCkiPiAgICAgICAgICAgIDxnIGlkPSJHcm91cC02IiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgyNC4wMDAwMDAsIDUyNC4wMDAwMDApIj4gICAgICAgICAgICAgICAgPHBvbHlnb24gaWQ9IlNoYXBlIiBwb2ludHM9IjAgMCAxNiAwIDE2IDE2IDAgMTYiPjwvcG9seWdvbj4gICAgICAgICAgICAgICAgPHBhdGggZD0iTTEzLjMzMzMzMzMsMS4zMzMzMzMzMyBDMTQuMDY2NjY2NywxLjMzMzMzMzMzIDE0LjY2NjY2NjcsMS45MzMzMzMzMyAxNC42NjY2NjY3LDIuNjY2NjY2NjcgTDE0LjY2NjY2NjcsMTAuNjY2NjY2NyBDMTQuNjY2NjY2NywxMS40IDE0LjA2NjY2NjcsMTIgMTMuMzMzMzMzMywxMiBMNCwxMiBMMS4zMzMzMzMzMywxNC42NjY2NjY3IEwxLjMzMzMzMzMzLDIuNjY2NjY2NjcgQzEuMzMzMzMzMzMsMS45MzMzMzMzMyAxLjkzMzMzMzMzLDEuMzMzMzMzMzMgMi42NjY2NjY2NywxLjMzMzMzMzMzIEwxMy4zMzMzMzMzLDEuMzMzMzMzMzMgWiBNNS4zMzMzMzMzMyw3LjMzMzMzMzMzIEM1LjcwMTUyMzE3LDcuMzMzMzMzMzMgNiw3LjAzNDg1NjUgNiw2LjY2NjY2NjY3IEM2LDYuMjk4NDc2ODMgNS43MDE1MjMxNyw2IDUuMzMzMzMzMzMsNiBDNC45NjUxNDM1LDYgNC42NjY2NjY2Nyw2LjI5ODQ3NjgzIDQuNjY2NjY2NjcsNi42NjY2NjY2NyBDNC42NjY2NjY2Nyw3LjAzNDg1NjUgNC45NjUxNDM1LDcuMzMzMzMzMzMgNS4zMzMzMzMzMyw3LjMzMzMzMzMzIFogTTgsNy4zMzMzMzMzMyBDOC4zNjgxODk4Myw3LjMzMzMzMzMzIDguNjY2NjY2NjcsNy4wMzQ4NTY1IDguNjY2NjY2NjcsNi42NjY2NjY2NyBDOC42NjY2NjY2Nyw2LjI5ODQ3NjgzIDguMzY4MTg5ODMsNiA4LDYgQzcuNjMxODEwMTcsNiA3LjMzMzMzMzMzLDYuMjk4NDc2ODMgNy4zMzMzMzMzMyw2LjY2NjY2NjY3IEM3LjMzMzMzMzMzLDcuMDM0ODU2NSA3LjYzMTgxMDE3LDcuMzMzMzMzMzMgOCw3LjMzMzMzMzMzIFogTTEwLjY2NjY2NjcsNy4zMzMzMzMzMyBDMTEuMDM0ODU2NSw3LjMzMzMzMzMzIDExLjMzMzMzMzMsNy4wMzQ4NTY1IDExLjMzMzMzMzMsNi42NjY2NjY2NyBDMTEuMzMzMzMzMyw2LjI5ODQ3NjgzIDExLjAzNDg1NjUsNiAxMC42NjY2NjY3LDYgQzEwLjI5ODQ3NjgsNiAxMCw2LjI5ODQ3NjgzIDEwLDYuNjY2NjY2NjcgQzEwLDcuMDM0ODU2NSAxMC4yOTg0NzY4LDcuMzMzMzMzMzMgMTAuNjY2NjY2Nyw3LjMzMzMzMzMzIFoiIGlkPSJDb21iaW5lZC1TaGFwZSIgZmlsbD0iI0ZGRkZGRiIgZmlsbC1ydWxlPSJub256ZXJvIj48L3BhdGg+ICAgICAgICAgICAgPC9nPiAgICAgICAgPC9nPiAgICA8L2c+PC9zdmc+
t8I8n6wctuVfyNG49l3lUOrlJ4bYi1ZW
9fe1154cb8c17ca58fbdd34128b3fba7
d80de44959f45dc76150066e6a6ed194
5e8f16062ea3cd2c4a0d547876baa6f38cabf625
959f4332ed18cfb1580673de788e2ab2
e746709afc6606f277f6ba5e1f77d61f
1860963185fe7a53c60d5c534d3b9fb6
sha256/Ko8tivDrEjiY90yGasP6ZpBU4jwXvHqVvQI0GS3GNdA=
a41ad40816ef4065f804046da95d5724
df6b721c8b4d3b6eb44c861d4415007e5a35fc95
8a3c4b262d721acd49a4bf97d5213199c86fa2b9
2c675536cd10af5f42a81fc37bdb2ae3
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IiB2aWV3Qm94PSIwIDAgMTYwIDMzIiBzdHlsZT0iZW5hYmxlLWJhY2tncm91bmQ6bmV3IDAgMCAxNjAgMzM7IiB4bWw6c3BhY2U9InByZXNlcnZlIj48c3R5bGUgdHlwZT0idGV4dC9jc3MiPi5zdDB7ZmlsbDojMkQyRDJEO308L3N0eWxlPjxnPjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik00OS42LDE0LjZjLTAuNCwwLTAuOCwwLjItMSwwLjVjLTAuMiwwLjQtMC40LDAuOS0wLjQsMS41YzAsMC43LDAuMSwxLjIsMC40LDEuNWMwLjIsMC4zLDAuNiwwLjUsMSwwLjVjMC41LDAsMC45LTAuMSwxLjEtMC40YzAuMi0wLjMsMC40LTAuOCwwLjQtMS40di0wLjJjMC0wLjctMC4xLTEuMy0wLjQtMS42QzUwLjUsMTQuNyw1MC4xLDE0LjYsNDkuNiwxNC42eiIvPjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04Ni4zLDE3LjNjLTAuMiwwLjEtMC40LDAuNS0wLjcsMS4xYy0wLjMsMC42LTAuMywwLjktMC4yLDFjMC4xLDAuMSwwLjUsMC4yLDEuMSwwLjJjMC4zLDAsMC41LDAsMC43LDBjMC4xLDAsMC4zLDAsMC41LDBjMC4yLDAsMC4zLTAuMSwwLjQtMC4xYzAuMS0wLjEsMC4yLTAuMSwwLjMtMC4yYzAuMS0wLjEsMC4yLTAuMiwwLjItMC40bDAuOC0xLjdsLTEuOCwwQzg2LjksMTcuMSw4Ni41LDE3LjEsODYuMywxNy4zeiIvPjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04MC42LDExLjNsLTIuNCwwbC0xLjQsMy4ybDIuNCwwYzAuNywwLDEuMi0wLjEsMS41LTAuM2MwLjMtMC4yLDAuNi0wLjUsMC44LTFsMC40LTAuOGMwLjItMC40LDAuMi0wLjcsMC0wLjlDODEuNiwxMS40LDgxLjIsMTEuMyw4MC42LDExLjN6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTQzLjksMTQuNmMtMC40LDAtMC43LDAuMS0xLDAuNGMtMC4yLDAuMi0wLjQsMC42LTAuNCwxaDIuNmMwLTAuNC0wLjEtMC44LTAuMy0xQzQ0LjYsMTQuNyw0NC4zLDE0LjYsNDMuOSwxNC42eiIvPjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik0yMC4yLDE0LjZjLTAuNSwwLTAuOSwwLjItMS4xLDAuNWMtMC4zLDAuMy0wLjQsMC44LTAuNCwxLjVjMCwwLjcsMC4xLDEuMiwwLjQsMS41YzAuMywwLjMsMC42LDAuNSwxLjEsMC41YzAuNSwwLDAuOS0wLjIsMS4xLTAuNWMwLjMtMC4zLDAuNC0wLjksMC40LTEuNWMwLTAuNy0wLjEtMS4yLTAuNC0xLjVDMjEuMSwxNC44LDIwLjgsMTQuNiwyMC4yLDE0LjZ6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTEwNy40LDEzLjdjLTAuNywwLTEuMiwwLjEtMS42LDAuM2MtMC4zLDAuMi0wLjYsMC41LTAuOCwxbC0xLjUsMy4zYy0wLjIsMC41LTAuMiwwLjgtMC4xLDFjMC4yLDAuMiwwLjYsMC4zLDEuMywwLjNjMC43LDAsMS4zLTAuMSwxLjYtMC4zYzAuMy0wLjIsMC42LTAuNSwwLjgtMWwxLjUtMy4zYzAuMi0wLjUsMC4yLTAuOCwwLjEtMUMxMDguNiwxMy44LDEwOC4yLDEzLjcsMTA3LjQsMTMuN3oiLz48cGF0aCBjbGFzcz0ic3QwIiBkPSJNMTUuMywxMy4yYy0wLjMtMC4yLTAuOC0wLjMtMS40LTAuM0gxM3YyLjdoMC43YzAuNywwLDEuMi0wLjEsMS42LTAuM2MwLjMtMC4yLDAuNS0wLjYsMC41LTEuMUMxNS43LDEzLjgsMTUuNiwxMy41LDE1LjMsMTMuMnoiLz48cGF0aCBjbGFzcz0ic3QwIiBkPSJNMzQuMSwxNC42Yy0wLjQsMC0wLjcsMC4xLTEsMC40Yy0wLjIsMC4yLTAuNCwwLjYtMC40LDFoMi42YzAtMC40LTAuMS0wLjgtMC4zLTFDMzQuOCwxNC43LDM0LjUsMTQuNiwzNC4xLDE0LjZ6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTU4LjcsMTQuNmMtMC41LDAtMC45LDAuMS0xLjEsMC40Yy0wLjIsMC4zLTAuMywwLjgtMC4zLDEuNmMwLDAuNywwLjEsMS4zLDAuNCwxLjZjMC4yLDAuMywwLjYsMC41LDEuMSwwLjVjMC41LDAsMC44LTAuMiwxLTAuNWMwLjItMC4zLDAuNC0wLjksMC40LTEuNWMwLTAuNy0wLjEtMS4yLTAuNC0xLjVDNTkuNiwxNC44LDU5LjIsMTQuNiw1OC43LDE0LjZ6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTE1Ni45LDAuMkgzLjFDMS40LDAuMiwwLDEuNiwwLDMuNHYyNi41QzAsMzEuNiwxLjQsMzMsMy4xLDMzaDE1My43YzEuNywwLDMuMS0xLjQsMy4xLTMuMVYzLjRDMTYwLDEuNiwxNTguNiwwLjIsMTU2LjksMC4yeiBNMTYsMTZjLTAuNSwwLjQtMS4zLDAuNi0yLjIsMC42SDEzdjIuOGgtMVYxMmgyYzEuOSwwLDIuOCwwLjcsMi44LDIuMkMxNi44LDE1LDE2LjUsMTUuNSwxNiwxNnogTTIyLjIsMTguN2MtMC41LDAuNS0xLjEsMC44LTEuOSwwLjhjLTAuNSwwLTEtMC4xLTEuMy0wLjRjLTAuNC0wLjItMC43LTAuNi0wLjktMWMtMC4yLTAuNC0wLjMtMS0wLjMtMS41YzAtMC45LDAuMi0xLjYsMC43LTIuMWMwLjUtMC41LDEuMS0wLjgsMS45LTAuOGMwLjgsMCwxLjQsMC4zLDEuOSwwLjhjMC41LDAuNSwwLjcsMS4yLDAuNywyLjFDMjIuOCwxNy41LDIyLjYsMTguMiwyMi4yLDE4Ljd6IE0yOS42LDE5LjRoLTEuMWwtMS0zLjJjLTAuMS0wLjItMC4xLTAuNS0wLjMtMWMtMC4xLDAuNC0wLjIsMC44LTAuMywxbC0xLDMuMmgtMS4xbC0xLjUtNS42aDEuMWwwLDAuMWMwLjMsMS40LDAuNiwyLjQsMC44LDMuMWMwLjEsMC40LDAuMiwwLjgsMC4yLDFjMC0wLjEsMC4xLTAuMiwwLjEtMC4zYzAuMS0wLjMsMC4yLTAuNSwwLjItMC43bDEtMy4yaDFsMSwzLjJjMC4xLDAuNCwwLjIsMC43LDAuMywxYzAsMCwwLTAuMSwwLTAuMWMwLjEtMC4yLDAuNC0xLjYsMS00bDAtMC4xaDEuMUwyOS42LDE5LjR6IE0zNi40LDE2LjloLTMuN2MwLDAuNiwwLjIsMSwwLjUsMS4zYzAuMywwLjMsMC43LDAuNSwxLjIsMC41YzAuNiwwLDEuMS0wLjEsMS43LTAuNGwwLjEtMC4xdjFsLTAuMSwwYy0wLjMsMC4xLTAuNiwwLjItMC44LDAuM2MtMC4zLDAuMS0wLjYsMC4xLTEsMC4xYy0wLjgsMC0xLjUtMC4zLTItMC44Yy0wLjUtMC41LTAuNy0xLjItMC43LTIuMWMwLTAuOSwwLjItMS42LDAuNy0yLjFjMC40LTAuNSwxLjEtMC44LDEuOC0wLjhjMC43LDAsMS4zLDAuMiwxLjcsMC43YzAuNCwwLjUsMC42LDEuMSwwLjYsMS44VjE2Ljl6IE00MC44LDE0LjdsLTAuMSwwYy0wLjIsMC0wLjQtMC4xLTAuNi0wLjFjLTAuNCwwLTAuOCwwLjItMSwwLjVjLTAuMywwLjMtMC40LDAuOC0wLjQsMS4zdjNoLTF2LTUuNmgwLjlsMC4xLDAuOGMwLjItMC4zLDAuNC0wLjUsMC42LTAuNmMwLjMtMC4yLDAuNi0wLjMsMS0wLjNjMC4yLDAsMC41LDAsMC43LDAuMWwwLjEsMEw0MC44LDE0Ljd6IE00Ni4yLDE2LjloLTMuN2MwLDAuNiwwLjIsMSwwLjUsMS4zYzAuMywwLjMsMC43LDAuNSwxLjIsMC41YzAuNiwwLDEuMS0wLjEsMS43LTAuNGwwLjEtMC4xdjFsLTAuMSwwYy0wLjMsMC4xLTAuNiwwLjItMC44LDAuM2MtMC4zLDAuMS0wLjYsMC4xLTEsMC4xYy0wLjgsMC0xLjUtMC4zLTItMC44Yy0wLjUtMC41LTAuNy0xLjItMC43LTIuMWMwLTAuOSwwLjItMS42LDAuNy0yLjFjMC40LTAuNSwxLjEtMC44LDEuOC0wLjhjMC43LDAsMS4zLDAuMiwxLjcsMC43YzAuNCwwLjUsMC42LDEuMSwwLjYsMS44VjE2Ljl6IE01Mi4xLDE5LjRoLTAuOWwtMC4xLTAuNmMtMC40LDAuNS0xLDAuNy0xLjcsMC43Yy0wLjcsMC0xLjMtMC4zLTEuNy0wLjhjLTAuNC0wLjUtMC42LTEuMi0wLjYtMi4xYzAtMC45LDAuMi0xLjYsMC42LTIuMWMwLjQtMC41LDEtMC44LDEuNy0wLjhjMC43LDAsMS4yLDAuMiwxLjYsMC43bDAtMC4xbDAtMC40bDAtMi4zaDFWMTkuNHogTTYwLjYsMTguN2MtMC40LDAuNS0xLDAuOC0xLjcsMC44Yy0wLjQsMC0wLjctMC4xLTEtMC4yYy0wLjMtMC4xLTAuNS0wLjMtMC43LTAuNUw1NywxOS40aC0wLjh2LTcuOWgxdjJjMCwwLjMsMCwwLjYsMCwwLjljMC40LTAuNCwwLjktMC43LDEuNi0wLjdjMC43LDAsMS4zLDAuMywxLjcsMC44YzAuNCwwLjUsMC42LDEuMiwwLjYsMi4xQzYxLjIsMTcuNSw2MSwxOC4yLDYwLjYsMTguN3ogTTY0LjUsMjAuMWMtMC4yLDAuNi0wLjUsMS4xLTAuOCwxLjNjLTAuMywwLjMtMC43LDAuNC0xLjIsMC40Yy0wLjMsMC0wLjUsMC0wLjgtMC4xbC0wLjEsMHYtMC45bDAuMSwwYzAuMiwwLDAuNCwwLjEsMC42LDAuMWMwLjUsMCwwLjktMC4zLDEuMS0wLjlsMC4zLTAuN2wtMi4yLTUuNWgxLjFsMS4yLDMuMmMwLjIsMC41LDAuMywwLjksMC40LDEuMmMwLTAuMiwwLjEtMC4zLDAuMi0wLjZjMC4xLTAuNCwwLjYtMS43LDEuMy0zLjhsMC0wLjFoMS4xTDY0LjUsMjAuMXogTTgxLjUsMjFsLTMuMiwwbC0xLTQuNmwtMS4zLDBsLTIsNC42TDcxLDIxbDUuMi0xMS43bDUuMywwYzEuNSwwLDIuNiwwLjIsMy4xLDAuNmMwLjUsMC40LDAuNiwxLDAuMiwxLjlsLTAuOSwyLjFjLTAuMywwLjctMC44LDEuMy0xLjUsMS42Yy0wLjcsMC40LTEuNCwwLjYtMi4yLDAuN0w4MS41LDIxeiBNODcuNiwyMWwwLjQtMC44Yy0wLjMsMC4zLTAuNywwLjYtMS4yLDAuN2MtMC40LDAuMi0xLjEsMC4yLTIuMSwwLjJjLTEuMiwwLTEuOS0wLjItMi4xLTAuNWMtMC4yLTAuNC0wLjEtMS4xLDAuNC0yLjNjMC41LTEsMS0xLjgsMS42LTIuMmMwLjYtMC40LDEuNC0wLjYsMi40LTAuNmwzLDBsMC4zLTAuNmMwLjItMC41LDAuMy0wLjksMC4xLTEuMWMtMC4yLTAuMi0wLjctMC4zLTEuNC0wLjNjLTAuNywwLTEuOCwwLjEtMy4yLDAuMmwwLjctMS43YzEuMS0wLjEsMi4yLTAuMiwzLjQtMC4yYzEuNiwwLDIuNiwwLjIsMy4xLDAuNmMwLjUsMC40LDAuNCwxLjItMC4xLDIuM2wtMi43LDZMODcuNiwyMXogTTk5LDIxbC03LjksMGwwLjYtMS40bDYuOS01LjZsLTQuMiwwbDAuOC0xLjdsNy42LDBsLTAuNiwxLjRsLTYuOSw1LjZsNC41LDBMOTksMjF6IE0xMDgsMjAuNGMtMC40LDAuMi0wLjgsMC40LTEuMywwLjVjLTAuNSwwLjEtMC45LDAuMi0xLjMsMC4yYy0wLjQsMC0wLjgsMC0xLjMsMGMtMC41LDAtMC45LDAtMS4zLDBjLTAuMywwLTAuNy0wLjEtMS4xLTAuMmMtMC40LTAuMS0wLjYtMC4zLTAuOC0wLjVjLTAuMi0wLjItMC4yLTAuNS0wLjItMC45YzAtMC40LDAuMS0wLjksMC40LTEuNWwxLjEtMi42YzAuMy0wLjYsMC42LTEuMSwxLTEuNWMwLjQtMC40LDAuOC0wLjgsMS4xLTFjMC40LTAuMiwwLjgtMC40LDEuMy0wLjVjMC41LTAuMSwwLjktMC4yLDEuMy0wLjJjMC40LDAsMC44LDAsMS4zLDBjMC41LDAsMC45LDAsMS4yLDBjMC4zLDAsMC43LDAuMSwxLjEsMC4yYzAuNCwwLjEsMC42LDAuMywwLjgsMC41YzAuMiwwLjIsMC4zLDAuNiwwLjIsMWMwLDAuNC0wLjEsMC45LTAuNCwxLjVMMTEwLDE4Yy0wLjMsMC42LTAuNiwxLTAuOSwxLjVDMTA4LjcsMTkuOSwxMDguMywyMC4yLDEwOCwyMC40eiBNMTA5LjgsMjFsMy45LTguN2wyLjUsMGwtMC43LDEuNWMwLjItMC40LDAuNi0wLjgsMS4zLTEuMmMwLjYtMC40LDEuMi0wLjUsMS44LTAuNWwwLjksMGwtMSwyLjJsLTAuOSwwYy0wLjcsMC0xLjMsMC4xLTEuOCwwLjNjLTAuNSwwLjItMC44LDAuNi0xLjEsMS4xbC0yLjMsNS4yTDEwOS44LDIxeiBNMTI0LjYsMjAuNWMtMC44LDAuNC0xLjgsMC43LTMuMSwwLjdjLTAuOCwwLTEuNC0wLjEtMS43LTAuMmMtMC4zLTAuMS0wLjUtMC40LTAuNC0wLjlsLTIuMSw0LjZsLTIuNiwwbDUuNi0xMi41bDIuNSwwbC0wLjQsMC45YzAuMy0wLjQsMC44LTAuNywxLjMtMC44YzAuNS0wLjIsMS4yLTAuMiwyLjEtMC4yYzAuNywwLDEuMywwLjEsMS43LDAuMmMwLjQsMC4xLDAuNywwLjMsMC44LDAuNmMwLjEsMC4zLDAuMSwwLjYsMC4xLDAuOWMtMC4xLDAuMy0wLjIsMC44LTAuNSwxLjNsLTEuMywyLjlDMTI2LDE5LjIsMTI1LjMsMjAuMSwxMjQuNiwyMC41eiBNMTMxLjgsMjFsMC40LTAuOGMtMC4zLDAuMy0wLjcsMC42LTEuMiwwLjdjLTAuNCwwLjItMS4xLDAuMi0yLjEsMC4yYy0xLjIsMC0xLjktMC4yLTIuMS0wLjVjLTAuMi0wLjQtMC4xLTEuMSwwLjQtMi4zYzAuNS0xLDEtMS44LDEuNi0yLjJjMC42LTAuNCwxLjQtMC42LDIuNC0wLjZsMywwbDAuMy0wLjZjMC4yLTAuNSwwLjMtMC45LDAuMS0xLjFjLTAuMi0wLjItMC43LTAuMy0xLjQtMC4zYy0wLjcsMC0xLjgsMC4xLTMuMiwwLjJsMC43LTEuN2MxLjEtMC4xLDIuMi0wLjIsMy40LTAuMmMxLjYsMCwyLjYsMC4yLDMuMSwwLjZjMC41LDAuNCwwLjQsMS4yLTAuMSwyLjNsLTIuNyw2TDEzMS44LDIxeiBNMTM3LjcsMjQuOGwtMi43LDBsMy4zLTMuOGwwLjQtOC43bDIuOSwwbC0wLjgsNi4ybDQuNS02LjJsMi43LDBMMTM3LjcsMjQuOHoiLz48cGF0aCBjbGFzcz0ic3QwIiBkPSJNMTMwLjUsMTcuM2MtMC4yLDAuMS0wLjQsMC41LTAuNywxLjFjLTAuMywwLjYtMC4zLDAuOS0wLjIsMWMwLjEsMC4xLDAuNSwwLjIsMS4xLDAuMmMwLjMsMCwwLjUsMCwwLjcsMGMwLjEsMCwwLjMsMCwwLjUsMGMwLjIsMCwwLjMtMC4xLDAuNC0wLjFjMC4xLTAuMSwwLjItMC4xLDAuMy0wLjJjMC4xLTAuMSwwLjItMC4yLDAuMi0wLjRsMC44LTEuN2wtMS44LDBDMTMxLjEsMTcuMSwxMzAuNywxNy4xLDEzMC41LDE3LjN6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTEyMy45LDEzLjdjLTAuNywwLTEuMywwLjEtMS42LDAuM2MtMC4zLDAuMi0wLjYsMC41LTAuOCwxbC0xLjQsMy4yYy0wLjIsMC41LTAuMywwLjktMC4xLDFjMC4xLDAuMiwwLjYsMC4zLDEuNCwwLjNjMC44LDAsMS4zLTAuMSwxLjYtMC4zYzAuMy0wLjIsMC42LTAuNSwwLjgtMWwxLjQtMy4yYzAuMy0wLjYsMC4zLTAuOSwwLjItMS4xQzEyNS4zLDEzLjgsMTI0LjgsMTMuNywxMjMuOSwxMy43eiIvPjwvZz48L3N2Zz4=
a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc
b230776778ca63a772f574cb1c924e5148ec94e48faabc893d46ad1fc3cf12687e82252427e75c7c37a67f586458df5ca39c2928d7239c05babe6a75fbddde44
92cc5c288ae294d9903c33e4dfe9c7a7
E3F9E1E0CF99D0E56A055BA65E241B3399F7CEA524326B0CDD6EC1327ED0FDC1
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c3ZnIHdpZHRoPSIxMnB4IiBoZWlnaHQ9IjE1cHgiIHZpZXdCb3g9IjAgMCAxMiAxNSIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4gICAgICAgIDx0aXRsZT5pYy1sb2NrLTI0cHhAMng8L3RpdGxlPiAgICA8ZGVzYz5DcmVhdGVkIHdpdGggU2tldGNoLjwvZGVzYz4gICAgPGRlZnM+PC9kZWZzPiAgICA8ZyBpZD0iUGFnZS0xIiBzdHJva2U9Im5vbmUiIHN0cm9rZS13aWR0aD0iMSIgZmlsbD0ibm9uZSIgZmlsbC1ydWxlPSJldmVub2RkIj4gICAgICAgIDxnIGlkPSI1LjQiIHRyYW5zZm9ybT0idHJhbnNsYXRlKC0yNi4wMDAwMDAsIC01OTYuMDAwMDAwKSI+ICAgICAgICAgICAgPGcgaWQ9Ikdyb3VwLTciIHRyYW5zZm9ybT0idHJhbnNsYXRlKDE2LjAwMDAwMCwgNTg4LjAwMDAwMCkiPiAgICAgICAgICAgICAgICA8ZyBpZD0iaWMtbG9jay0yNHB4IiB0cmFuc2Zvcm09InRyYW5zbGF0ZSg4LjAwMDAwMCwgOC4wMDAwMDApIj4gICAgICAgICAgICAgICAgICAgIDxwb2x5Z29uIGlkPSJTaGFwZSIgcG9pbnRzPSIwIDAgMTYgMCAxNiAxNiAwIDE2Ij48L3BvbHlnb24+ICAgICAgICAgICAgICAgICAgICA8cGF0aCBkPSJNMTIsNS4zMzMzMzMzMyBMMTEuMzMzMzMzMyw1LjMzMzMzMzMzIEwxMS4zMzMzMzMzLDQgQzExLjMzMzMzMzMsMi4xNiA5Ljg0LDAuNjY2NjY2NjY3IDgsMC42NjY2NjY2NjcgQzYuMTYsMC42NjY2NjY2NjcgNC42NjY2NjY2NywyLjE2IDQuNjY2NjY2NjcsNCBMNC42NjY2NjY2Nyw1LjMzMzMzMzMzIEw0LDUuMzMzMzMzMzMgQzMuMjY2NjY2NjcsNS4zMzMzMzMzMyAyLjY2NjY2NjY3LDUuOTMzMzMzMzMgMi42NjY2NjY2Nyw2LjY2NjY2NjY3IEwyLjY2NjY2NjY3LDEzLjMzMzMzMzMgQzIuNjY2NjY2NjcsMTQuMDY2NjY2NyAzLjI2NjY2NjY3LDE0LjY2NjY2NjcgNCwxNC42NjY2NjY3IEwxMiwxNC42NjY2NjY3IEMxMi43MzMzMzMzLDE0LjY2NjY2NjcgMTMuMzMzMzMzMywxNC4wNjY2NjY3IDEzLjMzMzMzMzMsMTMuMzMzMzMzMyBMMTMuMzMzMzMzMyw2LjY2NjY2NjY3IEMxMy4zMzMzMzMzLDUuOTMzMzMzMzMgMTIuNzMzMzMzMyw1LjMzMzMzMzMzIDEyLDUuMzMzMzMzMzMgWiBNOCwxMS4zMzMzMzMzIEM3LjI2NjY2NjY3LDExLjMzMzMzMzMgNi42NjY2NjY2NywxMC43MzMzMzMzIDYuNjY2NjY2NjcsMTAgQzYuNjY2NjY2NjcsOS4yNjY2NjY2NyA3LjI2NjY2NjY3LDguNjY2NjY2NjcgOCw4LjY2NjY2NjY3IEM4LjczMzMzMzMzLDguNjY2NjY2NjcgOS4zMzMzMzMzMyw5LjI2NjY2NjY3IDkuMzMzMzMzMzMsMTAgQzkuMzMzMzMzMzMsMTAuNzMzMzMzMyA4LjczMzMzMzMzLDExLjMzMzMzMzMgOCwxMS4zMzMzMzMzIFogTTEwLjA2NjY2NjcsNS4zMzMzMzMzMyBMNS45MzMzMzMzMyw1LjMzMzMzMzMzIEw1LjkzMzMzMzMzLDQgQzUuOTMzMzMzMzMsMi44NiA2Ljg2LDEuOTMzMzMzMzMgOCwxLjkzMzMzMzMzIEM5LjE0LDEuOTMzMzMzMzMgMTAuMDY2NjY2NywyLjg2IDEwLjA2NjY2NjcsNCBMMTAuMDY2NjY2Nyw1LjMzMzMzMzM
PHN2ZyBmaWxsPSIjRkZGRkZGIiBoZWlnaHQ9IjI0IiB2aWV3Qm94PSIwIDAgMjQgMjQiIHdpZHRoPSIyNCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4gICAgPHBhdGggZD0iTTguNTkgMTYuMzRsNC41OC00LjU5LTQuNTgtNC41OUwxMCA1Ljc1bDYgNi02IDZ6Ii8+ICAgIDxwYXRoIGQ9Ik0wLS4yNWgyNHYyNEgweiIgZmlsbD0ibm9uZSIvPjwvc3ZnPg==
5f0c7fd2678f44beba342ffbd306984e
FBA3AF4E7757D9016E953FB3EE4671CA2BD9AF725F9A53D52ED4A38EAAA08901
9ab544c1e47f701f6f24e59ebd7efdc7
51697c2039e6c1e49e6c8fd5856b0096
9b8f518b086098de3d77736f9458a3d2f6f95a37
42bcbe49f0e68424f34c9e0f59d014cc
b5df90d6741a4136914f1f83a996409a

安全提示信息 应用程序记录日志信息,不得记录敏感信息 

应用程序记录日志信息,不得记录敏感信息
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs

Files:
a/a/a/a/c/c1.java, line(s) 82,158
co/hyperverge/crashguard/CrashGuard.java, line(s) 107
co/hyperverge/crashguard/data/repo/CrashEventsRepo.java, line(s) 60
co/hyperverge/crashguard/services/CrashIntentService$onHandleWork$1.java, line(s) 89,99,86
co/hyperverge/crashguard/services/CrashIntentService.java, line(s) 74,103,126
co/hyperverge/facedetection/FaceDetectorApi.java, line(s) 21,39,49,57
co/hyperverge/hvcamera/GLTextureView.java, line(s) 138,165,220,228,507,641
co/hyperverge/hvcamera/HVCamUtils.java, line(s) 29,40,43,59,76,99
co/hyperverge/hvcamera/HVMagicView.java, line(s) 64,104,152,168,194,198,219,277,281,310,348
co/hyperverge/hvcamera/magicfilter/camera/CameraEngine.java, line(s) 24,82,105,114,131,147,156
co/hyperverge/hvcamera/magicfilter/camera/CameraEngine1.java, line(s) 79,90,116,123,134,144,153,179,201,213,220,227,236,242,248,257,311,321,326,336,351,386,392,406,412,420,429
co/hyperverge/hvcamera/magicfilter/camera/CameraEngine2.java, line(s) 157,259,274,374,381,412,433,462,480,489,495,498,531,539,554,577,582,589,593,597,615,630,649,692,702,731,740,747,778,791,795,822
co/hyperverge/hvcamera/magicfilter/display/MagicCameraDisplay.java, line(s) 83,101,129,162,188,495,147,241,274,439,483,505
co/hyperverge/hvcamera/magicfilter/display/MagicCameraDisplay2.java, line(s) 166,252,282,444,467,505
co/hyperverge/hvcamera/magicfilter/display/MagicDisplay.java, line(s) 64,99,107
co/hyperverge/hvcamera/magicfilter/filter/base/MagicCameraInputFilter.java, line(s) 30,55,80,85,101,127
co/hyperverge/hvcamera/magicfilter/filter/base/gpuimage/GPUImageFilter.java, line(s) 99,101,176,205,210,238
co/hyperverge/hvcamera/magicfilter/utils/AutoFocusHelper.java, line(s) 20,34
co/hyperverge/hvcamera/magicfilter/utils/BitmapUtil.java, line(s) 13
co/hyperverge/hvcamera/magicfilter/utils/Camera2Utils.java, line(s) 42,53,59,78,94,115
co/hyperverge/hvcamera/magicfilter/utils/Exif.java, line(s) 12
co/hyperverge/hvcamera/magicfilter/utils/OpenGLUtils.java, line(s) 11,23,38
co/hyperverge/hvcamera/magicfilter/utils/Rotation.java, line(s) 38,58
co/hyperverge/hvcamera/magicfilter/utils/SaveTask.java, line(s) 31,41,49,69
co/hyperverge/hvcamera/magicfilter/utils/SaveTask2.java, line(s) 33,61,65,74
co/hyperverge/hvcamera/magicfilter/utils/TextureRotationUtil.java, line(s) 41,47
co/hyperverge/hvcamera/sensor/AccelerometerEngine.java, line(s) 40,53,82,95,114,120,161
co/hyperverge/hvcamera/sensor/SensorEngine.java, line(s) 29,35,41,48,64
co/hyperverge/hypersnapsdk/HyperSnapSDK.java, line(s) 69,282,289,344,349,354,377
co/hyperverge/hypersnapsdk/activities/HVBaseActivity.java, line(s) 187
co/hyperverge/hypersnapsdk/activities/HVDocInstructionActivity.java, line(s) 88,124
co/hyperverge/hypersnapsdk/activities/HVDocReviewActivity.java, line(s) 132,158,172,210
co/hyperverge/hypersnapsdk/activities/HVDocsActivity.java, line(s) 476,505,830,1163,1190,1246,1257,1260,1274,1291,1319,1325,1364,1498,1534,1646,265,593,758,838
co/hyperverge/hypersnapsdk/activities/HVFaceActivity.java, line(s) 85,120,143,153,210,222
co/hyperverge/hypersnapsdk/activities/HVRetakeActivity.java, line(s) 121,167,227
co/hyperverge/hypersnapsdk/activities/e.java, line(s) 42
co/hyperverge/hypersnapsdk/activities/h.java, line(s) 270
co/hyperverge/hypersnapsdk/analytics/AnalyticsTracker.java, line(s) 35,39
co/hyperverge/hypersnapsdk/analytics/mixpanel/MixPanelManager.java, line(s) 65,76,108,112,156,176,204,249,269,302,351,355,386,411,442,467,481,516,559,583
co/hyperverge/hypersnapsdk/analytics/mixpanel/network/EventSyncRepo.java, line(s) 40
co/hyperverge/hypersnapsdk/analytics/mixpanel/network/MixPanelIntentService.java, line(s) 46,54,57,68,106,127
co/hyperverge/hypersnapsdk/analytics/rudderstack/HVRudderstackManager.java, line(s) 55,67
co/hyperverge/hypersnapsdk/data/remote/HVRemoteConfigRepo.java, line(s) 88,115
co/hyperverge/hypersnapsdk/data/remote/RemoteDataSource.java, line(s) 117,135,171,302
co/hyperverge/hypersnapsdk/data/remote/SignatureHelper.java, line(s) 36,48,70,78,85,97,126
co/hyperverge/hypersnapsdk/helpers/CamPreviewFaceDetectionHandler.java, line(s) 169
co/hyperverge/hypersnapsdk/helpers/DocOCRHelper.java, line(s) 43,54,75,117
co/hyperverge/hypersnapsdk/helpers/ExifHelper.java, line(s) 64
co/hyperverge/hypersnapsdk/helpers/FileHelper.java, line(s) 86,111,171,212
co/hyperverge/hypersnapsdk/helpers/HVCameraHelper.java, line(s) 43,64,71
co/hyperverge/hypersnapsdk/helpers/ImageComparisonHelper.java, line(s) 31,83,106,120,148
co/hyperverge/hypersnapsdk/helpers/MLKitFaceHelper.java, line(s) 55,252
co/hyperverge/hypersnapsdk/helpers/SPHelper.java, line(s) 29,62
co/hyperverge/hypersnapsdk/helpers/SaveBitmapAsync.java, line(s) 84,150,205
co/hyperverge/hypersnapsdk/helpers/WaterMarkHelper.java, line(s) 60,67,71
co/hyperverge/hypersnapsdk/liveness/ui/texturetracker/TextureFragment.java, line(s) 213,637,897,944,1033,1064,1610,401,405,456,620,718
co/hyperverge/hypersnapsdk/liveness/ui/texturetracker/TexturePresenter.java, line(s) 152,217,259,270,275,305,466,494,556,586
co/hyperverge/hypersnapsdk/liveness/ui/texturetracker/f.java, line(s) 100,123
co/hyperverge/hypersnapsdk/liveness/ui/texturetracker/g.java, line(s) 77,88,48
co/hyperverge/hypersnapsdk/objects/HVDocConfig.java, line(s) 115,172
co/hyperverge/hypersnapsdk/objects/HVFaceConfig.java, line(s) 124,169,202,373
co/hyperverge/hypersnapsdk/objects/HVResponse.java, line(s) 45
co/hyperverge/hypersnapsdk/service/HVSignatureService.java, line(s) 22,48,64
co/hyperverge/hypersnapsdk/service/errortracking/ErrorMonitor.java, line(s) 36
co/hyperverge/hypersnapsdk/service/sensorbiometrics/HVSensorBiometrics.java, line(s) 142,164,226,275,286,292
co/hyperverge/hypersnapsdk/utils/UIUtils.java, line(s) 36,66
co/hyperverge/hypersnapsdk/utils/Utils.java, line(s) 50,100
co/hyperverge/hypersnapsdk/views/RectPortHoleView.java, line(s) 44
com/amazonaws/logging/AndroidLog.java, line(s) 28,93,41,46,51,56,61,79,114
com/appsflyer/internal/AFh1ySDK.java, line(s) 61,56
com/balancehero/TBApplication$sendMoengageLog$1.java, line(s) 48
com/balancehero/base/view/binder/DividerItemDecoration.java, line(s) 37
com/balancehero/truebalance/account/upgrade/panimage/viewmodel/PanCaptureViewModel.java, line(s) 137
com/balancehero/truebalance/log/LogManager$sendUserLog4$1.java, line(s) 51
com/balancehero/truebalance/log/UserLogSender.java, line(s) 78,109,129,137,226,246,288,348,374
com/balancehero/truebalance/log/a.java, line(s) 27,35
com/balancehero/truebalance/log/fingerprint/base/BaseFingerPrintLog.java, line(s) 80
com/balancehero/truebalance/log/userlog4/base/BHBaseUserLog.java, line(s) 216,248
com/balancehero/truebalance/log/weblog/WebErrorLog.java, line(s) 125,125,125,78,125,125
com/balancehero/truebalance/log/weblog/WebUserLog.java, line(s) 125,125,125,78,125,125
com/balancehero/truebalance/notifications/WidgetNotificationActionReceiver.java, line(s) 130
com/balancehero/truebalance/notifications/WidgetNotificationManager.java, line(s) 154,164
com/balancehero/truebalance/notifications/a.java, line(s) 31,41
com/balancehero/truebalance/onboarding/widget/DotsIndicator.java, line(s) 66
com/balancehero/truebalance/recharge/bill/details/selectsheet/SelectBottomSheetActivity.java, line(s) 127
com/balancehero/truebalance/specialOccasionBanner/fragment/OccasionBannerFragment.java, line(s) 160
com/jakewharton/disklrucache/DiskLruCache.java, line(s) 327
com/moengage/core/internal/logger/LogUtilKt.java, line(s) 62,65,70
com/moengage/datatype/MOEDatetime.java, line(s) 84,89
com/onemoney/android/commonsdk/activity/OnemoneyDiscoverAccountsActivity.java, line(s) 157
com/onemoney/android/commonsdk/utility/OTPBroadCastReceiverWithoutPermission.java, line(s) 27
com/onemoney/custom/Onemoney$discoverMultipleAccounts$1.java, line(s) 77
com/onemoney/custom/Onemoney$loginUser$1.java, line(s) 138
com/onemoney/custom/Onemoney$postErrorLogs$1.java, line(s) 137
com/onemoney/custom/Onemoney$updateConsent$1.java, line(s) 135
com/onemoney/custom/Onemoney$verifyOtpTologinUser$1.java, line(s) 142
com/payu/crashlogger/PayUCrashlyticsUtils.java, line(s) 49
com/payu/custombrowser/PayUWebChromeClient.java, line(s) 58
com/payu/custombrowser/util/b.java, line(s) 829
com/payu/custombrowser/util/d.java, line(s) 9,21
com/payu/otpparser/L.java, line(s) 12
com/payu/otpparser/SharedPrefsUtils.java, line(s) 74
com/payu/payuanalytics/analytics/utils/SharedPrefsUtils.java, line(s) 74
com/payu/socketverification/socketclient/client/m.java, line(s) 101
com/payu/upisdk/util/a.java, line(s) 27,33
com/payu/upisdk/util/c.java, line(s) 204,201
com/pirimid/webviewsdk/WebViewSDK.java, line(s) 38,159
com/razorpay/BaseUtils.java, line(s) 1043,871
com/razorpay/Q$$U_.java, line(s) 89
com/razorpay/RzpAssist.java, line(s) 93
com/razorpay/SmsReceiver.java, line(s) 36
com/razorpay/d__1_.java, line(s) 42,100
com/rudderstack/android/sdk/core/RudderLogger.java, line(s) 32,54,44
dagger/android/AndroidInjection.java, line(s) 37
in/finbox/common/init/CommonInitProvider.java, line(s) 35,41
in/finbox/common/pref/AccountPref.java, line(s) 32
in/finbox/common/pref/FlowDataPref.java, line(s) 32
in/finbox/common/pref/SyncPref.java, line(s) 32
in/finbox/common/utils/CommonUtil.java, line(s) 172,207,260,267,278,292
in/finbox/logger/Logger.java, line(s) 208,290
in/finbox/logger/database/db/LoggerDatabase.java, line(s) 45
in/juspay/hyper/core/JuspayLogger.java, line(s) 33,99,89
org/sufficientlysecure/htmltextview/HtmlHttpImageGetter.java, line(s) 102
zendesk/belvedere/L.java, line(s) 21,28,14
zendesk/belvedere/Storage.java, line(s) 98
zendesk/messaging/MessagingModel.java, line(s) 279

安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 

此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard

Files:
com/balancehero/tcloan/leveluploan/webIntro/WebIntroBridge.java, line(s) 4,28,29
com/balancehero/truebalance/payment/viewmodel/PaymentFailureViewModel.java, line(s) 4,149,150
com/balancehero/utils/AndroidUtils.java, line(s) 6,39
com/moengage/core/internal/c.java, line(s) 4,42
com/moengage/core/internal/utils/CoreUtils.java, line(s) 6,530
com/razorpay/RzpAssist.java, line(s) 6,181
in/juspay/hypersdk/core/JBridge.java, line(s) 8,429

安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密 

应用程序可以写入应用程序目录。敏感信息应加密


Files:
a/a/a/a/f/d.java, line(s) 14
com/onemoney/android/commonsdk/activity/OnemoneyConsentDetailsActivity.java, line(s) 303
com/payu/otpparser/SharedPrefsUtils.java, line(s) 41
com/payu/payuanalytics/analytics/utils/SharedPrefsUtils.java, line(s) 41

安全提示信息 应用与Firebase数据库通信 

该应用与位于 https://true-balance-c2740.firebaseio.com 的 Firebase 数据库进行通信

已通过安全项 基本配置配置为禁止到所有域的明文流量。 

Scope:
*

已通过安全项 证书固定没有有效期。确保在证书过期之前更新引脚。[Pin: 6p2xxelZU+mzMHIB0I5noWvlL4xUfur4VpIhPaFkW+8= Digest: SHA-256,Pin: 07YatjvCkZt25JF7BgoDPIskxEX66nZjDzcn/pALf+0= Digest: SHA-256] 

Scope:
api.truebalance.cc

已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 

此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4

Files:
co/hyperverge/crashguard/services/CrashIntentService$sentryApiInterface$2.java, line(s) 31,24
co/hyperverge/hypersnapsdk/analytics/mixpanel/network/MixPanelIntentService.java, line(s) 94,92
co/hyperverge/hypersnapsdk/data/remote/ApiClient.java, line(s) 48,48,48,48,48,48,48,48,48,48,48,48,48,28,50
com/balancehero/DaggerTBApplication_HiltComponents_SingletonC.java, line(s) 1660,1678,1831,2089,2129,2319,1658,1676,1829,2087,2127,2317
com/balancehero/truebalance/api/TrueBalanceApiHelper.java, line(s) 58,54
com/balancehero/truebalance/api/client/TLSSocketFactory.java, line(s) 73,37,72,71,71
com/balancehero/truebalance/onboarding/viewmodel/RegisterPasswordOnboardingViewModel.java, line(s) 208,208
com/onemoney/custom/Onemoney.java, line(s) 89,89
com/pirimid/webviewsdk/PushEventClient.java, line(s) 13,13
in/finbox/common/network/RetrofitProvider.java, line(s) 69,69
in/finbox/mobileriskmanager/common/network/a.java, line(s) 27,27
in/juspay/hypersdk/security/HyperSSLSocketFactory.java, line(s) 75,67,74,73,73
zendesk/core/ZendeskNetworkModule.java, line(s) 57,70,77,57,70,77
zendesk/support/SupportSdkModule.java, line(s) 71,78

已通过安全项 此应用程序可能具有Root检测功能 

此应用程序可能具有Root检测功能
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1

Files:
co/hyperverge/crashguard/utils/RootChecker.java, line(s) 11,11,11,11,11,11
in/finbox/mobileriskmanager/n0.java, line(s) 9,9,9,9,9
in/juspay/hypersdk/data/SessionInfo.java, line(s) 143,147

已通过安全项 Firebase远程配置已禁用 

Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/774463934809/namespaces/firebase:fetch?key=AIzaSyAJNilsoFdB8BwKObm7kHFT9e_uvFAJKD4 ) 已禁用。响应内容如下所示:

响应码是 403

综合安全基线评分总结

应用图标

True Balance v7.02.00

Android APK
51
综合安全评分
中风险