安全分析报告:
安全分数
安全分数 51/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
3
用户/设备跟踪器
调研结果
高危
2
中危
17
信息
1
安全
2
关注
1
高危 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: ch/acra/acra/BuildConfig.java, line(s) 3,4
高危 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: com/inreality/androidutils/mqtt/client/SocketFactory.java, line(s) 129,16,17,18,19,20,21,22,23,24
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Service (com.inreality.android_rules_engine.RulesEngineService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.inreality.android_rules_engine.RunOnStartup) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.inreality.androidutils.internal.InternalMessageReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/splunk/mint/StacktraceHash.java, line(s) 87 com/splunk/mint/UidManager.java, line(s) 55 com/stericson/RootTools/internal/Installer.java, line(s) 206
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/splunk/mint/StacktraceHash.java, line(s) 89 com/splunk/mint/UidManager.java, line(s) 60 io/sentry/util/StringUtils.java, line(s) 59 org/h2/util/MathUtils.java, line(s) 77,82 org/nanohttpd/protocols/websockets/NanoWSD.java, line(s) 77
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/acg/android/utils/system/update/UpdateAppSharedPref.java, line(s) 8,9 com/inreality/android/notification/IRNotificationUtils.java, line(s) 18 com/inreality/android/pipedream/PipeDreamUtils.java, line(s) 17 com/inreality/androidutils/internal/InternalMessageUtils.java, line(s) 17 com/inreality/androidutils/mq/client/MQClient.java, line(s) 31 com/inreality/androidutils/mqtt/client/MQTTClient.java, line(s) 60,59 com/inreality/log/pv3/base/mq/MQClient.java, line(s) 30 com/inreality/log/pv3/base/util/LinuxAVAUtils.java, line(s) 31,54,79,91,103,40,65,43,68,42,67,33,56,81,93,105 com/rabbitmq/client/ConnectionFactory.java, line(s) 47,62,61 com/rabbitmq/client/ConnectionFactoryConfigurator.java, line(s) 34,38 com/rabbitmq/client/Envelope.java, line(s) 33 com/splunk/mint/Properties.java, line(s) 37 io/jsonwebtoken/JwsHeader.java, line(s) 8 io/sentry/Baggage.java, line(s) 36 io/sentry/SpanDataConvention.java, line(s) 4,5,6,7,8,10,9 io/sentry/TraceContext.java, line(s) 24 io/sentry/android/okhttp/SentryOkHttpEventKt.java, line(s) 7,8 io/sentry/protocol/User.java, line(s) 39 org/h2/constraint/Constraint.java, line(s) 17 org/h2/engine/Constants.java, line(s) 56 org/h2/security/CipherFactory.java, line(s) 34,36,35 org/jsoup/helper/W3CDom.java, line(s) 208 org/jsoup/nodes/DocumentType.java, line(s) 12,13,15 org/jsoup/parser/TokeniserState.java, line(s) 1217 org/nanohttpd/protocols/websockets/NanoWSD.java, line(s) 22
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/Ostermiller/util/Base64.java, line(s) 899,1084 com/Ostermiller/util/Browser.java, line(s) 262,307,343,397 com/Ostermiller/util/LineEnds.java, line(s) 324 com/Ostermiller/util/Tabs.java, line(s) 436 org/h2/engine/Database.java, line(s) 1196 org/h2/engine/SessionRemote.java, line(s) 361 org/h2/engine/UndoLog.java, line(s) 117,146 org/h2/result/ResultDiskBuffer.java, line(s) 44 org/h2/result/RowList.java, line(s) 65 org/h2/store/fs/FilePathRec.java, line(s) 34 org/h2/store/fs/FilePathWrapper.java, line(s) 145 org/h2/store/fs/FilePathZip.java, line(s) 211 org/h2/store/fs/FileUtils.java, line(s) 148 org/h2/upgrade/DbUpgrade.java, line(s) 86 org/h2/value/ValueLobDb.java, line(s) 468 org/nanohttpd/protocols/http/HTTPSession.java, line(s) 481,576 org/nanohttpd/protocols/http/tempfiles/DefaultTempFile.java, line(s) 14
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/acg/android/utils/file/FileUtil.java, line(s) 28 com/acg/android/utils/image/ImageUtil.java, line(s) 77 com/inreality/androidutils/logger/Logger.java, line(s) 42 com/stericson/RootTools/internal/RootToolsInternalMethods.java, line(s) 876,879 io/sentry/android/core/DeviceInfoUtil.java, line(s) 157,351,383 org/acra/collector/LogFileCollector.java, line(s) 51,63
中危 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/stericson/RootTools/internal/RootToolsInternalMethods.java, line(s) 1052,1057 io/sentry/android/core/internal/util/RootChecker.java, line(s) 25,25,25,25,25
中危 IP地址泄露
IP地址泄露 Files: com/inreality/android_rules_engine/api/Api.java, line(s) 46,64 org/h2/util/NetUtils.java, line(s) 166 org/nanohttpd/protocols/http/HTTPSession.java, line(s) 75
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/acg/android/utils/network/ByteUtil.java, line(s) 7 com/splunk/mint/UidManager.java, line(s) 10 org/h2/command/dml/Optimizer.java, line(s) 3 org/h2/engine/Session.java, line(s) 7 org/h2/server/web/WebApp.java, line(s) 33 org/h2/util/MathUtils.java, line(s) 11 org/jsoup/helper/DataUtil.java, line(s) 18 org/pegdown/FastEncoder.java, line(s) 3
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/splunk/mint/MintWebView.java, line(s) 13,12
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/inreality/androidutils/ui/webview/IRCachedWebView.java, line(s) 56,54
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/acg/android/utils/orm/DbTable.java, line(s) 5,93
中危 应用程序包含隐私跟踪程序
此应用程序有多个3隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 7AEIOUY8HW1BFPV2CGJKQSXZ3DT4L5MN6R 30820277020100300d06092a864886f70d0101010500048202613082025d02010002818100dc0a13c602b7141110eade2f051b54777b060d0f74e6a110f9cce81159f271ebc88d8e8aa1f743b505fc2e7dfe38d33b8d3f64d1b363d1af4d877833897954cbaec2fa384c22a415498cf306bb07ac09b76b001cd68bf77ea0a628f5101959cf2993a9c23dbee79b19305977f8715ae78d023471194cc900b231eecb0aaea98d02030100010281810099aa4ff4d0a09a5af0bd953cb10c4d08c3d98df565664ac5582e494314d5c3c92dddedd5d316a32a206be4ec084616fe57be15e27cad111aa3c21fa79e32258c6ca8430afc69eddd52d3b751b37da6b6860910b94653192c0db1d02abcfd6ce14c01f238eec7c20bd3bb750940004bacba2880349a9494d10e139ecb2355d101024100ffdc3defd9c05a2d377ef6019fa62b3fbd5b0020a04cc8533bca730e1f6fcf5dfceea1b044fbe17d9eababfbc7d955edad6bc60f9be826ad2c22ba77d19a9f65024100dc28d43fdbbc93852cc3567093157702bc16f156f709fb7db0d9eec028f41fd0edcd17224c866e66be1744141fb724a10fd741c8a96afdd9141b36d67fff6309024077b1cddbde0f69604bdcfe33263fb36ddf24aa3b9922327915b890f8a36648295d0139ecdf68c245652c4489c6257b58744fbdd961834a4cab201801a3b1e52d024100b17142e8991d1b350a0802624759d48ae2b8071a158ff91fabeb6a8f7c328e762143dc726b8529f42b1fab6220d1c676fdc27ba5d44e847c72c52064afd351a902407c6e23fe35bcfcd1a662aa82a2aa725fcece311644d5b6e3894853fd4ce9fe78218c957b1ff03fc9e5ef8ffeb6bd58235f6a215c97d354fdace7e781e4a63e8b 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 a3f1b3b76c8f4e2d91c6f068ed7b2e4f 3082018b3081f502044295ce6b300d06092a864886f70d0101040500300d310b3009060355040313024832301e170d3035303532363133323630335a170d3337303933303036353734375a300d310b300906035504031302483230819f300d06092a864886f70d010101050003818d0030818902818100dc0a13c602b7141110eade2f051b54777b060d0f74e6a110f9cce81159f271ebc88d8e8aa1f743b505fc2e7dfe38d33b8d3f64d1b363d1af4d877833897954cbaec2fa384c22a415498cf306bb07ac09b76b001cd68bf77ea0a628f5101959cf2993a9c23dbee79b19305977f8715ae78d023471194cc900b231eecb0aaea98d0203010001300d06092a864886f70d01010405000381810083f4401a279453701bef9a7681a5b8b24f153f7d18c7c892133d97bd5f13736be7505290a445a7d5ceb75522403e5097515cd966ded6351ff60d5193de34cd36e5cb04d380398e66286f99923fd92296645fd4ada45844d194dfd815e6cd57f385c117be982809028bba1116c85740b3d27a55b1a0948bf291ddba44bed337b9 12345678901234567890123456789012
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/Ostermiller/util/Base64.java, line(s) 398,410,624,639,652,761,810,814,819,252,259,394,424,428,730,828 com/Ostermiller/util/Browser.java, line(s) 204,248,471 com/Ostermiller/util/CGILexer.java, line(s) 177,181 com/Ostermiller/util/CSVLexer.java, line(s) 189,192 com/Ostermiller/util/ExcelCSVLexer.java, line(s) 185,188 com/Ostermiller/util/LineEnds.java, line(s) 207,211,214,217,230,155,158,199,202 com/Ostermiller/util/MD5.java, line(s) 49,56,54 com/Ostermiller/util/Parallelizer.java, line(s) 161 com/Ostermiller/util/PropertiesLexer.java, line(s) 211,451,207 com/Ostermiller/util/RandPass.java, line(s) 234,242,255,186,294 com/Ostermiller/util/Tabs.java, line(s) 172,187,243,271,281,156,161 com/acg/android/utils/apk/ApkUtil.java, line(s) 32 com/acg/android/utils/camera/CameraUtil.java, line(s) 92,222,228,238,263,272 com/acg/android/utils/crash/CrashManager.java, line(s) 467 com/acg/android/utils/date/DateUtil.java, line(s) 22 com/acg/android/utils/db/DbUtils.java, line(s) 43,44 com/acg/android/utils/db/QueryRunner.java, line(s) 59 com/acg/android/utils/db/dao/DaoQuery.java, line(s) 45,53,55 com/acg/android/utils/db/dao/DaoUtil.java, line(s) 164 com/acg/android/utils/file/FileUtil.java, line(s) 34,190 com/acg/android/utils/http/AnySSLClient.java, line(s) 154,164,184,193,207,209,220,245,278,306,329,357,235,260,264,268 com/acg/android/utils/http/AnySSLClientCallbackAdapter.java, line(s) 24,30,36,42 com/acg/android/utils/image/ImageUtil.java, line(s) 331,335,102,103,104,109,110,111,118,119,121,86 com/acg/android/utils/media/YoutubeUtil.java, line(s) 105,109,118,136,160 com/acg/android/utils/network/ByteUtil.java, line(s) 207 com/acg/android/utils/network/NetworkUtil.java, line(s) 206,223,268,270,133,286,280 com/acg/android/utils/network/TrustAllTrustManager.java, line(s) 22 com/acg/android/utils/network/WifiUtil.java, line(s) 50,60,87,104,135,144 com/acg/android/utils/nfc/NfcUtil.java, line(s) 13 com/acg/android/utils/nfc/data/MifareClassCard.java, line(s) 62,67 com/acg/android/utils/nfc/data/MifareData.java, line(s) 76,121,122,138,149,151 com/acg/android/utils/nfc/io/MifareReader.java, line(s) 26,37,71,79,82,102,117,151,167,170 com/acg/android/utils/nfc/io/MifareWriter.java, line(s) 35,41,43,69,89,104,110,117,139,170,176,183,112,178 com/acg/android/utils/orm/DatabaseManager.java, line(s) 65,67,165 com/acg/android/utils/orm/DbTable.java, line(s) 100,122,136 com/acg/android/utils/remoting/RemoteCall.java, line(s) 23 com/acg/android/utils/remoting/RemoteCallbackAdapter.java, line(s) 17,22,27,32,37,42 com/acg/android/utils/remoting/RemotingManager.java, line(s) 66,92,118,122,126,153,155,161,170,174,177,61,63,80,87,89,105,112,141,143,145 com/acg/android/utils/remoting/json/JsonDateFormat.java, line(s) 11,19,24 com/acg/android/utils/system/ProcessUtil.java, line(s) 85,88,94,116,122 com/acg/android/utils/system/Sudo.java, line(s) 237,247,280 com/acg/android/utils/system/SystemUtil.java, line(s) 209,220,232,239,247,251,253,302,305,773,1220,1243,1322,1537,1655,1929,1941,1951,2086,1746,1817 com/acg/android/utils/usb/UsbUtil.java, line(s) 68,69 com/cenique/androidutils/acra/ACRAReportSender.java, line(s) 31,43 com/cenique/androidutils/acra/ACRAReportSenderFactory.java, line(s) 14 com/cenique/androidutils/string/StringUtils.java, line(s) 9 com/github/anrwatchdog/ANRWatchDog.java, line(s) 28,116 com/inreality/android/device/DeviceModel.java, line(s) 228,229,230,231,232,233,234,235,236,237,238,240,241,243,244,245,246,247,248 com/inreality/android/license/LicenseManagerIR.java, line(s) 328,330 com/inreality/android/notification/IRNotificationUtils.java, line(s) 50 com/inreality/android_rules_engine/App.java, line(s) 30 com/inreality/android_rules_engine/ConnectivityStatusReceiver.java, line(s) 22,24 com/inreality/android_rules_engine/MainActivity.java, line(s) 16 com/inreality/android_rules_engine/RulesEngineService.java, line(s) 202,206,214,240,78,232,244,282 com/inreality/android_rules_engine/logger/Logger.java, line(s) 41,42,43,98 com/inreality/android_rules_engine/mq/MQ.java, line(s) 74,79,118,128 com/inreality/android_rules_engine/plugin/occupancy/OccupancyPlugin.java, line(s) 45,109 com/inreality/android_rules_engine/ruler/Ruler.java, line(s) 489 com/inreality/android_rules_engine/status/Status.java, line(s) 162,51 com/inreality/android_rules_engine/trigger/Trigger.java, line(s) 146,207 com/inreality/android_rules_engine/webserver/WebServer.java, line(s) 141 com/inreality/androidutils/auth/AuthUtils.java, line(s) 118 com/inreality/androidutils/console/Console.java, line(s) 7,11 com/inreality/androidutils/keys/PemUtils.java, line(s) 48,51,55,70,74,78 com/inreality/androidutils/kiosk/IRKiosk.java, line(s) 48 com/inreality/androidutils/logger/Logger.java, line(s) 51,157 com/inreality/androidutils/mqtt/client/MQTTClient.java, line(s) 371,383,490,718,720,723,725,727,760,768,142,239,323 com/inreality/androidutils/mqtt/client/SocketFactory.java, line(s) 85,89,113,117,123 com/inreality/androidutils/pref/AndroidAVAUtils.java, line(s) 14,20,33,39,52,58,71,77,90,96 com/inreality/androidutils/thread/RetryTaskUtil.java, line(s) 33,35,46,48,79,81,116,118 com/inreality/androidutils/ui/webview/IRCachedWebViewClient.java, line(s) 142 com/inreality/androidutils/url/URLUtil.java, line(s) 44 com/inreality/androidutils/watchdog/AppWatchDog.java, line(s) 47,84,88 com/inreality/log/pv3/base/internal/InternalMessageUtils.java, line(s) 72,86,103 com/inreality/log/pv3/base/mq/MQClient.java, line(s) 116,175,182,262,298,302 com/inreality/log/pv3/base/util/ConfigUtils.java, line(s) 175,180,185 com/inreality/log/pv3/base/util/LinuxAVAUtils.java, line(s) 215,224,231,259,268,275,382,391,398,429,438,445,460,465 com/inreality/log/pv3/base/util/SSOUtils.java, line(s) 55 com/splunk/mint/Logger.java, line(s) 21,10,15 com/splunk/mint/MintLog.java, line(s) 7,12,17,22,27 com/stericson/RootTools/RootTools.java, line(s) 279,274,272 com/stericson/RootTools/containers/RootClass.java, line(s) 151,44,55,58,96,107,148 com/stericson/RootTools/internal/Installer.java, line(s) 38,47,97,142,148,162,198,222,229,248 com/stericson/RootTools/internal/RootToolsInternalMethods.java, line(s) 1067,1081,1086,1091 com/stericson/RootTools/internal/Runner.java, line(s) 31 com/stericson/RootToolsTests/NativeJavaClass.java, line(s) 11,14,16,18,23,25 com/sun/el/parser/SimpleNode.java, line(s) 90 com/sun/msv/datatype/regexp/REUtil.java, line(s) 186,193,219,220,223,225,227,165,198,203,205,208,210,211,303,304,306 com/sun/msv/datatype/regexp/RangeToken.java, line(s) 475,478,481,483 com/thoughtworks/qdox/parser/impl/Parser.java, line(s) 99,154,156,158 io/sentry/SystemOutLogger.java, line(s) 14,22,31 io/sentry/android/core/AndroidLogger.java, line(s) 78,74,66,70,76 io/sentry/android/core/SentryLogcatAdapter.java, line(s) 44,49,79,84,54,59,34,39,64,69,74,89,94,99 io/sentry/transport/StdoutTransport.java, line(s) 31 net/sf/sojo/core/NonCriticalExceptionHandler.java, line(s) 36 net/sf/sojo/interchange/json/generate/JsonParserGenerate.java, line(s) 70 org/acra/ACRA.java, line(s) 89 org/acra/ErrorReporter.java, line(s) 120 org/acra/log/AndroidLogDelegate.java, line(s) 19,24,29,34,9,14 org/dom4j/DocumentFactory.java, line(s) 195 org/dom4j/bean/BeanDocumentFactory.java, line(s) 58 org/dom4j/datatype/DatatypeDocumentFactory.java, line(s) 72,73,91,92 org/dom4j/datatype/SchemaParser.java, line(s) 89,90,204 org/dom4j/dom/DOMNodeHelper.java, line(s) 335 org/dom4j/io/DOMReader.java, line(s) 70 org/dom4j/io/DOMWriter.java, line(s) 190,191,195 org/dom4j/io/SAXHelper.java, line(s) 40,41,42,71,72 org/dom4j/rule/RuleManager.java, line(s) 56 org/dom4j/swing/XMLTableColumnDefinition.java, line(s) 117 org/dom4j/swing/XMLTableDefinition.java, line(s) 170 org/dom4j/swing/XMLTableModel.java, line(s) 50,87 org/dom4j/tree/NamespaceStack.java, line(s) 191 org/gjt/xpp/XmlPullParserException.java, line(s) 67 org/gjt/xpp/impl/tag/PullParserRuntimeException.java, line(s) 42 org/h2/engine/Session.java, line(s) 338,342,385,403,422,499,933 org/h2/engine/UndoLogRecord.java, line(s) 112 org/h2/server/TcpServer.java, line(s) 339 org/h2/server/pg/PgServer.java, line(s) 167 org/h2/server/web/WebServer.java, line(s) 313 org/h2/store/FileStore.java, line(s) 322 org/h2/store/PageStore.java, line(s) 508 org/h2/util/IOUtils.java, line(s) 300 org/h2/util/MathUtils.java, line(s) 170 org/jaxen/pattern/PatternHandler.java, line(s) 32,39,68,132 org/mozilla/classfile/TypeInfo.java, line(s) 171,172,173,174,175 org/nanohttpd/samples/tempfiles/TempFilesServer.java, line(s) 27,31,43 org/nanohttpd/samples/websockets/DebugWebSocketServer.java, line(s) 75,87,94 org/nanohttpd/samples/websockets/EchoSocketSample.java, line(s) 14,20 org/nanohttpd/util/ServerRunner.java, line(s) 15,18,24 org/nanohttpd/webserver/SimpleWebServer.java, line(s) 100,136,138,143,149,389,391,394
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/acg/android/utils/http/AnySSLClient.java, line(s) 133,97 com/inreality/androidutils/mqtt/client/IRX509TrustManager.java, line(s) 19,18,17,17 com/inreality/androidutils/mqtt/client/SocketFactory.java, line(s) 138,93,86,86 org/acra/util/HttpRequest.java, line(s) 65,63,62,62 org/nanohttpd/protocols/http/NanoHTTPD.java, line(s) 128,126,125,125
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/acg/android/utils/system/SystemUtil.java, line(s) 331 com/stericson/RootToolsTests/SanityCheckRootTools.java, line(s) 66,124 io/sentry/android/core/DeviceInfoUtil.java, line(s) 125 io/sentry/android/core/internal/util/RootChecker.java, line(s) 64,43,25,25,25,25,25,25,37
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (pagead2.googlesyndication.com) 通信。
{'ip': '180.163.150.166', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}