移动应用安全检测报告:
安全基线评分
安全基线评分 44/100
综合风险等级
风险等级评定
- A
- B
- C
- F
漏洞与安全项分布(%)
隐私风险
7
检测到的第三方跟踪器数量
检测结果分布
高危安全漏洞
6
中危安全漏洞
35
安全提示信息
4
已通过安全项
1
重点安全关注
0
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=com.angel.klikk.ui.activity.DeeplinkHelperActivity][android:host=http://klikk.tv] App Link 资产验证 URL (http://klikk.tv/.well-known/assetlinks.json) 未找到或配置不正确。(状态代码:301)。应用程序链接允许用户从 Web URL/电子邮件重定向到移动应用程序。如果此文件丢失或为 App Link 主机/域配置不正确,则恶意应用程序可以劫持此类 URL。这可能会导致网络钓鱼攻击,泄露 URI 中的敏感数据,例如 PII、OAuth 令牌、魔术链接/密码重置令牌等。您必须通过托管 assetlinks.json 文件并通过 Activity intent-filter 中的 [android:autoVerify=“true”] 启用验证来验证 App Link 网域。
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=com.angel.klikk.ui.activity.DeeplinkHelperActivity][android:host=https://klikk.tv] App Link 资产验证 URL (https://klikk.tv/.well-known/assetlinks.json) 未找到或配置不正确。(状态代码:301)。应用程序链接允许用户从 Web URL/电子邮件重定向到移动应用程序。如果此文件丢失或为 App Link 主机/域配置不正确,则恶意应用程序可以劫持此类 URL。这可能会导致网络钓鱼攻击,泄露 URI 中的敏感数据,例如 PII、OAuth 令牌、魔术链接/密码重置令牌等。您必须通过托管 assetlinks.json 文件并通过 Activity intent-filter 中的 [android:autoVerify=“true”] 启用验证来验证 App Link 网域。
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/angel/klikk/ui/activity/genreDetails/C0032.java, line(s) 538,12 com/angel/klikk/ui/activity/genreDetails/C0042.java, line(s) 538,12 com/razorpay/CheckoutActivity.java, line(s) 50,5 com/razorpay/CheckoutPresenterImpl.java, line(s) 500,18 com/razorpay/b__J_.java, line(s) 329,334,14,15
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/onesignal/WebViewManager.java, line(s) 448,10 com/paytm/pgsdk/PaytmWebView.java, line(s) 70,25 easypay/actions/EasypayBrowserFragment.java, line(s) 206,27,755,756
高危安全漏洞 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: paytm/assist/easypay/easypay/BuildConfig.java, line(s) 3,9
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个7隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危安全漏洞 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危安全漏洞 Activity (com.angel.klikk.ui.activity.ActivityAdditionalFeature) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.angel.klikk.ui.activity.DeeplinkHelperActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.angel.klikk.ui.activity.NotificationActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.angel.klikk.ui.activity.PlansActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.angel.klikk.ui.activity.DashBoardActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.angel.klikk.ui.activity.NewDetailsAndDownloadActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (com.angel.klikk.utils.SMSBroadcastReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.brightcove.cast.DefaultExpandedControllerActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.razorpay.CheckoutActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (com.onesignal.FCMBroadcastReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Activity (com.onesignal.NotificationOpenedActivityHMS) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (com.onesignal.NotificationDismissReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (com.onesignal.BootUpReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Broadcast Receiver (com.onesignal.UpgradeReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.onesignal.NotificationOpenedReceiver) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.onesignal.NotificationOpenedReceiverAndroid22AndOlder) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.google.firebase.auth.internal.GenericIdpActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Activity (com.google.firebase.auth.internal.RecaptchaActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Service (com.google.android.play.core.assetpacks.AssetPackExtractionService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 高优先级的Intent (999) - {1} 个命中
[android:priority] 通过设置一个比另一个Intent更高的优先级,应用程序有效地覆盖了其他请求。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/brightcove/player/concurrency/ConcurrencyClient.java, line(s) 25,26 com/brightcove/player/concurrency/DefaultConcurrencyHandler.java, line(s) 19 com/brightcove/player/controller/ShutterViewController.java, line(s) 25,24,26 com/brightcove/player/edge/Authorizer.java, line(s) 6,7 com/brightcove/player/edge/EdgeTask.java, line(s) 37 com/brightcove/player/event/EventEmitterImpl.java, line(s) 15,18 com/brightcove/player/network/DownloadManager.java, line(s) 47 com/onesignal/FCMBroadcastReceiver.java, line(s) 17 com/onesignal/NotificationBundleProcessor.java, line(s) 19,18 com/onesignal/OSEmailSubscriptionState.java, line(s) 6 com/onesignal/OSInAppMessageController.java, line(s) 26 com/onesignal/OSInAppMessageLocationPrompt.java, line(s) 6 com/onesignal/OSInAppMessagePrompt.java, line(s) 24 com/onesignal/OSInAppMessagePushPrompt.java, line(s) 6 com/onesignal/OSInAppMessageRepository.java, line(s) 18 com/onesignal/OSNotification.java, line(s) 454 com/onesignal/OSNotificationController.java, line(s) 9,10 com/onesignal/OSPermissionState.java, line(s) 6,7 com/onesignal/OSSMSSubscriptionState.java, line(s) 6 com/onesignal/OSSubscriptionState.java, line(s) 7 com/onesignal/OneSignalHmsEventBridge.java, line(s) 12,13 com/onesignal/OneSignalNotificationManager.java, line(s) 18 com/onesignal/OneSignalRemoteParams.java, line(s) 15 com/onesignal/UserState.java, line(s) 408 com/onesignal/UserStateSynchronizer.java, line(s) 24,23,34,35 com/onesignal/WebViewManager.java, line(s) 150,151,152,145 com/razorpay/AnalyticsConstants.java, line(s) 104,118,57 com/razorpay/BaseConstants.java, line(s) 20,27 com/razorpay/OtpElfData.java, line(s) 7 com/scottyab/showhidepasswordedittext/ShowHidePasswordEditText.java, line(s) 21,22 easypay/manager/Constants.java, line(s) 48,47,89,90
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/angel/klikk/C0051.java, line(s) 129 com/angel/klikk/C0061.java, line(s) 129 com/codesgood/views/JustifiedTextView.java, line(s) 11 com/onesignal/OSUtils.java, line(s) 34
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/onesignal/OneSignalDbHelper.java, line(s) 7,8,9,10,11,77,78,476 com/onesignal/outcomes/data/OSOutcomeTableProvider.java, line(s) 3,4,15,16,17,18,19,20,21,26,36,37,38,39,44,49,59,60,61,66,67,72 io/requery/android/sqlite/BaseConnection.java, line(s) 3,4,5,6,48,145,150,185,193,205 io/requery/android/sqlite/DatabaseSource.java, line(s) 5,6,138 io/requery/android/sqlite/SqliteConnection.java, line(s) 3,38,40 io/requery/android/sqlite/SqliteMetaData.java, line(s) 5,861 io/requery/android/sqlite/SqlitePreparedStatement.java, line(s) 3,4,129 io/requery/android/sqlite/SqliteStatement.java, line(s) 3,52 io/requery/android/sqlitex/SqlitexConnection.java, line(s) 3,4,37,39 io/requery/android/sqlitex/SqlitexDatabaseSource.java, line(s) 8,9,122 io/requery/android/sqlitex/SqlitexMetaData.java, line(s) 4,19 io/requery/android/sqlitex/SqlitexPreparedStatement.java, line(s) 4,5,120 io/requery/android/sqlitex/SqlitexStatement.java, line(s) 3,4,55
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/onesignal/WebViewManager.java, line(s) 385,384 com/paytm/pgsdk/PaytmWebView.java, line(s) 75,68 com/razorpay/BaseUtils.java, line(s) 203,177
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/razorpay/BaseUtils.java, line(s) 775
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: bin/mt/signature/KillerApplication.java, line(s) 77 com/brightcove/player/offline/ExternalFileCreator.java, line(s) 10 com/brightcove/player/offline/MediaDownloadable.java, line(s) 197 com/brightcove/player/util/FileUtil.java, line(s) 44 easypay/manager/PaytmAssist.java, line(s) 607
中危安全漏洞 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/101230239205/namespaces/firebase:fetch?key=AIzaSyDj-B0K6uyn5zUrDfW_YVZCjUQK5lzAI2I ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"android_force_update_version": "13",
"free_trial_popup_duration": "60",
"free_trial_popup_interval_duration": "24",
"free_trial_popup_show_on_app_start": "true",
"free_trial_popup_show_on_free_content_consumed": "true",
"free_trial_popup_show_on_watch_click": "true",
"halted_sub_pop_up_show_on_app_open": "true",
"halted_sub_pop_up_show_on_watch_click": "true",
"jokhon_tokhan_status": "true",
"max_download_limit": "10",
"show_auto_renewal_pop_up": "true",
"show_upcoming_tab": "true"
},
"state": "UPDATE",
"templateVersion": "10"
}
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "api_key" : "AIzaSyDj" "facebook_app_id" : "209639617068625" "password" : "Password" "firebase_database_url" : "https://angel-klikk.firebaseio.com" "api_key2" : "-B0K6uyn5zUrDfW" "api_key3" : "_YVZCjUQK5lzAI2I" "easypay_password" : "Password" "google_api_key" : "AIzaSyDj-B0K6uyn5zUrDfW_YVZCjUQK5lzAI2I" "google_app_id" : "1:101230239205:android:f1ca2b69a5a4810595230c" "facebook_token" : "979239ebad705006e48f4e9c793a36a3" "cast_receiver_app_id" : "3078B763" "google_crash_reporting_api_key" : "AIzaSyDj-B0K6uyn5zUrDfW_YVZCjUQK5lzAI2I" "api_key" : "AIzaSyDj-B0K6uyn5zUrDfW_YVZCjUQK5lzAI2I" nCHzzTy3sIeJFymwrsBbmg2OAUNLEMO6nwmocSdN2ClirfxqCzJOLSDE4QyS9BAH6EhY6UFcOaE0= cc2751449a350f668590264ed76692694a80308a nMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4GA1UEChMHQW5k nCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASAwDQYJKoZIhvcNAQEBBQADggENADCC nAFY9JyxGrhGGBaR0GawJyowRMIHJBgNVHSMEgcEwgb6AFEhZAFY9JyxGrhGGBaR0GawJyowRoYGa n58ii0I54JiCUP5lyfTwE/nKZHZnfm644oLIXf6MdW2r+6R8CAQOjgfwwgfkwHQYDVR0OBBYEFEhZ f4f068e71e0d87bf0ad51e6214ab84e9 c56fb7d591ba6704df047fd98f535372fea00211 f3afcfd96b7caecfda22ea6a99263c557a55b00b 5e5398f0546d1d7afd62641edb14d82894f11ddc41bce363a0c8d0dac82c9c5a n6pPQp8PcSvNQIg1QCAcy4ICXF+5qBTNZ5qaU7Cyz8oSgpGbIepTYOzEJOmc3Li9kEsBubULxWBjf 58pRqKaS6YdQSFxIPSZMcnBu19JS8I4EmGdnuMrJOHXTmtuTJ7budfilMtwpekjxCagkd1kP9ox68ArIo PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IiB2aWV3Qm94PSIwIDAgMTYwIDMzIiBzdHlsZT0iZW5hYmxlLWJhY2tncm91bmQ6bmV3IDAgMCAxNjAgMzM7IiB4bWw6c3BhY2U9InByZXNlcnZlIj48c3R5bGUgdHlwZT0idGV4dC9jc3MiPi5zdDB7ZmlsbDojMkQyRDJEO308L3N0eWxlPjxnPjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik00OS42LDE0LjZjLTAuNCwwLTAuOCwwLjItMSwwLjVjLTAuMiwwLjQtMC40LDAuOS0wLjQsMS41YzAsMC43LDAuMSwxLjIsMC40LDEuNWMwLjIsMC4zLDAuNiwwLjUsMSwwLjVjMC41LDAsMC45LTAuMSwxLjEtMC40YzAuMi0wLjMsMC40LTAuOCwwLjQtMS40di0wLjJjMC0wLjctMC4xLTEuMy0wLjQtMS42QzUwLjUsMTQuNyw1MC4xLDE0LjYsNDkuNiwxNC42eiIvPjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04Ni4zLDE3LjNjLTAuMiwwLjEtMC40LDAuNS0wLjcsMS4xYy0wLjMsMC42LTAuMywwLjktMC4yLDFjMC4xLDAuMSwwLjUsMC4yLDEuMSwwLjJjMC4zLDAsMC41LDAsMC43LDBjMC4xLDAsMC4zLDAsMC41LDBjMC4yLDAsMC4zLTAuMSwwLjQtMC4xYzAuMS0wLjEsMC4yLTAuMSwwLjMtMC4yYzAuMS0wLjEsMC4yLTAuMiwwLjItMC40bDAuOC0xLjdsLTEuOCwwQzg2LjksMTcuMSw4Ni41LDE3LjEsODYuMywxNy4zeiIvPjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04MC42LDExLjNsLTIuNCwwbC0xLjQsMy4ybDIuNCwwYzAuNywwLDEuMi0wLjEsMS41LTAuM2MwLjMtMC4yLDAuNi0wLjUsMC44LTFsMC40LTAuOGMwLjItMC40LDAuMi0wLjcsMC0wLjlDODEuNiwxMS40LDgxLjIsMTEuMyw4MC42LDExLjN6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTQzLjksMTQuNmMtMC40LDAtMC43LDAuMS0xLDAuNGMtMC4yLDAuMi0wLjQsMC42LTAuNCwxaDIuNmMwLTAuNC0wLjEtMC44LTAuMy0xQzQ0LjYsMTQuNyw0NC4zLDE0LjYsNDMuOSwxNC42eiIvPjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik0yMC4yLDE0LjZjLTAuNSwwLTAuOSwwLjItMS4xLDAuNWMtMC4zLDAuMy0wLjQsMC44LTAuNCwxLjVjMCwwLjcsMC4xLDEuMiwwLjQsMS41YzAuMywwLjMsMC42LDAuNSwxLjEsMC41YzAuNSwwLDAuOS0wLjIsMS4xLTAuNWMwLjMtMC4zLDAuNC0wLjksMC40LTEuNWMwLTAuNy0wLjEtMS4yLTAuNC0xLjVDMjEuMSwxNC44LDIwLjgsMTQuNiwyMC4yLDE0LjZ6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTEwNy40LDEzLjdjLTAuNywwLTEuMiwwLjEtMS42LDAuM2MtMC4zLDAuMi0wLjYsMC41LTAuOCwxbC0xLjUsMy4zYy0wLjIsMC41LTAuMiwwLjgtMC4xLDFjMC4yLDAuMiwwLjYsMC4zLDEuMywwLjNjMC43LDAsMS4zLTAuMSwxLjYtMC4zYzAuMy0wLjIsMC42LTAuNSwwLjgtMWwxLjUtMy4zYzAuMi0wLjUsMC4yLTAuOCwwLjEtMUMxMDguNiwxMy44LDEwOC4yLDEzLjcsMTA3LjQsMTMuN3oiLz48cGF0aCBjbGFzcz0ic3QwIiBkPSJNMTUuMywxMy4yYy0wLjMtMC4yLTAuOC0wLjMtMS40LTAuM0gxM3YyLjdoMC43YzAuNywwLDEuMi0wLjEsMS42LTAuM2MwLjMtMC4yLDAuNS0wLjYsMC41LTEuMUMxNS43LDEzLjgsMTUuNiwxMy41LDE1LjMsMTMuMnoiLz48cGF0aCBjbGFzcz0ic3QwIiBkPSJNMzQuMSwxNC42Yy0wLjQsMC0wLjcsMC4xLTEsMC40Yy0wLjIsMC4yLTAuNCwwLjYtMC40LDFoMi42YzAtMC40LTAuMS0wLjgtMC4zLTFDMzQuOCwxNC43LDM0LjUsMTQuNiwzNC4xLDE0LjZ6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTU4LjcsMTQuNmMtMC41LDAtMC45LDAuMS0xLjEsMC40Yy0wLjIsMC4zLTAuMywwLjgtMC4zLDEuNmMwLDAuNywwLjEsMS4zLDAuNCwxLjZjMC4yLDAuMywwLjYsMC41LDEuMSwwLjVjMC41LDAsMC44LTAuMiwxLTAuNWMwLjItMC4zLDAuNC0wLjksMC40LTEuNWMwLTAuNy0wLjEtMS4yLTAuNC0xLjVDNTkuNiwxNC44LDU5LjIsMTQuNiw1OC43LDE0LjZ6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTE1Ni45LDAuMkgzLjFDMS40LDAuMiwwLDEuNiwwLDMuNHYyNi41QzAsMzEuNiwxLjQsMzMsMy4xLDMzaDE1My43YzEuNywwLDMuMS0xLjQsMy4xLTMuMVYzLjRDMTYwLDEuNiwxNTguNiwwLjIsMTU2LjksMC4yeiBNMTYsMTZjLTAuNSwwLjQtMS4zLDAuNi0yLjIsMC42SDEzdjIuOGgtMVYxMmgyYzEuOSwwLDIuOCwwLjcsMi44LDIuMkMxNi44LDE1LDE2LjUsMTUuNSwxNiwxNnogTTIyLjIsMTguN2MtMC41LDAuNS0xLjEsMC44LTEuOSwwLjhjLTAuNSwwLTEtMC4xLTEuMy0wLjRjLTAuNC0wLjItMC43LTAuNi0wLjktMWMtMC4yLTAuNC0wLjMtMS0wLjMtMS41YzAtMC45LDAuMi0xLjYsMC43LTIuMWMwLjUtMC41LDEuMS0wLjgsMS45LTAuOGMwLjgsMCwxLjQsMC4zLDEuOSwwLjhjMC41LDAuNSwwLjcsMS4yLDAuNywyLjFDMjIuOCwxNy41LDIyLjYsMTguMiwyMi4yLDE4Ljd6IE0yOS42LDE5LjRoLTEuMWwtMS0zLjJjLTAuMS0wLjItMC4xLTAuNS0wLjMtMWMtMC4xLDAuNC0wLjIsMC44LTAuMywxbC0xLDMuMmgtMS4xbC0xLjUtNS42aDEuMWwwLDAuMWMwLjMsMS40LDAuNiwyLjQsMC44LDMuMWMwLjEsMC40LDAuMiwwLjgsMC4yLDFjMC0wLjEsMC4xLTAuMiwwLjEtMC4zYzAuMS0wLjMsMC4yLTAuNSwwLjItMC43bDEtMy4yaDFsMSwzLjJjMC4xLDAuNCwwLjIsMC43LDAuMywxYzAsMCwwLTAuMSwwLTAuMWMwLjEtMC4yLDAuNC0xLjYsMS00bDAtMC4xaDEuMUwyOS42LDE5LjR6IE0zNi40LDE2LjloLTMuN2MwLDAuNiwwLjIsMSwwLjUsMS4zYzAuMywwLjMsMC43LDAuNSwxLjIsMC41YzAuNiwwLDEuMS0wLjEsMS43LTAuNGwwLjEtMC4xdjFsLTAuMSwwYy0wLjMsMC4xLTAuNiwwLjItMC44LDAuM2MtMC4zLDAuMS0wLjYsMC4xLTEsMC4xYy0wLjgsMC0xLjUtMC4zLTItMC44Yy0wLjUtMC41LTAuNy0xLjItMC43LTIuMWMwLTAuOSwwLjItMS42LDAuNy0yLjFjMC40LTAuNSwxLjEtMC44LDEuOC0wLjhjMC43LDAsMS4zLDAuMiwxLjcsMC43YzAuNCwwLjUsMC42LDEuMSwwLjYsMS44VjE2Ljl6IE00MC44LDE0LjdsLTAuMSwwYy0wLjIsMC0wLjQtMC4xLTAuNi0wLjFjLTAuNCwwLTAuOCwwLjItMSwwLjVjLTAuMywwLjMtMC40LDAuOC0wLjQsMS4zdjNoLTF2LTUuNmgwLjlsMC4xLDAuOGMwLjItMC4zLDAuNC0wLjUsMC42LTAuNmMwLjMtMC4yLDAuNi0wLjMsMS0wLjNjMC4yLDAsMC41LDAsMC43LDAuMWwwLjEsMEw0MC44LDE0Ljd6IE00Ni4yLDE2LjloLTMuN2MwLDAuNiwwLjIsMSwwLjUsMS4zYzAuMywwLjMsMC43LDAuNSwxLjIsMC41YzAuNiwwLDEuMS0wLjEsMS43LTAuNGwwLjEtMC4xdjFsLTAuMSwwYy0wLjMsMC4xLTAuNiwwLjItMC44LDAuM2MtMC4zLDAuMS0wLjYsMC4xLTEsMC4xYy0wLjgsMC0xLjUtMC4zLTItMC44Yy0wLjUtMC41LTAuNy0xLjItMC43LTIuMWMwLTAuOSwwLjItMS42LDAuNy0yLjFjMC40LTAuNSwxLjEtMC44LDEuOC0wLjhjMC43LDAsMS4zLDAuMiwxLjcsMC43YzAuNCwwLjUsMC42LDEuMSwwLjYsMS44VjE2Ljl6IE01Mi4xLDE5LjRoLTAuOWwtMC4xLTAuNmMtMC40LDAuNS0xLDAuNy0xLjcsMC43Yy0wLjcsMC0xLjMtMC4zLTEuNy0wLjhjLTAuNC0wLjUtMC42LTEuMi0wLjYtMi4xYzAtMC45LDAuMi0xLjYsMC42LTIuMWMwLjQtMC41LDEtMC44LDEuNy0wLjhjMC43LDAsMS4yLDAuMiwxLjYsMC43bDAtMC4xbDAtMC40bDAtMi4zaDFWMTkuNHogTTYwLjYsMTguN2MtMC40LDAuNS0xLDAuOC0xLjcsMC44Yy0wLjQsMC0wLjctMC4xLTEtMC4yYy0wLjMtMC4xLTAuNS0wLjMtMC43LTAuNUw1NywxOS40aC0wLjh2LTcuOWgxdjJjMCwwLjMsMCwwLjYsMCwwLjljMC40LTAuNCwwLjktMC43LDEuNi0wLjdjMC43LDAsMS4zLDAuMywxLjcsMC44YzAuNCwwLjUsMC42LDEuMiwwLjYsMi4xQzYxLjIsMTcuNSw2MSwxOC4yLDYwLjYsMTguN3ogTTY0LjUsMjAuMWMtMC4yLDAuNi0wLjUsMS4xLTAuOCwxLjNjLTAuMywwLjMtMC43LDAuNC0xLjIsMC40Yy0wLjMsMC0wLjUsMC0wLjgtMC4xbC0wLjEsMHYtMC45bDAuMSwwYzAuMiwwLDAuNCwwLjEsMC42LDAuMWMwLjUsMCwwLjktMC4zLDEuMS0wLjlsMC4zLTAuN2wtMi4yLTUuNWgxLjFsMS4yLDMuMmMwLjIsMC41LDAuMywwLjksMC40LDEuMmMwLTAuMiwwLjEtMC4zLDAuMi0wLjZjMC4xLTAuNCwwLjYtMS43LDEuMy0zLjhsMC0wLjFoMS4xTDY0LjUsMjAuMXogTTgxLjUsMjFsLTMuMiwwbC0xLTQuNmwtMS4zLDBsLTIsNC42TDcxLDIxbDUuMi0xMS43bDUuMywwYzEuNSwwLDIuNiwwLjIsMy4xLDAuNmMwLjUsMC40LDAuNiwxLDAuMiwxLjlsLTAuOSwyLjFjLTAuMywwLjctMC44LDEuMy0xLjUsMS42Yy0wLjcsMC40LTEuNCwwLjYtMi4yLDAuN0w4MS41LDIxeiBNODcuNiwyMWwwLjQtMC44Yy0wLjMsMC4zLTAuNywwLjYtMS4yLDAuN2MtMC40LDAuMi0xLjEsMC4yLTIuMSwwLjJjLTEuMiwwLTEuOS0wLjItMi4xLTAuNWMtMC4yLTAuNC0wLjEtMS4xLDAuNC0yLjNjMC41LTEsMS0xLjgsMS42LTIuMmMwLjYtMC40LDEuNC0wLjYsMi40LTAuNmwzLDBsMC4zLTAuNmMwLjItMC41LDAuMy0wLjksMC4xLTEuMWMtMC4yLTAuMi0wLjctMC4zLTEuNC0wLjNjLTAuNywwLTEuOCwwLjEtMy4yLDAuMmwwLjctMS43YzEuMS0wLjEsMi4yLTAuMiwzLjQtMC4yYzEuNiwwLDIuNiwwLjIsMy4xLDAuNmMwLjUsMC40LDAuNCwxLjItMC4xLDIuM2wtMi43LDZMODcuNiwyMXogTTk5LDIxbC03LjksMGwwLjYtMS40bDYuOS01LjZsLTQuMiwwbDAuOC0xLjdsNy42LDBsLTAuNiwxLjRsLTYuOSw1LjZsNC41LDBMOTksMjF6IE0xMDgsMjAuNGMtMC40LDAuMi0wLjgsMC40LTEuMywwLjVjLTAuNSwwLjEtMC45LDAuMi0xLjMsMC4yYy0wLjQsMC0wLjgsMC0xLjMsMGMtMC41LDAtMC45LDAtMS4zLDBjLTAuMywwLTAuNy0wLjEtMS4xLTAuMmMtMC40LTAuMS0wLjYtMC4zLTAuOC0wLjVjLTAuMi0wLjItMC4yLTAuNS0wLjItMC45YzAtMC40LDAuMS0wLjksMC40LTEuNWwxLjEtMi42YzAuMy0wLjYsMC42LTEuMSwxLTEuNWMwLjQtMC40LDAuOC0wLjgsMS4xLTFjMC40LTAuMiwwLjgtMC40LDEuMy0wLjVjMC41LTAuMSwwLjktMC4yLDEuMy0wLjJjMC40LDAsMC44LDAsMS4zLDBjMC41LDAsMC45LDAsMS4yLDBjMC4zLDAsMC43LDAuMSwxLjEsMC4yYzAuNCwwLjEsMC42LDAuMywwLjgsMC41YzAuMiwwLjIsMC4zLDAuNiwwLjIsMWMwLDAuNC0wLjEsMC45LTAuNCwxLjVMMTEwLDE4Yy0wLjMsMC42LTAuNiwxLTAuOSwxLjVDMTA4LjcsMTkuOSwxMDguMywyMC4yLDEwOCwyMC40eiBNMTA5LjgsMjFsMy45LTguN2wyLjUsMGwtMC43LDEuNWMwLjItMC40LDAuNi0wLjgsMS4zLTEuMmMwLjYtMC40LDEuMi0wLjUsMS44LTAuNWwwLjksMGwtMSwyLjJsLTAuOSwwYy0wLjcsMC0xLjMsMC4xLTEuOCwwLjNjLTAuNSwwLjItMC44LDAuNi0xLjEsMS4xbC0yLjMsNS4yTDEwOS44LDIxeiBNMTI0LjYsMjAuNWMtMC44LDAuNC0xLjgsMC43LTMuMSwwLjdjLTAuOCwwLTEuNC0wLjEtMS43LTAuMmMtMC4zLTAuMS0wLjUtMC40LTAuNC0wLjlsLTIuMSw0LjZsLTIuNiwwbDUuNi0xMi41bDIuNSwwbC0wLjQsMC45YzAuMy0wLjQsMC44LTAuNywxLjMtMC44YzAuNS0wLjIsMS4yLTAuMiwyLjEtMC4yYzAuNywwLDEuMywwLjEsMS43LDAuMmMwLjQsMC4xLDAuNywwLjMsMC44LDAuNmMwLjEsMC4zLDAuMSwwLjYsMC4xLDAuOWMtMC4xLDAuMy0wLjIsMC44LTAuNSwxLjNsLTEuMywyLjlDMTI2LDE5LjIsMTI1LjMsMjAuMSwxMjQuNiwyMC41eiBNMTMxLjgsMjFsMC40LTAuOGMtMC4zLDAuMy0wLjcsMC42LTEuMiwwLjdjLTAuNCwwLjItMS4xLDAuMi0yLjEsMC4yYy0xLjIsMC0xLjktMC4yLTIuMS0wLjVjLTAuMi0wLjQtMC4xLTEuMSwwLjQtMi4zYzAuNS0xLDEtMS44LDEuNi0yLjJjMC42LTAuNCwxLjQtMC42LDIuNC0wLjZsMywwbDAuMy0wLjZjMC4yLTAuNSwwLjMtMC45LDAuMS0xLjFjLTAuMi0wLjItMC43LTAuMy0xLjQtMC4zYy0wLjcsMC0xLjgsMC4xLTMuMiwwLjJsMC43LTEuN2MxLjEtMC4xLDIuMi0wLjIsMy40LTAuMmMxLjYsMCwyLjYsMC4yLDMuMSwwLjZjMC41LDAuNCwwLjQsMS4yLTAuMSwyLjNsLTIuNyw2TDEzMS44LDIxeiBNMTM3LjcsMjQuOGwtMi43LDBsMy4zLTMuOGwwLjQtOC43bDIuOSwwbC0wLjgsNi4ybDQuNS02LjJsMi43LDBMMTM3LjcsMjQuOHoiLz48cGF0aCBjbGFzcz0ic3QwIiBkPSJNMTMwLjUsMTcuM2MtMC4yLDAuMS0wLjQsMC41LTAuNywxLjFjLTAuMywwLjYtMC4zLDAuOS0wLjIsMWMwLjEsMC4xLDAuNSwwLjIsMS4xLDAuMmMwLjMsMCwwLjUsMCwwLjcsMGMwLjEsMCwwLjMsMCwwLjUsMGMwLjIsMCwwLjMtMC4xLDAuNC0wLjFjMC4xLTAuMSwwLjItMC4xLDAuMy0wLjJjMC4xLTAuMSwwLjItMC4yLDAuMi0wLjRsMC44LTEuN2wtMS44LDBDMTMxLjEsMTcuMSwxMzAuNywxNy4xLDEzMC41LDE3LjN6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTEyMy45LDEzLjdjLTAuNywwLTEuMywwLjEtMS42LDAuM2MtMC4zLDAuMi0wLjYsMC41LTAuOCwxbC0xLjQsMy4yYy0wLjIsMC41LTAuMywwLjktMC4xLDFjMC4xLDAuMiwwLjYsMC4zLDEuNCwwLjNjMC44LDAsMS4zLTAuMSwxLjYtMC4zYzAuMy0wLjIsMC42LTAuNSwwLjgtMWwxLjQtMy4yYzAuMy0wLjYsMC4zLTAuOSwwLjItMS4xQzEyNS4zLDEzLjgsMTI0LjgsMTMuNywxMjMuOSwxMy43eiIvPjwvZz48L3N2Zz4= af7ba81c-89c9-483c-a080-c31810628346 naW4gVmlldzEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5k PHN2ZyBmaWxsPSIjRkZGRkZGIiBoZWlnaHQ9IjI0IiB2aWV3Qm94PSIwIDAgMjQgMjQiIHdpZHRoPSIyNCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4gICAgPHBhdGggZD0iTTguNTkgMTYuMzRsNC41OC00LjU5LTQuNTgtNC41OUwxMCA1Ljc1bDYgNi02IDZ6Ii8+ICAgIDxwYXRoIGQ9Ik0wLS4yNWgyNHYyNEgweiIgZmlsbD0ibm9uZSIvPjwvc3ZnPg== 9b8f518b086098de3d77736f9458a3d2f6f95a37 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c3ZnIHdpZHRoPSIxNHB4IiBoZWlnaHQ9IjE0cHgiIHZpZXdCb3g9IjAgMCAxNCAxNCIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4gICAgICAgIDx0aXRsZT5Hcm91cCA2PC90aXRsZT4gICAgPGRlc2M+Q3JlYXRlZCB3aXRoIFNrZXRjaC48L2Rlc2M+ICAgIDxkZWZzPjwvZGVmcz4gICAgPGcgaWQ9IlBhZ2UtMSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+ICAgICAgICA8ZyBpZD0iNS4xIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtMjUuMDAwMDAwLCAtNTI1LjAwMDAwMCkiPiAgICAgICAgICAgIDxnIGlkPSJHcm91cC02IiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgyNC4wMDAwMDAsIDUyNC4wMDAwMDApIj4gICAgICAgICAgICAgICAgPHBvbHlnb24gaWQ9IlNoYXBlIiBwb2ludHM9IjAgMCAxNiAwIDE2IDE2IDAgMTYiPjwvcG9seWdvbj4gICAgICAgICAgICAgICAgPHBhdGggZD0iTTEzLjMzMzMzMzMsMS4zMzMzMzMzMyBDMTQuMDY2NjY2NywxLjMzMzMzMzMzIDE0LjY2NjY2NjcsMS45MzMzMzMzMyAxNC42NjY2NjY3LDIuNjY2NjY2NjcgTDE0LjY2NjY2NjcsMTAuNjY2NjY2NyBDMTQuNjY2NjY2NywxMS40IDE0LjA2NjY2NjcsMTIgMTMuMzMzMzMzMywxMiBMNCwxMiBMMS4zMzMzMzMzMywxNC42NjY2NjY3IEwxLjMzMzMzMzMzLDIuNjY2NjY2NjcgQzEuMzMzMzMzMzMsMS45MzMzMzMzMyAxLjkzMzMzMzMzLDEuMzMzMzMzMzMgMi42NjY2NjY2NywxLjMzMzMzMzMzIEwxMy4zMzMzMzMzLDEuMzMzMzMzMzMgWiBNNS4zMzMzMzMzMyw3LjMzMzMzMzMzIEM1LjcwMTUyMzE3LDcuMzMzMzMzMzMgNiw3LjAzNDg1NjUgNiw2LjY2NjY2NjY3IEM2LDYuMjk4NDc2ODMgNS43MDE1MjMxNyw2IDUuMzMzMzMzMzMsNiBDNC45NjUxNDM1LDYgNC42NjY2NjY2Nyw2LjI5ODQ3NjgzIDQuNjY2NjY2NjcsNi42NjY2NjY2NyBDNC42NjY2NjY2Nyw3LjAzNDg1NjUgNC45NjUxNDM1LDcuMzMzMzMzMzMgNS4zMzMzMzMzMyw3LjMzMzMzMzMzIFogTTgsNy4zMzMzMzMzMyBDOC4zNjgxODk4Myw3LjMzMzMzMzMzIDguNjY2NjY2NjcsNy4wMzQ4NTY1IDguNjY2NjY2NjcsNi42NjY2NjY2NyBDOC42NjY2NjY2Nyw2LjI5ODQ3NjgzIDguMzY4MTg5ODMsNiA4LDYgQzcuNjMxODEwMTcsNiA3LjMzMzMzMzMzLDYuMjk4NDc2ODMgNy4zMzMzMzMzMyw2LjY2NjY2NjY3IEM3LjMzMzMzMzMzLDcuMDM0ODU2NSA3LjYzMTgxMDE3LDcuMzMzMzMzMzMgOCw3LjMzMzMzMzMzIFogTTEwLjY2NjY2NjcsNy4zMzMzMzMzMyBDMTEuMDM0ODU2NSw3LjMzMzMzMzMzIDExLjMzMzMzMzMsNy4wMzQ4NTY1IDExLjMzMzMzMzMsNi42NjY2NjY2NyBDMTEuMzMzMzMzMyw2LjI5ODQ3NjgzIDExLjAzNDg1NjUsNiAxMC42NjY2NjY3LDYgQzEwLjI5ODQ3NjgsNiAxMCw2LjI5ODQ3NjgzIDEwLDYuNjY2NjY2NjcgQzEwLDcuMDM0ODU2NSAxMC4yOTg0NzY4LDcuMzMzMzMzMzMgMTAuNjY2NjY2Nyw3LjMzMzMzMzMzIFoiIGlkPSJDb21iaW5lZC1TaGFwZSIgZmlsbD0iI0ZGRkZGRiIgZmlsbC1ydWxlPSJub256ZXJvIj48L3BhdGg+ICAgICAgICAgICAgPC9nPiAgICAgICAgPC9nPiAgICA8L2c+PC9zdmc+ n9gP+pWA7LFQNvXwBnDa6sppCccEX31I828XzgXpJ4O+mDL1/dBd+ek8ZPUP0IgdyZm5MTYPhvVqG nFf/azgMJWr+kLfcHCHJsIGnlw27drgQAvilFLAhLwn62oX6snb4YLCBOsVMR9FXYJLZW2+TcIkCR 5eb5a37e-b458-11e3-ac11-000c2940e62c c682b8144a8dd52bc1ad63 df6b721c8b4d3b6eb44c861d4415007e5a35fc95 nEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAHqvlozrUMRBBVEY0NqrrwFbinZaJ6cVosK0TyIU b2f7f966-d8cc-11e4-bed1-df8f05be55ba ncm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYT npIGXMIGUMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRh PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c3ZnIHdpZHRoPSIxMnB4IiBoZWlnaHQ9IjE1cHgiIHZpZXdCb3g9IjAgMCAxMiAxNSIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4gICAgICAgIDx0aXRsZT5pYy1sb2NrLTI0cHhAMng8L3RpdGxlPiAgICA8ZGVzYz5DcmVhdGVkIHdpdGggU2tldGNoLjwvZGVzYz4gICAgPGRlZnM+PC9kZWZzPiAgICA8ZyBpZD0iUGFnZS0xIiBzdHJva2U9Im5vbmUiIHN0cm9rZS13aWR0aD0iMSIgZmlsbD0ibm9uZSIgZmlsbC1ydWxlPSJldmVub2RkIj4gICAgICAgIDxnIGlkPSI1LjQiIHRyYW5zZm9ybT0idHJhbnNsYXRlKC0yNi4wMDAwMDAsIC01OTYuMDAwMDAwKSI+ICAgICAgICAgICAgPGcgaWQ9Ikdyb3VwLTciIHRyYW5zZm9ybT0idHJhbnNsYXRlKDE2LjAwMDAwMCwgNTg4LjAwMDAwMCkiPiAgICAgICAgICAgICAgICA8ZyBpZD0iaWMtbG9jay0yNHB4IiB0cmFuc2Zvcm09InRyYW5zbGF0ZSg4LjAwMDAwMCwgOC4wMDAwMDApIj4gICAgICAgICAgICAgICAgICAgIDxwb2x5Z29uIGlkPSJTaGFwZSIgcG9pbnRzPSIwIDAgMTYgMCAxNiAxNiAwIDE2Ij48L3BvbHlnb24+ICAgICAgICAgICAgICAgICAgICA8cGF0aCBkPSJNMTIsNS4zMzMzMzMzMyBMMTEuMzMzMzMzMyw1LjMzMzMzMzMzIEwxMS4zMzMzMzMzLDQgQzExLjMzMzMzMzMsMi4xNiA5Ljg0LDAuNjY2NjY2NjY3IDgsMC42NjY2NjY2NjcgQzYuMTYsMC42NjY2NjY2NjcgNC42NjY2NjY2NywyLjE2IDQuNjY2NjY2NjcsNCBMNC42NjY2NjY2Nyw1LjMzMzMzMzMzIEw0LDUuMzMzMzMzMzMgQzMuMjY2NjY2NjcsNS4zMzMzMzMzMyAyLjY2NjY2NjY3LDUuOTMzMzMzMzMgMi42NjY2NjY2Nyw2LjY2NjY2NjY3IEwyLjY2NjY2NjY3LDEzLjMzMzMzMzMgQzIuNjY2NjY2NjcsMTQuMDY2NjY2NyAzLjI2NjY2NjY3LDE0LjY2NjY2NjcgNCwxNC42NjY2NjY3IEwxMiwxNC42NjY2NjY3IEMxMi43MzMzMzMzLDE0LjY2NjY2NjcgMTMuMzMzMzMzMywxNC4wNjY2NjY3IDEzLjMzMzMzMzMsMTMuMzMzMzMzMyBMMTMuMzMzMzMzMyw2LjY2NjY2NjY3IEMxMy4zMzMzMzMzLDUuOTMzMzMzMzMgMTIuNzMzMzMzMyw1LjMzMzMzMzMzIDEyLDUuMzMzMzMzMzMgWiBNOCwxMS4zMzMzMzMzIEM3LjI2NjY2NjY3LDExLjMzMzMzMzMgNi42NjY2NjY2NywxMC43MzMzMzMzIDYuNjY2NjY2NjcsMTAgQzYuNjY2NjY2NjcsOS4yNjY2NjY2NyA3LjI2NjY2NjY3LDguNjY2NjY2NjcgOCw4LjY2NjY2NjY3IEM4LjczMzMzMzMzLDguNjY2NjY2NjcgOS4zMzMzMzMzMyw5LjI2NjY2NjY3IDkuMzMzMzMzMzMsMTAgQzkuMzMzMzMzMzMsMTAuNzMzMzMzMyA4LjczMzMzMzMzLDExLjMzMzMzMzMgOCwxMS4zMzMzMzMzIFogTTEwLjA2NjY2NjcsNS4zMzMzMzMzMyBMNS45MzMzMzMzMyw1LjMzMzMzMzMzIEw1LjkzMzMzMzMzLDQgQzUuOTMzMzMzMzMsMi44NiA2Ljg2LDEuOTMzMzMzMzMgOCwxLjkzMzMzMzMzIEM5LjE0LDEuOTMzMzMzMzMgMTAuMDY2NjY2NywyLjg2IDEwLjA2NjY2NjcsNCBMMTAuMDY2NjY2Nyw1LjMzMzMzMzMzIFoiIGlkPSJTaGFwZSIgZmlsbD0iI0ZGRkZGRiIgZmlsbC1ydWxlPSJub256ZXJvIj48L3BhdGg+ICAgICAgICAgICAgICAgIDwvZz4gICAgICAgICAgICA8L2c+ICAgICAgICA8L2c+ICAgIDwvZz48L3N2Zz4= 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 nYW5kcm9pZEBhbmRyb2lkLmNvbTAeFw0wODAyMjkwMTMzNDZaFw0zNTA3MTcwMTMzNDZaMIGUMQsw nCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQ ncm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbYIJAJNurL4H8gHfMAwGA1Ud a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc MIIEqDCCA5CgAwIBAgIJAJNurL4H8gHfMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYDVQQGEwJVUzET
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: bin/mt/signature/KillerApplication.java, line(s) 116,126,161 com/angel/klikk/C0054.java, line(s) 531 com/angel/klikk/C0064.java, line(s) 531 com/angel/klikk/adapters/TabLoginCarousalAdapter.java, line(s) 74 com/angel/klikk/api/request/newLogin/C0005.java, line(s) 352,336 com/angel/klikk/api/request/newLogin/C0015.java, line(s) 353,337 com/angel/klikk/databinding/C0021.java, line(s) 257 com/angel/klikk/databinding/C0031.java, line(s) 257 com/angel/klikk/ui/activity/profile/C0039.java, line(s) 223 com/angel/klikk/ui/activity/profile/C0049.java, line(s) 223 com/angel/klikk/ui/fragments/C0044.java, line(s) 470 com/angel/klikk/ui/fragments/C0045.java, line(s) 623 com/angel/klikk/ui/fragments/C0054.java, line(s) 470 com/angel/klikk/ui/fragments/C0055.java, line(s) 624 com/angel/klikk/utils/C0047.java, line(s) 578 com/angel/klikk/utils/C0057.java, line(s) 578 com/brightcove/cast/DefaultExpandedControllerActivity.java, line(s) 43 com/brightcove/cast/DefaultOptionsProvider.java, line(s) 43,46,58 com/brightcove/cast/GoogleCastComponent.java, line(s) 299,310,320,121,248,250,251,446 com/brightcove/cast/controller/BrightcoveCastMediaManager.java, line(s) 230,231,148,174,562,475,486,284,351,353,354 com/brightcove/cast/model/BrightcoveCastCustomData.java, line(s) 88 com/brightcove/player/Sdk.java, line(s) 37 com/brightcove/player/ads/ExoAdPlayer.java, line(s) 669 com/brightcove/player/analytics/Analytics.java, line(s) 796,221,224,245,248,455,457,716,782,816,842,912,237 com/brightcove/player/analytics/AnalyticsClient.java, line(s) 73 com/brightcove/player/analytics/DefaultAnalyticsHandler.java, line(s) 42,45,78,88 com/brightcove/player/appcompat/BrightcovePlayerActivity.java, line(s) 79,114,121,128,135,142,149 com/brightcove/player/appcompat/BrightcovePlayerFragment.java, line(s) 41,48,62,69,76,83,90,104,111,118,131 com/brightcove/player/captioning/BrightcoveCaptionFormat.java, line(s) 51 com/brightcove/player/captioning/BrightcoveCaptionStyle.java, line(s) 136 com/brightcove/player/captioning/TTMLParser.java, line(s) 100,128,151 com/brightcove/player/captioning/WebVTTParser.java, line(s) 48,105 com/brightcove/player/captioning/tasks/LoadCaptionsTask.java, line(s) 153,103,199 com/brightcove/player/concurrency/ConcurrencyClient.java, line(s) 76,195,198,210,213,225,228,294 com/brightcove/player/concurrency/DefaultConcurrencyHandler.java, line(s) 77,82,97,114,122,127,132,138,144,164,184,216,196 com/brightcove/player/controller/BrightcoveAudioTracksController.java, line(s) 55,114 com/brightcove/player/controller/BrightcoveClosedCaptioningController.java, line(s) 144,310,218,165,168,171,174,177 com/brightcove/player/controller/DefaultSourceSelectionController.java, line(s) 89 com/brightcove/player/controller/FullScreenController.java, line(s) 151,135,160,38 com/brightcove/player/controller/MediaControlsVisibilityManager.java, line(s) 42,45,58,67,103,120,127,51,72 com/brightcove/player/controller/VideoPlaybackController.java, line(s) 378,394,412,86,107,117,105,152,182,297 com/brightcove/player/dash/DashUtil.java, line(s) 44 com/brightcove/player/display/ExoPlayerVideoDisplayComponent.java, line(s) 370,475,485,490,376 com/brightcove/player/display/VideoDisplayComponent.java, line(s) 239,245,259,200,213,251,215,224,307 com/brightcove/player/display/VideoStillDisplayComponent.java, line(s) 64,83 com/brightcove/player/display/tasks/LoadImageTask.java, line(s) 98 com/brightcove/player/drm/BrightcoveMediaDrmCallback.java, line(s) 58,64 com/brightcove/player/drm/WidevineMediaDrmCallback.java, line(s) 32,46,55 com/brightcove/player/edge/AbstractOfflineCatalog.java, line(s) 102,127,441 com/brightcove/player/edge/Catalog.java, line(s) 61 com/brightcove/player/edge/ErrorListener.java, line(s) 14 com/brightcove/player/edge/OfflineStoreManager.java, line(s) 117,288,292,358,374,417,466,468,420,446 com/brightcove/player/edge/VideoParser.java, line(s) 479,484,487,316,329,334,359,418,431,499 com/brightcove/player/event/AbstractEvent.java, line(s) 222,234 com/brightcove/player/event/BackgroundEventListener.java, line(s) 52,112,120 com/brightcove/player/event/EventEmitterImpl.java, line(s) 186,83,130,259,276,108,138 com/brightcove/player/event/EventLogger.java, line(s) 92,99 com/brightcove/player/event/InvocationContainer.java, line(s) 34 com/brightcove/player/event/RegisteringEventEmitter.java, line(s) 167 com/brightcove/player/logging/Log.java, line(s) 24 com/brightcove/player/management/BrightcoveClosedCaptioningManager.java, line(s) 37 com/brightcove/player/management/BrightcovePluginManager.java, line(s) 98,63,73,105,107,109,87 com/brightcove/player/mediacontroller/BrightcoveControlBar.java, line(s) 189,78,87,103,112,121,130 com/brightcove/player/mediacontroller/BrightcoveMediaControlRegistryImpl.java, line(s) 55,74 com/brightcove/player/mediacontroller/BrightcoveMediaController.java, line(s) 421,459,499,518,532,734,762,812,842,888,1045,1048,1051,948,975,305 com/brightcove/player/mediacontroller/BrightcoveSeekBar.java, line(s) 79,86 com/brightcove/player/mediacontroller/BrightcoveSeekBarController.java, line(s) 350,363,372,376,387,198 com/brightcove/player/mediacontroller/BrightcoveShowHideController.java, line(s) 162 com/brightcove/player/mediacontroller/buttons/AbstractButtonController.java, line(s) 189,201,184 com/brightcove/player/mediacontroller/buttons/AudioTracksButtonController.java, line(s) 101,63 com/brightcove/player/mediacontroller/buttons/ButtonActionHandler.java, line(s) 21,44,67,57,61,70 com/brightcove/player/mediacontroller/buttons/CaptionsButtonController.java, line(s) 89 com/brightcove/player/mediacontroller/buttons/LiveButtonController.java, line(s) 144,156,109,115,123,99 com/brightcove/player/mediacontroller/buttons/PlayButtonController.java, line(s) 61,73 com/brightcove/player/mediacontroller/buttons/SeekButtonController.java, line(s) 261 com/brightcove/player/model/Length.java, line(s) 35 com/brightcove/player/model/LengthVtt.java, line(s) 44 com/brightcove/player/model/MetadataObject.java, line(s) 59,79,63,83 com/brightcove/player/model/Video.java, line(s) 326,337 com/brightcove/player/network/DownloadManager.java, line(s) 96,101,107,121,139,555,87,162,422,532 com/brightcove/player/network/HttpRequestConfig.java, line(s) 36 com/brightcove/player/network/HttpService.java, line(s) 147,175,176,177,188,215,226,342,378,341,377,232,252,260,287,294 com/brightcove/player/offline/DashDownloadable.java, line(s) 388 com/brightcove/player/offline/MediaDownloadable.java, line(s) 265,290,309,321,138,152,257,273,281,179,205,209,299,337 com/brightcove/player/offline/MultiDataSource.java, line(s) 206,86,191 com/brightcove/player/pictureinpicture/PictureInPictureManager.java, line(s) 75,68,91,97,108,129 com/brightcove/player/playback/BrightcoveNotification.java, line(s) 406 com/brightcove/player/playback/ExoMediaPlayback.java, line(s) 2141,2170,2171,2589,918,1012,1312,1322,1590,1823,2029,2123,2691,2695,294,298,309,313,317,545,897,905,927,945,968,1007,1028,1041,1418,1707,1821,1852,2040,2054,2097,2120,2197,2246,2279,484,2025 com/brightcove/player/playback/ExoPlaybackPreparer.java, line(s) 34 com/brightcove/player/playback/MediaPlaybackService.java, line(s) 20 com/brightcove/player/playback/MediaPlayerPlayback.java, line(s) 297,399,403,441,478,491,799,809,990,1050,1195,1202,454,872,874,878,881,884,887,892,895,898,901,906,193,290,335,344,355,369,409,418,493,823,934,945,958,968,979,1001,1025,1032,1061,1080,1117,1120,1155,1170,1172,1193,1200,524,540,954 com/brightcove/player/render/InclusiveHEVCVideoSelectionOverride.java, line(s) 80 com/brightcove/player/render/InclusiveHEVCVideoTrackSelectionOverride.java, line(s) 75 com/brightcove/player/store/BaseStore.java, line(s) 53,71,84,88 com/brightcove/player/util/CodecUtil.java, line(s) 42,48,29 com/brightcove/player/util/Convert.java, line(s) 444,272,274,298,300 com/brightcove/player/util/ErrorUtil.java, line(s) 75 com/brightcove/player/util/EventEmitterUtil.java, line(s) 11,18 com/brightcove/player/util/NumberUtil.java, line(s) 14 com/brightcove/player/util/VideoUtil.java, line(s) 99 com/brightcove/player/video360/GlUtil.java, line(s) 34 com/brightcove/player/video360/RenderThread.java, line(s) 300,323,114,159,395 com/brightcove/player/video360/ShaderProgram.java, line(s) 48,62,63,79,83 com/brightcove/player/view/BaseVideoView.java, line(s) 986,997,962,1196,251,268,934,292,431,471,816,826,1165,1178,1188 com/brightcove/player/view/BrightcoveClosedCaptioningView.java, line(s) 707,736,813,952,977,1039,1046 com/brightcove/player/view/BrightcovePlayer.java, line(s) 58,66,157,164,171,188,195,216,117 com/brightcove/player/view/BrightcovePlayerFragment.java, line(s) 43,51,57,64,78,85,92,109,116,123,130,137,150 com/brightcove/player/view/BrightcoveTextureVideoView.java, line(s) 110,117,123,68 com/brightcove/player/view/BrightcoveVideoView.java, line(s) 30,37,43,54,61,67,78,85,91,115,133,135,137 com/brightcove/player/view/TimedTextView.java, line(s) 93 com/hbb20/CCPCountry.java, line(s) 2461,2463 com/hbb20/CountryCodePicker.java, line(s) 347,511,655,660,765,772,882,885,888,1019,1025,1566,1568,1571,1573,1576,1578,774,1395,1407,1593 com/onesignal/AndroidSupportV4Compat.java, line(s) 26 com/onesignal/JobIntentService.java, line(s) 187,189,238 com/onesignal/OneSignal.java, line(s) 1080,1086,1109,1082,1078,1084 com/onesignal/shortcutbadger/ShortcutBadger.java, line(s) 62,122,131,59,93,100,121,106 com/paytm/pgsdk/AnalyticsManager.java, line(s) 42,46 com/paytm/pgsdk/Log.java, line(s) 24,30,12,18,7,36,42,48 com/paytm/pgsdk/PaytmPGActivity.java, line(s) 361,367 com/paytm/pgsdk/PaytmPGService.java, line(s) 146,149 com/paytm/pgsdk/PaytmUtility.java, line(s) 72 com/razorpay/AppSignatureHelper.java, line(s) 47,36,50 com/razorpay/BaseUtils.java, line(s) 623 com/razorpay/CheckoutPresenterImpl.java, line(s) 922 com/razorpay/OpinionatedSoln.java, line(s) 277 com/razorpay/OtpElfData.java, line(s) 30 com/razorpay/SmsReceiver.java, line(s) 48,44 com/razorpay/b__J_.java, line(s) 111 com/razorpay/d__1_.java, line(s) 7 com/razorpay/i_$z_.java, line(s) 86 com/razorpay/n$_B$.java, line(s) 160 com/skyhope/showmoretextview/ShowMoreTextView.java, line(s) 91,103,104,126,140,162,113 com/tbuonomo/viewpagerdotsindicator/DotsIndicator.java, line(s) 82 easypay/Log.java, line(s) 27,33,15,21,10,39,45 easypay/actions/OtpHelper.java, line(s) 450,470 easypay/actions/RadioHelper.java, line(s) 69 easypay/utils/AnalyticsService.java, line(s) 36 easypay/utils/AssistLogs.java, line(s) 12 easypay/utils/EasypayLoaderService.java, line(s) 43,66,69,74,82,105,131,132 easypay/utils/Log.java, line(s) 12,18,24,30,36,7,42,48 easypay/widget/OtpEditText.java, line(s) 614,618 io/requery/android/LoggingListener.java, line(s) 28,33,38,43,48,53,58,63,68,73,78,83,88 org/lsposed/hiddenapibypass/HiddenApiBypass.java, line(s) 74,313
安全提示信息 此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密
此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密 Files: io/requery/android/sqlcipher/SqlCipherDatabaseSource.java, line(s) 44,20,21
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/razorpay/RzpAssist.java, line(s) 5,292
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://angel-klikk.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/appsplanet/dropandrun/api/ApiClient.java, line(s) 19,19