安全分析报告:
安全分数
安全分数 49/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
7
用户/设备跟踪器
调研结果
高危
3
中危
17
信息
2
安全
2
关注
19
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: com/base/bj/paysdk/TrPayAcitivity.java, line(s) 219,212 com/base/bj/paysdk/utils/TrPay.java, line(s) 213,206 make/more/r2d2/cellular_z/activity/SpeedTestActivity.java, line(s) 34,33
高危 应用程序包含隐私跟踪程序
此应用程序有多个7隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 应用程序可以安装在有漏洞的已更新 Android 版本上
Android 5.0-5.0.2, [minSdk=21] 该应用程序可以安装在具有多个未修复漏洞的旧版本 Android 上。这些设备不会从 Google 接收合理的安全更新。支持 Android 版本 => 10、API 29 以接收合理的安全更新。
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Activity (make.more.r2d2.cellular_z.activity.MapPlayBackActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Activity (make.more.r2d2.cellular_z.activity.CsvLoadActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Activity (com.alipay.sdk.app.PayResultActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Activity (com.alipay.sdk.app.AlipayResultActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Activity (com.bytedance.android.openliveplugin.stub.activity.DouyinAuthorizeActivityProxy) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 Activity (com.bytedance.android.openliveplugin.stub.activity.DouyinAuthorizeActivityLiveProcessProxy) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: cn/bmob/v3/datatype/up/ParallelUploader.java, line(s) 36 cn/bmob/v3/datatype/up/Params.java, line(s) 23,12,27 cn/bmob/v3/http/bean/Migration.java, line(s) 73 com/base/bj/paysdk/TrPayAcitivity.java, line(s) 353,395,306 com/base/bj/paysdk/utils/TrPay.java, line(s) 520,377,467,313 com/mapbox/common/MmeTelemetryProperties.java, line(s) 41 com/mapbox/common/location/GoogleLiveTrackingClient.java, line(s) 60 com/mapbox/maps/ThreadChecker.java, line(s) 31 com/mapbox/maps/plugin/animation/MapAnimationOwnerRegistry.java, line(s) 10 com/mapbox/maps/plugin/annotation/generated/CircleAnnotation.java, line(s) 23 com/mapbox/maps/plugin/annotation/generated/CircleAnnotationOptions.java, line(s) 38 com/mapbox/maps/plugin/annotation/generated/PointAnnotation.java, line(s) 39 com/mapbox/maps/plugin/annotation/generated/PointAnnotationOptions.java, line(s) 66 com/mapbox/maps/plugin/annotation/generated/PolygonAnnotation.java, line(s) 32 com/mapbox/maps/plugin/annotation/generated/PolygonAnnotationOptions.java, line(s) 40 com/mapbox/maps/plugin/annotation/generated/PolylineAnnotation.java, line(s) 33 com/mapbox/maps/plugin/annotation/generated/PolylineAnnotationOptions.java, line(s) 53 jcifs/smb/t0.java, line(s) 132
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: cn/bmob/v3/util/BmobDbOpenHelper.java, line(s) 4,5,30 com/ss/android/downloadlib/b/bk.java, line(s) 4,5,19 make/more/r2d2/cellular_z/autodb/AutoSaveDBHelper.java, line(s) 6,7,108 make/more/r2d2/cellular_z/base/b.java, line(s) 4,15 make/more/r2d2/cellular_z/util/g.java, line(s) 5,6,78 make/more/r2d2/cellular_z/util/p.java, line(s) 5,86
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: XI/K0/XI/XI.java, line(s) 110 cn/bmob/v3/datatype/up/UpYunUtils.java, line(s) 28 cn/bmob/v3/realtime/Client.java, line(s) 160 com/baidu/b/d/c.java, line(s) 9 com/jg/ids/i/i.java, line(s) 145 make/more/r2d2/cellular_z/d/a.java, line(s) 76 org/repackage/a/a/a/a/c.java, line(s) 110
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: jcifs/d/d.java, line(s) 28 jcifs/smb/NtlmPasswordAuthentication.java, line(s) 124 jcifs/smb/u.java, line(s) 17,134 make/more/r2d2/cellular_z/util/t.java, line(s) 62
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: cn/bmob/v3/util/InstallUtil.java, line(s) 16 com/baidu/b/g.java, line(s) 25,79,81 com/baidu/vi/VDeviceAPI.java, line(s) 175,184 com/ss/android/downloadlib/a/i.java, line(s) 296,383,456 com/ss/android/downloadlib/addownload/n.java, line(s) 186,188 com/ss/android/downloadlib/addownload/xl.java, line(s) 226 make/more/r2d2/cellular_z/activity/CacheFileMgrActivity.java, line(s) 35,271 make/more/r2d2/cellular_z/activity/CsvSelectActivity.java, line(s) 26 make/more/r2d2/cellular_z/app/InitConfigLoader.java, line(s) 231 make/more/r2d2/cellular_z/indoor/InterpolationRecordView.java, line(s) 205 make/more/r2d2/cellular_z/indoor/ManualTrackRecordView.java, line(s) 146 make/more/r2d2/cellular_z/indoor/PresetTrackRecordView.java, line(s) 224 make/more/r2d2/cellular_z/indoor/SensorTrackRecordView.java, line(s) 156
中危 IP地址泄露
IP地址泄露 Files: com/lahm/library/EmulatorCheckUtil.java, line(s) 23 com/lahm/library/SecurityCheckUtil.java, line(s) 148 com/lahm/library/VirtualApkCheckUtil.java, line(s) 45,198 com/ss/android/download/api/constant/BaseConstants.java, line(s) 36 jcifs/UniAddress.java, line(s) 91 jcifs/netbios/NbtAddress.java, line(s) 55,69 jcifs/netbios/e.java, line(s) 211
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/_6LeoU/_6LeoU/_6LeoU/_6LeoU/m.java, line(s) 7 com/baidu/b/c/b/b.java, line(s) 8 com/lahm/library/VirtualApkCheckUtil.java, line(s) 29 jcifs/smb/NtlmPasswordAuthentication.java, line(s) 9
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 百度地图的=> "com.baidu.lbsapi.API_KEY" : "yfN5EXGqxTIdBHH6BcWfS46WYl87D9j0" 高德地图的=> "com.amap.api.v2.apikey" : "19ebebdef897b2052d9bdeea27898cb7" "mapbox_access_token" : "pk.eyJ1IjoiY2VsbHVsYXIteiIsImEiOiJjbGZraWg4cjMwYjNzM29wN21yOTZqNGFkIn0.EHOid-Dk0UrpPqEP7IgSBQ" 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 a5a15e08f251d517524383ba61f489d3 06ce082494494adf8c2104f5075a3a99 3082023b308201a4a00302010202044be8c388300d06092a86 13d68c18cd6d44af92974b6a7f388d22 5edef1f1dbc2ec083df19a74 8a885d04-1ceb-11c9-9fe8-08002b104860 1d8375d5ba206229d5469f75b7e6363b p0frH2rtlSUlqSQ3y9NVDL8UopNj+k+fhEXfO5o2R2LU9ZncIixImnHlTYIfakbSfRb3feNLxvgz4Idb9exz3BWmbIgj/b1TPe17bwhWxws2v1rhLxYyHSwRwSzDEN5PtvkJDlSyA== 4fc742e0-4a10-11cf-8273-00aa004ae673 4b324fc8-1670-01d3-1278-5a47bf6ee188 12345778-1234-abcd-ef00-0123456789ab 6e91f6deb04eec1050370ccae518c138 12345778-1234-abcd-ef00-0123456789ac
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: cn/bmob/v3/BmobInstallationManager.java, line(s) 118,112 cn/bmob/v3/BmobObject.java, line(s) 45 cn/bmob/v3/BmobPushManager.java, line(s) 49 cn/bmob/v3/BmobQuery.java, line(s) 330,359,432,627,631 cn/bmob/v3/BmobWrapper.java, line(s) 33 cn/bmob/v3/ai/ChatClient.java, line(s) 56,137,176,180,190,194,235,238,270 cn/bmob/v3/datatype/BmobFile.java, line(s) 92,100,110,120,130,346,189,375 cn/bmob/v3/datatype/up/BlockUploader.java, line(s) 159,190 cn/bmob/v3/datatype/up/ParallelUploader.java, line(s) 156,114,440 cn/bmob/v3/datatype/up/UpYunUploader.java, line(s) 76,105,114 cn/bmob/v3/datatype/up/UploadManager.java, line(s) 99,101,107,109,111,118,133 cn/bmob/v3/http/BmobClient.java, line(s) 79,83,117,129,132,164,271,281,332,386,397,409,267,278,102,104 cn/bmob/v3/http/BmobFactory.java, line(s) 231,277,274 cn/bmob/v3/http/BmobURL.java, line(s) 127,128,129 cn/bmob/v3/http/RequestUtils.java, line(s) 76 cn/bmob/v3/http/RxBmob.java, line(s) 139,143,147,151,228,243,247,541,547,583,624 cn/bmob/v3/http/cache/CENPolicyQuery.java, line(s) 30,37 cn/bmob/v3/http/cache/NECPolicyQuery.java, line(s) 30,49 cn/bmob/v3/http/cache/PolicyQuery.java, line(s) 70,80,86,155,162,207,42,49,171,203 cn/bmob/v3/http/interceptor/RequestInterceptor.java, line(s) 21,24,35 cn/bmob/v3/http/interceptor/ResponseInterceptor.java, line(s) 68,71,74,87,42,51,59,90,93 cn/bmob/v3/http/rx/PolicyAction1.java, line(s) 43,49,39 cn/bmob/v3/realtime/Client.java, line(s) 180,204,206,239,281,301,314,320,325,341,342,344,348,379,392 cn/bmob/v3/update/BmobUpdateAgent.java, line(s) 315,322 cn/bmob/v3/update/UpdateResponse.java, line(s) 29 cn/bmob/v3/util/BLog.java, line(s) 145,143,135,48,131,139,147 cn/bmob/v3/util/BmobContentProvider.java, line(s) 243 cn/bmob/v3/util/BmobResource.java, line(s) 34,33 cn/bmob/v3/util/CacheManager.java, line(s) 82,85,108,114,133,191,194 cn/bmob/v3/util/EncryptUtils.java, line(s) 210,110 cn/bmob/v3/util/HtmlUtils.java, line(s) 34 cn/bmob/v3/util/ManifestUtils.java, line(s) 245,260,130 cn/bmob/v3/util/Utils.java, line(s) 85 cn/bmob/v3/util/ZipUtil.java, line(s) 61 com/_6LeoU/_6LeoU/_6LeoU/_6LeoU/e.java, line(s) 297,303,354,366,370,374,382,391,395,616,622,673,685,689,836,842 com/_6LeoU/_6LeoU/_6LeoU/_6LeoU/g.java, line(s) 44,53,62,82,99,106,115,148,325,329,335,341 com/_6LeoU/_6LeoU/_6LeoU/_6LeoU/h.java, line(s) 35,44,53,62,71,85,111,113,259,265,271 com/_6LeoU/_6LeoU/_6LeoU/_6LeoU/j.java, line(s) 274,280 com/_6LeoU/_6LeoU/_6LeoU/_6LeoU/k.java, line(s) 46,52,72,86,96,119,129,136,140,152,160,348,361,365,371,377 com/baidu/b/c.java, line(s) 152,159 com/baidu/b/g.java, line(s) 39 com/base/bj/paysdk/TrSelectListActivity.java, line(s) 130 com/lahm/library/VirtualApkCheckUtil.java, line(s) 56,67 com/mapbox/android/gestures/MultiFingerGesture.java, line(s) 133 com/mapbox/common/CoreInitializer.java, line(s) 94,97,133 com/mapbox/common/LifecycleMonitorAndroid.java, line(s) 285 com/mapbox/common/LifecycleUtils.java, line(s) 170,125 com/mapbox/common/LogBackend.java, line(s) 37,48,41,43 com/mapbox/common/Logger.java, line(s) 12,16,20,27 com/mapbox/common/MapboxMapsAndroidLogger.java, line(s) 22,28,34,40 com/mapbox/common/MmeTelemetryProperties.java, line(s) 123,120 com/mapbox/common/RunloopErrorHandler.java, line(s) 28 com/mapbox/common/SettingsServiceHelper.java, line(s) 62 com/mapbox/common/ValueUtilsKt.java, line(s) 99,264 com/mapbox/common/location/compat/permissions/PermissionsManager.java, line(s) 144,148 com/mapbox/common/logger/MapboxLogger.java, line(s) 163,187,211,235,259 com/mapbox/common/module/okhttp/DownloadGetCallback.java, line(s) 110 com/mapbox/common/module/okhttp/NetworkUsageListener.java, line(s) 46 com/mapbox/common/module/provider/MapboxModuleProvider.java, line(s) 172 com/mapbox/maps/FontUtils.java, line(s) 48,66 com/mapbox/maps/extension/style/atmosphere/generated/Atmosphere.java, line(s) 117,118,147,148,257,258,337,338,395,396,440,441,502,503,547,548,626,627,684,685,729,730 com/mapbox/maps/extension/style/layers/Layer.java, line(s) 188 com/mapbox/maps/extension/style/layers/generated/BackgroundLayer.java, line(s) 641,693,739,783,839,885,929,998,1045,1096 com/mapbox/maps/extension/style/layers/generated/CircleLayer.java, line(s) 1779,1823,1879,1942,1994,2040,2084,2140,2184,2238,2292,2346,2402,2446,2502,2548,2592,2665,2717,2763,2807,2863,2909,2953,3009,3055,3099,3153,3207,3263,3309,3362,3409,3460,3511 com/mapbox/maps/extension/style/layers/generated/FillExtrusionLayer.java, line(s) 1573,1617,1673,1719,1763,1819,1865,1909,1965,2028,2080,2126,2170,2226,2272,2316,2372,2418,2462,2524,2568,2622,2676,2732,2778,2822,2878,2931,2978,3029,3080 com/mapbox/maps/extension/style/layers/generated/FillLayer.java, line(s) 1208,1252,1325,1377,1423,1467,1523,1586,1638,1684,1728,1790,1834,1890,1934,1988,2042,2098,2144,2197,2244,2295,2346 com/mapbox/maps/extension/style/layers/generated/HeatmapLayer.java, line(s) 762,808,854,898,954,1000,1044,1100,1146,1190,1246,1292,1336,1399,1446,1497,1548 com/mapbox/maps/extension/style/layers/generated/HillshadeLayer.java, line(s) 884,936,982,1026,1082,1145,1197,1241,1295,1351,1395,1468,1520,1573,1620,1671,1722 com/mapbox/maps/extension/style/layers/generated/LineLayer.java, line(s) 2000,2052,2096,2152,2196,2250,2323,2375,2421,2465,2527,2571,2627,2673,2717,2771,2827,2871,2927,2971,3027,3073,3117,3173,3219,3263,3325,3369,3425,3469,3525,3569,3623,3677,3733,3779,3823,3879,3923,3979,4026,4073,4124,4175 com/mapbox/maps/extension/style/layers/generated/LocationIndicatorLayer.java, line(s) 2156,2200,2273,2325,2388,2440,2486,2532,2576,2632,2676,2732,2776,2832,2878,2941,2993,3039,3083,3139,3185,3229,3291,3335,3391,3435,3491,3537,3584,3631,3677,3721,3777,3821,3877,3921,3977,4023,4067,4123,4167,4223,4274 com/mapbox/maps/extension/style/layers/generated/ModelLayer.java, line(s) 773,826,873,919,963,1019,1063,1119,1165,1209,1265,1309,1363,1424,1475 com/mapbox/maps/extension/style/layers/generated/RasterLayer.java, line(s) 1212,1259,1305,1349,1405,1451,1495,1551,1597,1641,1697,1743,1787,1843,1887,1943,1989,2033,2089,2133,2187,2243,2287,2343,2394,2445 com/mapbox/maps/extension/style/layers/generated/SkyLayer.java, line(s) 994,1047,1094,1157,1226,1278,1322,1378,1422,1478,1524,1568,1624,1668,1724,1768,1824,1868,1922,1983 com/mapbox/maps/extension/style/layers/generated/SymbolLayer.java, line(s) 5671,5717,5761,5815,5869,5942,5994,6040,6084,6140,6203,6255,6301,6345,6401,6447,6491,6547,6591,6647,6691,6747,6791,6847,6891,6947,6993,7037,7093,7137,7191,7245,7301,7345,7399,7453,7509,7553,7607,7661,7717,7761,7817,7861,7915,7969,8025,8078,8125,8176,8222,8266,8320,8374,8430,8474,8530,8574,8628,8682,8738,8782,8836,8890,8963,9015,9068,9129,9173,9229,9273,9329,9392,9444,9490,9534,9590,9636,9680,9734,9788,9844,9888,9944,9988,10044,10088,10144,10188,10244,10288,10344,10388,10444,10488,10544,10590,10634,10690,10734,10788,10842,10898,10942,10998,11042,11096,11150,11206,11250,11304,11358,11414,11458,11512,11566,11622,11668,11712,11768,11812,11873 com/mapbox/maps/extension/style/layers/properties/PropertyValue.java, line(s) 59,67 com/mapbox/maps/extension/style/light/generated/Light.java, line(s) 108,109,138,139,237,238,292,293,366,367,429,430,474,475,534,535,585,586 com/mapbox/maps/extension/style/sources/Source.java, line(s) 150,220,221 com/mapbox/maps/extension/style/sources/generated/GeoJsonSource.java, line(s) 727,728,774,775,821,822,868,869,915,916,962,963,1009,1010,1056,1057,1103,1104,1150,1151,1197,1198,1242,1243,1294,1295 com/mapbox/maps/extension/style/sources/generated/ImageSource.java, line(s) 211,212,258,259,311,312 com/mapbox/maps/extension/style/sources/generated/RasterDemSource.java, line(s) 480,481,527,528,572,573,629,630,676,677,723,724,770,771,817,818,864,865,911,912,958,959,1005,1006,1058,1059,1105,1106 com/mapbox/maps/extension/style/sources/generated/RasterSource.java, line(s) 480,481,527,528,574,575,621,622,668,669,715,716,762,763,807,808,864,865,911,912,958,959,1005,1006,1058,1059,1105,1106 com/mapbox/maps/extension/style/sources/generated/VectorSource.java, line(s) 481,482,528,529,575,576,622,623,669,670,716,717,763,764,808,809,858,859,915,916,962,963,1009,1010,1062,1063,1109,1110 com/mapbox/maps/extension/style/terrain/generated/Terrain.java, line(s) 108,109,138,139,237,238,282,283 com/mapbox/maps/extension/style/utils/ColorUtils.java, line(s) 120,162,196 com/mapbox/maps/plugin/locationcomponent/ModelSourceWrapper.java, line(s) 113 com/ypz/bangscreentools/BangScreenTools.java, line(s) 64,69,73,78,85,127,149,200 com/ypz/bangscreentools/HuaWeiBangScreen.java, line(s) 28,41,69,92,97,101,120,133 com/ypz/bangscreentools/MiuiBangScreen.java, line(s) 23,36,75,87 com/ypz/bangscreentools/OppoBangScreen.java, line(s) 19 com/ypz/bangscreentools/PBangScreen.java, line(s) 58,65 com/ypz/bangscreentools/SystemProperties.java, line(s) 18,22,35 com/ypz/bangscreentools/VivoBangScreen.java, line(s) 21,30 jcifs/d/b.java, line(s) 240,259 jcifs/smb/k1.java, line(s) 17,92,41,52,62,64 make/more/r2d2/cellular/g.java, line(s) 375,377,383,389 make/more/r2d2/cellular/loc/LocMgrAli.java, line(s) 37 make/more/r2d2/cellular_z/activity/BaseActivity.java, line(s) 116,118 make/more/r2d2/cellular_z/activity/SpeedTestActivity.java, line(s) 51,66 make/more/r2d2/cellular_z/activity/SplashGMActivity.java, line(s) 71,102,134,157 make/more/r2d2/cellular_z/activity/WiFiActivity.java, line(s) 257 make/more/r2d2/cellular_z/autodb/AutoSaveDBHelper.java, line(s) 88 make/more/r2d2/cellular_z/autodb/a.java, line(s) 22 make/more/r2d2/cellular_z/d/a.java, line(s) 105,107,108 make/more/r2d2/cellular_z/d/c.java, line(s) 221,222,227,228,229,230,231,232,237,238,239,240,241,242 make/more/r2d2/cellular_z/e/b/b.java, line(s) 67 make/more/r2d2/cellular_z/indoor/IndoorInterpolationActivity.java, line(s) 82 make/more/r2d2/cellular_z/indoor/IndoorSensorPicActivity.java, line(s) 91 make/more/r2d2/cellular_z/indoor/InterpolationRecordView.java, line(s) 218 make/more/r2d2/cellular_z/indoor/ManualTrackRecordView.java, line(s) 159 make/more/r2d2/cellular_z/indoor/PresetTrackRecordView.java, line(s) 237,276 make/more/r2d2/cellular_z/indoor/SensorTrackRecordView.java, line(s) 259,169,208 make/more/r2d2/cellular_z/indoor/f.java, line(s) 53 make/more/r2d2/cellular_z/speedtest/b.java, line(s) 21,27,33,39,49,55,106,113,118,124,133,142,148,154 make/more/r2d2/cellular_z/speedtest/test/task/Task.java, line(s) 103,106 make/more/r2d2/cellular_z/util/WifiTools.java, line(s) 70,79,100,241,259,292 make/more/r2d2/cellular_z/util/f.java, line(s) 36,208,220,239,250,43 make/more/r2d2/cellular_z/util/l.java, line(s) 22,43,65 make/more/r2d2/cellular_z/util/o.java, line(s) 105 make/more/r2d2/cellular_z/vip/IdUtil.java, line(s) 69 make/more/r2d2/growmore/ad/InterstitialFull.java, line(s) 55,82 make/more/r2d2/growmore/ad/RewardVideo.java, line(s) 79,87,96,42 make/more/r2d2/growmore/c/a.java, line(s) 37 me/weishu/reflection/BootstrapClass.java, line(s) 22 org/chickenhook/restrictionbypass/BypassProvider.java, line(s) 18 org/dom4j/DocumentException.java, line(s) 29 org/dom4j/DocumentFactory.java, line(s) 212 org/dom4j/bean/BeanDocumentFactory.java, line(s) 49 org/dom4j/datatype/DatatypeDocumentFactory.java, line(s) 73,74,93,94 org/dom4j/datatype/SchemaParser.java, line(s) 143,144,207 org/dom4j/dom/DOMNodeHelper.java, line(s) 143 org/dom4j/io/DOMReader.java, line(s) 119 org/dom4j/io/DOMWriter.java, line(s) 83,84,88 org/dom4j/io/SAXHelper.java, line(s) 22,23,24,47,48 org/dom4j/rule/RuleManager.java, line(s) 75 org/dom4j/swing/XMLTableColumnDefinition.java, line(s) 83 org/dom4j/swing/XMLTableDefinition.java, line(s) 118 org/dom4j/swing/XMLTableModel.java, line(s) 30,69 org/dom4j/tree/NamespaceStack.java, line(s) 247 org/greenrobot/eventbus/Logger.java, line(s) 47,52 org/greenrobot/eventbus/util/ErrorDialogConfig.java, line(s) 43 org/greenrobot/eventbus/util/ErrorDialogManager.java, line(s) 147
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: make/more/r2d2/cellular_z/view/p.java, line(s) 5,12
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/mapbox/common/module/okhttp/CertificatePinnerFactory.java, line(s) 18,24 make/more/r2d2/cellular_z/vip/VipUtil.java, line(s) 63,92
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/lahm/library/SecurityCheckUtil.java, line(s) 78,78,78,78,78 make/more/r2d2/cellular_z/util/s.java, line(s) 31,11,19,15,19,19,19,19
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (io.codenow.cn) 通信。
{'ip': '106.75.70.127', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (pay.trsoft.xin) 通信。
{'ip': '39.106.2.157', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.toutiaopage.com) 通信。
{'ip': '116.211.128.180', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.tmall.com) 通信。
{'ip': '116.211.128.180', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '镇江', 'latitude': '32.209366', 'longitude': '119.434372'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.cellularz.cn) 通信。
{'ip': '116.211.128.180', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (bmob.cellularz.cn) 通信。
{'ip': '117.50.108.124', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (sf6-ttcdn-tos.pstatp.com) 通信。
{'ip': '116.211.128.180', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '台州', 'latitude': '28.666668', 'longitude': '121.349998'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (m0.api.upyun.com) 通信。
{'ip': '218.92.216.56', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '盐城', 'latitude': '33.385559', 'longitude': '120.125282'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (beian.miit.gov.cn) 通信。
{'ip': '106.75.70.127', 'country_short': 'CN', 'country_long': '中国', 'region': '湖北', 'city': '武汉', 'latitude': '30.583330', 'longitude': '114.266853'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api.codenow.cn) 通信。
{'ip': '218.92.216.56', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (apps.oceanengine.com) 通信。
{'ip': '221.230.244.89', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (apps.bytesfield-b.com) 通信。
{'ip': '221.231.83.100', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '盐城', 'latitude': '33.385559', 'longitude': '120.125282'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (v0.api.upyun.com) 通信。
{'ip': '218.92.216.56', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '盐城', 'latitude': '33.385559', 'longitude': '120.125282'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.chengzijianzhan.com) 通信。
{'ip': '121.228.130.195', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (open.cctvcloud.cn) 通信。
{'ip': '106.75.66.36', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (bilibili.com) 通信。
{'ip': '119.3.70.188', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (apps.bytesfield.com) 通信。
{'ip': '221.230.244.89', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (i.snssdk.com) 通信。
{'ip': '221.230.244.93', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (p0.api.upyun.com) 通信。
{'ip': '183.136.236.254', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}