移动应用安全检测报告:
安全基线评分
安全基线评分 47/100
综合风险等级
风险等级评定
- A
- B
- C
- F
漏洞与安全项分布(%)
隐私风险
1
检测到的第三方跟踪器数量
检测结果分布
高危安全漏洞
4
中危安全漏洞
16
安全提示信息
3
已通过安全项
2
重点安全关注
4
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: a4/j.java, line(s) 52,4 a4/q.java, line(s) 27,4
高危安全漏洞 该文件是World Readable。任何应用程序都可以读取文件
该文件是World Readable。任何应用程序都可以读取文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/cloudwise/agent/app/util/DeviceUtil.java, line(s) 363,367
高危安全漏洞 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: com/cloudwise/agent/app/mobile/h5/webview/CWWebViewClient.java, line(s) 45,20,21,22 com/cloudwise/agent/app/mobile/h5/x5webview/CWX5WebViewClient.java, line(s) 47,21,22,23 com/cloudwise/agent/app/mobile/h5/xwalkview/CWXWalkResourceClient.java, line(s) 50,115,19,20,21
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: v4/a.java, line(s) 56
中危安全漏洞 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/cloudwise/agent/app/util/CWUtil.java, line(s) 46 o8/h0.java, line(s) 83
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/cloudwise/agent/app/minidns/client/DnsClient.java, line(s) 91 com/cloudwise/agent/app/mobile/http/HttpNativeCollection.java, line(s) 119 hg/e.java, line(s) 28,29,22,30,31,32,15 vf/a.java, line(s) 6,7 wf/a.java, line(s) 16 xf/a.java, line(s) 16,9,17,18,19,10,11,12,13,14,15,20 yf/a.java, line(s) 81,102,95,50,51,52,53,54,55,151,150,148,149,130,131
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: ch/qos/logback/classic/joran/action/ConfigurationAction.java, line(s) 20 ch/qos/logback/classic/sift/ContextBasedDiscriminator.java, line(s) 7 ch/qos/logback/core/CoreConstants.java, line(s) 14,21,30,32,48,72,73 ch/qos/logback/core/net/ssl/SSL.java, line(s) 4 ch/qos/logback/core/rolling/helper/DateTokenConverter.java, line(s) 12 ch/qos/logback/core/rolling/helper/IntegerTokenConverter.java, line(s) 7 coil/memory/MemoryCache.java, line(s) 79 com/cloudwise/agent/app/constant/SDKConst.java, line(s) 24,49 com/cloudwise/agent/app/db/EventsDatasource.java, line(s) 17 com/cloudwise/agent/app/encryption/AES128Encode.java, line(s) 14 com/cloudwise/agent/app/util/DeviceUtil.java, line(s) 33 com/paulkman/nova/data/json/StationInfoResponse.java, line(s) 105 com/paulkman/nova/data/remote/SignInRequestBody.java, line(s) 72 com/paulkman/nova/data/remote/SignUpRequestBody.java, line(s) 72 com/paulkman/nova/feature/comic/data/json/ComicChapterKeyResponse.java, line(s) 77 com/paulkman/nova/feature/novel/data/json/NovelChapterKeyResponse.java, line(s) 77 h2/d.java, line(s) 32 ve/z0.java, line(s) 56
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: ch/qos/logback/classic/android/SQLiteAppender.java, line(s) 3,4,5,245,305,306,307 com/cloudwise/agent/app/db/EventsDatasource.java, line(s) 7,173 com/cloudwise/agent/app/db/MySQLiteHelper.java, line(s) 4,5,27,28,33,34 com/cloudwise/agent/app/mobile/sqlite/SQLiteProcessor.java, line(s) 6,46,89,91,94,179,181,184 r1/c.java, line(s) 6,7,8,9,10,89,195
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: c4/b0.java, line(s) 8 com/cloudwise/agent/app/minidns/client/AbstractDnsClient.java, line(s) 27 com/cloudwise/agent/app/minidns/core/constants/DnsRootServer.java, line(s) 9 com/cloudwise/agent/app/minidns/core/util/CollectionsUtil.java, line(s) 4 com/cloudwise/agent/app/minidns/resolver/iterative/IterativeDnsClient.java, line(s) 28 h0/j.java, line(s) 13 s4/z.java, line(s) 4 vd/a.java, line(s) 3 vd/b.java, line(s) 3 wd/a.java, line(s) 3
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/cf/msc/sdk/SignCheck.java, line(s) 55 v3/k.java, line(s) 56
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/cloudwise/agent/app/mobile/h5/mpaas/MPaasWebViewProcessor.java, line(s) 42,35 com/cloudwise/agent/app/mobile/h5/webview/WebViewProcessor.java, line(s) 22,19 com/cloudwise/agent/app/mobile/h5/x5webview/X5WebViewProcessor.java, line(s) 22,19
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: ch/qos/logback/core/android/AndroidContextUtil.java, line(s) 60,65,74 com/cf/msc/sdk/AppVest.java, line(s) 151,216 com/cloudwise/agent/app/log/CLog.java, line(s) 11 com/cloudwise/agent/app/util/DeviceUUIDProcessor.java, line(s) 101 com/cloudwise/agent/app/util/DeviceUtil.java, line(s) 489,476,477,489 org/acra/file/Directory.java, line(s) 46,55 u3/a.java, line(s) 20,23
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/cf/msc/sdk/CheckHook.java, line(s) 34,50,63,50
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: r2/f0.java, line(s) 32
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个1隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551 ZUjQ2ZwDN76oQvLqtv8XHHKAEw8YMWmJ Ec9MFUJPYGkB6PhfpNmds7btM9aUTtvM edef8ba9-79d6-4ace-a3c8-27dcd51d21ed 2Z7nvdpg6kfXrseLqqhGujyCuDZPjbtg 3uzXKrjeZsdZzN6YcHnG6RUEgJMA8DuB AtXomf2xN7aBaLm4gKGhDqg3cvrgDWv2 4f54469a6638ef9d031c23cd6709bcf9 8138e8a0fcf3a4e84a771d40fd305d7f4aa59306d7251de54d98af8fe95729a1f73d893fa424cd2edc8636a6c3285e022b0e3866a565ae8108eed8591cd4fe8d2ce86165a978d719ebf647f362d33fca29cd179fb42401cbaf3df0c614056f9c8f3cfd51e474afb6bc6974f78db8aba8e9e517fded658591ab7502bd41849462f AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7 4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5 9hjMdRG7xw4HTmtkmqFgqpzVghebXCAf AatReniqn4vxW36cysWFzXj7MARcnDfM fWXqhsDKMXkn4QYB4oyrD8o3bPTCw8nn UqUQGSpX2QzmCKOEK3ispMnkmKDFAdr/XWMQC128o vcBxuNR22dZyhfxF6Cu6amN7LPkQR9pr 8pDGinZYrkoD7z3LVonE9yZeLxgkhQ34 8ffc8ca8aeac08dc2fecffe1002dda3d UqUQGSpX29OR5v9xSNrjA8POfTG4BpwSqisODzsOt WvMdMN4yBoqmMzKkDbh3j2gbkTbU2RB6 802443c833c02ce100920450f4bf93b2 b6DJcbmjsY9hRVectvudzVGG22QjFwAy 77ecf5b9a365be72fdadf6a86f4195fa gTiNNx283v7mLNheaqQ2PJXiL2c8RVfd 5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B UqUQGSpX2VUF/zJhHtHrDfJ95OOR1IurxAWXpTScL 1628686155461064465348252249725010996177649738666492500572664444461532807739744536029771810659241049343994038053541290419968870563183856865780916376571550372513476957870843322273120879361960335192976656756972171258658400305760429696147778001233984421619267530978084631948434496468785021389956803104620471232008587410372348519229650742022804219634190734272506220018657920136902014393834092648785514548876370028925405557661759399901378816916683122474038734912535425670533237815676134840739565610963796427401855723026687073600445461090736240030247906095053875491225879656640052743394090544036297390104110989318819106653199917493 8KRbusRNkDfqGxNQpE4AoBrPLvH3grBF b6173d737d32962dd07cbca48f5994af 8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14 2Rb66zkKEEC9KdtVwcvYrVBqNFFGo2dM 7IbA0ZLUUSx2h8alnUPbLq07XQ2fF+DN27Q2gL4C7+WZXNvXzwjK9bcy2uQV2kfMYYnB51AN0okBsMNBVI0r+Jh7ShQn+5VMbF3qTa/7+IULt4SPg2aM0ISj8p33GNVLOqgm2UnSAVSzLl2m4ApyQ88GFE6qK5RdkGbSWf8FnBj6tVNvG8E0SBhJKayq+cAVpMGfsOnv5GD2ZhIUJLAYBt1b+EGuDUm5Idz7rL4htFzhiRL3Dt+9g7bO B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF UqUQGSpX2jhnlIu4l1n1704Kv3HcqC7zhHywfFHhr 6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296 x2DpdYovEassychzsGWFZ8kmioiAYtX2 XQtvQtVh4XuBYAZdqpZxsiJVvfzgcd7R 7uRiKdPHVyethgJ7KXJAMNnU8VwpAKeY 3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: ah/i.java, line(s) 37 b0/c.java, line(s) 20 cf/d.java, line(s) 50 ch/qos/logback/classic/android/LogcatAppender.java, line(s) 30,53,22,29,36,37,43,52,23,44 ch/qos/logback/classic/pattern/TargetLengthBasedClassNameAbbreviator.java, line(s) 28,37 ch/qos/logback/classic/spi/ThrowableProxy.java, line(s) 57 ch/qos/logback/core/joran/util/ConfigurationWatchListUtil.java, line(s) 24 ch/qos/logback/core/net/DefaultSocketConnector.java, line(s) 24 ch/qos/logback/core/net/SocketConnectorBase.java, line(s) 29 ch/qos/logback/core/recovery/ResilientOutputStreamBase.java, line(s) 45 ch/qos/logback/core/spi/ContextAwareBase.java, line(s) 44 ch/qos/logback/core/spi/ContextAwareImpl.java, line(s) 44 com/cf/msc/sdk/AppVest.java, line(s) 140 com/cf/msc/sdk/NetHelper.java, line(s) 83,100 com/cloudwise/agent/app/CWSDK.java, line(s) 208,70,78,124,143,67,75,214,215,219,238,240,157,162 com/cloudwise/agent/app/base/AbstractRetryThread.java, line(s) 43,74 com/cloudwise/agent/app/callback/CWActivityLifecycleCallbacks.java, line(s) 16,26,34,44,53 com/cloudwise/agent/app/config/ConfManager.java, line(s) 23,36,21,22,15 com/cloudwise/agent/app/config/ConfigModel.java, line(s) 174,178,227,198,202,210,231 com/cloudwise/agent/app/config/ConfigOption.java, line(s) 12 com/cloudwise/agent/app/config/JSCodeWorker.java, line(s) 46,49,33 com/cloudwise/agent/app/config/LocalConfig.java, line(s) 66,69 com/cloudwise/agent/app/config/ManualConfig.java, line(s) 19,20 com/cloudwise/agent/app/config/SPConfig.java, line(s) 131,146,169,192,207,220,283,164,204,167 com/cloudwise/agent/app/config/SPJSCode.java, line(s) 48,65 com/cloudwise/agent/app/config/SPQuitSession.java, line(s) 51,79 com/cloudwise/agent/app/config/SPQuitView.java, line(s) 51,79 com/cloudwise/agent/app/config/SPStartupConfig.java, line(s) 50,75,47 com/cloudwise/agent/app/config/ServerCdn.java, line(s) 49,45 com/cloudwise/agent/app/config/ServerCdnWorker.java, line(s) 53,56,34,45 com/cloudwise/agent/app/config/ServerConfig.java, line(s) 79 com/cloudwise/agent/app/config/ServerConfigWorker.java, line(s) 83,86,43,70,76 com/cloudwise/agent/app/data/DataProcessor.java, line(s) 34,24,27,19 com/cloudwise/agent/app/data/DataSendImpl.java, line(s) 157,159,221,224,48,53,119,167,169,172,181,213,214,215,250,252,254,271,273,64,69,79,126,135,149,162,246 com/cloudwise/agent/app/data/DataSendWorker.java, line(s) 14 com/cloudwise/agent/app/data/SendPolicyUtil.java, line(s) 28,14,25,17,21,24 com/cloudwise/agent/app/data/UserInfoSendWorker.java, line(s) 91,94,70,83,84,110,39,57 com/cloudwise/agent/app/db/CloudwiseSharedPreferences.java, line(s) 35,42,53 com/cloudwise/agent/app/db/EventsDatasource.java, line(s) 197,216,259,267,61,91,200,211,213,223,226,229,239,257 com/cloudwise/agent/app/log/CLog.java, line(s) 106,109,135,137,115,118,97,100,124,127 com/cloudwise/agent/app/minidns/client/AbstractDnsClient.java, line(s) 277 com/cloudwise/agent/app/minidns/client/source/NetworkDataSource.java, line(s) 124,157 com/cloudwise/agent/app/mobile/anr/ANRWatchDog.java, line(s) 37,88 com/cloudwise/agent/app/mobile/anr/AnrListener.java, line(s) 58,59,60,64,169,179,182,218,51,56,190,191,193,194,212 com/cloudwise/agent/app/mobile/app/AppProcessor.java, line(s) 208,210,50,65,91 com/cloudwise/agent/app/mobile/crash/CrashManager.java, line(s) 24,32 com/cloudwise/agent/app/mobile/crash/CrashUtil.java, line(s) 27,145,159,180,59,92,154,195,254,259,267,76,80 com/cloudwise/agent/app/mobile/crash/JavaCrash.java, line(s) 45,26,30,34,44 com/cloudwise/agent/app/mobile/crash/NativeHandler.java, line(s) 44 com/cloudwise/agent/app/mobile/h5/CalledByWebview.java, line(s) 122,128,46,53,142,149 com/cloudwise/agent/app/mobile/h5/H5DataWorker.java, line(s) 38,44,52 com/cloudwise/agent/app/mobile/h5/H5Util.java, line(s) 24,28 com/cloudwise/agent/app/mobile/h5/mpaas/CWMPaasH5WebViewClient.java, line(s) 44,46,21,28,33,37,52,58,73 com/cloudwise/agent/app/mobile/h5/mpaas/MPaasWebViewProcessor.java, line(s) 46,26,31,43 com/cloudwise/agent/app/mobile/h5/webview/CWWebView.java, line(s) 19 com/cloudwise/agent/app/mobile/h5/webview/CWWebViewClient.java, line(s) 90,92,124,126,30,35,40,46,54,81,86,102,109,117,133,139 com/cloudwise/agent/app/mobile/h5/webview/WebViewProcessor.java, line(s) 24,21 com/cloudwise/agent/app/mobile/h5/x5webview/CWX5Utils.java, line(s) 33 com/cloudwise/agent/app/mobile/h5/x5webview/CWX5WebView.java, line(s) 19 com/cloudwise/agent/app/mobile/h5/x5webview/CWX5WebViewClient.java, line(s) 92,94,31,35,37,42,48,56,83,88,106,112 com/cloudwise/agent/app/mobile/h5/x5webview/X5WebViewProcessor.java, line(s) 24,21 com/cloudwise/agent/app/mobile/h5/xwalkview/CWXWalkResourceClient.java, line(s) 95,97,156,158,190,192,35,39,45,51,59,86,91,105,110,116,120,147,152,168,175,183,199,209 com/cloudwise/agent/app/mobile/h5/xwalkview/CWXWalkView.java, line(s) 20 com/cloudwise/agent/app/mobile/http/HttpCDNUtil.java, line(s) 48,50,97,99,126,129,156,178,180,46,55,61,65,81,108,112,122,141,150,153,71,74 com/cloudwise/agent/app/mobile/http/HttpHeaderUtil.java, line(s) 58,60,109,111,21,23,35,47,83,86,93,100,119,128 com/cloudwise/agent/app/mobile/http/HttpIPUtil.java, line(s) 43,55,108,135,163,166,181,22,25,27,32,35,49,61,64,67,71,74,80,83,90,93,97,100,104,114,128,143,170,177 com/cloudwise/agent/app/mobile/http/HttpManager.java, line(s) 178,180 com/cloudwise/agent/app/mobile/http/HttpNativeCollection.java, line(s) 123,180,76,116,126,127,132,134 com/cloudwise/agent/app/mobile/http/HttpUtil.java, line(s) 75,125,136 com/cloudwise/agent/app/mobile/http/NativeHttpHandler.java, line(s) 25,20 com/cloudwise/agent/app/mobile/http/okhttp2/CloudwiseCall.java, line(s) 67 com/cloudwise/agent/app/mobile/http/urlconnection/HttpUrlConnectionDelegate.java, line(s) 39 com/cloudwise/agent/app/mobile/http/urlconnection/HttpsUrlConnectionDelegate.java, line(s) 48 com/cloudwise/agent/app/mobile/http/urlconnection/URLConnectionProcessor.java, line(s) 18,25,31,41,48,54 com/cloudwise/agent/app/mobile/interaction/InteractionManager.java, line(s) 39,41 com/cloudwise/agent/app/mobile/session/SessionProcessor.java, line(s) 68,123,93,119,132 com/cloudwise/agent/app/mobile/socket/CloudwiseInputStream.java, line(s) 76,105 com/cloudwise/agent/app/mobile/socket/CloudwiseOutputStream.java, line(s) 100,127 com/cloudwise/agent/app/mobile/socket/NIOSocketProcessor.java, line(s) 174,219,287,326,368,410 com/cloudwise/agent/app/mobile/view/ViewProcessor.java, line(s) 45,250,252,289,368,38,73,154,159,167,237,240 com/cloudwise/agent/app/util/BroadcastListener.java, line(s) 21,33,30,58,60,63 com/cloudwise/agent/app/util/CWCDNPingUtil.java, line(s) 42,54,60,64 com/cloudwise/agent/app/util/CWUtil.java, line(s) 163,180 com/cloudwise/agent/app/util/CloudwiseTimer.java, line(s) 57,59,61,63,102,105,113,116,49 com/cloudwise/agent/app/util/CpuMemMonitor.java, line(s) 91,97,106,115,121,136 com/cloudwise/agent/app/util/DeviceUUIDProcessor.java, line(s) 126,144,166,200,213,222,225,46,52,58 com/cloudwise/agent/app/util/DeviceUtil.java, line(s) 170,260,143,168,212,247,280,292,335,412,434,446,458,527,594,469,530 com/cloudwise/agent/app/util/NetworkUtil.java, line(s) 25,27 com/cloudwise/agent/app/util/PacketLossMonitor.java, line(s) 50,64,71,74 com/cloudwise/agent/app/util/UploadUtil.java, line(s) 12,15,26,29 com/paulkman/nova/core/logging/NovaLoggerManager.java, line(s) 67,70,65 d6/d.java, line(s) 112,140 e1/a.java, line(s) 199,606,704,710,723,734,741,837,923,999,1076,1126,1146,1160,1194,1212,1275,1320,1323,1375,1422,1492,1641,1646,1652,1669,1739,71,771,780,882,887,1051,1364,1384,1392,1612,1616,1620 e6/b.java, line(s) 49 eb/n7.java, line(s) 21 g/f.java, line(s) 139,190,202,354 g1/b.java, line(s) 69,68 g6/f.java, line(s) 112 h8/j2.java, line(s) 27,26 h8/q3.java, line(s) 22 he/c.java, line(s) 75 i2/r.java, line(s) 41 j1/d1.java, line(s) 85,82 j1/q0.java, line(s) 129,132 j1/r1.java, line(s) 23,26 j1/t1.java, line(s) 61,39 j1/w1.java, line(s) 86,83 k5/o.java, line(s) 45,51,61,67 l5/g.java, line(s) 53,96 m1/m.java, line(s) 309,396,398 m1/n.java, line(s) 61,64 m1/o.java, line(s) 240,140 m5/g.java, line(s) 63 m5/i.java, line(s) 125,131,137,143 m8/h.java, line(s) 53 ni/j.java, line(s) 17 o/a0.java, line(s) 1101 o5/d.java, line(s) 35 pa/a1.java, line(s) 39 q1/c.java, line(s) 43,47 r1/d.java, line(s) 123,235 s1/a.java, line(s) 60 s3/c.java, line(s) 19,29 sc/g0.java, line(s) 29,28 u/i0.java, line(s) 12,19 u/x0.java, line(s) 13,20,27,34,43,53,60 u1/a.java, line(s) 30 v/f0.java, line(s) 41,43,47,54,59 v1/r.java, line(s) 96,131 w0/c.java, line(s) 252 y1/k.java, line(s) 19,26,33,40,47 z1/m0.java, line(s) 43 z1/q0.java, line(s) 39 z9/p.java, line(s) 53
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: g8/c.java, line(s) 122 gf/a.java, line(s) 27,27 kf/a.java, line(s) 81,81 lf/b.java, line(s) 33,33 org/acra/collector/DropBoxCollector.java, line(s) 128 org/acra/collector/LogCatCollector.java, line(s) 129 org/acra/collector/SharedPreferencesCollector.java, line(s) 89,70,89
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: o8/a1.java, line(s) 4,123
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/cloudwise/agent/app/util/DeviceUtil.java, line(s) 73,55,59,59,59,59,59,59
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: ch/qos/logback/core/net/ssl/SSLContextFactoryBean.java, line(s) 37,55,79,54,54,55,56 com/cloudwise/agent/app/minidns/sec/dane/X509TrustManagerUtil.java, line(s) 21,20,17,19
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.mmtv.com.cn) 通信。
{'ip': '180.168.88.65', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (app.nova-traffic-1688.com) 通信。
{'ip': '49.4.55.205', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '无锡', 'latitude': '31.569349', 'longitude': '120.288788'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (portal.toushibao.com) 通信。
{'ip': '49.4.55.205', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (seagull-data.toushibao.com) 通信。
{'ip': '49.4.55.205', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}