安全分析报告:
安全分数
安全分数 52/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
4
用户/设备跟踪器
调研结果
高危
2
中危
16
信息
3
安全
2
关注
28
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危 应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文
应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode Files: c/h/g/a/b/j/a.java, line(s) 19 c/n/a/m.java, line(s) 16
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 Activity (com.zebra.jdsp.cn.wxapi.WXEntryActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.tencent.tauth.AuthActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.bytedance.android.openliveplugin.stub.activity.DouyinAuthorizeActivityProxy) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.bytedance.android.openliveplugin.stub.activity.DouyinAuthorizeActivityLiveProcessProxy) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: c/c/b/k/d.java, line(s) 21 c/c/b/u/w.java, line(s) 33,79,90 c/c/b/v/b.java, line(s) 674 c/h/d/b/a.java, line(s) 534 c/h/d/b/x/a.java, line(s) 330,335 c/n/a/e2.java, line(s) 56,57 c/n/a/w.java, line(s) 71 c/n/a/w1.java, line(s) 20,84,99 c/p/b/o/h.java, line(s) 73,106 c/p/b/s/b/v.java, line(s) 265 c/p/b/t/v/a.java, line(s) 103,118 com/ad/android/alog/Alog.java, line(s) 99 com/ss/android/downloadlib/addownload/hb.java, line(s) 226 com/ss/android/downloadlib/addownload/qw.java, line(s) 134,136 com/ss/android/downloadlib/z/e.java, line(s) 112,202,275 com/ss/ttm/player/TTCrashUtil.java, line(s) 116,175 com/ss/ttm/player/TTPlayerConfiger.java, line(s) 141,239 com/ss/ttm/utils/HardWareInfo.java, line(s) 135,136 com/ss/ttvideoengine/log/VideoEventManager.java, line(s) 34 com/ss/ttvideoengine/utils/TTHelper.java, line(s) 572 com/zebra/code/ui/activity/CameraActivity.java, line(s) 91,93 com/zebra/code/ui/activity/ImageCropActivity.java, line(s) 243
中危 IP地址泄露
IP地址泄露 Files: c/h/i/b.java, line(s) 5 com/pandora/common/env/Env.java, line(s) 104 com/ss/android/download/api/constant/BaseConstants.java, line(s) 36 com/ss/ttm/player/TTPlayerConfiger.java, line(s) 53 com/ss/ttvideoengine/DataLoaderHelper.java, line(s) 1583 com/ss/ttvideoengine/TTVideoEngine.java, line(s) 4904,4930,4930,7554 com/ss/ttvideoengine/utils/TTHelper.java, line(s) 115
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: b/b/a/s/g.java, line(s) 15 c/c/b/u/v.java, line(s) 70 c/h/c/z2.java, line(s) 15 c/h/d/b/e.java, line(s) 40,64,78,92 c/l/c/l/f.java, line(s) 38 com/ss/ttvideoengine/TTVideoEngine.java, line(s) 4790 com/ss/ttvideoengine/VideoCacheManager.java, line(s) 141,270 com/ss/ttvideoengine/utils/TTHelper.java, line(s) 135,300,481
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: b/b/a/r/d.java, line(s) 5,6,137,138,203,204,159 c/c/b/i/c/a.java, line(s) 4,39 c/c/b/i/c/b.java, line(s) 4,44,45,38 c/h/b/p/l.java, line(s) 4,5,20 c/h/c/e.java, line(s) 5,39 c/h/c/g5.java, line(s) 3,4,25 c/h/g/a/b/a.java, line(s) 4,5,30 c/h/g/a/b/c.java, line(s) 5,6,45 c/h/g/a/c/e.java, line(s) 6,61 com/ss/android/downloadlib/r/wo.java, line(s) 4,5,18 com/ss/ttvideoengine/database/KVDBManager.java, line(s) 6,65 com/ss/ttvideoengine/database/VideoModelDBManager.java, line(s) 6,65
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: c/h/g/a/b/j/k.java, line(s) 19 com/jg/ids/i/i.java, line(s) 145 g/d/a/a/a/a.java, line(s) 168
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: c/c/b/n.java, line(s) 18 c/h/d/b/q.java, line(s) 17 c/l/d/h.java, line(s) 21 c/p/b/t/i.java, line(s) 7 com/ss/ttvideoengine/utils/SessionIDGenerator.java, line(s) 6 com/zebra/base/BaseActivity.java, line(s) 33 d/f3/a.java, line(s) 5 d/f3/b.java, line(s) 5 d/f3/c.java, line(s) 6 d/f3/d.java, line(s) 7 d/f3/e.java, line(s) 7 d/f3/j/a.java, line(s) 6 d/s2/b0.java, line(s) 6 d/s2/w.java, line(s) 11
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: b/b/a/s/f.java, line(s) 85 c/e/a/r/i.java, line(s) 83 c/e/a/r/p/p.java, line(s) 99 c/h/c/o3.java, line(s) 304 c/h/c/r2.java, line(s) 88 com/ss/ttvideoengine/DataLoaderHelper.java, line(s) 3192,3624,3774,1146,1839,1914,1853,1944,1427 com/ss/ttvideoengine/TTVideoEngine.java, line(s) 8676 com/ss/ttvideoengine/database/KVDBManager.java, line(s) 65 com/ss/ttvideoengine/download/Downloader.java, line(s) 371,313 com/ss/ttvideoengine/setting/TTVideoEngineSettingModel.java, line(s) 26 com/zebra/code/manager/OAIDManager.java, line(s) 33
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: c/n/a/c0.java, line(s) 139 d/z2/a0/e.java, line(s) 394,395,414,415,418,419,439,440 d/z2/r.java, line(s) 129,155,156
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/zebra/code/widget/BrowserView.java, line(s) 631,633
中危 应用程序包含隐私跟踪程序
此应用程序有多个4隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 微信分享的=> "WX_SECRET" : "1cb6d4fb3285a94098484258cefdffb4" 凭证信息=> "UM_KEY" : "64c0b8b3a1a164591b59771e" 560017dc94e8f9b65f4ca997c7feb326 f81630b5764841ffbc0320ee2361b090 1cb6d4fb3285a94098484258cefdffb4 df2f045dfa854d8461d9cefe08b813c8 64c0b8b3a1a164591b59771e b012e20c9aab1cb5257aca2069cb79a9339b3a2224f771c78d64972137936eaf0b2f7ebd8d46c2607e1d7fe7723d40b147b8ecfa8fe2eaeee05210c75822381a
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: b/b/a/d/b.java, line(s) 187 b/b/a/h/c.java, line(s) 523 b/b/a/h/g.java, line(s) 134,135 b/b/a/l/h.java, line(s) 299 b/b/a/r/i.java, line(s) 130,133 c/c/b/a/a.java, line(s) 53,59 c/e/a/c.java, line(s) 228,260,310,317 c/e/a/p/a.java, line(s) 337 c/e/a/q/d.java, line(s) 97,123 c/e/a/q/f.java, line(s) 539,559,574 c/e/a/r/o/b.java, line(s) 48 c/e/a/r/o/j.java, line(s) 73,83,185,189,191,197 c/e/a/r/o/l.java, line(s) 49 c/e/a/r/o/o/c.java, line(s) 115 c/e/a/r/o/o/e.java, line(s) 54 c/e/a/r/p/a0/j.java, line(s) 119,162 c/e/a/r/p/a0/k.java, line(s) 98,143,153,174,183,195,205,226,233 c/e/a/r/p/b0/e.java, line(s) 62,68,95,105,116,128 c/e/a/r/p/b0/l.java, line(s) 150 c/e/a/r/p/c0/a.java, line(s) 154 c/e/a/r/p/c0/b.java, line(s) 48 c/e/a/r/p/d0/a.java, line(s) 89 c/e/a/r/p/h.java, line(s) 251,269,585 c/e/a/r/p/i.java, line(s) 62 c/e/a/r/p/k.java, line(s) 30 c/e/a/r/p/z.java, line(s) 60 c/e/a/r/q/c.java, line(s) 19 c/e/a/r/q/d.java, line(s) 42 c/e/a/r/q/f.java, line(s) 104 c/e/a/r/q/s.java, line(s) 106 c/e/a/r/q/t.java, line(s) 40 c/e/a/r/r/a.java, line(s) 84 c/e/a/r/r/d/f.java, line(s) 18 c/e/a/r/r/d/g0.java, line(s) 168,171,214,221,226,337 c/e/a/r/r/d/j0.java, line(s) 188 c/e/a/r/r/d/o.java, line(s) 197,202,245,254,258,268,283,285,288,295,297,302,311,317 c/e/a/r/r/d/q.java, line(s) 98,184,191,254,272 c/e/a/r/r/d/r.java, line(s) 49,55 c/e/a/r/r/d/w.java, line(s) 95,137,141,145,149,153,158,162,168 c/e/a/r/r/h/a.java, line(s) 85,90,95,104 c/e/a/r/r/h/c.java, line(s) 28 c/e/a/r/r/h/i.java, line(s) 45 c/e/a/s/e.java, line(s) 36,59,76 c/e/a/s/f.java, line(s) 19 c/e/a/s/o.java, line(s) 159 c/e/a/s/p.java, line(s) 273 c/e/a/s/r.java, line(s) 105 c/e/a/t/e.java, line(s) 53,58,61,67,70 c/e/a/v/k.java, line(s) 89 c/e/a/v/m/f.java, line(s) 78,119 c/e/a/v/m/r.java, line(s) 78,119 c/e/a/x/b.java, line(s) 53 c/e/a/x/o/a.java, line(s) 61 c/h/b/v/b.java, line(s) 166 c/h/b/v/c.java, line(s) 30,82,68,134,138,142 c/h/g/a/b/h/a.java, line(s) 111,117,120,121,130,131,132,133 c/n/a/w1.java, line(s) 267 c/p/b/e/j.java, line(s) 698,696 com/apm/applog/AppLog.java, line(s) 788,790 com/apm/applog/InitConfig.java, line(s) 493,530 com/apm/insight/MonitorCrash.java, line(s) 408,410,112 com/pangrowth/adclog/AdCLog.java, line(s) 182 com/ss/mediakit/fetcher/AVMDLURLFetcherBridge.java, line(s) 33,50,55,58,60,69,74,75,85,95,104,106,109,113,117,122,128 com/ss/mediakit/medialoader/AVMDLDataLoader.java, line(s) 370,372,374,446,618,644,680,683,709,716,719,727,955,1031,1062,1066,1105,1254,1289,1294,1297,1303,1306,1636,1644,1029 com/ss/mediakit/medialoader/AVMDLDataLoaderConfigure.java, line(s) 275,270 com/ss/mediakit/net/AVMDLDNSParser.java, line(s) 69,80,90,94,97,103,108,112,132,168,183,187,191,194,201,205,212,217,221,227,229,232,235,241,245,249,255,260,267,271,277,283,288,291,294,301,308,312,314,318,321,351,357,369,405,420,424,435 com/ss/mediakit/net/AVMDLDNSParserBridge.java, line(s) 27,36,60,65,67 com/ss/mediakit/net/AVMDLHostProcessor.java, line(s) 55,60,65,73,77,82,94,100,106,110,115,120,125,128,132,135,154,158,161 com/ss/mediakit/net/AVMDLThreadPool.java, line(s) 60 com/ss/mediakit/net/HTTPDNS.java, line(s) 50,55,60,64,66,74,76,91,139,165 com/ss/mediakit/net/HTTPDNSHosts.java, line(s) 37,40,73,75,82,84,87,103,147,150,164 com/ss/mediakit/net/IPCache.java, line(s) 60,63,115,118,126,139 com/ss/mediakit/net/LocalDNS.java, line(s) 27,34,38,81,99,104,112,115,121,128 com/ss/ttvideoengine/DataLoaderHelper.java, line(s) 329,629,726,741,839,844,886,891,987,1018,1286,1311,1431,1477,1671,2163,2238,2305,2314,2409,2413,2508,2575,2606,2644,2676,2685,2718,2748,2764,2790,2820,2835,2867,2976,2999,3004,3009,3015,3025,3038,3054,3076,3116,3173,3192,3624,3674,3741,3774,3779,3829,3888,3902,3921,3932,3957,3972,4108,518,708,729,735,744,747,767,938,956,990,1167,1289,1293,1467,1575,1625,1648,1652,1655,1659,1660,1877,1880,1974,1985,2002,2011,2022,2026,2037,2063,2091,2176,2214,2259,2285,2371,2386,2546,3065,3131,3618,3657,3724,3746,3761,3859,4017,4022,4045,4356,4422,4454,4460,4473,4481,4491,4497,4516,4521,935,1146,1333,1350,1358,1422,1427,1487,1517,1539,1566,1709,1839,1853,1914,1933,1944,1956,2054,2205,2308,2317,2374,2647,2692,2697,2715,2851,2909,2946,3020,3033,3049,3071,3134,3251,3372,3379,3839,3892,3898,3915,3952,3967,3995,4374,4391,4399,4410 com/ss/ttvideoengine/InfoWrapper.java, line(s) 100 com/ss/ttvideoengine/MediaPlayerWrapper.java, line(s) 41,55 com/ss/ttvideoengine/PreloaderVidItem.java, line(s) 109 com/ss/ttvideoengine/SettingsListener.java, line(s) 18 com/ss/ttvideoengine/TTDataLoaderDefaultListener.java, line(s) 107 com/ss/ttvideoengine/TTNetWorkListener.java, line(s) 60,105,112 com/ss/ttvideoengine/TTTestSpeedListener.java, line(s) 69,82,119,127,155,162,55 com/ss/ttvideoengine/TTVideoEngine.java, line(s) 1828,1835,2084,2098,2123,2187,2268,2355,2362,2764,2953,3042,3129,3149,3259,3386,3439,3593,3595,3806,3809,3833,3838,3841,3947,4241,4246,4251,4850,4912,5051,5073,5101,5142,5206,5210,5286,5297,5327,5536,5542,5550,5563,5565,5653,5792,5837,5896,6845,7042,7135,7329,7551,7555,7559,7562,7970,8147,8177,8344,8353,8366,8502,8733,1237,1254,1265,1406,1429,1443,1886,2254,2308,2347,2367,2369,2721,3608,3613,3618,3623,3628,3633,3639,3645,5378,5506,5529,7195,7680,8021,8253,8643,8699,8711,1172,1223,1361,1383,1416,1481,1485,1489,1940,1969,1975,2232,2286,2304,2375,2386,2478,2534,2544,2588,2643,2667,2686,2690,2795,2833,3306,3319,3410,3460,3467,3483,3658,3662,3710,3716,3767,3783,3797,3898,3902,3960,3978,4027,4095,4202,4219,4295,4396,4402,4431,4440,4543,4637,4778,5148,5249,5255,5303,5384,5448,5460,5474,5503,5517,5556,5805,6007,6026,6068,6393,6609,6629,6658,6798,6819,6887,6938,7046,7050,7058,7101,7112,7224,7231,7367,7374,7490,7608,7616,7628,7636,7660,7669,7678,7689,7698,7708,7730,7753,7759,7795,7805,7847,7959,8001,8008,8033,8206,8221,8225,8265,8274,8283,8292,8381,8391,8400,8676,8802,1233,1921,3412,3485,5973,6255 com/ss/ttvideoengine/TTVideoEngineLooperThread.java, line(s) 365,149,153,327,443,458,61,301,350,497,550,560,574,582,590,598,606,614,622,636,649,662,682,693,714,746,787,797,802 com/ss/ttvideoengine/TTVideoEngineSurfaceCallback.java, line(s) 13,26,35 com/ss/ttvideoengine/VideoCacheManager.java, line(s) 175,184,189,200,259,299,310,312,316,318,342,349,407,411,453,283,303,257,292,296,359,386,451 com/ss/ttvideoengine/VideoInfoCollector.java, line(s) 69,81,92 com/ss/ttvideoengine/data/P2PStragetyManager.java, line(s) 54,61,67,76,83,90,97,99,108,111,116,120,122,127,140,144,150,153,162,165,178,183,190,192 com/ss/ttvideoengine/database/KVDBManager.java, line(s) 36,70,74,111,115,39,43,49,58,87,124,102 com/ss/ttvideoengine/database/VideoModelDBManager.java, line(s) 37,53,69,71,86,121,124,162,167,51,89,112 com/ss/ttvideoengine/download/DownloadTask.java, line(s) 204,208,288,293 com/ss/ttvideoengine/download/DownloadURLTask.java, line(s) 90,92,96,145,147,154,173,189,104,126 com/ss/ttvideoengine/download/DownloadVidTask.java, line(s) 67,71,87,130,453,455,459,529,531,538,553,558,562,578,593,289,431,209,234,505,513 com/ss/ttvideoengine/download/Downloader.java, line(s) 81,86,94,112,117,171,263,294,412,510,516,526,647,664,678,682,688,181,190,272,313,482,493,564,573,704,305,345,360,371,473,615,651 com/ss/ttvideoengine/fetcher/FetcherMaker.java, line(s) 33,37,45,48,58,61 com/ss/ttvideoengine/fetcher/MDLFetcher.java, line(s) 97,103,106,119,144,40,43,55,156,165,181 com/ss/ttvideoengine/fetcher/SubInfoFetcher.java, line(s) 100 com/ss/ttvideoengine/fetcher/VideoInfoFetcher.java, line(s) 206,137,194,202,226,237,296,301,306,315,393,461 com/ss/ttvideoengine/log/AppLogTOBVer2.java, line(s) 44,53,55,77,59 com/ss/ttvideoengine/log/VideoEventBase.java, line(s) 297,303,385,582,596,607,356,378 com/ss/ttvideoengine/log/VideoEventLogger.java, line(s) 997,238,243,265 com/ss/ttvideoengine/log/VideoEventLoggerV2.java, line(s) 336,1393,1929,2857,231,453,457,1941,1949,228,247,255,478,1110,1554 com/ss/ttvideoengine/log/VideoEventManager.java, line(s) 36,46,56,65,71,93,99,120,145 com/ss/ttvideoengine/log/VideoEventOneError.java, line(s) 177,180 com/ss/ttvideoengine/log/VideoEventOneEvent.java, line(s) 282,303,333,344,398 com/ss/ttvideoengine/log/VideoEventOneOpera.java, line(s) 240,264,291,313 com/ss/ttvideoengine/log/VideoEventOnePlay.java, line(s) 748 com/ss/ttvideoengine/log/VideoEventSampleRecord.java, line(s) 497 com/ss/ttvideoengine/model/IntertrustDrmHelper.java, line(s) 87,116,192,235,268,301,335,364,397,143,161,165,169,173,209,214,219,224,229,247,252,257,262,280,285,290,295,314,318,322,326,347,351,355,359,376,381,386,391,409,414,419,424,105,123 com/ss/ttvideoengine/model/LiveVideoRef.java, line(s) 45 com/ss/ttvideoengine/model/MediaBitrateFitterInfo.java, line(s) 86,25,50,63 com/ss/ttvideoengine/model/VideoModel.java, line(s) 85 com/ss/ttvideoengine/model/VideoSeekTs.java, line(s) 32,43 com/ss/ttvideoengine/model/VideoThumbInfo.java, line(s) 128,146 com/ss/ttvideoengine/net/ChannelSelect.java, line(s) 205,214,232,241 com/ss/ttvideoengine/net/DNSParser.java, line(s) 163,179,73 com/ss/ttvideoengine/net/DNSServerIP.java, line(s) 32 com/ss/ttvideoengine/net/HTTPDNS.java, line(s) 37,52,25 com/ss/ttvideoengine/net/LocalDNS.java, line(s) 103,116,46 com/ss/ttvideoengine/net/TTHTTPNetwork.java, line(s) 78,99,109,206,257,270,94 com/ss/ttvideoengine/preload/MediaLoadStrategy.java, line(s) 265,353,53,118,64,74,80,87,96,114,139,143,151,154,171,195,199,202,242,278,295 com/ss/ttvideoengine/preload/MediaTaskCenter.java, line(s) 29,37,45,59,67,73,85,93,116 com/ss/ttvideoengine/selector/shift/SpeedShiftSelector.java, line(s) 179 com/ss/ttvideoengine/setting/EngineSettingModel.java, line(s) 29 com/ss/ttvideoengine/setting/TTVideoEngineSettingManager.java, line(s) 82 com/ss/ttvideoengine/setting/TTVideoEngineSettingModel.java, line(s) 100 com/ss/ttvideoengine/strategrycenter/StrategyCenter.java, line(s) 29,37 com/ss/ttvideoengine/utils/EngineThreadPool.java, line(s) 64,68,84 com/ss/ttvideoengine/utils/SntpClient.java, line(s) 120,159,168 com/ss/ttvideoengine/utils/TTHelper.java, line(s) 68,105,325,420,492,247,452 com/ss/ttvideoengine/utils/TimeService.java, line(s) 69,82,99,106 d/z2/d.java, line(s) 13,18,23,28,33,38,43,48,53,58,63,68,73,78,83,88,93,98,103,108,113 e/a/i4/a.java, line(s) 54
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: c/h/c/m3.java, line(s) 4,27,36 c/h/d/b/s/b.java, line(s) 27,27 c/p/b/s/b/s.java, line(s) 5,154 com/zebra/code/home/MeFragment.java, line(s) 4,152
信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: c/p/b/p/c.java, line(s) 72,72
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: c/l/c/n/b.java, line(s) 114,62,112,112
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: c/c/b/v/b.java, line(s) 493,493,493,493,493 c/p/b/r/b.java, line(s) 77,60,60,60,60,60,60
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (toblog.volceapplog.com) 通信。
{'ip': '58.222.46.208', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (apps.oceanengine.com) 通信。
{'ip': '58.222.46.208', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (tobapplog.volceapplog.com) 通信。
{'ip': '58.222.46.208', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (klink.volceapplog.com) 通信。
{'ip': '58.222.46.208', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (apmplus.volces.com) 通信。
{'ip': '58.222.46.208', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '宁波', 'latitude': '29.878410', 'longitude': '121.549767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.toutiaopage.com) 通信。
{'ip': '58.222.46.208', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (ichannel.snssdk.com) 通信。
{'ip': '58.222.46.208', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.jianshu.com) 通信。
{'ip': '58.222.46.208', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (toblog.ctobsnssdk.com) 通信。
{'ip': '58.222.46.208', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '镇江', 'latitude': '32.209366', 'longitude': '119.434372'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (rtapplog.snssdk.com) 通信。
{'ip': '58.222.46.208', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (log-api.oceanengine.com) 通信。
{'ip': '58.222.46.208', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (zebracode.top) 通信。
{'ip': '150.158.41.127', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (abtest.volceapplog.com) 通信。
{'ip': '58.222.46.208', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (jdsp.zebracode.top) 通信。
{'ip': '150.158.41.127', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.chengzijianzhan.com) 通信。
{'ip': '58.222.46.205', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (vfx.mtime.cn) 通信。
{'ip': '58.218.215.150', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '徐州', 'latitude': '34.266666', 'longitude': '117.166664'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (apps.bytesfield.com) 通信。
{'ip': '121.228.130.193', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (i.snssdk.com) 通信。
{'ip': '121.228.130.193', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (log.snssdk.com) 通信。
{'ip': '121.228.130.193', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (sf6-ttcdn-tos.pstatp.com) 通信。
{'ip': '121.228.130.193', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '台州', 'latitude': '28.666668', 'longitude': '121.349998'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (alink.volceapplog.com) 通信。
{'ip': '121.228.130.193', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (rtlog.snssdk.com) 通信。
{'ip': '121.228.130.193', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '徐州', 'latitude': '34.266666', 'longitude': '117.166664'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (toblog-alink.ctobsnssdk.com) 通信。
{'ip': '121.228.130.193', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (applog.snssdk.com) 通信。
{'ip': '121.228.130.193', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (apps.bytesfield-b.com) 通信。
{'ip': '121.228.130.193', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (mon.snssdk.com) 通信。
{'ip': '121.228.130.193', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '南通', 'latitude': '32.030296', 'longitude': '120.874779'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (beian.miit.gov.cn) 通信。
{'ip': '116.211.128.178', 'country_short': 'CN', 'country_long': '中国', 'region': '湖北', 'city': '武汉', 'latitude': '30.583330', 'longitude': '114.266853'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (tobapplog.ctobsnssdk.com) 通信。
{'ip': '121.228.130.195', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}