应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Playback Mic Pro v121
47
安全评分
安全基线评分
47/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
4
高危
17
中危
5
信息
2
安全
隐私风险评估
2
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
4
中危安全漏洞
17
安全提示信息
5
已通过安全项
2
重点安全关注
2
高危安全漏洞 Activity (eu.timetools.playbacknmi.ui.MainActivity) 易受 StrandHogg 2.0 攻击
检测到 Activity 存在 StrandHogg 2.0 任务劫持漏洞。攻击者可将恶意 Activity 置于易受攻击应用的任务栈顶部,使应用极易成为钓鱼攻击目标。可通过将启动模式设置为 "singleInstance" 并将 taskAffinity 设为空(taskAffinity=""),或将应用的 target SDK 版本(27)升级至 29 及以上,从平台层面修复该漏洞。
高危安全漏洞 Activity (com.begal.appclone.classes.DefaultProvider$MyActivity) 易受 StrandHogg 2.0 攻击
检测到 Activity 存在 StrandHogg 2.0 任务劫持漏洞。攻击者可将恶意 Activity 置于易受攻击应用的任务栈顶部,使应用极易成为钓鱼攻击目标。可通过将启动模式设置为 "singleInstance" 并将 taskAffinity 设为空(taskAffinity=""),或将应用的 target SDK 版本(27)升级至 29 及以上,从平台层面修复该漏洞。
高危安全漏洞 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: andhook/lib/BuildConfig.java, line(s) 3,6 com/begal/appclone/classes/BuildConfig.java, line(s) 3,6
高危安全漏洞 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
com/begal/appclone/classes/util/SimpleCrypt.java, line(s) 55
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Content Provider (com.begal.appclone.classes.DefaultProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.begal.appclone.service.RemoteService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.begal.appclone.classes.DefaultProvider$DefaultReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.begal.appclone.classes.DefaultProvider$MyActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/begal/appclone/classes/HostsBlocker.java, line(s) 147 com/cloudinject/customview/C0019.java, line(s) 496 com/cloudinject/customview/C0128.java, line(s) 496 mirrorb/android/app/job/C0028.java, line(s) 122 mirrorb/android/app/job/C0031.java, line(s) 377 mirrorb/android/app/job/C0228.java, line(s) 122 mirrorb/android/app/job/C0231.java, line(s) 377 mirrorb/android/app/role/C0034.java, line(s) 592 mirrorb/android/app/role/C0234.java, line(s) 592 mirrorb/android/app/servertransaction/C0037.java, line(s) 126 mirrorb/android/app/servertransaction/C0237.java, line(s) 126 mirrorb/android/bluetooth/C0041.java, line(s) 310 mirrorb/android/bluetooth/C0241.java, line(s) 310 mirrorb/android/graphics/drawable/C0044.java, line(s) 117 mirrorb/android/graphics/drawable/C0244.java, line(s) 117 mirrorb/android/hardware/display/C0045.java, line(s) 431 mirrorb/android/hardware/display/C0245.java, line(s) 431 mirrorb/android/media/session/C0047.java, line(s) 556 mirrorb/android/media/session/C0247.java, line(s) 556 mirrorb/android/net/wifi/C0052.java, line(s) 131 mirrorb/android/net/wifi/C0252.java, line(s) 131 mirrorb/android/os/storage/C0056.java, line(s) 602 mirrorb/android/os/storage/C0256.java, line(s) 602 mirrorb/android/providers/C0058.java, line(s) 376 mirrorb/android/providers/C0258.java, line(s) 376 mirrorb/android/rms/C0062.java, line(s) 365 mirrorb/android/rms/C0063.java, line(s) 373 mirrorb/android/rms/C0262.java, line(s) 365 mirrorb/android/rms/C0263.java, line(s) 373 mirrorb/android/security/net/config/C0064.java, line(s) 193 mirrorb/android/security/net/config/C0264.java, line(s) 193 mirrorb/android/service/persistentdata/C0066.java, line(s) 187,263 mirrorb/android/service/persistentdata/C0067.java, line(s) 314 mirrorb/android/service/persistentdata/C0266.java, line(s) 187,263 mirrorb/android/service/persistentdata/C0267.java, line(s) 314 mirrorb/android/view/accessibility/C0071.java, line(s) 317 mirrorb/android/view/accessibility/C0271.java, line(s) 317 mirrorb/android/webkit/C0072.java, line(s) 606 mirrorb/android/webkit/C0073.java, line(s) 153 mirrorb/android/webkit/C0272.java, line(s) 606 mirrorb/android/webkit/C0273.java, line(s) 153 mirrorb/java/io/C0090.java, line(s) 141 mirrorb/java/io/C0290.java, line(s) 141
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: i8/a.java, line(s) 3 i8/b.java, line(s) 4 j8/a.java, line(s) 4 k1/l1.java, line(s) 7 k2/v0.java, line(s) 4 mirrorb/android/providers/C0057.java, line(s) 61 mirrorb/android/providers/C0257.java, line(s) 61
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: f1/m0.java, line(s) 7,8,266,300,319,328,378,485,502,758 f1/t0.java, line(s) 4,5,135
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/begal/appclone/classes/Utils.java, line(s) 427 q5/c.java, line(s) 80
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: a5/e.java, line(s) 85
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: andhook/lib/xposed/XposedHelpers.java, line(s) 1087
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: q5/b.java, line(s) 55
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: cd/C0014.java, line(s) 230 cd/C0110.java, line(s) 230 com/begal/appclone/classes/BundleObb.java, line(s) 106 v6/a.java, line(s) 25
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个2隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "com.google.firebase.crashlytics.mapping_file_id" : "f6df8bfe893946629975ee38939b7114" "firebase_database_url" : "https://playback-mic.firebaseio.com" "google_api_key" : "AIzaSyBA_IF-94WZlMR7cdFwYBjyH1sGQ0k4TwA" "google_app_id" : "1:541294567202:android:b65f51b73ad55879444f7b" "google_crash_reporting_api_key" : "AIzaSyBA_IF-94WZlMR7cdFwYBjyH1sGQ0k4TwA" nEWYD347Bz/VmtmYM96cSWoCWRCLMJVsE38naNXQ+k30gdExyI+kVj3Z1fpu0Jssdnp1GWxEkHSTp n+ZGkpzrId6ak3RlpLm1xz5kePn0QOrZ5A3H9GIMf80wHeZ+l7OZo6Qh7HwFWh45t3iCsKEiATkXo nnEP6ewBXAAflTa7oYJUhwJEetmtGlXCvCL+m3LNYblk7NznmCXnpivcDfARoGWQz+wH3PlZaTRjs Y29tLmFwcGxpc3RvLmFwcGNsb25lci5jbGFzc2VzLnNlY29uZGFyeQ== nlwr5ETjezBRsKULS6ZJWAU8xvoIPcBxwGQRaC5I0iNvycX7oSARkPgQQQNKjwHJgQugIBGYiVLwY noCasBeYxdhEKpQwBfJ50pb7yY2abgNmki7C4F0QoQ4DC2slIhFm4VchWLJb0nGeaa3F9QicidEUf nd7qkHRn2vssMU5VdE3xYVka86jITBsDMNuBGM2mjDa9lhqhj7ifnqmsbvLfG5CH0PGDUkNXMvqV4 nxtAB6Dkkzc+55W9DaF97Fkkv5BBgPHxbUjgkvZgS+F2SbgztX10o9cGJpAXA1cB03BOr94DlZvZT nYfAXeebVnyGCJC3JuHeGh1/vFx2nMjvh++m8iTvax9jMPgHOBv5OMXlE0tICyhR86SYXchted46h nZWtL6D4gxleEjTgRsiZreZ8nNC9qRwx6BC0WIWuyNpCzY/YJalfUgLEw4LPgFs0T+snumNuJ4BOD nbmhoaGhoaMig8M5S0hTgENxxYMk8kg9v+nAPg34ys79CB6GnkDt8Q5KGon97Er8nPxu1LWU8UsbB nAP7xsB0qOvNGAL+5kIrOvBGghKD60AgQmEYAONDD9oSiM98ndOlrwNdAPL4fjn7G/UKyedoX+C60 n5cgy1k4ASf3A5cAFuJXKKaF9KpBPgDvM7KP4g1oIIGkCMADcBJwb2p8KOMvMPoUaCCBpALgfmBba n78C8qoIPewXwOcK9V1kHzIi2qlRGLEB3LDSVx3KgP3rEWSlxHzAZt8OgljPjEvkcWGJmr4dyoA/A nJBUhcameExFCkEhow4NEJCIST32oW4TEg3ogbg+NklAaSl1KFG2lNGlJimqU0/P3sGZ0nLNn9qx9 n4EPbNtXMNgNzgO0pJjfLc54Q9QnnUoOaUIYAPh3VtjxGkQhzM+wXdSDCxzgR/iipbLkIXQNuy2sY 470fa2b4ae81cd56ecbcda9735803434cec591fa n+AxcP7sT90e4wsx2lRLoVkh6KOeOs1Z8IekeSce3yWOWpL9T0tglaWGb+w/x8OmdyoJXQPCPkDTc n2olwU2SXZdN1AtzmEfwtI+49oSQRspqj1yT9EUqAMoahx3rYvpW8MLONwFzglxT7WyQ97eOMmX0M nbz2PpFXK5obQPvYskh5WPqaG9rXnkDRR0q6cAjxZdP59oQNQA84ADshpO6vozBsB4DAP2/2KzrwR nJ2k5MBi65DXhQ6iwE5b0BHBP6FLXhB3AUWa2u5ImSNKdNMFPcp2Z7YYKaoCkmcDa0CWuCVuBu8zs e1c11896715177e8674c72c2c4727324 njY7OJr0mLOpwiHpt4BgUi6Q3PCZi8h1SSjpR0vaM9LxEkHSMh69dMRHz7agGfUSIhqhzKG50dHiJ nCXBIWXMAAC4jAAAuIwF4pT92AAAHk0lEQVR42u2dW6wdUxjHf98pirqURElc6tIihKZOL0rqLiEl n6ILXhSq+P2Ae7qsIh4HV0REDDQ314F/QQmVQhaYmuwAAAABJRU5ErkJggg== nzHYAd4WORoWsA241sxkhgw8jJi6SHgPuC+lQifwMvAu8ZGavhnYmptVM+CLc4RUzgEm42eiehP2E bc00deb472afb865e3ca11a0804c7fb2b61c1f34bbdc587b8289a60689d2268d5e2806e339428007 nsw0NDQ0NDQ0FUesnYpIOBE4BTsKt2ewLTEyYDCfK0MfeUYzYO8ROjmQsca3o2lrYFJm2AXuAL81s b80c897ce5120ed00000242d50cf1f9f
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: andhook/lib/AndHook.java, line(s) 56,104 andhook/lib/HookHelper.java, line(s) 34,67,87,139,150,163,184,205,226,261,266,79 andhook/lib/xposed/XposedBridge.java, line(s) 30,26 andhook/lib/xposed/XposedHelpers.java, line(s) 468,479,490,501,512,523,534,545,556,567,582,593,604,615,626,637,648,659,670,681,692,703,714,725,736,747,758,769,780,791,802,813,824,835,846,857,868,881,894,907,928,943 b1/a.java, line(s) 15,22,29,14,21,28,42,43,49,50 b3/a.java, line(s) 114,150 b3/d.java, line(s) 23,41,50,60 c3/e0.java, line(s) 53,55,49 c3/f.java, line(s) 65,32,49,108,114,123,126 c3/g.java, line(s) 39,117 c3/q.java, line(s) 49 c3/u.java, line(s) 68,86,90,118,125,51 c3/z.java, line(s) 31,34,48 com/begal/appclone/classes/AbstractActivityContentProvider.java, line(s) 25,31 com/begal/appclone/classes/AppClonerNative.java, line(s) 16 com/begal/appclone/classes/ApplicationWrapper.java, line(s) 31,189,196,203,210,217,58,70,86,98,110,122,134,146,158,175 com/begal/appclone/classes/AutoPressButtons.java, line(s) 31,44,62,67,72,91,106,120,100,122,126,130,153 com/begal/appclone/classes/AutoRotateControls.java, line(s) 18,19,38,45,36,50 com/begal/appclone/classes/BackKeyHandler.java, line(s) 33,35,43,52,64,72,85,54,94 com/begal/appclone/classes/BluetoothControls.java, line(s) 18,19,37,40,45,52,58,61,43,64 com/begal/appclone/classes/BootReceiver.java, line(s) 14,24 com/begal/appclone/classes/BundleFilesDirectories.java, line(s) 18,30,38,46,61,41,66 com/begal/appclone/classes/BundleObb.java, line(s) 20,30,33,44,53,84,87 com/begal/appclone/classes/CalculatorActivity.java, line(s) 52,62,125,251 com/begal/appclone/classes/ClearCacheOnExitProvider.java, line(s) 16,43,47,21,39,52 com/begal/appclone/classes/ClearCacheOnExitService.java, line(s) 18,24 com/begal/appclone/classes/ClearCacheReceiver.java, line(s) 15 com/begal/appclone/classes/CloneSettings.java, line(s) 63,200,211,49,72,77,208 com/begal/appclone/classes/Configuration.java, line(s) 22,44,63,67,70,77,87,97,36,58,81,91,101 com/begal/appclone/classes/ConfirmExit.java, line(s) 14 com/begal/appclone/classes/CrashHandler.java, line(s) 71,80,94,26,60,82,98 com/begal/appclone/classes/DefaultFontProvider.java, line(s) 32 com/begal/appclone/classes/DefaultProvider.java, line(s) 42,78,83,91,95,111,57,70,102,117,175,182 com/begal/appclone/classes/DisableCameras.java, line(s) 24,45,62,80,100,106,126,140,28,57,75,93,121,133 com/begal/appclone/classes/DisableClipboardAccess.java, line(s) 58,94,98,102,109,116,122,128,145,149,153,157,161,165,174,186,191,202,206,210,217,224,230,236,253,257,261,265,269,273,282,294,299,308,338,347,353,358,362,379,396,72,136,244,301,340,365,382,398 com/begal/appclone/classes/FacebookLoginBehavior.java, line(s) 14,34 com/begal/appclone/classes/FacebookMessengerProvider.java, line(s) 36,38 com/begal/appclone/classes/FakeCalculator.java, line(s) 14,22,29,32 com/begal/appclone/classes/GmailSupport.java, line(s) 35,38,50,100,113,125,130,149,167,183,185,195,197,213,220,227,40,104,108,135,143,160,222 com/begal/appclone/classes/HeadphonesEventReceiver.java, line(s) 12,24,31,18,44 com/begal/appclone/classes/HostsBlocker.java, line(s) 83,111,119,133,155,158,169,222,249,257,265,270,305,316,325,334,345,358,426,103,121,281,297,348,441 com/begal/appclone/classes/InterruptionFilterControls.java, line(s) 21,22,37,47,48,57,62,64 com/begal/appclone/classes/LaunchTileService.java, line(s) 16,21,28 com/begal/appclone/classes/LogcatViewer.java, line(s) 49,308,63,147 com/begal/appclone/classes/NotificationOptions.java, line(s) 142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,188,193,198,200,250,302,319,326,93,233,241,252,256,285,355 com/begal/appclone/classes/OnAppExitListener.java, line(s) 19,26 com/begal/appclone/classes/OpenLinksWith.java, line(s) 26,42,50 com/begal/appclone/classes/PasswordActivity.java, line(s) 61,86,96,101,69,90,156,162,177,188 com/begal/appclone/classes/PasswordProvider.java, line(s) 12,14,21,24 com/begal/appclone/classes/PenEventReceiver.java, line(s) 12,17,35 com/begal/appclone/classes/PersistentApp.java, line(s) 13,21 com/begal/appclone/classes/PersistentAppService.java, line(s) 18 com/begal/appclone/classes/PictureInPicture.java, line(s) 28,34,40,52,63,73,83,65,88 com/begal/appclone/classes/PowerEventReceiver.java, line(s) 12,16,19,23,27,30,40 com/begal/appclone/classes/PreferenceEditor.java, line(s) 24,26,29,39,56,64 com/begal/appclone/classes/PressBackAgainToExit.java, line(s) 17,32,54 com/begal/appclone/classes/SecretDialerCodeReceiver.java, line(s) 15,25 com/begal/appclone/classes/SetBrightnessOnStart.java, line(s) 22,23,38,46,88,58,67,82,98,104 com/begal/appclone/classes/ShowOnLockScreen.java, line(s) 14,25 com/begal/appclone/classes/Signatures.java, line(s) 36,55,58,94,98,109,113,145,82,88,140,149,152,169,179,202,215 com/begal/appclone/classes/StartExitAppEventReceiver.java, line(s) 19,39,48,61,34,56,66 com/begal/appclone/classes/ToastFilter.java, line(s) 25,29,55,61,89,81,91 com/begal/appclone/classes/TrustAllCertificatesProvider.java, line(s) 37,39 com/begal/appclone/classes/Utils.java, line(s) 68,75,87,90,519,105,109,124,164,174,184,195,216,226,240,322,441,482,524,537,574,609 com/begal/appclone/classes/WhatsAppSupport.java, line(s) 30,59,72,45,62,66,85 com/begal/appclone/classes/WifiControls.java, line(s) 18,19,37,40,45,52,58,61,43,64 com/begal/appclone/classes/freeform/FreeFormWindow.java, line(s) 35,39,44,59 com/begal/appclone/classes/freeform/FreeFormWindowActivity.java, line(s) 37,53,56,76,96,59,89 com/begal/appclone/classes/service/RemoteService.java, line(s) 20 com/begal/appclone/classes/util/IActivityManagerHook.java, line(s) 19 com/begal/appclone/classes/util/IPackageManagerHook.java, line(s) 20 e3/a.java, line(s) 18 e3/a0.java, line(s) 45 e3/b.java, line(s) 178,196,355,359,363,369 e3/g0.java, line(s) 53,58 e3/k0.java, line(s) 50 e3/t.java, line(s) 33 e3/w.java, line(s) 101 e3/x.java, line(s) 28 e3/y.java, line(s) 20 e4/d.java, line(s) 160,193 f4/b.java, line(s) 40 g3/b.java, line(s) 54,65 h0/c.java, line(s) 111,132,126 h3/e.java, line(s) 16 h3/m.java, line(s) 16,15 h4/g.java, line(s) 406 j0/a.java, line(s) 30 java/io/ByteArrayOutputStrean.java, line(s) 13,17,18,35,20 k3/d.java, line(s) 36,100 m/d.java, line(s) 206 p4/e.java, line(s) 238,177,181,193 q0/b.java, line(s) 30 q5/b.java, line(s) 59,76 r0/m0.java, line(s) 34 r5/c.java, line(s) 95,98,120,128,129,150,156 s3/c.java, line(s) 52 s4/f.java, line(s) 33,40,43,52,86 s4/n.java, line(s) 130 v4/f.java, line(s) 31,41,18,51,61,71 w/g.java, line(s) 136 y0/k.java, line(s) 36,65,72,75,92,97,102,107,112 y2/r.java, line(s) 42,37,32,27 y4/n.java, line(s) 190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208 z/c.java, line(s) 422
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: d0/a.java, line(s) 77,77
安全提示信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/begal/appclone/classes/DisableClipboardAccess.java, line(s) 45,117,117,123,123,132,225,225,231,231,240,9
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/begal/appclone/classes/DisableClipboardAccess.java, line(s) 9,70,359
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://playback-mic.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: y4/h.java, line(s) 77,77,78
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/541294567202/namespaces/firebase:fetch?key=AIzaSyBA_IF-94WZlMR7cdFwYBjyH1sGQ0k4TwA ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (firebase-settings.crashlytics.com) 通信。
{'ip': '180.163.151.38', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (pagead2.googlesyndication.com) 通信。
{'ip': '180.163.151.38', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
综合安全基线评分总结
Playback Mic Pro v121
Android APK
47
综合安全评分
中风险