页面标题
页面副标题
移动应用安全检测报告
Mi Movistar v12.1.5
48
安全评分
安全基线评分
48/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
4
高危
27
中危
2
信息
2
安全
隐私风险评估
6
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
4
中危安全漏洞
27
安全提示信息
2
已通过安全项
2
重点安全关注
1
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/reactnativecommunity/webview/c.java, line(s) 496,16 com/sas/ia/android/sdk/MRAIDWebView.java, line(s) 667,672,686,19,20 com/swrve/sdk/conversations/ui/video/WebVideoViewBase.java, line(s) 32,8,9
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/sas/mkt/mobile/sdk/util/SecureStorage.java, line(s) 68
高危安全漏洞 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
org/mbte/dialmyapp/userdata/ConfigurationDataManager.java, line(s) 193
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个6隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 Activity (com.google.android.gms.tagmanager.TagManagerPreviewActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.sas.mkt.mobile.sdk.SASCollectorBroadcastReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (org.mbte.dialmyapp.app.AppReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (org.mbte.dialmyapp.activities.InboxActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (org.mbte.dialmyapp.activities.NotificationActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (org.mbte.dialmyapp.activities.ViewProfileActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (org.mbte.dialmyapp.app.PhoneUpdateReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (org.mbte.dialmyapp.sms.DMASMSBroadcastReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (io.invertase.firebase.messaging.ReactNativeFirebaseMessagingReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.adjust.sdk.AdjustReferrerReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.INSTALL_PACKAGES [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (app.notifee.core.NotificationReceiverActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (app.notifee.core.AlarmPermissionBroadcastReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 高优先级 Intent(2000001) - {1} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: ah/z.java, line(s) 9 com/sas/mkt/mobile/sdk/util/AndroidXorIdProvider.java, line(s) 4 hc/e.java, line(s) 6 ii/n2.java, line(s) 30 ik/z.java, line(s) 12 l6/a.java, line(s) 3 l6/b.java, line(s) 10 le/xc.java, line(s) 46 m3/a.java, line(s) 16 m6/a.java, line(s) 9 org/mbte/dialmyapp/netconnection/a.java, line(s) 28 qj/a.java, line(s) 3 qj/b.java, line(s) 3 rj/a.java, line(s) 3 wk/d.java, line(s) 17 wk/h.java, line(s) 5 zd/m2.java, line(s) 5
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: bc/m0.java, line(s) 5,6,105,193,211,342,433,706,726,778 bc/t0.java, line(s) 4,5,118 com/sas/mkt/mobile/sdk/database/EventsSQLiteHelper.java, line(s) 4,5,22,28 d2/c.java, line(s) 5,6,7,8,9,142,223 le/id.java, line(s) 3,53 le/k.java, line(s) 5,6,200,322,963,1491,1518 le/t.java, line(s) 4,5,15 m6/c.java, line(s) 6,7,8,77,95 m6/e.java, line(s) 6,7,30,84 ph/k.java, line(s) 4,5,6,93 pi/c.java, line(s) 6,7,107,177 pi/g.java, line(s) 7,8,105 zd/l3.java, line(s) 6,7,8,171 zd/n3.java, line(s) 5,6,7,33 zd/t.java, line(s) 5,6,156,179 zd/u.java, line(s) 5,6,7,27
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: c6/c.java, line(s) 24,24,24,28,24,28,24,24
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/learnium/RNDeviceInfo/RNDeviceModule.java, line(s) 475 com/reactnativecommunity/webview/d.java, line(s) 247 com/rnfs/RNFSManager.java, line(s) 585,574,576,579,603 i3/c.java, line(s) 432,471,502,514,532,482,483,484,485,486,487,488,489,497,509,530 io/invertase/firebase/utils/ReactNativeFirebaseUtilsModule.java, line(s) 112,121,122,123 k3/c.java, line(s) 39 p7/a.java, line(s) 249 rl/c.java, line(s) 13,14,23 z7/a.java, line(s) 64
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/swrve/sdk/conversations/engine/model/ControlActions.java, line(s) 9,8,10 com/swrve/sdk/messaging/model/Arg.java, line(s) 31 com/swrve/sdk/messaging/model/Conditions.java, line(s) 40 eh/b.java, line(s) 131 i5/j.java, line(s) 40 io/invertase/notifee/NotifeeEventSubscriber.java, line(s) 17,25 k5/c.java, line(s) 40 kl/g.java, line(s) 872 n6/d.java, line(s) 85 org/mbte/dialmyapp/messages/fcm/FcmHandler.java, line(s) 24 q3/g.java, line(s) 70 s3/d.java, line(s) 37 s3/p.java, line(s) 95 s3/x.java, line(s) 84 x2/d.java, line(s) 41
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/reactnativecommunity/webview/d.java, line(s) 247 p7/a.java, line(s) 102 pa/k.java, line(s) 81 sg/c.java, line(s) 53 y1/w.java, line(s) 69
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/sas/ia/android/sdk/MRAIDWebView.java, line(s) 1239,1243
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: c8/c.java, line(s) 13 ii/k1.java, line(s) 145 og/k.java, line(s) 58 sg/b.java, line(s) 48 wg/f0.java, line(s) 50
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: i3/k.java, line(s) 43 ii/k1.java, line(s) 244,93 le/xc.java, line(s) 253 org/mbte/dialmyapp/company/WellknownManager.java, line(s) 74
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "google_app_id" : "1:439784325935:android:017cfdd3e601af647217da" 017cfdd3e601af647217da 24b2477514809255df232947ce7928c4 3de9fc3d-333e-4f2d-a135-3bdd16448ca4 2a34908ba2ef68cc767f6f241e4e9b62 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 AIzaSyDSYEmV42B4Qy6e85OF1PgN52EK6jnzQQo 38f00f8738e241daea6f37f6f55ae8414d7b0219 a59cc22b06e263270614a1e34c446daa 1ddaa4b892e61b0f7010597ddc582ed3
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a2/a.java, line(s) 103 ae/s.java, line(s) 16,22,31 ae/t.java, line(s) 21,31 ae/v.java, line(s) 38 ah/o.java, line(s) 95,156,174,176 am/a.java, line(s) 63,82 app/notifee/core/AlarmPermissionBroadcastReceiver.java, line(s) 13 app/notifee/core/Logger.java, line(s) 14,19,40,46,25,30,35 app/notifee/core/RebootBroadcastReceiver.java, line(s) 13 b0/a.java, line(s) 227,117,202,269 b0/e.java, line(s) 112,223 bd/a.java, line(s) 45,50,37 bh/e.java, line(s) 125 bh/l.java, line(s) 60 bi/h.java, line(s) 94,152 c2/h.java, line(s) 74,60,64 c3/s1.java, line(s) 117 ch/a.java, line(s) 47 ch/c.java, line(s) 47 com/adjust/nativemodule/Adjust.java, line(s) 531,539,547,555,582 com/agontuk/RNFusedLocation/RNFusedLocationModule.java, line(s) 45 com/learnium/RNDeviceInfo/RNDeviceModule.java, line(s) 282,342,687,831,865,871,1040,1056 com/ninty/system/setting/SystemSetting.java, line(s) 117,361,371,394,413,544,303,539,585 com/reactnativecommunity/cookies/CookieManagerModule.java, line(s) 349,362 com/reactnativecommunity/webview/b.java, line(s) 149,132,151 com/reactnativecommunity/webview/c.java, line(s) 173,186 com/reactnativecommunity/webview/d.java, line(s) 348,353,395,400,155,159,202,484 com/sas/ia/android/sdk/AbstractAd.java, line(s) 126 com/sas/ia/android/sdk/InterstitialWebActivity.java, line(s) 265 com/sas/ia/android/sdk/MRAIDWebView.java, line(s) 564,573,1426,1231,1349,617,638,1346 com/sas/ia/android/sdk/g.java, line(s) 185 com/sas/mkt/mobile/sdk/ActivityLifecycleListener.java, line(s) 50,57,62,70,75,87,111,117,123,125,136,141,143,153,25 com/sas/mkt/mobile/sdk/DeviceAndApplicationInfoHelper.java, line(s) 28,54,71,77,90 com/sas/mkt/mobile/sdk/InternalSingleton.java, line(s) 174,178,203,395,420,478,485,492,500,611,614,725,732,734,742,814,823,849,115,121,180,211,215,220,316,411,425,438,442,463,466,508,521,525,531,578,820,449,453,456,458,482,128,134,141,165,190,205,225,227,275,332,385,397,416,434,548,607,627,677,686,696,717,736,749,761,785,817,841,852,855,864,877 com/sas/mkt/mobile/sdk/MonitoredApplication.java, line(s) 21 com/sas/mkt/mobile/sdk/MonitoredMultiDexApplication.java, line(s) 21 com/sas/mkt/mobile/sdk/SASCollectorBroadcastReceiver.java, line(s) 33,42,46,54,78,96,88 com/sas/mkt/mobile/sdk/SASCollectorIntentService.java, line(s) 43,50,59,116,56,122,53,77,98,112 com/sas/mkt/mobile/sdk/ads/SASCollectorAd.java, line(s) 103,122,141,210,267,273,195,79,246 com/sas/mkt/mobile/sdk/ads/SASCollectorInterstitialAd.java, line(s) 193,78,232 com/sas/mkt/mobile/sdk/beacon/BeaconParser.java, line(s) 21,16 com/sas/mkt/mobile/sdk/beacon/BeaconScan.java, line(s) 76,108,113,118,122,134,145,58,64,72,136,150,152 com/sas/mkt/mobile/sdk/database/EventsDataSource.java, line(s) 102,117,129,134,141,149,160,43,104,52 com/sas/mkt/mobile/sdk/database/EventsSQLiteHelper.java, line(s) 27 com/sas/mkt/mobile/sdk/domain/AppEnvironment.java, line(s) 36,38,43,49 com/sas/mkt/mobile/sdk/iam/LargeIAMRootView.java, line(s) 41 com/sas/mkt/mobile/sdk/iam/MobileMessageHelper.java, line(s) 65,87,103,117,128,132,149,159,255,260,335,361,376,395,70,111,155,164,182,204,215,270,287,308,351,403,56,241,324,72,77,90,120,141,251,282,320 com/sas/mkt/mobile/sdk/iam/SmallMessageFragmentX.java, line(s) 32,66,36 com/sas/mkt/mobile/sdk/loc/GeofenceManager.java, line(s) 28,41,99,104,108,121,136,45,48,126,129,95 com/sas/mkt/mobile/sdk/loc/LocationHelper.java, line(s) 26,32,38,49,59,22,55,63,65,46 com/sas/mkt/mobile/sdk/offline/OfflineEventManager.java, line(s) 77,95,111,125,133,135,144,162,165,185,191,194,197,199,212,158,180,41,69,137,169 com/sas/mkt/mobile/sdk/server/HttpURLConnectionFactory.java, line(s) 30 com/sas/mkt/mobile/sdk/server/MidtierServices.java, line(s) 72,106,107,128,131,140,110 com/sas/mkt/mobile/sdk/tasks/CleanRemoteImagesTask.java, line(s) 13,17,38,30,33,40 com/sas/mkt/mobile/sdk/tasks/DetachIdentity.java, line(s) 38 com/sas/mkt/mobile/sdk/tasks/IdentityTask.java, line(s) 53,56,74,88 com/sas/mkt/mobile/sdk/tasks/LoadGeofencesTask.java, line(s) 37,52,53,32 com/sas/mkt/mobile/sdk/tasks/PersistEventsTask.java, line(s) 31,33,21 com/sas/mkt/mobile/sdk/tasks/PostEventsTask.java, line(s) 28,35,48,62,70 com/sas/mkt/mobile/sdk/tasks/QueueEventTask.java, line(s) 86,34,95,96,92 com/sas/mkt/mobile/sdk/tasks/SASCollectorExecutor.java, line(s) 27,58,49,55,42 com/sas/mkt/mobile/sdk/tasks/UpdateToken.java, line(s) 24,32 com/sas/mkt/mobile/sdk/util/ImageHandler.java, line(s) 36,41,45,28,50,53 com/sas/mkt/mobile/sdk/util/SLog.java, line(s) 33,51,68,100,78,88,94 com/sas/mkt/mobile/sdk/util/SecureStorage.java, line(s) 39,56,84,104 com/sas/mkt/mobile/sdk/util/TLSSocketFactory.java, line(s) 33,34,35,37 com/services/movistar/ar/AdditionalPermissionsModule.java, line(s) 30,36,46,53,59,61,68,74,80,87,93,100,105,120,135,113,128 com/services/movistar/ar/CI360AndroidModule.java, line(s) 44 com/services/movistar/ar/CI360InlineAdViewManager.java, line(s) 58 com/services/movistar/ar/MainActivity.java, line(s) 38,43,51 com/services/movistar/ar/MainApplication.java, line(s) 47,48,49,63 com/services/movistar/ar/OpenAppModule.java, line(s) 36,25 com/services/movistar/ar/RNFirebaseMessagingService.java, line(s) 25,14,15 com/swmansion/gesturehandler/react/RNGestureHandlerModule.java, line(s) 645 com/swmansion/gesturehandler/react/RNGestureHandlerRootView.java, line(s) 93 com/swmansion/reanimated/NativeProxy.java, line(s) 262 com/swmansion/reanimated/ReanimatedModule.java, line(s) 281 com/swmansion/reanimated/b.java, line(s) 86 com/swmansion/reanimated/g.java, line(s) 19 com/swmansion/reanimated/nodes/i.java, line(s) 20 com/th3rdwave/safeareacontext/SafeAreaView.java, line(s) 138 d2/d.java, line(s) 245 d4/a.java, line(s) 66,83,89,96,67,84,90,97 d4/d.java, line(s) 21,22 d4/j.java, line(s) 39,42 e2/a.java, line(s) 93 eg/g.java, line(s) 26,33,36,45,83 eg/o.java, line(s) 100 ei/g.java, line(s) 56 el/g.java, line(s) 17 f0/d.java, line(s) 91,187 f0/h1.java, line(s) 186,202,208,257,288,298,309,317,185,201,207,256,287,297,308,316,139,211,262,279 f0/m.java, line(s) 42 f0/p1.java, line(s) 62 f4/f.java, line(s) 12,11 f4/o.java, line(s) 140,141 f4/p.java, line(s) 276,308,296,190,259,275,292,295,307,191,261,263,293 f4/r.java, line(s) 91,92 f4/s.java, line(s) 168,132,167,189,207,133,192,208 f4/t.java, line(s) 96,103,97,104 fi/b.java, line(s) 31 g3/a.java, line(s) 212,222,249,253,272,276 g3/d.java, line(s) 37 g4/d.java, line(s) 49,56,67,72,48,55,60,66,71,61 gc/b.java, line(s) 26,44,53,63 h2/a.java, line(s) 75 h3/h.java, line(s) 36,45 hc/a.java, line(s) 90 hc/n.java, line(s) 149 hc/p.java, line(s) 28,23 hd/b.java, line(s) 91,102 he/r.java, line(s) 81,29 i2/i.java, line(s) 54,66,81 i2/t0.java, line(s) 33 i4/h.java, line(s) 123,17,554,579 id/h.java, line(s) 16 id/s.java, line(s) 18,15 id/t.java, line(s) 66,74,47,56 ih/d.java, line(s) 24,30,36,41,85 ii/l2.java, line(s) 68,71,74,78,80,82 io/invertase/firebase/app/ReactNativeFirebaseAppModule.java, line(s) 34 io/invertase/firebase/messaging/ReactNativeFirebaseMessagingModule.java, line(s) 184 io/invertase/firebase/messaging/ReactNativeFirebaseMessagingReceiver.java, line(s) 18,23,43 io/invertase/firebase/utils/ReactNativeFirebaseUtilsModule.java, line(s) 98 io/invertase/notifee/l0.java, line(s) 96,209 j0/c.java, line(s) 58 j0/d.java, line(s) 66 j0/h.java, line(s) 136,145,262 j1/a.java, line(s) 292,790,812,951,954,963,969,1021,1032,1039,1122,1200,1271,1366,1427,1440,1494,1565,1608,1648,125,862,1086,1094,1156,1161,1341,1578,1582,1586,1807 j2/c.java, line(s) 187,190 j2/h.java, line(s) 264,267 j4/d.java, line(s) 53,133,134,54 j4/k.java, line(s) 55,135,136,56 jf/d.java, line(s) 137,170 jh/a.java, line(s) 53,59 k/g.java, line(s) 174,220,277 k0/d.java, line(s) 508,513 k0/f.java, line(s) 70 k0/g.java, line(s) 41,73 k0/h.java, line(s) 54,215 k0/l.java, line(s) 105 kf/b.java, line(s) 54 kh/a.java, line(s) 17,29 kh/c.java, line(s) 47,53,55,76,107,109,145,236,240,368,370 l/c.java, line(s) 276 l1/c.java, line(s) 207,222,81 l4/a.java, line(s) 20 ld/k.java, line(s) 28 le/y4.java, line(s) 166 m3/a.java, line(s) 98 m3/e.java, line(s) 94 mf/h.java, line(s) 481 mh/b.java, line(s) 12,20 n3/b.java, line(s) 296 n4/a.java, line(s) 57,58 ne/a.java, line(s) 76,87,91,106 o3/d.java, line(s) 99,126,98,125 o8/f.java, line(s) 36 o9/f.java, line(s) 119 o9/o.java, line(s) 95 oe/a.java, line(s) 127,201,288,300,144,216 og/k.java, line(s) 91 og/n.java, line(s) 83,103,121 og/s.java, line(s) 31,41,30,40 oh/c.java, line(s) 50,153 ol/a.java, line(s) 29 org/mbte/callmyapp/hash/BloomFilterTester.java, line(s) 17,31,38,77 org/mbte/dialmyapp/app/BaseApplication.java, line(s) 565,805,824,607,850,955,468,870,915,791,811,830,504,890,935 org/mbte/dialmyapp/app/InjectingRef.java, line(s) 192,196,542 org/mbte/dialmyapp/messages/fcm/FcmHandler.java, line(s) 284 org/mbte/dialmyapp/netconnection/a.java, line(s) 314,158 org/mbte/dialmyapp/phone/PhoneUtils.java, line(s) 378 org/mbte/dialmyapp/plugins/file/FileUtils.java, line(s) 353,621,847,865,868,708 org/mbte/dialmyapp/plugins/media/AudioHandler.java, line(s) 181,197 org/mbte/dialmyapp/plugins/media/a.java, line(s) 192,205,225,246,260,295,301,350,358,389,393,284 org/mbte/dialmyapp/util/AutoStartHelper.java, line(s) 243,76,134 org/mbte/dialmyapp/util/ITypedCallback.java, line(s) 49 org/mbte/dialmyapp/webview/VerificationSmsPlugin.java, line(s) 28,39,48,57,68,73,79,89,96,106,125 p0/h.java, line(s) 25,29,33 p0/v.java, line(s) 41 p1/b.java, line(s) 53,68,76,100,201,220,330,336,358,60 p3/a.java, line(s) 89,88 pd/a.java, line(s) 57,79 pd/h.java, line(s) 75,70,73 pd/l.java, line(s) 32 pe/c.java, line(s) 34,37,41,44,47,58,61 ph/h.java, line(s) 127,133,139,141,147,149 pl/a.java, line(s) 13,16 prscx/imagehelper/RNImageHelperModule.java, line(s) 54 q/c.java, line(s) 220 q/h.java, line(s) 27,36,46,55,64,73 q1/d.java, line(s) 55 qc/f.java, line(s) 35 r1/a.java, line(s) 104,109 r3/c.java, line(s) 102,101 r3/e.java, line(s) 55,54 rf/i.java, line(s) 30,21,37,44,29,36,43,50,51,57,58 rg/b.java, line(s) 26 s0/c.java, line(s) 51,54 s3/h.java, line(s) 537,458,473,536,626 s3/i.java, line(s) 55,56 s3/k.java, line(s) 14,156 s3/q.java, line(s) 97 s3/z.java, line(s) 70,114,69,104,113,105 sc/a.java, line(s) 87,100,121,220,269,284,86,99,120,219,268,283,117,137,149,291,312,333 sc/a0.java, line(s) 60,59 sc/b0.java, line(s) 47,29,68 sc/i.java, line(s) 17,14,14 sc/u.java, line(s) 35,76,146,34,75,89,145,191,223,252,281,90,192,224,253,282,42,180 sc/v.java, line(s) 24 sc/x.java, line(s) 28,35,27,34 sg/b.java, line(s) 52,73 t3/i.java, line(s) 141,181,142,182 t3/k.java, line(s) 96,108,181,220,95,107,128,135,161,180,190,209,219,129,136,167,191,210 tc/a0.java, line(s) 75,93,97,123,127,57 tc/d.java, line(s) 151,198,205 tc/h0.java, line(s) 53,55,49 tc/i.java, line(s) 42,108,50,88,127,139,149,155,158,160,164 tc/j.java, line(s) 41,69 tc/n.java, line(s) 24 tc/w.java, line(s) 47 te/h.java, line(s) 50 tg/c.java, line(s) 86,261,264,94,95,296,298 tk/e.java, line(s) 45,82,82 u0/j1.java, line(s) 700,717,473,485,492,501,46,65,691 u0/l0.java, line(s) 1274,1181,1273 u0/n0.java, line(s) 41,52 u0/q0.java, line(s) 43,52,66,86,100,115,129 u0/w.java, line(s) 69 u3/e.java, line(s) 36,42,70,80,94,37,71,43,83,95 u3/i.java, line(s) 122,106 ub/k.java, line(s) 37,44,47,55,81,84,87,90,93 v0/a0.java, line(s) 262 v3/a.java, line(s) 265,262 vc/f.java, line(s) 256,355 vc/f2.java, line(s) 48 vc/h1.java, line(s) 126,403 vc/k1.java, line(s) 50 vc/l1.java, line(s) 48 vc/m2.java, line(s) 20,29 vc/q0.java, line(s) 302,91,299,300,301,314,315 vc/r2.java, line(s) 26 vc/s2.java, line(s) 43,96,101,67,69 vc/t0.java, line(s) 27 vc/v.java, line(s) 168,273 vc/y0.java, line(s) 25 vi/a.java, line(s) 14 w/c.java, line(s) 108 w1/n.java, line(s) 29 w3/c.java, line(s) 16,15 w3/d.java, line(s) 45,44 w3/f.java, line(s) 147,146 w3/r.java, line(s) 35,38 w3/s.java, line(s) 35,34 wg/b1.java, line(s) 69,69 wg/c1.java, line(s) 33,47,92,151,91,113,113,145,166,179,195 wg/d.java, line(s) 227,294,297,146,160,170,194,213,217,222,254,261 wg/e.java, line(s) 66,65,88,92,94 wg/f0.java, line(s) 83 wg/h0.java, line(s) 47,38,39,46,64,65,32 wg/j0.java, line(s) 83,102,115 wg/l.java, line(s) 22,21 wg/o.java, line(s) 26 wg/o0.java, line(s) 28,43,33,51,27,40 wg/u0.java, line(s) 39,48,73,83,118,53,56,59,106,109,38,72,82,117 wg/w0.java, line(s) 57 wg/x0.java, line(s) 36,46,86,80,113,64,64,83,93,96,99 wg/y0.java, line(s) 32 wi/g.java, line(s) 66 wi/l.java, line(s) 76,235 x/g.java, line(s) 202,204 x/h.java, line(s) 32,48 x/m.java, line(s) 111,115,119 x/q.java, line(s) 129,131 x/r.java, line(s) 165,167,402 x0/f.java, line(s) 137 x6/f.java, line(s) 299,301,305,309,313,317,321 x8/d.java, line(s) 77 xb/a.java, line(s) 15,22,29,14,21,28,42,43,49,50 xf/e.java, line(s) 261,358,362,228 y1/s.java, line(s) 314 y1/w.java, line(s) 157,160,165 y3/l.java, line(s) 79,80 yc/a1.java, line(s) 29 yc/b.java, line(s) 11,19 yc/b1.java, line(s) 28 yc/c.java, line(s) 507,330,336,340,346,525 yc/c0.java, line(s) 127,146,161,173 yc/d1.java, line(s) 40,58 yc/k1.java, line(s) 49,54 yc/o1.java, line(s) 54 yc/v.java, line(s) 91,94,97,100,103,106,114,117,120,123,156,164 yc/v0.java, line(s) 34 yc/y.java, line(s) 27 yc/z0.java, line(s) 102 z/f.java, line(s) 97 z0/c.java, line(s) 133 z3/f.java, line(s) 24,25 z3/h0.java, line(s) 110,115,127,136,143,111,116,128,137,144,145,146,150 z3/k0.java, line(s) 140,137 z3/n.java, line(s) 181,199,209,212,215,218,221,253,260,348,358,370,382,387,180,198,208,211,214,217,220,252,259,347,357,369,381,386 z3/u.java, line(s) 91,304,90,171,303,390,450,172,231,409 z3/v.java, line(s) 35,41,36,42 z3/z.java, line(s) 113,125,131,137,143,149,156,162,170,126,132,138,144,150,157,163,171,114 zd/c1.java, line(s) 46,22 zd/h.java, line(s) 17,125,132 zd/o2.java, line(s) 14,35,42,54,21,28,49 zd/p1.java, line(s) 41,52,70,85,38,51,67
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: ii/l.java, line(s) 6,188
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: g6/b.java, line(s) 30,20,19,19 sk/d.java, line(s) 81,80,79 sk/e.java, line(s) 111,101,110,118,109,109 sk/j.java, line(s) 81,80,79,79 sk/k.java, line(s) 227,215,226,225,225 vl/c.java, line(s) 32,34,28,31,32,30,30
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: rf/w.java, line(s) 24
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (app-measurement.com) 通信。
{'ip': '180.163.150.161', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
综合安全基线评分总结
Mi Movistar v12.1.5
Android APK
48
综合安全评分
中风险