安全分析报告: Super Wallet v4.10.10

安全分数


安全分数 43/100

风险评级


等级

  1. A
  2. B
  3. C
  4. F

严重性分布 (%)


隐私风险

2

用户/设备跟踪器


调研结果

高危 4
中危 14
信息 3
安全 1
关注 2

高危 基本配置不安全地配置为允许到所有域的明文流量。 

Scope:
*

高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 

如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7

Files:
com/pinjam/sejahtera/activity/LoginPrivacyActivity.java, line(s) 44,4
com/pinjam/sejahtera/activity/WebViewActivity.java, line(s) 107,10,11
iadads/uauaa.java, line(s) 163,15

高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 

应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
uuada/udaddidda.java, line(s) 175
uuada/uddusdau.java, line(s) 151

高危 该文件是World Readable。任何应用程序都可以读取文件 

该文件是World Readable。任何应用程序都可以读取文件
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2

Files:
com/appsflyer/internal/AFb1tSDK.java, line(s) 1863

中危 Broadcast Receiver (com.appsflyer.MultipleInstallBroadcastReceiver) 未被保护。 

[android:exported=true]
发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (com.pinjam.sejahtera.push.PushNewService) 未被保护。 

[android:exported=true]
发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。 

Permission: com.google.android.c2dm.permission.SEND [android:exported=true]
发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护, 但是应该检查权限的保护级别。 

Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true]
发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 

应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage

Files:
com/pinjam/sejahtera/activity/SetActivity.java, line(s) 59,87
com/pinjam/sejahtera/activity/TestActivity.java, line(s) 53
dauaad/uua.java, line(s) 17
duisdafu/fufaufai.java, line(s) 637
uuada/dfadd.java, line(s) 267

中危 应用程序使用不安全的随机数生成器 

应用程序使用不安全的随机数生成器
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators

Files:
adadafsaf/iiduiuu.java, line(s) 3
auuasfusa/udaddidda.java, line(s) 4
com/appsflyer/internal/AFa1ySDK.java, line(s) 15
com/appsflyer/internal/AFb1aSDK.java, line(s) 19
com/appsflyer/internal/AFc1iSDK.java, line(s) 16
com/scwang/smartrefresh/header/FunGameBattleCityHeader.java, line(s) 13
com/scwang/smartrefresh/header/TaurusHeader.java, line(s) 21
org/greenrobot/greendao/test/DbTest.java, line(s) 7
sddsua/iiduiuu.java, line(s) 8

中危 MD5是已知存在哈希冲突的弱哈希 

MD5是已知存在哈希冲突的弱哈希
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
uuada/udaddidda.java, line(s) 41
uuada/uddusdau.java, line(s) 43

中危 SHA-1是已知存在哈希冲突的弱哈希 

SHA-1是已知存在哈希冲突的弱哈希
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
suad/iiduiuu.java, line(s) 51

中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件 

应用程序创建临时文件。敏感信息永远不应该被写进临时文件


Files:
dsaisdfif/iiduiuu.java, line(s) 3149
fdfa/aduaaddau.java, line(s) 94

中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 

应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2

Files:
auasuaui/asiudsddi.java, line(s) 7,8,85
auasuaui/ddssd.java, line(s) 4,5,123
com/post/statistics/dao/gen/PushBeanDao.java, line(s) 4,55
org/greenrobot/greendao/AbstractDao.java, line(s) 6,7,380
org/greenrobot/greendao/DbUtils.java, line(s) 6,36
org/greenrobot/greendao/database/StandardDatabase.java, line(s) 5,59

中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 

文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10

Files:
aaddaai/udaddidda.java, line(s) 66

中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞 

不安全的Web视图实现。可能存在WebView任意代码执行漏洞
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5

Files:
duisdafu/fufaufai.java, line(s) 608,604

中危 应用程序包含隐私跟踪程序 

此应用程序有多个2隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。

中危 此应用可能包含硬编码机密信息 

从应用程序中识别出以下机密确保这些不是机密或私人信息
"api_scheme" : "superwallet"
"api_scheme_host" : "mysuperclient"
"api_scheme_path" : "/openapp"
"google_api_key" : "AIzaSyDpqYEpUDfHRVPpxnuIhS4cnijaOlJAH0o"
"google_crash_reporting_api_key" : "AIzaSyDpqYEpUDfHRVPpxnuIhS4cnijaOlJAH0o"
F8bBD0jbrvX4vN6qQN52dvxqVzrACCZiGV7Cr8nykGBMp6YlamHjtdJgTTohs9JD81TPJJuIlaAckSoKtwgpWcwS0sUFhYDnuuFzwwfAmT4=
MjViMVW1peoG7qwHaKO/weSZcnKgCGsIjlXy0cTqqco=
M2OIKla4XDGg3OiAk7iWSeLDHZ2z0oiIlgrk+8a30t8=
RPBSGC9vlgHpiqzhFE3qZpNBgebKeqPvg9gLx4bHkieLoj7ugppcZrmeL+ecGAyQKpRuJAMA51vPMH43n28ayg==
v45okmze9Via1xyP/6G+Kw==
N337T5JnzTSVG0fSi1mJ5zqJAgqD8Iln+pTgxK2hovU=
zxHMEut9dwACQv+CZ5zrhAQ4183U1bW8kl88T0z9KML1D2ueAcjqs+nI4+0HjIlX/hfyiGgHUY8qB48kmi86gQ==
a0EdH7xIrLAth6xKBeNTnfFiiHZymrmtds2p4E0D6lg=
UKnbxPMiqwyovweUFUwEMRQ1HZfgrU0Ief+b9S17cJg=
682Oxh0eGSuTpf/H67gav9a+WjaLopEACfZmNXd2YPA=
xaPMSZdj5B5gPk99lpaXC4TZob5JHmdrBpb8xC7tnMgwofz26BSz99O0JhZcg9gr
KnmBqoy6y6zdMQiszMB8AETAzAzdftUCtDskXdJyiVk=
dv9kom4IPNmTKNoNHPgf95svXr939X8MFj6uRDxEjG0=
MjViMVW1peoG7qwHaKO/wUUPkIkX29GfJ2nGuyC5tEY=
i12YKwjMNhavBCvsZjYsz4FNVIn7Be0LFWpQo4Q5v4k=
1/pJ+ZQVrHrQHQTxhCz0+AcQHkzndCICHKCMZK1EbVw=
zk44HY56HB7tcs07osccKtVFVEvqvV3lT99ERY4IqUI=
DRjb/tHToXhg2USxC0QXKalztPdtQDFDuY8kMmvVZAE=
NRLilrt08PUxW3biZiytzwifVpzBMGdy/ksk7MUXCPE=
4cfzW2T4Gbb1jFJZCL3LJqxcn4hALQ1Rd4sG1761xUo=
t2zpaWoXuysvAWjP6499VycBIiOnkI5JgvoX4kgmY89B5diKooXVUHd66Dw3yWapHGafJEVhrfQFsfWiapLUbw==
gKcaJ06twoo8CfC2VtMTswtahtvbOzqTlcgk6qMU4Dw=
5QFQxt9E+wQ5IeVNpwDtMjycyPwnIhEO3u+MDqbYorc=
L0R7w7pdgYrKsmP2HCcoBUFhsS2t5hTcn9iqZQKd28g=
6ylwz18/WjZ34SD5cEwezljGbVqhdWrAnR7RjPnaLU0=
r/y9is5lm7xx+JidFXbe14s+72hsFT7IkoD+iWqEtZlNjgLHtXb8XSlGBMo0Pssq
2jEk2ZDSndvgX6m6dvNiPvMP/7xDXaBYyOO7TVdzqZw=
lVzD9nIKFq9cF5/yvvILmx3cvKBouM2coJLkklEuMp83Bcj4mHRF+OCeacrkGUDbpo6QTNprMlY25Cmst+7cM7rHLZs6Uag80EeD9mk2dPo=
AErDpRafSYBPVk9lUu1NWw==
F8bBD0jbrvX4vN6qQN52dlRkIKlNHCf2b3idvgu3vjM09YT4M5Ap5L/TNgIPl1zc
ggMU7Xfw283bL5xK6c2oQ5GEFGRuH2j81BvITxXnv7E=
p614Jx4ylYteFJCLR3B5qHIWjYYqutdWh4abe8mZwW4=
VfslSvdhLKoHMt++WWR47m6O4eTXXbqw+caIIYmjaug=
V9slfieDI9LxJhUdFIWB2NaWAa/kxgJ9vdWx+7Ig0Iw=
jJfGgMqSH7Z7UuvaVOFXqbQyVi3ziwManfiuKZt0toO8T1ZgqV++3c8UOXoSH61zu2SzL2lLgwzcZsYcrkSIan1peaN+ieiNv6iWzMuMZs7Lq72JePP12X8SDpW6uQ0pnVPZ+z5Pjow8JY39FHpHmPXLEkQlNIPfXZOWS1qHteEBJLPAV82dZLM8USkEqauFquzYTxhWL15dqDtpKyLksA==
ngs5LYbA4DgqHp/HMSRx0kodLL2gKnx4vOmsemnjPAM=
G1znXzVkIGGXJBKuXTnFzjbNScOFFEfYVa4KmlZ7OlY=
iic0ivvi1kKqmS0GEbrUqacAjpZJhS6ZPxycrzchJM0=
uHDag72AUDXXvRHKAFp672VMvOiC1JqiyIgPvfonZfQ=
AAmfBPwsPPtx0Xvai5gYhChMNtT/8VBsQ9IMCh8VAHAWAUhBJGAMRESks1bKvWMJ
6GMqRQYS6Cq+VYBI5UptWfwk0l1RE5vcg7YzEVuJxTc=
RaZrrTQ35oHX/LLy+8m+FP7jtmqzG2kmGqhWOHICPfI=
Y8lnnNBgXogilDBYOIW3jqZDJq+mwOexu7rPfRKR4R0=
q0WY588U6WYy1cXMbiTZA60mzcHZdhzoPO1LFkfBO9jCz8J2BqZLFTAic0EwJ8u4
IDoCljsdrfzwnD0VhQAvuQRznKUHFoEK4XPTeOA9jIrBc24FKpURKW59OyYxh5Eh
t4RzW7+rHcGI30CPy8wJBA==
tP2+GgbIyDbNl6bWO+5sN6+qUDK3HM0DF4uQo/xvrrA=
O3T7NXeuSZjlA2p0rgmS15cLdWA209d6eA/rYUblYnY=
6lhzuQV7ca5338oO3yGyfCF2h4Xb8WnfRK/skDoACu8=
336EMdkc03IEvfKENBdD9F5U9fDzgo7JO8oF61HKzu4=
E3F9E1E0CF99D0E56A055BA65E241B3399F7CEA524326B0CDD6EC1327ED0FDC1
XeP6Ddlp/fMsq5rFT9wNZg==
682Oxh0eGSuTpf/H67gav9hLKGxnzkd4GcxvjX+hNHE=
F8bBD0jbrvX4vN6qQN52dlRkIKlNHCf2b3idvgu3vjPcdml55JkbBCTrxGRXT6Nl
wwHLL3lFmG4UJJ9GY+QN0XIUyH4c3UpzvGxiLnexHXA=
CEoklMlHcQPOHfCeqSInL0Nu4UUgefPGrQTqiSBNQ0w=
FFE391E0EA186D0734ED601E4E70E3224B7309D48E2075BAC46D8C667EAE7212
X39QaZO0+rFQVawVpCdK2A3em/a7Fl2Sol1EagrABKU=
ktmrDep15ocBpZS2wc3bx8Izn6kMaVyJwtv4/5sQLQ4=
85WEJEmKvd7lHcAYjm/YPHuZmrBCxt3k6DjPNyhOn7Y=
yaURxTXay/Q9gzh9vcd8+0FtpeWC2n8d58DfvaVRoM8=
lrwwalTcEhacCmH8lgbOkfV7gceyhaCC9PSnVfdp5UuNLr54Kj3kVZTnd7q9n1Ss
3BAF59A2E5331C30675FAB35FF5FFF0D116142D3D4664F1C3CB804068B40614F
NKNJcW8njvwOFzKqnd+SVicWY33s99nM05eSKnSyptI=
GtInFItKtay460Rh8SvtsaGYwHAjCF5zqZn54U/ls5g=
K7biWN6olee69RU1vqbBVTlnTBm3WUeZ1Xf0SorHy6Y2/4IfWnbXtOf6Qns4BEz3
oKGIzfxObvtJy1QaYY83ZDOIltO2aiHyS+3wgOBmuI94AgTgvl7eZHamledaUDol
e3CU0Yjmx7Oegckm/Rt8dp9iNx4Fgi2Ued5j6BLJBns=
4CM5cLn7roIyRgmUiXY0/Q==
mOoUs0dEkB7BIKeEcgHAVfSBqjDdZN/gw8OYSR8mCF3dxuIUrzDtWfqgjyfKjz+8
dPhqsfGTY7SL7zfb+zEN/BMB6WnC76y6CcS1tz04hev7SvTGFxtogpVU1Alz6g6c
ex1ytEuqnzpExqzXpDUSdxMY99yF10WIXZAyoVG/go4=
tD+gUxO8C0964D7qA/3HD694iqlGLDHtEsZ6tszvTYA=
2ieBkREEultXNcfpdQSmoc5aZnfd8cRk4XCXG5y0bfuoP4far+5r2fAkTG2fgqSP
FBA3AF4E7757D9016E953FB3EE4671CA2BD9AF725F9A53D52ED4A38EAAA08901
kqDatOD64eoknzEs1wvxHRh1vptA3Kha1+NoZGFirgQ=
tpj9155XrrxkGocL7CpZZrMHj3K2Qh/iAHjRkzuAAAg=
Y8lnnNBgXogilDBYOIW3jlfHTSZeqasCbGfxs7odGPQ=
eU0uK4Q3+0Rs59U0UCOa9WoNl75sfNsYthSFHUyHjJE=
ZS8ueyFkXg5LmQvHLWttHS5G6EZydmZ5xNdBxQOpmsM=
tsmmw7e+zVgwePZbLLodOXigad3sifpXx4WanQu8Taw=
maD0GjWtAFS/MmD8d4cLFMcixE4WhUuTghqIDvL5JQU=
EkXJ9gMYnLso1oRJy/BANrMhSq1u8ITIUqwE4DBm4AE=
KSm3Vxtth95KC+RpibUrSQyTs7voOzAtaqy7C4RcFEotHDqWfXU3TwUIPC+KuRW5A+hDCWRTfPir60uMf5L7bg==
K0g8rknlp5Kpvja8MMCswxnN8PvW9BGT2fukpeXbOjc=
jyHxxHcZFiBj2mQkWlGYmUFB+pme5c7aWQWO/1V2aBY=
Knfj1AH7wPFLCEitcob/G3CtayEgMuamfNL+1z3k1Rc=
GjG/04qm1JdUlXxeIKByi950oBlV+e6tOL3i7uetxBQ=
z4dipYcBsOofBe53Sm4x3/ambaxqoywU5T0ZSZi9l6M=
F8bBD0jbrvX4vN6qQN52dmuM8uiZvh/QNjv4H5aYKds=

信息 应用程序记录日志信息,不得记录敏感信息 

应用程序记录日志信息,不得记录敏感信息
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs

Files:
aafa/iiduiuu.java, line(s) 124,134,151,160
aafa/uadfa.java, line(s) 41,54
aasiau/iiduiuu.java, line(s) 86,83
addfiasaa/iiduiuu.java, line(s) 71,75
adisud/da.java, line(s) 41
adiufsu/au.java, line(s) 11,19
adiufsu/auaa.java, line(s) 102
adiufsu/aufadusid.java, line(s) 37
adiufsu/daudaud.java, line(s) 45,50
adiufsu/ddssd.java, line(s) 29
adiufsu/fd.java, line(s) 40
adiufsu/fuddufuda.java, line(s) 46
adiufsu/siufasa.java, line(s) 26
adiufsu/udaddidda.java, line(s) 455,244,250,254,260,473
adiufsu/ui.java, line(s) 86,89,93,97,101,105,114,118,121,124,55,63
adiufsu/uuuf.java, line(s) 54
afaif/fufaufai.java, line(s) 38,22,31,52,30,37,44,51,58,59,45
aiaaifu/dfadd.java, line(s) 262,273,285,67,76,348
aiaaifu/udaddidda.java, line(s) 177
aiaaifu/uddusdau.java, line(s) 34
assudu/dfadd.java, line(s) 61
auaa/udfisudud.java, line(s) 375
auadfiusu/au.java, line(s) 292
auasfi/iiduiuu.java, line(s) 22
audfa/iiduiuu.java, line(s) 10,43,50,9,16,17,23,42,49,24
aufadusid/da.java, line(s) 82
aufu/au.java, line(s) 43
auu/aduaaddau.java, line(s) 166,66,73,185,194
auu/da.java, line(s) 16
auu/ifafusf.java, line(s) 22,19
auufidud/aiffdad.java, line(s) 124
auufidud/udaddidda.java, line(s) 156
auuuaufaf/aafa.java, line(s) 30,55
auuuaufaf/fufaufai.java, line(s) 67,82,94
cn/addapp/pickers/widget/WheelView.java, line(s) 343
com/appsflyer/internal/AFb1tSDK.java, line(s) 707,213
com/appsflyer/internal/AFf1iSDK.java, line(s) 203,209
com/appsflyer/internal/AFf1jSDK.java, line(s) 66
com/appsflyer/internal/AFf1tSDK.java, line(s) 84
com/appsflyer/internal/AFg1dSDK.java, line(s) 47,93,62,51,57,55
com/appsflyer/internal/AFg1lSDK.java, line(s) 683
com/appsflyer/share/LinkGenerator.java, line(s) 82
com/pinjam/sejahtera/activity/MainCenterActivity.java, line(s) 131,136,771
com/scwang/smartrefresh/layout/SmartRefreshLayout.java, line(s) 1921,2634
com/tbruyelle/rxpermissions2/RxPermissionsFragment.java, line(s) 71,27
daai/udaddidda.java, line(s) 43,54,59,60,61,62,124,130
daudaud/au.java, line(s) 50,67,112,153,195,222,339,360,366,202
ddasu/da.java, line(s) 180
ddasu/iiduiuu.java, line(s) 101,112
ddasu/udaddidda.java, line(s) 98
ddasu/uddusdau.java, line(s) 132
ddauaffsa/fufaufai.java, line(s) 37,44,47,64,69,74,79,84,92
ddudd/uddusdau.java, line(s) 41,48,60,65,40,47,52,59,64,53
dfadd/iafi.java, line(s) 167,216,247
dfifad/udaddidda.java, line(s) 20
dsaisdfif/au.java, line(s) 40
dsaisdfif/iiduiuu.java, line(s) 300,1171,1312,1333,1340,1356,1368,1401,1417,1425,1431,1485,1495,1511,1542,1547,1661,1666,1672,1692,1698,1809,1975,2057,2223,2398,2444,2569,2657,2714,2772,2881,2985,3005,3012,3100,3103,3110,3320,3340,3353,3514,3522,3558,3642,3732,3741,3779,3800,3828,780,788,817,829,841,853,865,877,889,901,913,920,931,943,142,926,1629,1633,1637,1739,2281,2336,2350,2648,2672,2971,3401,3853
du/da.java, line(s) 78
du/dfadd.java, line(s) 54,204
du/iafi.java, line(s) 40,81
du/iau.java, line(s) 180
du/uddusdau.java, line(s) 371,376
duf/au.java, line(s) 8
fafa/au.java, line(s) 89
fdfa/uauaa.java, line(s) 72,74,78,82,87
ffda/aiffdad.java, line(s) 35
ffdu/uua.java, line(s) 57,139,140,58
fiiad/au.java, line(s) 25
fiiad/iiduiuu.java, line(s) 12,21,15,9,18,24
fiiad/udaddidda.java, line(s) 17
fiiduuud/au.java, line(s) 90,100,47
fisidadu/aduaaddau.java, line(s) 96,99
fisidadu/da.java, line(s) 117,116
fisidadu/ida.java, line(s) 35,34
fisidadu/udaddidda.java, line(s) 16,15
fisidadu/uddusdau.java, line(s) 43,42
fsssdua/uddusdau.java, line(s) 72,95
fuaa/uadfa.java, line(s) 130,148,154,129,147,153,174
fuaa/uddusdau.java, line(s) 76,147,75,146
fuddufuda/udaddidda.java, line(s) 580
fufaufai/udaddidda.java, line(s) 166
iaauuif/iiduiuu.java, line(s) 67,99,105,112,68,100,106,113
iaauuif/uddusdau.java, line(s) 21,22
iaauuif/uua.java, line(s) 39,42
iadads/uauaa.java, line(s) 63
iddis/iiduiuu.java, line(s) 118,185
iddis/uddusdau.java, line(s) 23,37,46,56
ifadisis/uadfa.java, line(s) 242,246
ifadisis/uua.java, line(s) 1006,1010
ifidfu/ai.java, line(s) 50,54,87,104,138,154
ifidfu/auuusiifa.java, line(s) 24
ifidfu/dafudi.java, line(s) 53,55,49
ifidfu/iafi.java, line(s) 100,123,130
ifidfu/ud.java, line(s) 66,90
ifidfu/ui.java, line(s) 38
ifidfu/uua.java, line(s) 43,86,92,101,104,137,154
ii/fufaufai.java, line(s) 377
iiaaad/uadfa.java, line(s) 53,108,52,107
iiaaad/udaddidda.java, line(s) 97,96
iiu/au.java, line(s) 27
is/du.java, line(s) 65
is/iau.java, line(s) 55
is/uddusdau.java, line(s) 91,195
iuf/au.java, line(s) 50
iuf/udaddidda.java, line(s) 386,323,332,334,168
org/greenrobot/greendao/AbstractDao.java, line(s) 442,698,732
org/greenrobot/greendao/DaoException.java, line(s) 19,20
org/greenrobot/greendao/DaoLog.java, line(s) 15,47,51,27,31,55,39,59,19,43,63,67
org/greenrobot/greendao/DbUtils.java, line(s) 57,85
org/greenrobot/greendao/async/AsyncOperationExecutor.java, line(s) 320,337,420
org/greenrobot/greendao/internal/LongHashMap.java, line(s) 61
org/greenrobot/greendao/query/QueryBuilder.java, line(s) 90,93
org/greenrobot/greendao/test/AbstractDaoTest.java, line(s) 30,58
org/greenrobot/greendao/test/AbstractDaoTestLongPk.java, line(s) 43
org/greenrobot/greendao/test/AbstractDaoTestSinglePk.java, line(s) 30
org/greenrobot/greendao/test/DbTest.java, line(s) 58
sdf/aiffdad.java, line(s) 237
sdf/iafi.java, line(s) 34,41,44,53,87
siadfuauu/au.java, line(s) 71,82
sifiaauui/adauaau.java, line(s) 35,71,241,34,70,84,107,134,163,190,240,85,108,135,164,191,42,204
sifiaauui/ai.java, line(s) 60,59
sifiaauui/dfifad.java, line(s) 33,40,32,39
sifiaauui/fufaufai.java, line(s) 17,14,14
sifiaauui/iiduiuu.java, line(s) 86,99,120,222,237,319,85,98,119,221,236,318,116,136,148,244,265,286
sifiaauui/safdfs.java, line(s) 31,52,66
sifiaauui/ui.java, line(s) 24
ssf/iau.java, line(s) 81,82
suad/iiduiuu.java, line(s) 55,127
top/zibin/luban/Checker.java, line(s) 120,124
top/zibin/luban/uddusdau.java, line(s) 146,145
uadiaauif/iiduiuu.java, line(s) 51,52
uauaa/iiduiuu.java, line(s) 155,72,267
uauaa/udaddidda.java, line(s) 68
uaudda/uadfa.java, line(s) 165,204
uauiu/iiduiuu.java, line(s) 134,196,204,271,126,286
ufdf/au.java, line(s) 43,59,67,81
usaudua/iiduiuu.java, line(s) 49,44,37
usdadsaii/fufaufai.java, line(s) 122,106
usdadsaii/uadfa.java, line(s) 33,43,57,63,34,58,46,64
uuasd/aafa.java, line(s) 20,29
uuasd/duiidufia.java, line(s) 34
uuasd/fufsus.java, line(s) 52
uuasd/safdfs.java, line(s) 152,510
uuasd/ssdd.java, line(s) 50
uuasd/uadfa.java, line(s) 220,318

信息 此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密 

此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密


Files:
org/greenrobot/greendao/database/DatabaseOpenHelper.java, line(s) 19,6,15

信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 

此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard

Files:
duisdafu/fufaufai.java, line(s) 5,197

安全 此应用程序可能具有Root检测功能 

此应用程序可能具有Root检测功能
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1

Files:
afaif/ui.java, line(s) 25
duddisudu/iiduiuu.java, line(s) 43,291

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (pagead2.googlesyndication.com) 通信。 

{'ip': '180.163.150.33', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (app-measurement.com) 通信。 

{'ip': '180.163.150.33', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}

安全评分: ( Super Wallet 4.10.10)