安全分析报告:
安全分数
安全分数 46/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
3
用户/设备跟踪器
调研结果
高危
5
中危
21
信息
2
安全
2
关注
16
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/hc/bluetoothlibrary/tootl/DataMemory.java, line(s) 13
高危 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: map/baidu/ar/http/MySSLSocketFactory.java, line(s) 158,16,17,18,19
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: me/goldze/mvvmhabit/binding/viewadapter/webview/ViewAdapter.java, line(s) 11,4
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/jpcd/mobilecb/utils/http/AES.java, line(s) 131
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Service (com.jpcd.mobilecb.push.HuaWeiMessageService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.jpcd.mobilecb.ui.chaobiao.work.meter_read.MeterReadActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.xiaomi.mipush.sdk.PushMessageHandler) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.xiaomi.push.service.receivers.NetworkStatusReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.xiaomi.push.service.receivers.PingReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.jpcd.mobilecb.push.XiaoMiMessageReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (no.nordicsemi.android.support.v18.scanner.PendingIntentReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.darsh.multipleimageselect.activities.AlbumSelectActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.darsh.multipleimageselect.activities.ImageSelectActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/soundcloud/android/crop/CropUtil.java, line(s) 135 map/baidu/ar/http/FileAsyncHttpResponseHandler.java, line(s) 40
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/jpcd/mobilecb/calFee/CalFeeMonthService.java, line(s) 5,126 com/jpcd/mobilecb/calFee/CalFeeService.java, line(s) 5,148 com/jpcd/mobilecb/calFee/CalFeeYearService.java, line(s) 5,121 com/jpcd/mobilecb/db/DatabaseHelper.java, line(s) 4,62 com/jpcd/mobilecb/printer/MyPrintMaker.java, line(s) 9,188 com/jpcd/mobilecb/printer/MyPrintMaker58.java, line(s) 9,198 com/jpcd/mobilecb/printer/MyPrintMakerFR.java, line(s) 9,182 com/jpcd/mobilecb/printer/PrintMakerSC.java, line(s) 9,168 com/jpcd/mobilecb/ui/chaobiao/indication/IndicationViewModel.java, line(s) 5,113 com/jpcd/mobilecb/ui/chaobiao/locus/LocusActivity.java, line(s) 5,172 com/jpcd/mobilecb/ui/chaobiao/locus/LocusBiaoCeViewModel.java, line(s) 5,44 com/jpcd/mobilecb/ui/chaobiao/mine/MineViewModel.java, line(s) 5,159 com/jpcd/mobilecb/ui/chaobiao/work/WorkNewFragment.java, line(s) 6,89 com/jpcd/mobilecb/ui/chaobiao/work/WorkViewModel.java, line(s) 5,284 com/jpcd/mobilecb/ui/chaobiao/work/download/DownloadBookViewModel.java, line(s) 6,223 com/jpcd/mobilecb/ui/chaobiao/work/meter_read/MeterReadViewModel.java, line(s) 5,268 com/jpcd/mobilecb/ui/chaobiao/work/meter_read/detail/MeterReadDetailViewModel.java, line(s) 6,577 com/jpcd/mobilecb/ui/chaobiao/work/meter_read/map_cb/MapCBViewModel.java, line(s) 4,40 com/jpcd/mobilecb/ui/login/LoginViewModel.java, line(s) 4,226 com/jpcd/mobilecb/ui/setting/SettingViewModel.java, line(s) 4,286 com/jpcd/mobilecb/ui/splash/SplashViewModel.java, line(s) 5,250
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/jpcd/mobilecb/ui/blueToothMeter/hcBLETools/HoldBluetooth.java, line(s) 13 com/jpcd/mobilecb/utils/http/AES.java, line(s) 23 com/jpcd/mobilecb/zxing/decoding/Intents.java, line(s) 45 com/unisound/client/SpeechConstants.java, line(s) 7,9,41,43,50,52,54,56,58,60,62,65,70,72,74,79,81,83,85,87,91,93,104,106,108,120,122,124,127,139,141,143,147,158,162,164,184,188,190,192,195,197,199,201,215,203,206,208,210,212,253,254,255,256,257,258,265,259,260,261,262,263,264,267,268,266,286 com/unisound/sdk/ai.java, line(s) 224 com/unisound/sdk/ci.java, line(s) 254 me/goldze/mvvmhabit/utils/constant/RegexConstants.java, line(s) 23 rx/internal/schedulers/NewThreadWorker.java, line(s) 26,35
中危 IP地址泄露
IP地址泄露 Files: com/afollestad/materialdialogs/BuildConfig.java, line(s) 9 com/afollestad/materialdialogs/commons/BuildConfig.java, line(s) 9 com/unisound/common/a.java, line(s) 17,19,30,32 com/unisound/common/af.java, line(s) 4 com/unisound/common/x.java, line(s) 50,53 com/unisound/sdk/al.java, line(s) 6,10,10,8,7,9 com/unisound/sdk/bk.java, line(s) 31
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/afollestad/materialdialogs/folderselector/FileChooserDialog.java, line(s) 175,233 com/afollestad/materialdialogs/folderselector/FolderChooserDialog.java, line(s) 160,216 com/baidu/pano/platform/c/b.java, line(s) 181 com/github/mikephil/charting/charts/Chart.java, line(s) 738,753 com/github/mikephil/charting/utils/FileUtils.java, line(s) 22,117 com/jpcd/mobilecb/ui/webview/WebViewActivity.java, line(s) 309,342 com/jpcd/mobilecb/ui/ysCheck/Affix/MyDocAdapter.java, line(s) 100 com/jpcd/mobilecb/utils/Constants.java, line(s) 13 com/jpcd/mobilecb/utils/DataCleanManager.java, line(s) 29 com/printer/sdk/monochrome/BitmapConvertor.java, line(s) 110,111,136,136 com/unisound/common/k.java, line(s) 220,223 com/unisound/common/l.java, line(s) 21,81 me/goldze/mvvmhabit/utils/ImageUtils.java, line(s) 269,277,282 me/goldze/mvvmhabit/utils/SDCardUtils.java, line(s) 16,52,71,81,98 org/devio/takephoto/uitl/TFileUtils.java, line(s) 12 org/devio/takephoto/uitl/TImageFiles.java, line(s) 138 org/devio/takephoto/uitl/TUriParse.java, line(s) 31
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/qweather/sdk/c/g.java, line(s) 27 com/unisound/common/t.java, line(s) 16,64
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/baidu/pano/platform/a/h.java, line(s) 24 com/unisound/common/ab.java, line(s) 96 com/unisound/common/k.java, line(s) 166
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/jpcd/mobilecb/ui/webview/WebViewActivity.java, line(s) 152,153,160
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: map/baidu/ar/http/SimpleMultipartEntity.java, line(s) 13
中危 应用程序包含隐私跟踪程序
此应用程序有多个3隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 华为HMS Core 应用ID的=> "com.huawei.hms.client.appid" : "appid=104875431" 百度地图的=> "com.baidu.lbsapi.API_KEY" : "ge9DlcobeLdgDzkthaLreQmlmCQbYWm9" 1222e420334f4561b160bef49cae8b54 A8D05130F09C22E831D6E03BAAE03201 7ae86dc85af9a745edd7b1c0b4c90821
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/afollestad/materialdialogs/MaterialDialog.java, line(s) 592 com/afollestad/materialdialogs/internal/MDTintHelper.java, line(s) 140 com/baidu/ar/npc/BaiduArView.java, line(s) 205,206,213,214,336,338,389,401,405,486,494,671,678,679,756,875,886,691,770,772,666,667,718,785 com/baidu/ar/npc/ab.java, line(s) 19,21 com/baidu/ar/npc/ac.java, line(s) 26 com/baidu/ar/npc/ad.java, line(s) 19 com/baidu/ar/npc/k.java, line(s) 26 com/baidu/ar/npc/o.java, line(s) 45 com/baidu/pano/platform/a/w.java, line(s) 20,24,28,11,15 com/baidu/pano/platform/c/g.java, line(s) 11 com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java, line(s) 1971,1378,1478,1482,1559,1563,579,879,1652,1661,1690,1695,2372 com/davemorrissey/labs/subscaleview/decoder/SkiaPooledImageRegionDecoder.java, line(s) 381 com/github/barteksc/pdfviewer/PDFView.java, line(s) 522,764,773 com/github/mikephil/charting/charts/BarChart.java, line(s) 69 com/github/mikephil/charting/charts/BarLineChartBase.java, line(s) 544,599,619,252,263,278,284,450,454 com/github/mikephil/charting/charts/Chart.java, line(s) 378,878,194,212,354,859,864 com/github/mikephil/charting/charts/CombinedChart.java, line(s) 77 com/github/mikephil/charting/charts/HorizontalBarChart.java, line(s) 150,91,95 com/github/mikephil/charting/charts/PieRadarChartBase.java, line(s) 210 com/github/mikephil/charting/components/AxisBase.java, line(s) 156 com/github/mikephil/charting/data/ChartData.java, line(s) 263 com/github/mikephil/charting/data/CombinedData.java, line(s) 195,202,209 com/github/mikephil/charting/data/LineDataSet.java, line(s) 100,113 com/github/mikephil/charting/data/PieEntry.java, line(s) 61,67 com/github/mikephil/charting/listener/BarLineChartTouchListener.java, line(s) 333 com/github/mikephil/charting/renderer/ScatterChartRenderer.java, line(s) 52 com/github/mikephil/charting/utils/FileUtils.java, line(s) 44,68,94,108,122,133,149,168,181 com/github/mikephil/charting/utils/Utils.java, line(s) 53,72,81 com/hc/bluetoothlibrary/AllBluetoothManage.java, line(s) 291,300,302 com/hc/bluetoothlibrary/DeviceModule.java, line(s) 105,180 com/hc/bluetoothlibrary/bleBluetooth/BleBluetoothManage.java, line(s) 454,110 com/hc/bluetoothlibrary/bleBluetooth/BluetoothLeService.java, line(s) 200,234,393,182,186,217,221,358,399,403,500,480,405 com/hc/bluetoothlibrary/classicBluetooth/ClassicBluetoothManage.java, line(s) 584,593,595 com/hc/bluetoothlibrary/classicBluetooth/ClsUtils.java, line(s) 19,46,49 com/hc/bluetoothlibrary/classicBluetooth/PairReceiver.java, line(s) 41,74,90,44,60,82 com/jpcd/mobilecb/app/AppApplication.java, line(s) 60,65,35 com/jpcd/mobilecb/service/MyLocationService.java, line(s) 79 com/jpcd/mobilecb/ui/blueToothMeter/BTUserDetailActivity.java, line(s) 515,495,500,378,419,425 com/jpcd/mobilecb/ui/blueToothMeter/btMain/BleHelper.java, line(s) 109,89 com/jpcd/mobilecb/ui/blueToothMeter/hcBLETools/HoldBluetooth.java, line(s) 179,185,187 com/jpcd/mobilecb/ui/chaobiao/mine/MineViewModel.java, line(s) 276,292,304 com/jpcd/mobilecb/ui/chaobiao/work/download/DownloadBookViewModel.java, line(s) 1545,1548 com/jpcd/mobilecb/ui/chaobiao/work/meter_read/MeterReadActivity.java, line(s) 108 com/jpcd/mobilecb/ui/chaobiao/work/meter_read/MeterReadViewModel.java, line(s) 507 com/jpcd/mobilecb/ui/chaobiao/work/meter_read/detail/MeterReadDetailActivity.java, line(s) 354,329,338,347,351,379,498,512 com/jpcd/mobilecb/ui/chaobiao/work/meter_read/detail/MeterReadDetailViewModel.java, line(s) 564,2110 com/jpcd/mobilecb/ui/main/MainActivity.java, line(s) 234,239 com/jpcd/mobilecb/ui/splash/SplashViewModel.java, line(s) 251,267,279 com/jpcd/mobilecb/ui/webview/WebViewActivity.java, line(s) 295,299 com/jpcd/mobilecb/ui/ysCheck/kefu/map/KeFuMapFragment.java, line(s) 82,88,92,96 com/jpcd/mobilecb/utils/AESEncrypt.java, line(s) 70 com/jpcd/mobilecb/utils/DateUtil.java, line(s) 54,58,242 com/jpcd/mobilecb/utils/RetrofitClient.java, line(s) 66 com/jpcd/mobilecb/utils/http/AES.java, line(s) 78 com/jpcd/mobilecb/view/CirStatisticGraph.java, line(s) 217 com/jpcd/mobilecb/view/CircleProgress.java, line(s) 133 com/jpcd/mobilecb/view/HobbyRecyclerView.java, line(s) 172,173,174 com/jpcd/mobilecb/view/TipView.java, line(s) 63 com/jpcd/mobilecb/zxing/camera/AutoFocusCallback.java, line(s) 26 com/jpcd/mobilecb/zxing/camera/CameraConfigurationManager.java, line(s) 37,40,53,58,89,48,109,126,174,185 com/jpcd/mobilecb/zxing/camera/FlashlightManager.java, line(s) 19,21,61,72,81,84,87 com/jpcd/mobilecb/zxing/camera/PreviewCallback.java, line(s) 36 com/jpcd/mobilecb/zxing/decoding/CaptureActivityHandler.java, line(s) 51,56,68,72 com/jpcd/mobilecb/zxing/decoding/DecodeHandler.java, line(s) 63 com/landicorp/pinpad/CmbcAsyncKeyInfo.java, line(s) 24,25,26 com/landicorp/pinpad/DukptCfg.java, line(s) 10,13 com/landicorp/pinpad/FixedKeyCfg.java, line(s) 10,13 com/landicorp/pinpad/KapAccessManager.java, line(s) 19,23 com/landicorp/pinpad/KapCfg.java, line(s) 41 com/landicorp/pinpad/KapInfo.java, line(s) 41,51,54,58,61,74,77,81,84,97,100,104,107,152,156,159,163,169,175,176 com/landicorp/pinpad/KeyCfg.java, line(s) 204,205,206,207,208 com/landicorp/pinpad/KeyInfo.java, line(s) 26,29,33 com/landicorp/pinpad/KeySystemCfg.java, line(s) 17 com/landicorp/pinpad/MkSkCfg.java, line(s) 10,13 com/landicorp/pinpad/OfflinePinVerifyResult.java, line(s) 39,40,41 com/landicorp/pinpad/PinEntryCfg.java, line(s) 174,179,184,189,194,195,199,202,206,209,213,214,215,216,220 com/landicorp/pinpad/PinEntryEvent.java, line(s) 126,127,128,129,131,134 com/landicorp/pinpad/PinEntryInfo.java, line(s) 43,44,45,46,50,53 com/landicorp/pinpad/PinVerifyCfg.java, line(s) 101,104,108,110,112,114,118,152,153,159,160,166,167,173,174,180,181,227,228,232,235,238,242 com/landicorp/pinpad/PinpadCfg.java, line(s) 22,23 com/landicorp/pinpad/PinpadDevice.java, line(s) 514,524,559,588,556,579,518,528 com/landicorp/pinpad/PinpadInfo.java, line(s) 47,48,49,50,73,74,75,101,102,103,109,110,111,159,160,161,165,168,170,173,177,180,184,188,191,195,198 com/landicorp/pinpad/PinpadTest.java, line(s) 27,40,67,68,69,73,74,75,76,78,83,90,91,92,93,95,98,107,108,109,110,111,115,116,117,121,122,126,127,128,129,130,131,135,137,142,148,149,154,155,159,164,165,166,167,168,172,179,183,184,185,186,187,210,214,215,216,217,219,387,393,402,407,415,423,428,436,441,446,451,456,460,464,470,486,505,519,524,534,546,552,563,568,575,581,585,590,605,607,613,626,628,634,641,649,659,664,669,674,684,694,706,711,715,720,730,745,754,762,764,771,792,819,824,829,843,880,919,920,921,922,923,924,925,926,927,928,940,942,943,47,51,55,59,63,228,230,237 com/landicorp/pinpad/SoftPinpadLayout.java, line(s) 40,41,42,43,44,85,86,87,88,89,93,95,98,100,103,17 com/landicorp/pinpad/Test.java, line(s) 8,12,16,20 com/landicorp/pinpad/Utils.java, line(s) 77,81,52,48,195 com/landicorp/security/common/Utils.java, line(s) 21,66,70,33,42,25,29 com/lcodecore/tkrefreshlayout/TwinklingRefreshLayout.java, line(s) 169,191,391 com/lcodecore/tkrefreshlayout/processor/AnimProcessor.java, line(s) 479,494 com/printer/sdk/CodePagePrinter.java, line(s) 466,555 com/printer/sdk/LabelPrint.java, line(s) 60,66,86,97,103,109,115,129,324,330,336,342,356,372,378,384,398,404,410,429,462,463 com/printer/sdk/PrinterInstance.java, line(s) 1875,1878,1880,1889,272,285,295,333,337,1538,1541,1542,1543,1544,1578,1773,1823,1836,1856,1867,1891,1910,1923,504,524,536,612,616,618,634,648,812,828,998,999,1000,1001,1002,1003,1009,1032,1052,1053,1054,1190,1203,1216,1344,1367,1412,1441,1742,1747,1749,1760,1795,1800,1802,1812,1838,1849,1885,1913,1915,299 com/printer/sdk/bluetooth/BluetoothPort.java, line(s) 119,237,56,135,142,225,235,250,264,280,282,291,296,298,303,75,164,167,185,188,211,214 com/printer/sdk/monochrome/BMPFile.java, line(s) 111 com/printer/sdk/monochrome/BitmapConvertor.java, line(s) 83,52,121,152,160 com/printer/sdk/serial/SerialPort.java, line(s) 77,65,89,134,142,131 com/printer/sdk/serial/SerialPortFinder.java, line(s) 31,56 com/printer/sdk/usb/USBPort.java, line(s) 41,82,127,128,133,120 com/printer/sdk/utils/Utils.java, line(s) 322,329,416,419,442,445,451,478,481,514,517,523,597,598,601,717,728,731,332,333,122,275 com/printer/sdk/utils/XLog.java, line(s) 31,23,15,19,27 com/printer/sdk/wifi/WiFiPort.java, line(s) 39,53,60,67,153 com/shockwave/pdfium/PdfiumCore.java, line(s) 202,206,236,240 com/soundcloud/android/crop/CropImageActivity.java, line(s) 155,161,386,394,426 com/soundcloud/android/crop/CropUtil.java, line(s) 53,67 com/soundcloud/android/crop/Log.java, line(s) 10,14 com/tbruyelle/rxpermissions2/RxPermissionsFragment.java, line(s) 88,45 com/unisound/common/af.java, line(s) 11 com/unisound/common/r.java, line(s) 250,257,296,170,283,289,311,236,243,156,163,270,277 com/unisound/common/t.java, line(s) 66 jp/co/recruit_lifestyle/android/widget/WaveView.java, line(s) 321 map/baidu/ar/camera/CamGLView.java, line(s) 65 map/baidu/ar/camera/ProgramMgr.java, line(s) 84,85,107,108,122 map/baidu/ar/camera/find/FindArGLPOITexture.java, line(s) 41 map/baidu/ar/camera/sceneryimpl/SceneryCamGLRender.java, line(s) 293,298 map/baidu/ar/camera/sceneryimpl/SceneryGLPOITexture.java, line(s) 39 map/baidu/ar/http/AsyncHttpClient.java, line(s) 125,175,179,183,346,664,596,606 map/baidu/ar/http/AsyncHttpRequest.java, line(s) 49,136 map/baidu/ar/http/AsyncHttpResponseHandler.java, line(s) 119,123,169,192,196,204,115,86 map/baidu/ar/http/BaseJsonHttpResponseHandler.java, line(s) 36,72 map/baidu/ar/http/BinaryHttpResponseHandler.java, line(s) 34,54 map/baidu/ar/http/DataAsyncHttpResponseHandler.java, line(s) 28,32 map/baidu/ar/http/FileAsyncHttpResponseHandler.java, line(s) 42 map/baidu/ar/http/JsonHttpResponseHandler.java, line(s) 134 map/baidu/ar/http/JsonStreamerEntity.java, line(s) 126 map/baidu/ar/http/PersistentCookieStore.java, line(s) 118,127,130 map/baidu/ar/http/RangeFileAsyncHttpResponseHandler.java, line(s) 53 map/baidu/ar/http/RequestParams.java, line(s) 42,259 map/baidu/ar/http/SaxAsyncHttpResponseHandler.java, line(s) 48,52 map/baidu/ar/http/SimpleMultipartEntity.java, line(s) 76,155 map/baidu/ar/http/TextHttpResponseHandler.java, line(s) 39 map/baidu/ar/model/ArInfo.java, line(s) 207 map/baidu/ar/utils/HttpUtils.java, line(s) 44,71,73,89,91,107,109 map/baidu/ar/utils/IOUtils.java, line(s) 73,99 me/goldze/mvvmhabit/bus/event/SingleLiveEvent.java, line(s) 16 me/goldze/mvvmhabit/crash/CustomActivityOnCrash.java, line(s) 56,61,64,72,112,120,197,331,344,362,96,195 me/goldze/mvvmhabit/http/BaseSubscriber.java, line(s) 23 me/goldze/mvvmhabit/http/cookie/store/PersistentCookieStore.java, line(s) 177,186,189 me/goldze/mvvmhabit/http/download/ProgressCallBack.java, line(s) 90,130 me/goldze/mvvmhabit/utils/KLog.java, line(s) 135,151,144,138,132,141,147,175,182,184,189,205,207 me/goldze/mvvmhabit/utils/compression/Luban.java, line(s) 64,63 me/goldze/mvvmhabit/widget/CheckboxGroup.java, line(s) 46 me/goldze/mvvmhabit/widget/ZoomImageView.java, line(s) 67,180,225,251,283,296 me/shaohui/advancedluban/Luban.java, line(s) 126,125 me/zhanghai/android/materialprogressbar/BaseProgressLayerDrawable.java, line(s) 73 me/zhanghai/android/materialprogressbar/MaterialProgressBar.java, line(s) 120,362,372 org/devio/takephoto/app/TakePhotoActivity.java, line(s) 54,59,64 org/devio/takephoto/app/TakePhotoFragment.java, line(s) 54,59,64 org/devio/takephoto/app/TakePhotoFragmentActivity.java, line(s) 54,59,64 org/devio/takephoto/uitl/IntentUtils.java, line(s) 30 org/devio/takephoto/uitl/TImageFiles.java, line(s) 117,83 org/devio/takephoto/uitl/TUriParse.java, line(s) 104,65 org/devio/takephoto/uitl/TUtils.java, line(s) 122 rx/internal/util/IndexedRingBuffer.java, line(s) 35 rx/internal/util/RxRingBuffer.java, line(s) 28 rx/plugins/RxJavaHooks.java, line(s) 207
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: me/goldze/mvvmhabit/crash/DefaultErrorActivity.java, line(s) 5,73
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/jpcd/mobilecb/ui/blueToothMeter/BTUserDetailViewModel.java, line(s) 165,173 com/jpcd/mobilecb/ui/blueToothMeter/BTUserSearchViewModel.java, line(s) 201,312 com/jpcd/mobilecb/ui/blueToothMeter/btMain/BTMainViewModel.java, line(s) 106,126 com/jpcd/mobilecb/ui/chaobiao/comprehensive/detail/ComprehensiveDetailViewModel.java, line(s) 332,758 com/jpcd/mobilecb/ui/chaobiao/examine/ExamineCBViewModel.java, line(s) 179,240,319,385 com/jpcd/mobilecb/ui/chaobiao/work/meter_read/detail/MeterReadDetailViewModel.java, line(s) 616,1647 com/jpcd/mobilecb/ui/chaobiao/work/pay/PayViewModel.java, line(s) 213,213,301,358,414,482 com/jpcd/mobilecb/ui/chart/ChartMainViewModel.java, line(s) 108,108,153,199 com/jpcd/mobilecb/ui/chart/cblist/RemoteCBListYSViewModel.java, line(s) 174,201,265 com/jpcd/mobilecb/ui/chart/hqfhz/InDicationQFViewModel.java, line(s) 174,156 com/jpcd/mobilecb/ui/chart/ssmx/InDicationShiShouViewModel.java, line(s) 171,153 com/jpcd/mobilecb/ui/chart/ysmx/IndicationYingShouMXViewModel.java, line(s) 170,152 com/jpcd/mobilecb/ui/daka/DaKaViewModel.java, line(s) 70,70,118 com/jpcd/mobilecb/ui/gongdan/jcgd/JCGDListViewModel.java, line(s) 173,260,354,407 com/jpcd/mobilecb/ui/gongdan/jcgd/detail/JiChaDetailViewModel.java, line(s) 250,189,235,340 com/jpcd/mobilecb/ui/meterCheck/MeterCheckDetailViewModel.java, line(s) 99,194 com/jpcd/mobilecb/ui/meterCheck/MeterCheckViewModel.java, line(s) 188,226 com/jpcd/mobilecb/ui/meterCheck/checkRecord/CheckRecordViewModel.java, line(s) 204,230 com/jpcd/mobilecb/ui/meterCheck/meterConfirm/MeterConfirmViewModel.java, line(s) 424,284,341,385,458 com/jpcd/mobilecb/ui/meterCheck/meterReceive/MeterReceiveViewModel.java, line(s) 391,251,308,352,458 com/jpcd/mobilecb/ui/pdsSite/SiteManageViewModel.java, line(s) 105,151 com/jpcd/mobilecb/ui/pdsSite/siteLLJ/SiteLLJViewModel.java, line(s) 177,119,165 com/jpcd/mobilecb/ui/pdsSite/siteSY/SiteSYViewModel.java, line(s) 179,121,167 com/jpcd/mobilecb/ui/pdsSite/siteSZ/SiteSZViewModel.java, line(s) 178,120,166 com/jpcd/mobilecb/ui/remoteControl/RemoteControlMainViewModel.java, line(s) 176,176,221,265 com/jpcd/mobilecb/ui/remoteControl/addUser/nbAddUser/NBAddUserViewModel.java, line(s) 231,231,305,349,439 com/jpcd/mobilecb/ui/remoteControl/addUser/nbAddedSearch/RemoteAddSearchViewModel.java, line(s) 213,197 com/jpcd/mobilecb/ui/remoteControl/addUser/signAddUser/SignAddUserViewModel.java, line(s) 265,265,313,385,479,523,641 com/jpcd/mobilecb/ui/remoteControl/cblist/RemoteCBListViewModel.java, line(s) 158,180,231 com/jpcd/mobilecb/ui/remoteControl/cblist/detail/RemoteCBDetailViewModel.java, line(s) 115,99 com/jpcd/mobilecb/ui/remoteControl/control/RemoteMeterControlViewModel.java, line(s) 196,226,279,351,394 com/jpcd/mobilecb/ui/remoteControl/gongDan/RemoteGDListViewModel.java, line(s) 84,69 com/jpcd/mobilecb/ui/remoteControl/gongDan/detail/RemoteGDDetailViewModel.java, line(s) 98,116,172,212,264 com/jpcd/mobilecb/ui/storeHouse/meterToHouse/MeterToHouseViewModel.java, line(s) 170,259,319 com/jpcd/mobilecb/ui/target/TargetViewModel.java, line(s) 111,96,143,190 com/jpcd/mobilecb/ui/ysCheck/kefu/accept/KeFuAcceptRecordViewModel.java, line(s) 126,147,216,323,386 com/jpcd/mobilecb/ui/ysCheck/kefu/accept/KeFuAcceptViewModel.java, line(s) 235,235,276,316,355,395,439,504,566 com/jpcd/mobilecb/ui/ysCheck/kefu/chart/KeFuChartDetailViewModel.java, line(s) 327,164,201,274 com/jpcd/mobilecb/ui/ysCheck/kefu/detail/KeFuDetailViewModel.java, line(s) 407,236,291,389,457,568,612,679,743,793,854,903,953,1051,1091 com/jpcd/mobilecb/ui/ysCheck/kefu/map/KeFuMapFragmentViewModel.java, line(s) 86,86,146 com/jpcd/mobilecb/ui/ysCheck/kefu/normal/KeFuFragmentViewModel.java, line(s) 174,290,358,463,516 com/jpcd/mobilecb/ui/ysCheck/kefu/normal/KeFuMineFragmentViewModel.java, line(s) 172,288,345,444,497 com/jpcd/mobilecb/ui/ysCheck/kefu/urge/UrgeViewModel.java, line(s) 110,91 com/jpcd/mobilecb/utils/HttpsUtils.java, line(s) 132,81,130,130 com/jpcd/mobilecb/utils/RetrofitClient.java, line(s) 75,75 map/baidu/ar/http/MySSLSocketFactory.java, line(s) 36,158 me/goldze/mvvmhabit/http/DownLoadManager.java, line(s) 50,50
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/printer/sdk/serial/SerialPort.java, line(s) 45
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (devapi.qweather.net) 通信。
{'ip': '118.26.252.209', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (scv2.hivoice.cn) 通信。
{'ip': '47.95.178.71', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api.xmpush.xiaomi.com) 通信。
{'ip': '118.26.252.209', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (cn.register.xmpush.xiaomi.com) 通信。
{'ip': '118.26.252.209', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api.qweather.net) 通信。
{'ip': '118.26.252.209', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (wap.amap.com) 通信。
{'ip': '118.26.252.209', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (auth.qweather.net) 通信。
{'ip': '118.26.252.209', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (wx.hbtsoft.cn) 通信。
{'ip': '39.97.197.115', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (rtc.hivoice.cn) 通信。
{'ip': '39.97.197.115', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (geoapi.qweather.net) 通信。
{'ip': '118.26.252.209', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (datasetapi.qweather.net) 通信。
{'ip': '39.107.71.85', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (resolver.msg.xiaomi.net) 通信。
{'ip': '118.26.252.209', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (log.hivoice.cn) 通信。
{'ip': '39.96.244.101', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (u.hivoice.cn) 通信。
{'ip': '47.102.50.69', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (daohang.amap.com) 通信。
{'ip': '203.119.169.50', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (v2.hivoice.cn) 通信。
{'ip': '47.102.50.69', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}