安全分析报告: ⁡⁡星⁡⁡火⁡⁡互⁡⁡娱⁡⁡传⁡⁡媒⁡⁡ v9.6.6

安全分数


安全分数 51/100

风险评级


等级

  1. A
  2. B
  3. C
  4. F

严重性分布 (%)


隐私风险

1

用户/设备跟踪器


调研结果

高危 1
中危 46
信息 4
安全 2
关注 6

高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 

如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7

Files:
org/telegram/ui/Components/EmbedBottomSheet.java, line(s) 543,548,32

中危 应用程序已启用明文网络流量 

[android:usesCleartextTraffic=true]
应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。

中危 应用程序数据可以被备份 

[android:allowBackup=true]
这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。

中危 Service (org.telegram.messenger.GcmPushListenerService) 未被保护。 

[android:exported=true]
发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (org.telegram.messenger.GoogleVoiceClientService) 未被保护。 

[android:exported=true]
发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (org.telegram.messenger.GoogleVoiceClientActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity-Alias (org.telegram.messenger.DefaultIcon) 未被保护。 

[android:exported=true]
发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity-Alias (org.telegram.messenger.VintageIcon) 未被保护。 

[android:exported=true]
发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity-Alias (org.telegram.messenger.AquaIcon) 未被保护。 

[android:exported=true]
发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity-Alias (org.telegram.messenger.PremiumIcon) 未被保护。 

[android:exported=true]
发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity-Alias (org.telegram.messenger.TurboIcon) 未被保护。 

[android:exported=true]
发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity-Alias (org.telegram.messenger.NoxIcon) 未被保护。 

[android:exported=true]
发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity-Alias (org.telegram.ui.CallsActivity) 受权限保护, 但是应该检查权限的保护级别。 

Permission: android.permission.CALL_PHONE [android:exported=true]
发现一个 Activity-Alias被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Activity (org.telegram.ui.ShareActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (org.telegram.ui.ExternalActionActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (org.telegram.ui.ChatsWidgetConfigActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (org.telegram.ui.ContactsWidgetConfigActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (org.telegram.messenger.OpenChatReceiver) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity设置了TaskAffinity属性 

(org.telegram.ui.VoIPPermissionActivity)
如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名

中危 Activity设置了TaskAffinity属性 

(org.telegram.ui.VoIPFeedbackActivity)
如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名

中危 Broadcast Receiver (org.telegram.messenger.SmsReceiver) 未被保护。 

[android:exported=true]
发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (org.telegram.messenger.AuthenticatorService) 未被保护。 

[android:exported=true]
发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (org.telegram.messenger.ContactsSyncAdapterService) 未被保护。 

[android:exported=true]
发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (org.telegram.messenger.BringAppForegroundService) 未被保护。 

[android:exported=true]
发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (org.telegram.messenger.NotificationsService) 未被保护。 

[android:exported=true]
发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (org.telegram.messenger.VideoEncodingService) 未被保护。 

[android:exported=true]
发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (org.telegram.messenger.ImportingService) 未被保护。 

[android:exported=true]
发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (org.telegram.messenger.LocationSharingService) 未被保护。 

[android:exported=true]
发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (org.telegram.messenger.MusicPlayerService) 未被保护。 

[android:exported=true]
发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (org.telegram.messenger.MusicBrowserService) 未被保护。 

[android:exported=true]
发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (org.telegram.messenger.voip.TelegramConnectionService) 受权限保护, 但是应该检查权限的保护级别。 

Permission: android.permission.BIND_TELECOM_CONNECTION_SERVICE [android:exported=true]
发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Broadcast Receiver (org.telegram.messenger.RefererReceiver) 受权限保护, 但是应该检查权限的保护级别。 

Permission: android.permission.INSTALL_PACKAGES [android:exported=true]
发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Content Provider (org.telegram.messenger.voip.CallNotificationSoundProvider) 未被保护。 

[android:exported=true]
发现 Content Provider与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (androidx.sharetarget.ChooserTargetServiceCompat) 受权限保护, 但是应该检查权限的保护级别。 

Permission: android.permission.BIND_CHOOSER_TARGET_SERVICE [android:exported=true]
发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。 

Permission: com.google.android.c2dm.permission.SEND [android:exported=true]
发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护, 但是应该检查权限的保护级别。 

Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true]
发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 

可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6

Files:
com/tencent/qimei/y/g.java, line(s) 43,42
com/tencent/qimei/y/k.java, line(s) 38,43
org/telegram/ui/JMTBaiduMapActivity.java, line(s) 67,62
org/telegram/ui/JMTMapPreviewActivity.java, line(s) 67,61

中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞 

不安全的Web视图实现。可能存在WebView任意代码执行漏洞
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5

Files:
com/tencent/qimei/y/g.java, line(s) 45,42
com/tencent/qimei/y/k.java, line(s) 45,43
org/telegram/ui/ArticleViewer$BlockEmbedCell.java, line(s) 54,48
org/telegram/ui/Components/BotWebViewContainer.java, line(s) 219,203
org/telegram/ui/Components/EmbedBottomSheet.java, line(s) 522,164
org/telegram/ui/Components/WebPlayerView.java, line(s) 158,164
org/telegram/ui/LoginActivity.java, line(s) 1396,2133,1394,2131
org/telegram/ui/WebviewActivity.java, line(s) 171,158

中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 

应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage

Files:
com/github/gzuliyujiang/oaid/DeviceID.java, line(s) 293,294
com/hbisoft/hbrecorder/HBRecorder.java, line(s) 151
com/hbisoft/hbrecorder/ScreenRecordService.java, line(s) 166
com/lxj/xpopup/util/XPopupUtils.java, line(s) 323,346
org/telegram/messenger/AndroidUtilities.java, line(s) 636,2723,635,1875,1907,1917,2675,2676
org/telegram/messenger/EmuDetector.java, line(s) 226
org/telegram/messenger/FilesMigrationService.java, line(s) 92,76,188
org/telegram/messenger/MediaController.java, line(s) 3041,3043
org/telegram/messenger/SharedConfig.java, line(s) 1077
org/telegram/messenger/voip/VoIPController.java, line(s) 207
org/telegram/ui/ChatActivity.java, line(s) 3720,10350,10358
org/telegram/ui/Components/ChatAttachAlertDocumentLayout.java, line(s) 835,1017,1017,1017,1020
org/telegram/ui/Components/voip/VoIPHelper.java, line(s) 753,787

中危 MD5是已知存在哈希冲突的弱哈希 

MD5是已知存在哈希冲突的弱哈希
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
com/shubao/xinstall/a/f/c.java, line(s) 40
com/tencent/qimei/j/a.java, line(s) 29
com/tencent/qmsp/oaid2/l.java, line(s) 38
com/tencent/qmsp/sdk/a/c.java, line(s) 35,88
com/tencent/qmsp/sdk/g/b/c.java, line(s) 37
org/telegram/messenger/MessagesController.java, line(s) 5034
org/telegram/messenger/Utilities.java, line(s) 480

中危 SHA-1是已知存在哈希冲突的弱哈希 

SHA-1是已知存在哈希冲突的弱哈希
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
com/github/gzuliyujiang/oaid/impl/OppoImpl.java, line(s) 72
com/shubao/xinstall/a/a/d.java, line(s) 110
com/shubao/xinstall/a/f/c.java, line(s) 14
com/shubao/xinstall/a/f/i.java, line(s) 97
com/tencent/qmsp/oaid2/h0.java, line(s) 72
com/tencent/qmsp/sdk/g/g/e.java, line(s) 74
org/telegram/messenger/Utilities.java, line(s) 335,349
org/telegram/ui/PassportActivity.java, line(s) 1679

中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 

文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10

Files:
com/shubao/xinstall/a/b/b.java, line(s) 46
org/telegram/messenger/BuildVars.java, line(s) 177
org/telegram/messenger/ImageReceiver.java, line(s) 381
org/telegram/messenger/MediaDataController.java, line(s) 131,137,136
org/telegram/messenger/voip/Instance.java, line(s) 230,202,212
org/telegram/ui/Adapters/MentionsAdapter.java, line(s) 579
org/telegram/ui/ArticleViewer.java, line(s) 3285
org/telegram/ui/ChannelCreateActivity.java, line(s) 177
org/telegram/ui/DataAutoDownloadActivity.java, line(s) 74,89,82
org/telegram/ui/PremiumPreviewFragment.java, line(s) 1100,1045
org/telegram/ui/TopicsFragment.java, line(s) 2547,2540

中危 应用程序使用不安全的随机数生成器 

应用程序使用不安全的随机数生成器
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators

Files:
com/carrotsearch/randomizedtesting/Xoroshiro128PlusRandom.java, line(s) 3
com/tencent/qimei/j/a.java, line(s) 9
com/tencent/qimei/s/e.java, line(s) 3
com/tencent/qmsp/sdk/f/c.java, line(s) 6
cos/MyCOSService.java, line(s) 24
j$/util/concurrent/ThreadLocalRandom.java, line(s) 17
org/telegram/messenger/Utilities.java, line(s) 17
org/telegram/ui/Components/AudioVisualizerDrawable.java, line(s) 6
org/telegram/ui/Components/AvatarsDrawable.java, line(s) 11
org/telegram/ui/Components/BlobDrawable.java, line(s) 7
org/telegram/ui/Components/CircleBezierDrawable.java, line(s) 7
org/telegram/ui/Components/FlickerLoadingView.java, line(s) 12
org/telegram/ui/Components/GroupCallPipButton.java, line(s) 16
org/telegram/ui/Components/LineBlobDrawable.java, line(s) 6
org/telegram/ui/Components/SharedMediaFastScrollTooltip.java, line(s) 15
org/telegram/ui/EmojiAnimationsOverlay.java, line(s) 11
org/xbill/DNS/Header.java, line(s) 5
q/rorbin/badgeview/BadgeAnimator.java, line(s) 12

中危 IP地址泄露 

IP地址泄露


Files:
com/tencent/qimei/c/c.java, line(s) 121
com/tencent/qimei/o/u.java, line(s) 176,223
com/tencent/qimei/upload/BuildConfig.java, line(s) 13
cos/MyCOSService.java, line(s) 385,411,398,424,399,425,397,423,393,419,407,433,405,431,384,410,406,432,402,428,388,414,401,427,391,417,400,426,311,517,389,415,383,409,403,429,392,418,395,421,396,422,387,413,404,430,386,412,394,420,390,416
org/telegram/messenger/EmuDetector.java, line(s) 19

中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件 

应用程序创建临时文件。敏感信息永远不应该被写进临时文件


Files:
org/telegram/ui/Components/Paint/Slice.java, line(s) 23

中危 应用程序包含隐私跟踪程序 

此应用程序有多个1隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。

中危 此应用可能包含硬编码机密信息 

从应用程序中识别出以下机密确保这些不是机密或私人信息
谷歌地图的=> "com.google.android.maps.v2.API_KEY" : "AIzaSyA-t0jLPjUt2FxrA8VPK2EiYHcYcboIR6k"
Xinstall推广SDK的=> "com.xinstall.APP_KEY" : "xInstallAppKey"
openinstall统计的=> "com.openinstall.APP_KEY" : "openInstallAppKey"
"PasswordCode" : "Code"
"CancelPasswordResetNo" : "NO"
"UseProxyUsername" : "Usuario"
"UseProxyPassword" : "Passwort"
"UsernameLinkActive" : "active"
"Username" : "Benutzername"
"firebase_database_url" : "https://tmessages2.firebaseio.com"
"TerminateWebSessionStop" : "Cahaya%1$s"
"PasswordOn" : "Activada"
"PasswordOff" : "No"
"UseProxyUsername" : "Username"
"TypePrivate" : "Privato"
"TypePrivateGroup" : "Privado"
"CheckPasswordPerfect" : "Perfect!"
"RestorePasswordNoEmailTitle" : "Desculpe"
"PasswordOn" : "menyalakan"
"PasswordOff" : "Uit"
"Username" : "Username"
"NotificationHiddenChatUserName" : "Utente"
"TypePrivateGroup" : "Privat"
"PasswordOn" : "On"
"PaymentPasswordTitle" : "Password"
"UseProxySecret" : "Clave"
"YourPasswordSuccess" : "Gelukt!"
"UseProxySecret" : "gram"
"PasscodePassword" : "Password"
"AutodownloadPrivateChats" : "Chats"
"PasswordOff" : "Off"
"ChannelPrivate" : "privat"
"PasswordOn" : "Aan"
"UseProxySecret" : "Segredo"
"TypePrivateGroup" : "Privato"
"PasswordCode" : "Codice"
"ReportSpamUser" : "BLOKKEREN"
"UseProxySecret" : "Secret"
"PasscodePassword" : "Wachtwoord"
"PasswordRecovery" : "Wachtwoordherstel"
"UseProxyPassword" : "Wachtwoord"
"UsernameProfileLinkActive" : "positif"
"PasswordOff" : "Desativada"
"NotificationHiddenChatUserName" : "Gebruiker"
"google_api_key" : "AIzaSyA-t0jLPjUt2FxrA8VPK2EiYHcYcboIR6k"
"UseProxyUsername" : "Gebruiker"
"google_crash_reporting_api_key" : "AIzaSyA-t0jLPjUt2FxrA8VPK2EiYHcYcboIR6k"
"TypePrivate" : "pribadi"
"EncryptionKey" : "Encryptiesleutel"
"AbortPasswordMenu" : "Interromper"
"PaymentPasswordEmailTitle" : "Herstel-e-mailadres"
"UseProxyPassword" : "Senha"
"PaymentPasswordTitle" : "Senha"
"UsernameProfileLinkActive" : "active"
"Username" : "Gebruikersnaam"
"ReportSpamUser" : "BLOQUEAR"
"LoginPassword" : "Passwort"
"PasswordOn" : "Ein"
"LoginPassword" : "Senha"
"YourPasswordSuccess" : "Success!"
"CancelPasswordResetYes" : "Ya"
"PasswordOff" : "penutup"
"PasscodePassword" : "Senha"
"RestorePasswordNoEmailTitle" : "Spiacenti"
"CheckPasswordPerfect" : "sempurna!"
"PaymentPasswordTitle" : "Passwort"
"YourPasswordSuccess" : "Kesuksesan!"
"UsernameLinkActive" : "positif"
"JMTUsername" : "Username"
"NotificationHiddenChatUserName" : "Pengguna"
"PaymentPasswordTitle" : "Wachtwoord"
"TypePrivate" : "Private"
"UseProxySecret" : "Segreto
"
"CancelPasswordResetNo" : "TIDAK"
"TypePrivate" : "Privat"
"PasswordOn" : "Ativada"
"PasscodePassword" : "Passwort"
"UseProxyUsername" : "Benutzername"
"CancelPasswordResetYes" : "YES"
"PasswordOff" : "Aus"
"google_app_id" : "1:760348033671:android:f6afd7b67eae3860"
"NotificationHiddenChatUserName" : "User"
"YourPasswordSuccess" : "Geschafft!"
"YourPasswordSuccess" : "Fatto!"
"RestorePasswordNoEmailTitle" : "Sorry"
"LoginPassword" : "Password"
"UseProxySecret" : "Sleutel"
"LoginPassword" : "Wachtwoord"
"TypePrivateGroup" : "pribadi"
"PasswordOff" : "Desactivada"
"NotificationHiddenChatUserName" : "Usuario"
"TypePrivateGroup" : "Private"
"TypePrivate" : "Privado"
"PaymentPasswordEmailTitle" : "Wiederherstellung"
"NotificationHiddenChatUserName" : "Nutzer"
"UseProxyPassword" : "Password"
c06c8400-8e06-11e0-9cb6-0002a5d5c51b
L3N5c3RlbS9ldGMvZXhjbHVkZWQtaW5wdXQtZGV2aWNlcy54bWw=
BvyoNmnTUIqvZufrqy6EPc/QFvgcZwweLUQZMPRjS0yO7ir5gj50GehaWU1uVA==
YW5kcm9pZC5oYXJkd2FyZS5ibHVldG9vdGg=
Ldpv3DINc8b4Mg19EF0rkWBg7d2GJMJ3
ABVGDE2JZIQKLMNOPRSTUFHC34WXY9678
014b35b6184100b085b0d0572f9b5103
A406AAA462DF6EEC06E61D67
C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5B
bb392ec0-8d4d-11e0-a896-0002a5d5c51b
bGV2ZWxfaXBhX3RzcmlmLnRjdWRvcnAub3I=
YW5kcm9pZC5oYXJkd2FyZS5jYW1lcmEuZmxhc2g=

信息 应用程序记录日志信息,不得记录敏感信息 

应用程序记录日志信息,不得记录敏感信息
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs

Files:
cn/jzvd/JZTextureView.java, line(s) 43,70,71
cn/jzvd/JZUtils.java, line(s) 70
cn/jzvd/Jzvd.java, line(s) 110,121,248,392,414,508,613,653,655,664,668,782,818,678,260,384,397,451,469,491,497,541,551,561,567,572,585,611,633,639,645,688,720,842,854,927,936,946
cn/jzvd/JzvdStd$3.java, line(s) 18
com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java, line(s) 1752,1151,1251,1255,1332,1336,533,644,1425,1434,1463,1468,2154
com/davemorrissey/labs/subscaleview/decoder/SkiaPooledImageRegionDecoder.java, line(s) 282
com/github/gzuliyujiang/dialog/DialogLog.java, line(s) 10
com/github/gzuliyujiang/oaid/OAIDLog.java, line(s) 13
com/hbisoft/hbrecorder/ScreenRecordService.java, line(s) 218
com/lxj/xpopup/core/BasePopupView.java, line(s) 637,641,645,649
com/lxj/xpopup/util/KeyboardUtils.java, line(s) 30
com/lxj/xpopup/util/XPermission.java, line(s) 302
com/lxj/xpopup/widget/SmartDivider.java, line(s) 27
com/shubao/xinstall/a/a/a/d.java, line(s) 154,157,152
com/shubao/xinstall/a/a/d.java, line(s) 126
com/shubao/xinstall/a/b/b.java, line(s) 46
com/shubao/xinstall/a/b/d.java, line(s) 69
com/shubao/xinstall/a/c/c.java, line(s) 10
com/shubao/xinstall/a/c/e.java, line(s) 43,52
com/shubao/xinstall/a/f/a.java, line(s) 187,222,227,237,248,260,294,300,309,322
com/shubao/xinstall/a/f/d.java, line(s) 24,28
com/shubao/xinstall/a/f/e.java, line(s) 117
com/shubao/xinstall/a/f/i.java, line(s) 137,140,145,148,153,156
com/shubao/xinstall/a/f/o.java, line(s) 9,17,13
com/shubao/xinstall/b.java, line(s) 12,13,14,15,16
com/tencent/qimei/k/a.java, line(s) 49,14,43
com/tencent/qmsp/oaid2/c.java, line(s) 11,17,23
com/tencent/qmsp/oaid2/j.java, line(s) 32,46
com/tencent/qmsp/oaid2/y.java, line(s) 15
com/tencent/qmsp/sdk/base/c.java, line(s) 11,21,27
com/tencent/qmsp/sdk/f/g.java, line(s) 11,21,27,33
com/tencent/qmsp/sdk/g/b/a.java, line(s) 37,55
com/tencent/qmsp/sdk/g/b/b.java, line(s) 38,47,41
com/tencent/qmsp/sdk/g/e/d.java, line(s) 20
cos/MyCOSService$2.java, line(s) 23,39
cos/MyCOSService$3.java, line(s) 24,33,40
cos/MyCOSService.java, line(s) 175,203,209,214,262,267,484,488,502,503,509
io/nlopez/smartlocation/utils/LoggerFactory$Blabber.java, line(s) 18,30,34,22,26
org/telegram/PhoneFormat/PhoneFormat.java, line(s) 112,117,138,145,155,163,213
org/telegram/SQLite/SQLiteCursor.java, line(s) 98,103
org/telegram/SQLite/SQLiteDatabase.java, line(s) 60,77
org/telegram/SQLite/SQLitePreparedStatement.java, line(s) 104,112
org/telegram/messenger/AndroidUtilities.java, line(s) 1786,1923,1948,1953,2551,2681,2688,325,381,464,562,600,926,963,1190,1221,1340,1356,1524,1533,1689,1753,1778,1834,1853,1919,1956,1965,2064,2068,2195,2211,2222,2271,2288,2292,2393,2519,2534,2645,2667,2725,2817,2983,2995,3039,4002,4020,4241,4251,4259,4299,4315,4521,4530,4578
org/telegram/messenger/AnimatedFileDrawableStream.java, line(s) 55,114
org/telegram/messenger/ApplicationLoader.java, line(s) 186,209,234,235,245,366,548,142,376,416,433,447,471,516,540
org/telegram/messenger/AuthTokensHelper.java, line(s) 66
org/telegram/messenger/BillingController.java, line(s) 223,305,309,327,114
org/telegram/messenger/ChatObject.java, line(s) 237,245,435,800,812,836,844,987,996,1009,1019,1094
org/telegram/messenger/ChatThemeController.java, line(s) 61,139,283,342,363
org/telegram/messenger/ContactsController.java, line(s) 411,423,434,667,753,762,786,899,904,929,983,1001,1432,1559,126,135,540,565,713,1171,1179,1375,1379,1388,1654,2198,2230
org/telegram/messenger/ContactsRemoteViewsFactory.java, line(s) 158
org/telegram/messenger/ContactsSyncAdapterService.java, line(s) 49,30
org/telegram/messenger/DatabaseMigrationHelper.java, line(s) 1221,1331,547,600,646,670,694,718,765,981,1235,1239
org/telegram/messenger/DispatchQueue.java, line(s) 52,63,76,89
org/telegram/messenger/DispatchQueuePoolBackground.java, line(s) 122
org/telegram/messenger/DocumentObject.java, line(s) 50
org/telegram/messenger/DownloadController.java, line(s) 900,972,1053,1095,1154,1196,1249,1254
org/telegram/messenger/Emoji.java, line(s) 154,164,355,621,633
org/telegram/messenger/EmuInputDevicesDetector.java, line(s) 57
org/telegram/messenger/FeedRemoteViewsFactory.java, line(s) 134
org/telegram/messenger/FileLoadOperation.java, line(s) 757,1032,1034,1082,1230,1232,1318,1398,1511,1528,1550,1554,535,544,605,878,888,898,908,919,943,949,957,963,971,977,985,992,1001
org/telegram/messenger/FileLoader.java, line(s) 1344,130,764,1164,1172,1180,1189
org/telegram/messenger/FileLog.java, line(s) 96,97,98,99,131,132,133,382,237,262,409
org/telegram/messenger/FilePathDatabase.java, line(s) 64,74,120,190,224,293,87,140,199,229,291,295,327,343,356,388,425,496
org/telegram/messenger/FileRefController.java, line(s) 629,774,822
org/telegram/messenger/FileStreamLoadOperation.java, line(s) 159
org/telegram/messenger/FileUploadOperation.java, line(s) 112,136,204
org/telegram/messenger/FilesMigrationService.java, line(s) 99,134,139,154,158
org/telegram/messenger/FingerprintController.java, line(s) 32,47,68,73,86,111,129
org/telegram/messenger/GcmPushListenerService.java, line(s) 14,25
org/telegram/messenger/ImageLoader.java, line(s) 1258,286,316,328,347,385,404,425,718,736,1223,1342,1357,1424,1432,1442,2056,2068,2093,2158,2164,2239
org/telegram/messenger/ImageReceiver.java, line(s) 1155,1291,1329,1389,1440,1497
org/telegram/messenger/ImportingService.java, line(s) 39,75
org/telegram/messenger/KeepAliveJob.java, line(s) 24,38,44,60,72
org/telegram/messenger/LanguageDetector.java, line(s) 37,43,49
org/telegram/messenger/LinkifyPort.java, line(s) 42
org/telegram/messenger/LiteMode.java, line(s) 144,157
org/telegram/messenger/LocaleController.java, line(s) 595,986,1034,1055,2518,2534,2544,2547,2581,2595,2655,2702,2741,2762,2777,2786,2797,2808,3562,432,437,760,917,923,929,940,1086,1135,1231,1279,1907,2008,2033,2049,2065,2084,2106,2122,2151,2200,2342,2358,2382,2424,2434,2603,2658,3518,3538
org/telegram/messenger/LocationController.java, line(s) 275,331,659,716,781,835,915
org/telegram/messenger/LocationSharingService.java, line(s) 145
org/telegram/messenger/MediaController$13.java, line(s) 16
org/telegram/messenger/MediaController$2.java, line(s) 34
org/telegram/messenger/MediaController$5.java, line(s) 76
org/telegram/messenger/MediaController$6.java, line(s) 21
org/telegram/messenger/MediaController$StopMediaObserverRunnable.java, line(s) 25,33
org/telegram/messenger/MediaController$VideoConvertRunnable.java, line(s) 30
org/telegram/messenger/MediaController.java, line(s) 557,983,1071,1108,1126,1142,1154,1164,2721,2728,2833,2861,2870,507,512,517,522,540,566,575,642,658,676,725,736,808,965,1376,1409,1532,1746,1760,2127,2133,2217,2396,2405,2458,2577,2617,2747,2757,2798,2851,2873,2938,2941,3092,3113,3145,3153,3161,3184,3223,3231,3243,3300,3323,3331,3334,3345,3364,3375,3381,3387,3406,3416,3546,3625,3700,3706
org/telegram/messenger/MediaDataController$1.java, line(s) 223
org/telegram/messenger/MediaDataController.java, line(s) 4122,510,739,814,883,1022,1108,1242,1293,1348,1581,1680,1724,2077,2262,2339,2786,2882,3025,3126,3317,4228,4268,4294,4360,4385,4501,4584,4723,4780,4792,4956,5081,5239,5396,5967,6059,6257,6297,6345,6388,6418,6637,6703,6806,7000,7162,7269
org/telegram/messenger/MessageObject.java, line(s) 492,878,1033,1256,2671,2768,2860,2866
org/telegram/messenger/MessagesController.java, line(s) 4472,6419,6460,6465,6500,6512,6522,6545,6550,6557,6574,6586,8169,8178,9134,9505,9538,9675,9922,10172,10357,10407,10448,10454,10460,12152,12166,12307,12316,12329,12374,12383,12395,12713,738,772,1540,1556,1583,2104,2844,3393,4196,5427,7467,7507,7556,9941,10285,10384,11103,11129,11176,11196,12443,12901,13039,13126,13657,14386,14556,14699
org/telegram/messenger/MessagesStorage.java, line(s) 359,365,630,635,391,399,409,416,462,472,480,653,753,758,761,764,5245
org/telegram/messenger/MusicBrowserService$MediaSessionCallback.java, line(s) 55
org/telegram/messenger/MusicBrowserService.java, line(s) 195,272,330
org/telegram/messenger/MusicPlayerService.java, line(s) 146,381
org/telegram/messenger/NativeLoader.java, line(s) 46,54
org/telegram/messenger/NotificationBadge$HuaweiHomeBadger.java, line(s) 23
org/telegram/messenger/NotificationBadge$ZukHomeBadger.java, line(s) 25
org/telegram/messenger/NotificationCenter.java, line(s) 1313
org/telegram/messenger/NotificationImageProvider.java, line(s) 113
org/telegram/messenger/NotificationsController$1NotificationHolder.java, line(s) 55,50
org/telegram/messenger/NotificationsController.java, line(s) 234,376,417,1228,1290,1305,1344,1359,1396,214,219,226,245,281,351,373,381,1023,1038,1105,1159,1176,1184,1207,1211,1220,1234,1287,1302,1311,1341,1356,1366,1404,1468,1628,1653,1657,1666
org/telegram/messenger/NotificationsDisabledReceiver.java, line(s) 31,35,46,55,64,78
org/telegram/messenger/OpenChatReceiver.java, line(s) 34
org/telegram/messenger/PushListenerController$GooglePushListenerServiceProvider.java, line(s) 31,34,56,48,74
org/telegram/messenger/PushListenerController.java, line(s) 112,126,132,136,69,75
org/telegram/messenger/ScreenReceiver.java, line(s) 13,19
org/telegram/messenger/SecretChatHelper.java, line(s) 642,716,739,811,970,1096,1318,1337,1376,1393
org/telegram/messenger/SendMessagesHelper$LocationProvider.java, line(s) 46,90,95,104
org/telegram/messenger/SendMessagesHelper.java, line(s) 2460,2466,2481,2491,2505,3189,4204,4224,4232,4238,710,727,1112,1888,3461,3513,3577,3747,4046
org/telegram/messenger/SharedConfig.java, line(s) 1192,361,441,456,482,496,650,946,1099
org/telegram/messenger/SmsReceiver.java, line(s) 47
org/telegram/messenger/SvgHelper.java, line(s) 455,474,487,500,513,528,542,558,1619
org/telegram/messenger/TopicsController.java, line(s) 94,112,133,901
org/telegram/messenger/TranslateController.java, line(s) 318,323,328,347,969,1012
org/telegram/messenger/UserConfig.java, line(s) 239
org/telegram/messenger/UserNameResolver.java, line(s) 31
org/telegram/messenger/Utilities.java, line(s) 111,339,355,384,397,408,420,439,456,487
org/telegram/messenger/VideoEditedInfo.java, line(s) 379
org/telegram/messenger/VideoEncodingService.java, line(s) 37,92,54
org/telegram/messenger/XiaomiUtilities.java, line(s) 45
org/telegram/messenger/browser/Browser$1.java, line(s) 20
org/telegram/messenger/browser/Browser.java, line(s) 79
org/telegram/messenger/camera/CameraController.java, line(s) 168,203,550,567,586,185,220,261,349,364,369,421,438,464,476,508,540,593,622,683,693,717,746,749,808,813,819,824,832,855
org/telegram/messenger/camera/CameraSession.java, line(s) 198,202,133,192,247,265,322,335,351,356,448
org/telegram/messenger/camera/CameraView$CameraGLThread.java, line(s) 73,343,368,81,89,98,111,122,129,148,166,179,188,242,252
org/telegram/messenger/camera/CameraView.java, line(s) 447,827,857,1006,1070,1186,806,1039,1110,1119,1129,1137,1250,1328,1333,1341
org/telegram/messenger/ringtone/RingtoneDataStore.java, line(s) 44,357
org/telegram/messenger/secretmedia/ExtendedDefaultDataSource.java, line(s) 194
org/telegram/messenger/support/JobIntentService$CompatWorkEnqueuer.java, line(s) 58
org/telegram/messenger/support/customtabsclient/shared/CustomTabsHelper.java, line(s) 70
org/telegram/messenger/support/fingerprint/FingerprintManagerCompatApi23.java, line(s) 38,51,60
org/telegram/messenger/utils/BitmapsCache.java, line(s) 311
org/telegram/messenger/utils/CopyUtilities.java, line(s) 84
org/telegram/messenger/video/AudioRecoder.java, line(s) 61
org/telegram/messenger/video/MediaCodecVideoConvertor.java, line(s) 63
org/telegram/messenger/video/TextureRenderer.java, line(s) 84,86,207
org/telegram/messenger/voip/AudioRecordJNI.java, line(s) 245,64,77,93,112,136,178,210,236,108,218,61,74,90
org/telegram/messenger/voip/AudioTrackJNI.java, line(s) 37,60,114,124,122,31
org/telegram/messenger/voip/Instance.java, line(s) 98
org/telegram/messenger/voip/JNIUtilities.java, line(s) 93
org/telegram/messenger/voip/NativeInstance.java, line(s) 142,276,306
org/telegram/messenger/voip/TelegramConnectionService.java, line(s) 33,70,50,60,18,26
org/telegram/messenger/voip/VideoCapturerDevice.java, line(s) 361
org/telegram/messenger/voip/VoIPServerConfig.java, line(s) 19
org/telegram/messenger/voip/VoIPService$1.java, line(s) 63
org/telegram/messenger/voip/VoIPService$2.java, line(s) 40
org/telegram/messenger/voip/VoIPService$3.java, line(s) 51,59
org/telegram/messenger/voip/VoIPService$CallConnection.java, line(s) 25,36,64,76,83
org/telegram/messenger/voip/VoIPService.java, line(s) 959,1397,1641,1740,2604,2620,2640,2739,2966,3340,3356,3388,3395,3402,3518,3533,3648,3691,3817,3854,3861,3869,3980,4027,4145,552,613,889,933,957,975,1006,1445,1674,2539,2772,2959,3072,3121,3183,3200,3256,3331,3408,3564,3576,3619,3710,3719,3755,3785,3827,4001,4021,4259,4270,619,642,968,1002,1461,3245
org/telegram/tgnet/ConnectionsManager.java, line(s) 348,404,414,416,485,584,592,608,624,627,634,687,708,850,856,859,368,394,419,637,696,743,755,768,865,905,386
org/telegram/tgnet/NativeByteBuffer.java, line(s) 125,126,140,141,165,166,180,181,199,200,208,209,217,218,253,254,289,290,300,301,337,383,384,401,416,417,430,431,444,445,479,480,509,510,545,546,561,562
org/telegram/tgnet/SerializedData.java, line(s) 68,77,86,95,113,114,136,137,164,165,179,180,194,195,209,210,245,246,256,257,292,293,303,304,314,315,342,367,384,385,399,400,439,440,473,474,489,490,505,506,522,523,542,543
org/telegram/tgnet/TLClassStore.java, line(s) 51
org/telegram/tgnet/TLRPC$TL_chatPhoto.java, line(s) 39
org/telegram/tgnet/TLRPC$TL_chatPhoto_layer127.java, line(s) 25
org/telegram/tgnet/TLRPC$TL_userProfilePhoto.java, line(s) 36
org/telegram/tgnet/TLRPC$TL_userProfilePhoto_layer127.java, line(s) 26
org/telegram/ui/ActionBar/ActionBarLayout.java, line(s) 1289,1146,1150,1820,2633
org/telegram/ui/ActionBar/ActionBarPopupWindow.java, line(s) 173,576,676
org/telegram/ui/ActionBar/AlertDialog.java, line(s) 908,1194
org/telegram/ui/ActionBar/BaseFragment.java, line(s) 282,294,320,335,467,562,574,618,632
org/telegram/ui/ActionBar/BottomSheet.java, line(s) 837,1443,1578,1602
org/telegram/ui/ActionBar/DrawerLayoutContainer.java, line(s) 492
org/telegram/ui/ActionBar/EmojiThemes.java, line(s) 403,472
org/telegram/ui/ActionBar/Theme.java, line(s) 5131,5180,2091,2683,2699,2763,2902,2950,3166,3174,3537,4592,4599,4653,4740,4763,5578,5599,5613,5732,5744,7493,7540,7735,7762,5423
org/telegram/ui/ActionBar/ThemeDescription.java, line(s) 787
org/telegram/ui/ActionIntroActivity.java, line(s) 773,843,930
org/telegram/ui/Adapters/ContactsAdapter.java, line(s) 109
org/telegram/ui/Adapters/DialogsAdapter.java, line(s) 348
org/telegram/ui/Adapters/DialogsSearchAdapter.java, line(s) 743,786,833,859
org/telegram/ui/Adapters/SearchAdapter$2.java, line(s) 22
org/telegram/ui/Adapters/SearchAdapter.java, line(s) 84,430
org/telegram/ui/Adapters/SearchAdapterHelper.java, line(s) 334,520,578
org/telegram/ui/ArticleViewer$BlockAuthorDateCell.java, line(s) 83
org/telegram/ui/ArticleViewer$BlockEmbedCell$1.java, line(s) 117,128
org/telegram/ui/ArticleViewer$BlockEmbedCell.java, line(s) 74,98,129
org/telegram/ui/ArticleViewer$BlockMapCell.java, line(s) 66
org/telegram/ui/ArticleViewer.java, line(s) 1154,4218,4267,4286,4430,4439,4461,4474
org/telegram/ui/BasePermissionsActivity.java, line(s) 100
org/telegram/ui/BubbleActivity.java, line(s) 297,301,92
org/telegram/ui/CacheControlActivity.java, line(s) 301,424,530,537,882,1328,1381
org/telegram/ui/CameraScanActivity.java, line(s) 730,741,989
org/telegram/ui/Cells/AboutLinkCell.java, line(s) 233,305,526
org/telegram/ui/Cells/AudioPlayerCell.java, line(s) 88,99
org/telegram/ui/Cells/BotHelpCell.java, line(s) 179
org/telegram/ui/Cells/ChatActionCell.java, line(s) 440,819,824
org/telegram/ui/Cells/ChatMessageCell.java, line(s) 3370,3986,4100,4128
org/telegram/ui/Cells/DialogCell.java, line(s) 780,887,1903
org/telegram/ui/Cells/DialogMeUrlCell.java, line(s) 210,225,307
org/telegram/ui/Cells/DrawerActionCell.java, line(s) 99,108
org/telegram/ui/Cells/DrawerProfileCell.java, line(s) 444
org/telegram/ui/Cells/SettingsSuggestionCell.java, line(s) 127
org/telegram/ui/Cells/SharedAudioCell.java, line(s) 175,208
org/telegram/ui/Cells/TextSelectionHelper.java, line(s) 1057,1058
org/telegram/ui/Cells/ThemesHorizontalListCell$InnerThemeView.java, line(s) 265
org/telegram/ui/ChangeBioActivity.java, line(s) 246,257
org/telegram/ui/ChangeUsernameActivity.java, line(s) 125,1312,1326,1335,1344
org/telegram/ui/ChannelAdminLogActivity$8.java, line(s) 32,53
org/telegram/ui/ChannelAdminLogActivity.java, line(s) 290,1548,2302,2311,2320,2329,2338,2347,2356,2365,289,289,293
org/telegram/ui/ChannelCreateActivity.java, line(s) 1185,1326,1340
org/telegram/ui/ChatActivity$17.java, line(s) 36,61,83
org/telegram/ui/ChatActivity$18.java, line(s) 138
org/telegram/ui/ChatActivity$ChatActivityAdapter.java, line(s) 340,357,374,393,417,434,334,351,368,385,411,428,445
org/telegram/ui/ChatActivity.java, line(s) 5349,10788,15017,2560,3279,6715,7197,7380,7432,9242,9252,10042,10274,12702,13454,14193,15681,16593,17002,17021,17051,3768,3772,10362
org/telegram/ui/ChatEditActivity.java, line(s) 806
org/telegram/ui/ChatRightsEditActivity.java, line(s) 910,937
org/telegram/ui/ChatUsersActivity.java, line(s) 1458
org/telegram/ui/Components/AlertsCreator.java, line(s) 213,244,291,324,1265,1313,1328,2208,4623,4680,5377
org/telegram/ui/Components/AnimatedEmojiDrawable.java, line(s) 709,240,272
org/telegram/ui/Components/AnimatedFileDrawable$4.java, line(s) 74,112
org/telegram/ui/Components/AvatarDrawable.java, line(s) 464
org/telegram/ui/Components/BlockingUpdateView.java, line(s) 223,227
org/telegram/ui/Components/BlurBehindDrawable.java, line(s) 140,392
org/telegram/ui/Components/BotWebViewContainer.java, line(s) 182,371,696,706,716,758,785
org/telegram/ui/Components/BotWebViewMenuContainer.java, line(s) 757
org/telegram/ui/Components/BotWebViewSheet.java, line(s) 809
org/telegram/ui/Components/ChatActivityEnterView.java, line(s) 1088,1834,1894,2648,4518,4536,4548,4602,5143,5163,5375,5417
org/telegram/ui/Components/ChatAttachAlertAudioLayout.java, line(s) 555
org/telegram/ui/Components/ChatAttachAlertBotWebViewLayout.java, line(s) 461
org/telegram/ui/Components/ChatAttachAlertDocumentLayout$1.java, line(s) 40
org/telegram/ui/Components/ChatAttachAlertDocumentLayout.java, line(s) 579,831,838
org/telegram/ui/Components/ChatAttachAlertLocationLayout.java, line(s) 103,120,386,408,425,433
org/telegram/ui/Components/ChatAttachAlertPhotoLayout.java, line(s) 2876,3287,3301
org/telegram/ui/Components/ChatAvatarContainer.java, line(s) 652
org/telegram/ui/Components/ChatThemeBottomSheet.java, line(s) 1020,1168
org/telegram/ui/Components/ClippingImageView.java, line(s) 232
org/telegram/ui/Components/Crop/CropView.java, line(s) 859,662,807
org/telegram/ui/Components/EditTextBoldCursor.java, line(s) 265,500,670,733,741
org/telegram/ui/Components/EditTextCaption.java, line(s) 245,314,341,382,446
org/telegram/ui/Components/EditTextEmoji.java, line(s) 127,631,658
org/telegram/ui/Components/EmbedBottomSheet$2.java, line(s) 35
org/telegram/ui/Components/EmbedBottomSheet.java, line(s) 200,227,241,261,295,361,368,534,553,566,629,655,722
org/telegram/ui/Components/EmojiColorPickerWindow.java, line(s) 442
org/telegram/ui/Components/EmojiPacksAlert$LinkMovementMethodMy.java, line(s) 23
org/telegram/ui/Components/EmojiPacksAlert.java, line(s) 365,808
org/telegram/ui/Components/EmojiView.java, line(s) 529,990,1275,4798,5998
org/telegram/ui/Components/FilterGLThread$1.java, line(s) 21
org/telegram/ui/Components/FilterGLThread.java, line(s) 112,119,128,139,150,157,223,318
org/telegram/ui/Components/FilterShaders.java, line(s) 950,951
org/telegram/ui/Components/ForegroundDetector.java, line(s) 82,119,89,126
org/telegram/ui/Components/ForwardingPreviewView$8.java, line(s) 59
org/telegram/ui/Components/GroupCallPipAlertView.java, line(s) 163
org/telegram/ui/Components/GroupVoipInviteAlert.java, line(s) 371
org/telegram/ui/Components/ImageUpdater.java, line(s) 592,625,663,690,951,958
org/telegram/ui/Components/InstantCameraView$11.java, line(s) 34
org/telegram/ui/Components/InstantCameraView$8.java, line(s) 15
org/telegram/ui/Components/InstantCameraView$9.java, line(s) 24,30
org/telegram/ui/Components/InstantCameraView$EncoderHandler.java, line(s) 27,32,40
org/telegram/ui/Components/InstantCameraView$VideoRecorder$2.java, line(s) 66
org/telegram/ui/Components/InstantCameraView$VideoRecorder.java, line(s) 197,463,265,288,297,308,316,435,533
org/telegram/ui/Components/InstantCameraView.java, line(s) 512,909,971,989,998,1005,1140,1145,1383,1404,460,659,767,992,1002,1032,1045,1060,1153,1160,1169,1180,1191,1221,1243,1248,1254,1263,1317
org/telegram/ui/Components/JoinCallAlert.java, line(s) 119,172
org/telegram/ui/Components/LetterDrawable.java, line(s) 114
org/telegram/ui/Components/LinkActionView.java, line(s) 222,240
org/telegram/ui/Components/MotionBackgroundDrawable.java, line(s) 318,539
org/telegram/ui/Components/Paint/RenderView$CanvasInternal.java, line(s) 61,68,77,88,99,106,125,227
org/telegram/ui/Components/Paint/Shader.java, line(s) 19,27,82,92
org/telegram/ui/Components/Paint/ShapeDetector.java, line(s) 233,294,607
org/telegram/ui/Components/Paint/Slice.java, line(s) 25,55,89
org/telegram/ui/Components/Paint/Utils.java, line(s) 12
org/telegram/ui/Components/Paint/Views/LPhotoPaintView.java, line(s) 1374,1381,1399,1637,2956,2983
org/telegram/ui/Components/PasscodeView$AnimatingTextView.java, line(s) 62,179
org/telegram/ui/Components/PasscodeView.java, line(s) 666,676,706,754,769,794,814,835,845
org/telegram/ui/Components/PathAnimator.java, line(s) 101
org/telegram/ui/Components/PhonebookShareAlert$7.java, line(s) 305
org/telegram/ui/Components/PhonebookShareAlert.java, line(s) 120,173
org/telegram/ui/Components/PhotoViewerCaptionEnterView.java, line(s) 165,443,699,719,744,772,874
org/telegram/ui/Components/PhotoViewerWebView.java, line(s) 405,582,707
org/telegram/ui/Components/PipRoundVideoView.java, line(s) 162
org/telegram/ui/Components/Premium/GLIcon/GLIconTextureView.java, line(s) 394,401,438
org/telegram/ui/Components/Premium/PremiumAppIconsPreviewView.java, line(s) 40
org/telegram/ui/Components/Premium/PremiumNotAvailableBottomSheet.java, line(s) 64
org/telegram/ui/Components/ProfileGalleryView.java, line(s) 456
org/telegram/ui/Components/ProximitySheet.java, line(s) 545
org/telegram/ui/Components/QRCodeBottomSheet.java, line(s) 125
org/telegram/ui/Components/RLottieDrawable$5.java, line(s) 33,71,193
org/telegram/ui/Components/RLottieDrawable.java, line(s) 389,923
org/telegram/ui/Components/RadioButton.java, line(s) 48,153
org/telegram/ui/Components/RecyclerListView.java, line(s) 529,755,769,1750,1756
org/telegram/ui/Components/SeekBar.java, line(s) 345,357
org/telegram/ui/Components/SeekBarView.java, line(s) 474
org/telegram/ui/Components/ShareAlert.java, line(s) 1856
org/telegram/ui/Components/SharedMediaLayout.java, line(s) 1538,3482
org/telegram/ui/Components/SizeNotifierFrameLayout.java, line(s) 665
org/telegram/ui/Components/SlotsDrawable.java, line(s) 59,165
org/telegram/ui/Components/StaticLayoutEx.java, line(s) 99
org/telegram/ui/Components/StickerCategoriesListView.java, line(s) 833
org/telegram/ui/Components/StickersAlert.java, line(s) 1097,1196,1362
org/telegram/ui/Components/TermsOfServiceView.java, line(s) 172
org/telegram/ui/Components/ThemeEditorView$EditorAlert.java, line(s) 500
org/telegram/ui/Components/ThemeEditorView.java, line(s) 61,70,108,223
org/telegram/ui/Components/TimerDrawable.java, line(s) 124
org/telegram/ui/Components/TranscribeButton.java, line(s) 635,698
org/telegram/ui/Components/UndoView.java, line(s) 129
org/telegram/ui/Components/VideoPlayerSeekBar.java, line(s) 337
org/telegram/ui/Components/VideoTimelinePlayView.java, line(s) 340,410,441
org/telegram/ui/Components/VideoTimelineView.java, line(s) 274,344,376
org/telegram/ui/Components/WallpaperUpdater$1.java, line(s) 26
org/telegram/ui/Components/WallpaperUpdater.java, line(s) 106,109,145
org/telegram/ui/Components/WebPlayerView$3.java, line(s) 33
org/telegram/ui/Components/WebPlayerView$AparatVideoTask.java, line(s) 42
org/telegram/ui/Components/WebPlayerView$CoubVideoTask.java, line(s) 37
org/telegram/ui/Components/WebPlayerView$TwitchClipVideoTask.java, line(s) 32
org/telegram/ui/Components/WebPlayerView$TwitchStreamVideoTask.java, line(s) 45
org/telegram/ui/Components/WebPlayerView$VimeoVideoTask.java, line(s) 39
org/telegram/ui/Components/WebPlayerView$YoutubeVideoTask.java, line(s) 62,42
org/telegram/ui/Components/WebPlayerView.java, line(s) 348,394,729,737,745,753,761,767,791
org/telegram/ui/Components/voip/VoIPHelper.java, line(s) 114,183,397,780
org/telegram/ui/Components/voip/VoIPPiPView$FloatingView.java, line(s) 185
org/telegram/ui/Components/voip/VoIPPiPView.java, line(s) 304
org/telegram/ui/ContactAddActivity$4.java, line(s) 17
org/telegram/ui/ContactsActivity$10.java, line(s) 47
org/telegram/ui/ContactsActivity.java, line(s) 260,358,384,545,575
org/telegram/ui/ContentPreviewViewer.java, line(s) 1126,1196,1372
org/telegram/ui/CountrySelectActivity$CountrySearchAdapter$1.java, line(s) 23
org/telegram/ui/CountrySelectActivity.java, line(s) 269,403
org/telegram/ui/DeviceUtils.java, line(s) 50
org/telegram/ui/DialogsActivity$11$1.java, line(s) 29,41,47,68,75
org/telegram/ui/DialogsActivity$12$1.java, line(s) 25,31,39
org/telegram/ui/DialogsActivity$13$1.java, line(s) 29,48,59
org/telegram/ui/DialogsActivity$8$1.java, line(s) 25,35,41
org/telegram/ui/DialogsActivity.java, line(s) 1919,1976,1987,2000,3676,6000,7180
org/telegram/ui/EmojiAnimationsOverlay.java, line(s) 748
org/telegram/ui/ExternalActionActivity$4.java, line(s) 19,23
org/telegram/ui/ExternalActionActivity.java, line(s) 94,381,422
org/telegram/ui/FilterChatlistActivity$InviteLinkCell.java, line(s) 525
org/telegram/ui/FilterCreateActivity.java, line(s) 654,1088
org/telegram/ui/FilteredSearchView.java, line(s) 954
org/telegram/ui/FiltersSetupActivity.java, line(s) 457
org/telegram/ui/GroupCallActivity.java, line(s) 540,676
org/telegram/ui/GroupCreateActivity.java, line(s) 404
org/telegram/ui/GroupCreateFinalActivity.java, line(s) 168
org/telegram/ui/GroupInviteActivity.java, line(s) 139,154
org/telegram/ui/GroupStickersActivity.java, line(s) 631
org/telegram/ui/IdenticonActivity$LinkMovementMethodMy.java, line(s) 18
org/telegram/ui/InviteContactsActivity$InviteAdapter$1.java, line(s) 25
org/telegram/ui/InviteContactsActivity.java, line(s) 256,299,465
org/telegram/ui/JMTMatchInfo4Activity$1$1.java, line(s) 35,60,75
org/telegram/ui/JMTMatchInfo4Activity.java, line(s) 86
org/telegram/ui/JMTMatchInfo5Activity$7$1.java, line(s) 29,48,59
org/telegram/ui/JMTMatchInfo5Activity.java, line(s) 123
org/telegram/ui/LanguageSelectActivity.java, line(s) 216,245
org/telegram/ui/LaunchActivity$27.java, line(s) 21,30,27
org/telegram/ui/LaunchActivity.java, line(s) 694,936,948,3857,4584,4612,4690,4702,4706,4727,4739,320,656,705,1596,1639,1918,1925,2009,2027,2032,2042,2134,2182,2188,2232,2317,2403,2415,2488,2530,2537,2876,2906,2987,3004,3016,3032,3055,3118,3144,3166,3193,3388,3403,3412,3431,3746,4044,4051,4642,4841,4919,4991
org/telegram/ui/LocationActivity.java, line(s) 232,240,346,1201,1268,1275,1387,1597,1640,1667,1692,1810,1880,2217,2247,2270,2363,2471,2532,2541,2564,2573
org/telegram/ui/LoginActivity$MergeUserNameView$11$1.java, line(s) 33,38,49,57
org/telegram/ui/LoginActivity$RegisterUserNameView$2.java, line(s) 27
org/telegram/ui/LoginActivity$RegisterUserNameView$9$1.java, line(s) 95
org/telegram/ui/LoginActivity.java, line(s) 1081,1153,1248,1254,1259,1263,1275,1281,1505,1513,1666,1673,1943,1950,1981,1988,2224,2278,2287,2322,2329,6024,6064,426,500,1009,1253,1280,1467,1886,2194,2490,2767,2798,3843,4159,6211
org/telegram/ui/ManageLinksActivity$LinkCell.java, line(s) 115,130
org/telegram/ui/NewContactBottomSheet.java, line(s) 262
org/telegram/ui/NotificationsCustomSettingsActivity.java, line(s) 492
org/telegram/ui/NotificationsSettingsActivity.java, line(s) 283
org/telegram/ui/NotificationsSoundActivity.java, line(s) 500,841
org/telegram/ui/PasscodeActivity.java, line(s) 480,645
org/telegram/ui/PassportActivity.java, line(s) 632,1683,2003,2111,2209,2810,4187,4516,4575,4760,5540,5563
org/telegram/ui/PaymentFormActivity$TelegramWebviewProxy.java, line(s) 33
org/telegram/ui/PaymentFormActivity.java, line(s) 383,1047,1248,1332,1341,1465,1472,1728,1980
org/telegram/ui/PeopleNearbyActivity.java, line(s) 538,478,695
org/telegram/ui/PhotoCropActivity$PhotoCropView.java, line(s) 168,173
org/telegram/ui/PhotoViewer$55.java, line(s) 48,56
org/telegram/ui/PhotoViewer$6.java, line(s) 40
org/telegram/ui/PhotoViewer$77.java, line(s) 86
org/telegram/ui/PhotoViewer$FirstFrameView.java, line(s) 92
org/telegram/ui/PhotoViewer.java, line(s) 5327,5335,1790,1798,1900,2170,3016,3028,4305,4602,4633,4863,4912,5600,5690,5697,5940,5956,6409,6510,6518,6533,6562,6774,6779,8410,9313,9369,9385,9396,9405,9501,9618
org/telegram/ui/PopupNotificationActivity.java, line(s) 427,1018
org/telegram/ui/PremiumPreviewFragment.java, line(s) 1048,1062,1076,1102
org/telegram/ui/PrivacyControlActivity.java, line(s) 632
org/telegram/ui/PrivacySettingsActivity.java, line(s) 275,471,558
org/telegram/ui/ProfileActivity.java, line(s) 823,1134,1527,2761,2779,3384,4436,4611,4624,4639,4720,4740,6908,6994,7610
org/telegram/ui/ProfileNotificationsActivity.java, line(s) 268
org/telegram/ui/RestrictedLanguagesSelectActivity.java, line(s) 491,503,526
org/telegram/ui/SecretMediaViewer.java, line(s) 301,307,342,386,651,770,865
org/telegram/ui/SelectAnimatedEmojiDialog.java, line(s) 490,555,2021
org/telegram/ui/SessionsActivity.java, line(s) 459,480,1240,1320
org/telegram/ui/ShareActivity.java, line(s) 77,100
org/telegram/ui/StickersActivity.java, line(s) 1041,1063,1400
org/telegram/ui/ThemeActivity.java, line(s) 1264,1276,1354,1359
org/telegram/ui/ThemePreviewActivity.java, line(s) 1195
org/telegram/ui/ThemeSetUrlActivity$3.java, line(s) 72
org/telegram/ui/ThemeSetUrlActivity$LinkMovementMethodMy.java, line(s) 23
org/telegram/ui/ThemeSetUrlActivity.java, line(s) 334,350,550,561
org/telegram/ui/TopicsFragment.java, line(s) 3130,633
org/telegram/ui/TwoStepVerificationActivity.java, line(s) 139,662
org/telegram/ui/TwoStepVerificationSetupActivity$14.java, line(s) 77
org/telegram/ui/TwoStepVerificationSetupActivity.java, line(s) 1085,1109
org/telegram/ui/VoIPFragment.java, line(s) 657,1131,1328
org/telegram/ui/VoIPPermissionActivity.java, line(s) 34
org/telegram/ui/WallpapersListActivity.java, line(s) 1023
org/telegram/ui/WebviewActivity$3.java, line(s) 35,45
org/telegram/ui/WebviewActivity$TelegramWebviewProxy.java, line(s) 35
org/telegram/ui/WebviewActivity.java, line(s) 100,275
org/webrtc/AndroidVideoDecoder.java, line(s) 400
org/webrtc/EglRenderer.java, line(s) 134,392
org/webrtc/GlGenericDrawer.java, line(s) 315
org/webrtc/GlShader.java, line(s) 97
org/webrtc/HardwareVideoEncoderFactory.java, line(s) 119
org/webrtc/MediaCodecUtils.java, line(s) 55
org/webrtc/ScreenCapturerAndroid.java, line(s) 82,131
org/webrtc/TextureBufferImpl.java, line(s) 97
org/webrtc/YuvConverter.java, line(s) 72,98
org/webrtc/voiceengine/WebRtcAudioRecord.java, line(s) 158,352,393
org/webrtc/voiceengine/WebRtcAudioTrack.java, line(s) 263,372
repeackage/com/qiku/id/QikuIdmanager.java, line(s) 24

信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 

此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard

Files:
com/shubao/xinstall/a/f/h.java, line(s) 4,70
org/telegram/messenger/AndroidUtilities.java, line(s) 10,2639,2642
org/telegram/ui/ChangeUsernameActivity.java, line(s) 7,120
org/telegram/ui/ChatActivity.java, line(s) 14,14188
org/telegram/ui/Components/EmbedBottomSheet.java, line(s) 8,627
org/telegram/ui/Components/InviteMembersBottomSheet.java, line(s) 9,828
org/telegram/ui/Components/LinkActionView.java, line(s) 6,215
org/telegram/ui/Components/PhonebookShareAlert.java, line(s) 7,168,190
org/telegram/ui/Components/ShareAlert.java, line(s) 10,1840
org/telegram/ui/GroupInviteActivity.java, line(s) 4,135
org/telegram/ui/ManageLinksActivity$LinkCell.java, line(s) 4,111
org/telegram/ui/PrivacyControlActivity$ListAdapter$2.java, line(s) 4,24
org/telegram/ui/ProfileActivity.java, line(s) 10,4433,4617
org/telegram/ui/SessionBottomSheet.java, line(s) 5,198
org/telegram/ui/StickersActivity.java, line(s) 5,1060
org/telegram/ui/ThemeSetUrlActivity$3.java, line(s) 4,67

信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 

此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard

Files:
org/telegram/ui/ProxySettingsActivity$$ExternalSyntheticLambda1.java, line(s) 5,3
org/telegram/ui/ProxySettingsActivity.java, line(s) 62,5

信息 应用与Firebase数据库通信 

该应用与位于 https://tmessages2.firebaseio.com 的 Firebase 数据库进行通信

安全 此应用程序使用Safety Net API。 

此应用程序使用Safety Net API。
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#safetynet

Files:
org/telegram/ui/LoginActivity.java, line(s) 67

安全 Firebase远程配置已禁用 

Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/760348033671/namespaces/firebase:fetch?key=AIzaSyA-t0jLPjUt2FxrA8VPK2EiYHcYcboIR6k ) 已禁用。响应内容如下所示:

响应码是 403

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (console.cloud.tencenct.com) 通信。 

{'ip': '43.199.0.6', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (likeinstall.cn) 通信。 

{'ip': '121.199.65.132', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (bit.909321.xyz) 通信。 

{'ip': '221.228.32.13', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '无锡', 'latitude': '31.569349', 'longitude': '120.288788'}

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (xinstall.top) 通信。 

{'ip': '61.160.192.102', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '常州', 'latitude': '31.783331', 'longitude': '119.966667'}

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (tun-cos-1258344701.file.myqcloud.com) 通信。 

{'ip': '180.97.228.82', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (szcp.mxdx.net) 通信。 

{'ip': '27.155.98.155', 'country_short': 'CN', 'country_long': '中国', 'region': '福建', 'city': '福州', 'latitude': '26.061390', 'longitude': '119.306107'}

安全评分: ( ⁡⁡星⁡⁡火⁡⁡互⁡⁡娱⁡⁡传⁡⁡媒⁡⁡ 9.6.6)