页面标题
页面副标题
移动应用安全检测报告
DENVER FIT 2 v1.0.13
40
安全评分
安全基线评分
40/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
5
高危
14
中危
2
信息
1
安全
隐私风险评估
7
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
5
中危安全漏洞
14
安全提示信息
2
已通过安全项
1
重点安全关注
9
高危安全漏洞 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危安全漏洞 域配置不安全地配置为允许明文流量到达范围内的这些域。
Scope: secure.example.com android.bugly.qq.com
高危安全漏洞 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/actions/aticonsota/BuildConfig.java, line(s) 3,5 com/actions/ibluz/BuildConfig.java, line(s) 3,5
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/alibaba/aliagentsdk/domain/FGSInfoConfig.java, line(s) 62
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个7隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 Activity (com.yc.gloryfit.wxapi.WXEntryActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/realsil/sdk/dfu/utils/DfuUtils.java, line(s) 14 com/yc/pedometer/bodyfat/BodyTestingActivity.java, line(s) 32 com/yc/pedometer/column/BodyUtil.java, line(s) 11 com/yc/pedometer/customview/RateDynamicOndraw.java, line(s) 17 com/yc/pedometer/customview/SearchDeviceAnimationView.java, line(s) 15 com/yc/pedometer/ecg/EcgTestingActivity.java, line(s) 35 com/yc/pedometer/ecg/EcgUtil.java, line(s) 21 com/yc/pedometer/sdk/WriteCommandToBLE.java, line(s) 80 com/yc/pedometer/sports/activity/SportSettingActivity.java, line(s) 32 com/yc/pedometer/sports/db/DataRepo.java, line(s) 7 com/yc/pedometer/sports/fragment/HistoryGoogleMapFragment.java, line(s) 44 com/yc/pedometer/sports/fragment/HistoryMapFragment.java, line(s) 43 com/yc/pedometer/utils/CaloriesToObjectUtils.java, line(s) 3 net/jpountz/xxhash/XXHashFactory.java, line(s) 3
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/actions/ibluz/util/Utils.java, line(s) 43,92,107,161,27 com/github/mikephil/charting/charts/Chart.java, line(s) 740,755 com/github/mikephil/charting/utils/FileUtils.java, line(s) 23,118 com/realsil/sdk/core/utility/FileUtils.java, line(s) 77,93,95,433 com/ute/camera/Storage.java, line(s) 34,32,165 com/ute/camera/crop/SaveImage.java, line(s) 66 com/yc/pedometer/CreateQRCodeActivity.java, line(s) 141,145 com/yc/pedometer/DataCleanManager.java, line(s) 37 com/yc/pedometer/FirmwareActivity.java, line(s) 293,289 com/yc/pedometer/PersonageActivity.java, line(s) 425 com/yc/pedometer/SplashActivity.java, line(s) 107 com/yc/pedometer/cache/FileCacheUtils.java, line(s) 37 com/yc/pedometer/ecg/EcgDetailActivity.java, line(s) 404 com/yc/pedometer/feedback/Feedback_Content_New.java, line(s) 435 com/yc/pedometer/fragment/FragmentHomePage.java, line(s) 2390 com/yc/pedometer/fragment/FragmentMine.java, line(s) 212 com/yc/pedometer/log/upload/LogcatHelper.java, line(s) 26 com/yc/pedometer/onlinedial/CustomDialActivity.java, line(s) 268 com/yc/pedometer/onlinedial/CustomWatchFragment.java, line(s) 73 com/yc/pedometer/onlinedial/MyWatchFragment.java, line(s) 288 com/yc/pedometer/onlinedial/WatchTransferDialog.java, line(s) 252,255,372 com/yc/pedometer/onlinedial/acts/ImageWatchFaceActivity.java, line(s) 875,581 com/yc/pedometer/sports/device/Utils.java, line(s) 151 com/yc/pedometer/sports/fragment/HistoryGoogleMapFragment.java, line(s) 229 com/yc/pedometer/sports/fragment/HistoryMapFragment.java, line(s) 237 com/yc/pedometer/sports/util/FileUtil.java, line(s) 21 com/yc/pedometer/update/Updates.java, line(s) 586,600,608,572 com/yc/pedometer/utils/CustomShareUtils.java, line(s) 45,74 com/yc/pedometer/wechat/CreateFiles.java, line(s) 23 com/yc/pedometer/wechat/GetHeadPortrait.java, line(s) 44,41 com/yc/pedometer/wechat/RateUploadData.java, line(s) 164,216 com/yc/pedometer/wechat/SetUsersInformation.java, line(s) 103 com/yc/pedometer/wechat/SettingInfo.java, line(s) 89 com/yc/pedometer/wechat/UploadEcgData.java, line(s) 138,238 com/yc/pedometer/wechat/UploadTemperatureData.java, line(s) 161,223 com/yc/pedometer/wechat/UploadTrackData.java, line(s) 239,336 com/yc/server/yc_sdk/common/UpdateManager.java, line(s) 105,66 com/yc/server/yc_sdk/dao/PostInfoFromFile.java, line(s) 18 com/yc/server/yc_sdk/dao/SaveInfo.java, line(s) 23 com/yzq/zxinglibrary/decode/ImageUtil.java, line(s) 21
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/ute/camera/CameraBackupAgent.java, line(s) 8 com/ute/camera/ListPreference.java, line(s) 166 com/yc/jianyou_ecg/SignUtils.java, line(s) 13 com/yc/pedometer/Friends/FriendsHttpPostUtils.java, line(s) 319 com/yc/pedometer/FriendsActivity.java, line(s) 49 com/yc/pedometer/ScanResultsActivity.java, line(s) 195 com/yc/pedometer/TwitterPlatform.java, line(s) 56 com/yc/pedometer/alarm/AlarmUtil.java, line(s) 30,31 com/yc/pedometer/bpprotocol/BpProtocolUtils.java, line(s) 54,56,58,59,51,52,53,55,60,57,38,41 com/yc/pedometer/bpprotocol/el/net/ElBpHttpPostUtils.java, line(s) 52 com/yc/pedometer/column/GlobalVariable.java, line(s) 179,643,205,744,798,22,24,149,150,151,152,153,156,158,163,599,200,201,733,426,620,621,628,678,756,778,782,769 com/yc/pedometer/ecg/EcgUtil.java, line(s) 39 com/yc/pedometer/event/EventUtil.java, line(s) 19,20 com/yc/pedometer/feedback/Feedback_Content_New.java, line(s) 633,837 com/yc/pedometer/feedback/GetSTSKey.java, line(s) 88 com/yc/pedometer/fragment/FragmentSmartPlay.java, line(s) 113 com/yc/pedometer/log/upload/OssUploadFile.java, line(s) 49,146 com/yc/pedometer/onlinedial/PicUtils.java, line(s) 27,28,30 com/yc/pedometer/sdk/BluetoothLeService.java, line(s) 885,3848 com/yc/pedometer/sdk/WriteCommandToBLE.java, line(s) 110,1702 com/yc/pedometer/sports/util/OSUtil.java, line(s) 19 com/yc/pedometer/utils/HttpUtil.java, line(s) 103 com/yc/pedometer/utils/TimeZoneUtil.java, line(s) 22,23,13,14 com/yc/pedometer/utils/TmallGenieUtil.java, line(s) 97 com/yc/pedometer/utils/TrainUtil.java, line(s) 18,17 com/yc/pedometer/weather/WeatherUtil.java, line(s) 14 com/yc/pedometer/wechat/GetUserKey.java, line(s) 96,57 com/yc/pedometer/wechat/WXLoad.java, line(s) 32 com/yc/server/yc_sdk/common/Constants.java, line(s) 18 com/yzq/zxinglibrary/android/Intents.java, line(s) 65 h/c.java, line(s) 79 rx/internal/schedulers/NewThreadWorker.java, line(s) 26,35
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/theartofdev/edmodo/cropper/BitmapUtils.java, line(s) 169 com/theartofdev/edmodo/cropper/CropImageActivity.java, line(s) 205 net/jpountz/util/Native.java, line(s) 74
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/yc/pedometer/utils/Sha1.java, line(s) 11 h/c.java, line(s) 76 org/repackage/a/a/a/a/c.java, line(s) 58
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/yc/pedometer/sdk/UTESQLOperate.java, line(s) 6,7,75,200,466,490,492,532,558,584,593,653,1267 com/yc/pedometer/sdk/UTESQLUtil.java, line(s) 4,19,20,21,22,26,30,34,38,42,46,50,54,58,59,60,64,68,72,76,80,84,88,92,96,100,104,108,112,116,120,124,128 com/yc/pedometer/sdk/UTESQLiteHelper.java, line(s) 4,5,358,359,363,366,369,370,371,374,375,378,381,382,383,384,385,386,387,388
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/yc/pedometer/FriendsActivity.java, line(s) 140,138 com/yc/pedometer/ecg/EcgAnalysisActivity.java, line(s) 96,94 com/yc/pedometer/fragment/FragmentWeekly.java, line(s) 122,120
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/tencent/mm/a/b.java, line(s) 10 com/yc/pedometer/wechat/MD5Sig.java, line(s) 11 com/yc/server/yc_sdk/common/MD5Utility.java, line(s) 10
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/realsil/sdk/dfu/utils/AesJni.java, line(s) 10
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "com.google.android.geo.API_KEY" : "AIzaSyCNCm6H3AOILvhKV2vF5lJoa5sIXBgGKoY" 高德地图的=> "com.amap.api.v2.apikey" : "3d390abce24a8a6a2c8f4dec7fde3286" 凭证信息=> "YCAPPKEY" : "937c3d4a43528cf5a952385e7bd97cfc" 友盟统计的=> "UMENG_APPKEY" : "606427d2de41b946ab37d8ae" "facebook_app_id" : "1370780056617699" "es_hockey" : "Hockey" "de_hockey" : "Feldhockey" "cs_hockey" : "Hokej" "tr_hockey" : "Hokey" "sport_ice_hockey" : "Eishockey" "sport_ice_hockey" : "Hockey" "sport_ice_hockey" : "Hochei" "facebook_client_token" : "0d5d542aca3eed404431ca6d4c08d8c2" "bracelet_interface_hockey" : "Hockey" "in_hockey" : "Hoki" "sport_ice_hockey" : "Hokej" "sport_ice_hockey" : "Hokey" "it_hockey" : "Hockey" "pl_hockey" : "Hokej" "en_hockey" : "Hockey" "bracelet_interface_hockey" : "Hokej" "bracelet_interface_hockey" : "Hochei" "bracelet_interface_hockey" : "Eishockey" "pt_hockey" : "Hockey" "sk_hockey" : "Hokej" "fr_hockey" : "Hockey" "ro_hockey" : "Hochei" "bracelet_interface_hockey" : "Kriket" "kakao_app_key" : "483d818d7beeabab0f45a5be89f8f028" "sport_ice_hockey" : "Hoki" "library_roundedimageview_authorWebsite" : "https://github.com/vinc3m1" "nl_hockey" : "Hockey" "bracelet_interface_hockey" : "Hokey" a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc 103e325c29ea5368ed421b75f07bdd49 000002fd-3C17-D293-8E48-14FE2E4DA212 sha1/1S4TwavjSdrotJWU73w4Q2BkZr0= IadmKxj8cMzh3QXIE3HnMlEtcZ15krdzqOzX5MAhGzK2IGOxgV 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 sha1/VRmyeKyygdftp6vBg5nDu2kEJLU= e49a28e1-f69a-11e8-8eb2-f2801f1b9fd1 sha1/u8I+KQuzKHcdrT6iTb30I70GsD0= 3F759128444C4000442AC0003EBD70A43F420C4A3F3DB22D41B000003D5D2F1B43CA0000461770004775D800424C00003E010625422800003DD0E5603C8B43963F3DB22D3E6978D53EF9DB234079168740CB48BDBF7E875140E25F2ABE72AD3EBE9979713D0104B14045D3A4C03ACD2640C00B97BD7063DA407BA308C004930526412A2A7F406F35FBC012191CBDE0E69A410A977FC08262A6BE997971BFBD3C87BF37AA24BD56694340C05C4D00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000427800004278000016 e49a25e0-f69a-11e8-8eb2-f2801f1b9fd1 020002fd-3c17-d293-8e48-14fe2e4da212 cc2751449a350f668590264ed76692694a80308a sha1/I0PRSKJViZuUfUYaeX7ATP7RcLc= 606427d2de41b946ab37d8ae 5f78df94-798c-46f5-990a-b3eb6a065c88 c56fb7d591ba6704df047fd98f535372fea00211 8UURCyttNkYuy7U79fPErquWf6h6Dv3JSc6hgNXUwRcv 00006387-3c17-d293-8e48-14fe2e4da212 937c3d4a43528cf5a952385e7bd97cfc 3082025d308201c6a00302010202044bd76cce300d06092a864886f70d01010505003073310b3009060355040613025553310b3009060355040813024341311630140603550407130d53616e204672616e636973636f31163014060355040a130d547769747465722c20496e632e310f300d060355040b13064d6f62696c65311630140603550403130d4c656c616e6420526563686973301e170d3130303432373233303133345a170d3438303832353233303133345a3073310b3009060355040613025553310b3009060355040813024341311630140603550407130d53616e204672616e636973636f31163014060355040a130d547769747465722c20496e632e310f300d060355040b13064d6f62696c65311630140603550403130d4c656c616e642052656368697330819f300d06092a864886f70d010101050003818d003081890281810086233c2e51c62232d49cc932e470713d63a6a1106b38f9e442e01bc79ca4f95c72b2cb3f1369ef7dea6036bff7c4b2828cb3787e7657ad83986751ced5b131fcc6f413efb7334e32ed9787f9e9a249ae108fa66009ac7a7932c25d37e1e07d4f9f66aa494c270dbac87d261c9668d321c2fba4ef2800e46671a597ff2eac5d7f0203010001300d06092a864886f70d0101050500038181003e1f01cb6ea8be8d2cecef5cd2a64c97ba8728aa5f08f8275d00508d64d139b6a72c5716b40a040df0eeeda04de9361107e123ee8d3dc05e70c8a355f46dbadf1235443b0b214c57211afd4edd147451c443d49498d2a7ff27e45a99c39b9e47429a1dae843ba233bf8ca81296dbe1dc5c5434514d995b0279246809392a219b sha1/GiG0lStik84Ys2XsnA6TTLOB5tQ= 308203523082023aa00302010202044fd0006b300d06092a864886f70d0101050500306b310b3009060355040613025553310b3009060355040813024341311630140603550407130d53616e204672616e636973636f3110300e060355040a130754776974746572310f300d060355040b13064d6f62696c65311430120603550403130b4a6f6e617468616e204c65301e170d3132303630373031313431395a170d3339313032343031313431395a306b310b3009060355040613025553310b3009060355040813024341311630140603550407130d53616e204672616e636973636f3110300e060355040a130754776974746572310f300d060355040b13064d6f62696c65311430120603550403130b4a6f6e617468616e204c6530820122300d06092a864886f70d01010105000382010f003082010a028201010089e6cbdfed4288a9c0a215d33d4fa978a5bdd20be426ef4b497d358a9fd1c6efec9684f059f6955e60e5fda1b5910bb2d097e7421a78f9c81e95cd8ef3bf50add7f8d9f073c0478736a6c7fd38c5871559783a76420d37f3f874f2114ec02532e85587791d24037485b1b95ec8cbc75b52042867988b51c7c3589d5b5972fd20a2e8a7c9ced986873f5008a418b2921daa7cfb78afc174eecdb8a79dc0961bea9740d09c4656ac9b8c86263a788e35af1d4a3f86ce053a1aefb5369def91614a390219f896f378712376baa05934a341798950e229f4f735b86004952b259f23cc9fc3b8c1bc8171984884dc92940e91f2e9a78a84a78f0c2946b7e37bbf3b9b0203010001300d06092a864886f70d010105050003820101001cf15250365e66cc87bb5054de1661266cf87907841016b20dfa1f9f59842020cbc33f9b4d41717db0428d11696a0bade6a4950a48cc4fa8ae56c850647379a5c2d977436b644162c453dd36b7745ccb9ff0b5fc070125024de73dab6dcda5c69372e978a49865f569927199ed0f61d7cbee1839079a7da2e83f8c90f7421a8c81b3f17f1cc05d52aedac9acd6e092ffd9ad572960e779a5b91a78e1aeb2b3c7b24464bd223c745e40abd74fc586310809520d183443fcca3c6ade3be458afedbd3325df9c0e552636e35bb55b240eb8c0ba3973c4fb81213f22363be2d70e85014650c2f4fc679747a7ec31ea7b08da7dd9b9ba279a7fbbc1bd440fbe831bf4 457871e8-d516-4ca1-9116-57d0b17b9cb2 sha1/PANDaGiVHPNpKri0Jtq6j+ki5b0= BEB007A4150201101E1A35 00006587-3c17-d293-8e48-14fe2e4da212 6A24EEAB-4B65-4693-986B-3C26C352264F 1210e11e4c178e0b7f8ed502cb86f594 e19d340fb9a9b09babd2c9a2c33ae203 6c53db25-47a1-45fe-a022-7c92fb334fd4 3F74DBDE4443C000441F80003EB53F7D3F4666663F44DD2F41A800003D4CCCCD43C60000460D4000477CD600426400003E19999A422800003DD2F1AA3C75C28F3F3B22D13E9374BC3F0C0831406F0A3D40C7FFCCBF84EC3440E0BB56BEA3F1F1BE867BF03D576B334042D975C03FBA1440BF67BFBD5F0D6B408160ADBFF2D4D4CD412A1DC4406F35FBC0117943BDEA106B4107A898C08663FCBEA06E56BF9F5570BF1A724B3E38FD3940C0705B00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000427800004278000001 00006287-3c17-d293-8e48-14fe2e4da212 93301e3040b96dfaf77beca9c3ca7cd4 0000d0ff-3c17-d293-8e48-14fe2e4da212 sha1/7WYxNdMb1OymFMQp4xkGn5TBJlA= 31d929517a17de8df8528167397202b8 sha1/sYEIGhmkwJQf+uiVKMEkyZs0rMc= 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 00006487-3c17-d293-8e48-14fe2e4da212 8082caa8-41a6-4021-91c6-56f9b954cc34 sha1/wHqYaI2J+6sFZAwRfap9ZbjKzE4= 9b8f518b086098de3d77736f9458a3d2f6f95a37 sha1/IvGeLsbqzPxdI0b0wuj2xVTdXgc= sha1/aDMOYTWFIVkpg6PI0tLhQG56s8E= 19e0d8a6485655628224c5162b19498b 3F75BEDB443E8000441F80003EA560423F3EF9DB3F2E147B419800003D3851EC43CA00004607C400477F3200427400003E16872B422000003DCAC0833C75C28F3F43D70A3E8F5C293EFEF9DB405EE97940C58FA8BF90A73640DFD5D0BEA3F1F1BEC5758DBCA5801B403C71B0C046784E40C00B97BD497BAF40838C47BFF56AD4BA4126A237406C169AC0140238BDDC55A24107161FC08663FCBE89277FBFA2F08ABF3278C4BC45CC2E40C1976B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004278000042780000F7 2c92f3bc8c37fa96018c4321ee9d0002 e49a25f8-f69a-11e8-8eb2-f2801f1b9fd1 sha1/gzF+YoVCU9bXeDGQ7JGQVumRueM= 9d84b9a3-000c-49d8-9183-855b673fda31 32bdc32fa70c3b148cbd77fd1234dd70 3F747520443E8000441D80003EA24DD33F3A9FBE3F36C8B4419800003D3851EC43CA000046062C00477F3200427400003E1CAC08422400003DCED9173C6560423F43D70A3E9374BC3EFEF9DB4063C6A840C58FA8BF930DA240DFE4D1BEBDFC0FBEAC7A883D4BBE5D403C71B0C046784E40C00B97BD497BAF40838C47BFF04BF07B4126A237406DAB2AC012BA87BDE0E69A4104EF65C088992CBE89277FBF9F5570BF3278C4BC45CC2E40C1976B0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000042780000427800007B sha1/nKmNAK90Dd2BgNITRaWLjy6UONY= 3408f41e532ae116dbd4d956b16908d2 sha1/cTg28gIxU0crbrplRqkQFVggBQk= 724249f0-5ec3-4b5f-8804-42345af08651 df6b721c8b4d3b6eb44c861d4415007e5a35fc95
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a/a.java, line(s) 130,160,161,184,185,186,187,188,217,218,223,226,143 b/b.java, line(s) 252,253,304,305,198 c/d.java, line(s) 13,20 com/actions/aticonsota/OTAManager.java, line(s) 142,144,55,163,187,203,254,271,280,296,304,320,332,344,348,351,394,456,472,474,512,513,542,564,622,663,683,709,710,714,719,724,727,198,379,381,125,275,292,318,325,328,376,389,403,412,462,465,476,481,501,508,516,544,591,627,641,648,658,671,678,730 com/actions/ibluz/device/BluzDeviceA2dp.java, line(s) 318,335,148,255,278,41,46,54,59,70,75,83,88,177,182,196,214,217,167,171,194,247,251,259,261,357,166,193,210,282,283,285,286,287,291,294,303,310 com/actions/ibluz/device/BluzDeviceA2dpBase.java, line(s) 177,46,60,71,83,200,208,210,213,218,222,233,35,108,185 com/actions/ibluz/device/BluzDeviceA2dpCompat.java, line(s) 61,73,87,122,135,100,154,156 com/actions/ibluz/device/DataBuffer.java, line(s) 89,94,147,31,42,69,76 com/actions/ibluz/device/bluzdevice/BluzDeviceBase.java, line(s) 482,138,304,119,190,206,211,260,268,275,351,354,360,368,371,407,429,504,514,58,85,116,130,256,391,396 com/actions/ibluz/device/bluzdevice/BluzDeviceBle.java, line(s) 110,263,308,374,382,627,630,633,636,182,320,424,452,453,516,589,609,120,128,136,138,168,177,197,207,209,226,239,290,343,350,357,448,456,471,472,473,474,483,488,491,497,525,529,546,562,567,617,623,643,645,657,669,270,318,389,420,429,142,216,265,649 com/actions/ibluz/device/bluzdevice/BluzDeviceEdr.java, line(s) 86,112,138,169,222,248,274,305,481,93,101,148,158,164,197,205,229,237,284,294,300,333,341,366,377,415,419,435,436,437,438,443,454,473,487,423,427,467,90,98,133,143,153,171,226,234,269,279,289,307 com/actions/ibluz/device/bluzdevice/BluzDeviceSpp.java, line(s) 154,271,85,167,171,180,69,80,92,136,147,176,196,228,274,291,296,306,118 com/actions/ibluz/device/scan/ble/JellyBeanBleScanner.java, line(s) 36 com/actions/ibluz/device/scan/ble/LollipopBleScanner.java, line(s) 66,70,88,90,22,31,39,75 com/actions/ibluz/factory/BluzDeviceFactory.java, line(s) 59,69,73,77,83 com/actions/ibluz/util/BitmapUtils.java, line(s) 21 com/actions/ibluz/util/Utils.java, line(s) 233,62,67,75,83,94,117,125,133,151,180,185,193,201 com/aigestudio/wheelpicker/WheelPicker.java, line(s) 222,227,240,568 com/alibaba/aliagentsdk/domain/FGSInfoConfig.java, line(s) 29,46,48,54,59,68,72,66 com/floatview/permission/rom/HuaweiUtils.java, line(s) 42,48,51,60 com/floatview/permission/rom/MeizuUtils.java, line(s) 34,37 com/floatview/permission/rom/MiuiUtils.java, line(s) 23,24,41,44,67,82,94,106,126 com/floatview/permission/rom/QikuUtils.java, line(s) 26,29,46 com/floatview/permission/rom/RomUtils.java, line(s) 28 com/github/mikephil/charting/charts/BarChart.java, line(s) 69 com/github/mikephil/charting/charts/BarLineChartBase.java, line(s) 549,604,624,257,268,283,289,455,459 com/github/mikephil/charting/charts/Chart.java, line(s) 380,882,195,213,356,861,865,869 com/github/mikephil/charting/charts/CombinedChart.java, line(s) 80 com/github/mikephil/charting/charts/HorizontalBarChart.java, line(s) 150,91,95 com/github/mikephil/charting/components/AxisBase.java, line(s) 156 com/github/mikephil/charting/data/ChartData.java, line(s) 263 com/github/mikephil/charting/data/CombinedData.java, line(s) 205,212,219 com/github/mikephil/charting/data/LineDataSet.java, line(s) 100,113 com/github/mikephil/charting/data/PieEntry.java, line(s) 61,67 com/github/mikephil/charting/listener/BarLineChartTouchListener.java, line(s) 318 com/github/mikephil/charting/renderer/ScatterChartRenderer.java, line(s) 52 com/github/mikephil/charting/utils/FileUtils.java, line(s) 45,69,95,109,123,134,150,169,182 com/github/mikephil/charting/utils/Utils.java, line(s) 52,71,80 com/hp/hpl/sparta/ParseCharStream.java, line(s) 134,392,496,587,704,840 com/hp/hpl/sparta/ParseException.java, line(s) 33 com/makeramen/roundedimageview/RoundedDrawable.java, line(s) 117 com/makeramen/roundedimageview/RoundedImageView.java, line(s) 265 com/nineoldandroids/animation/PropertyValuesHolder.java, line(s) 148,176,222,240,242,259,261,297,299,425,427,515,517 com/realsil/sdk/core/f/a.java, line(s) 14,23,17,11,20,26 com/tbruyelle/rxpermissions/RxPermissionsFragment.java, line(s) 79,44 com/theartofdev/edmodo/cropper/BitmapUtils.java, line(s) 178,216 com/theartofdev/edmodo/cropper/CropImageActivity.java, line(s) 89,240 com/theartofdev/edmodo/cropper/CropOverlayView.java, line(s) 692 com/yc/pedometer/MyApplication.java, line(s) 63 com/yc/pedometer/TimeZoneRegionActivity.java, line(s) 107,112,116,164,179 com/yc/pedometer/ble/ClsUtils.java, line(s) 211,238,241 com/yc/pedometer/bpprotocol/el/view/LoopQueue.java, line(s) 218 com/yc/pedometer/fragment/FragmentSmartPlay.java, line(s) 263,991 com/yc/pedometer/googlefit/LogGoogleFit.java, line(s) 47,54,89,96,33,40,61,68,75,82 com/yc/pedometer/log/LogBgRun.java, line(s) 45,52,87,94,31,38,59,66,73,80 com/yc/pedometer/log/LogBody.java, line(s) 45,52,87,94,31,38,59,66,73,80 com/yc/pedometer/log/LogBp.java, line(s) 45,52,87,94,31,38,59,66,73,80 com/yc/pedometer/log/LogCamera.java, line(s) 52,59,101,108,115,31,38,45,66,73,80,87,94 com/yc/pedometer/log/LogConnect.java, line(s) 45,52,87,94,31,38,59,66,73,80 com/yc/pedometer/log/LogDial.java, line(s) 45,52,87,94,31,38,59,66,73,80 com/yc/pedometer/log/LogEcg.java, line(s) 45,52,87,94,31,38,59,66,73,80 com/yc/pedometer/log/LogHome.java, line(s) 50,57,92,99,36,43,64,71,78,85 com/yc/pedometer/log/LogLanguage.java, line(s) 45,52,87,94,31,38,59,66,73,80 com/yc/pedometer/log/LogLogin.java, line(s) 45,52,87,94,31,38,59,66,73,80 com/yc/pedometer/log/LogMood.java, line(s) 45,52,87,94,31,38,59,66,73,80 com/yc/pedometer/log/LogMusic.java, line(s) 45,52,87,94,31,38,59,66,73,80 com/yc/pedometer/log/LogPush.java, line(s) 45,52,87,94,31,38,59,66,73,80 com/yc/pedometer/log/LogQuickSwitch.java, line(s) 45,52,87,94,31,38,59,66,73,80 com/yc/pedometer/log/LogShareUtils.java, line(s) 156,162 com/yc/pedometer/log/LogSleep.java, line(s) 45,52,87,94,31,38,59,66,73,80 com/yc/pedometer/log/LogSports.java, line(s) 45,52,87,94,31,38,59,66,73,80 com/yc/pedometer/log/LogSql.java, line(s) 45,52,87,94,31,38,59,66,73,80 com/yc/pedometer/log/LogSync.java, line(s) 45,52,87,94,31,38,59,66,73,80 com/yc/pedometer/log/LogTrain.java, line(s) 45,52,87,94,31,38,59,66,73,80 com/yc/pedometer/log/LogUpDownload.java, line(s) 45,52,87,94,31,38,59,66,73,80 com/yc/pedometer/log/LogUpdate.java, line(s) 45,52,87,94,101,31,38,59,66,73,80 com/yc/pedometer/log/LogUtils.java, line(s) 46,53,88,96,106,112,141,32,39,60,67,74,81 com/yc/pedometer/log/LogWeather.java, line(s) 45,52,87,94,31,38,59,66,73,80 com/yc/pedometer/log/LogWeb.java, line(s) 45,52,87,94,31,38,59,66,73,80 com/yc/pedometer/onlinedial/CustomWatchFragment.java, line(s) 197 com/yc/pedometer/onlinedial/WatchCenterFragment.java, line(s) 303 com/yc/pedometer/region/CharacterParserUtil.java, line(s) 43 com/yc/pedometer/sports/activity/GoogleSportMapActivity.java, line(s) 1115 com/yc/pedometer/sports/activity/SportMapActivity.java, line(s) 1058 com/yc/pedometer/sports/activity/SportNoMapActivity.java, line(s) 737 com/yc/pedometer/sports/adapter/ChannelAdapter.java, line(s) 244 com/yc/pedometer/sports/fragment/PageFragment.java, line(s) 546,552 com/yc/pedometer/sports/widget/DensityUtil.java, line(s) 118,124 com/yc/pedometer/sports/widget/HaiBaFloatDetailChartBak.java, line(s) 195,244 com/yc/pedometer/sports/widget/MyScrollView.java, line(s) 121,132 com/yc/pedometer/sports/widget/OverScrollView.java, line(s) 981,991 com/yc/pedometer/sports/widget/PolyLineFloatDetailChartBak.java, line(s) 203,279 com/yc/server/yc_sdk/common/UpdateManager.java, line(s) 119 com/yzq/zxinglibrary/android/BeepManager.java, line(s) 70 com/yzq/zxinglibrary/android/CaptureActivity.java, line(s) 111,281,263,266 com/yzq/zxinglibrary/android/InactivityTimer.java, line(s) 88,38,44 com/yzq/zxinglibrary/camera/AutoFocusManager.java, line(s) 47,60,84 com/yzq/zxinglibrary/camera/CameraConfigurationManager.java, line(s) 33,46,68,117,130,135,88,105,147,158 com/yzq/zxinglibrary/camera/CameraManager.java, line(s) 162,204,76,75,84 com/yzq/zxinglibrary/camera/OpenCameraInterface.java, line(s) 31,38,15,35 com/yzq/zxinglibrary/encode/CodeCreator.java, line(s) 76 d/a.java, line(s) 68,118,176,212,257,81,85,122,139,147,186,246,252,255,94,100,238 d/b.java, line(s) 23,45 h/c.java, line(s) 56,103,80,97,111 net/jpountz/lz4/LZ4Factory.java, line(s) 154,155 net/jpountz/xxhash/XXHashFactory.java, line(s) 135,136 no/nordicsemi/android/dfu/BaseDfuImpl.java, line(s) 501,505,516,362,394,510 no/nordicsemi/android/dfu/DfuBaseService.java, line(s) 673,677,688,682 no/nordicsemi/android/dfu/internal/ArchiveInputStream.java, line(s) 65,97,102 org/greenrobot/eventbus/BackgroundPoster.java, line(s) 40 org/greenrobot/eventbus/EventBus.java, line(s) 290,429,431,440,172 org/greenrobot/eventbus/util/AsyncExecutor.java, line(s) 98 org/greenrobot/eventbus/util/ErrorDialogConfig.java, line(s) 34 org/greenrobot/eventbus/util/ErrorDialogManager.java, line(s) 185 org/greenrobot/eventbus/util/ExceptionToResourceMapping.java, line(s) 26 rx/internal/util/IndexedRingBuffer.java, line(s) 29 rx/internal/util/RxRingBuffer.java, line(s) 25 rx/plugins/RxJavaHooks.java, line(s) 207
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/yc/pedometer/AssistDevelopersActivity.java, line(s) 4,32 com/yc/pedometer/TmallGenieActivity.java, line(s) 4,255
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: h/c.java, line(s) 64,63,66,61,68,62,62
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.kangyuanai.com) 通信。
{'ip': '43.139.88.175', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '广州', 'latitude': '23.127361', 'longitude': '113.264572'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (health.vita-course.com) 通信。
{'ip': '123.59.144.156', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (tt-smartband-weixin.ute-tech.com.cn) 通信。
{'ip': '121.40.142.20', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (app.help-document.com) 通信。
{'ip': '58.220.52.239', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.ute-tech.com.cn) 通信。
{'ip': '121.41.174.175', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api.aicaring.com) 通信。
{'ip': '39.107.99.42', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (mobile.ute-tech.com.cn) 通信。
{'ip': '61.160.192.98', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '常州', 'latitude': '31.783331', 'longitude': '119.966667'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (question.uteasy.com) 通信。
{'ip': '122.228.214.101', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '温州', 'latitude': '27.999420', 'longitude': '120.666817'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (jyalgorithmtest.jianyouhealth.com) 通信。
{'ip': '47.106.98.209', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '深圳', 'latitude': '22.545673', 'longitude': '114.068108'}
综合安全基线评分总结
DENVER FIT 2 v1.0.13
Android APK
40
综合安全评分
中风险