安全分析报告:
安全分数
安全分数 45/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
6
用户/设备跟踪器
调研结果
高危
5
中危
18
信息
4
安全
2
关注
2
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/overlook/android/fing/engine/config/b.java, line(s) 126,162 p000/p001/bi.java, line(s) 36 p000/p001/bl.java, line(s) 36 p000/p001/wi.java, line(s) 36 p000/p001/wl.java, line(s) 36 p001/p002/bi.java, line(s) 37 p001/p002/bl.java, line(s) 37 p001/p002/wi.java, line(s) 37 p001/p002/wl.java, line(s) 37
高危 该文件是World Readable。任何应用程序都可以读取文件
该文件是World Readable。任何应用程序都可以读取文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: p000/p001/bi.java, line(s) 37 p000/p001/bl.java, line(s) 37 p000/p001/iab.java, line(s) 34 p000/p001/iaw.java, line(s) 96 p000/p001/wi.java, line(s) 37 p000/p001/wl.java, line(s) 37 p001/p002/bi.java, line(s) 38 p001/p002/bl.java, line(s) 38 p001/p002/iab.java, line(s) 35 p001/p002/iaw.java, line(s) 97 p001/p002/wi.java, line(s) 38 p001/p002/wl.java, line(s) 38
高危 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
kf/q.java, line(s) 644,660
o9/e.java, line(s) 1507
p000/p001/iab.java, line(s) 89
p000/p001/iaw.java, line(s) 35
p001/p002/iab.java, line(s) 90
p001/p002/iaw.java, line(s) 36
高危 应用程序包含隐私跟踪程序
此应用程序有多个6隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 Activity (com.overlook.android.fing.ui.main.MainActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.facebook.CustomTabActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (com.google.android.play.core.assetpacks.AssetPackExtractionService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: a4/c0.java, line(s) 7 ak/q.java, line(s) 5 e1/e0.java, line(s) 56 hj/e0.java, line(s) 10 i4/k1.java, line(s) 4 j$/util/concurrent/ThreadLocalRandom.java, line(s) 12 org/snmp4j/f.java, line(s) 14 p000/p001/up1.java, line(s) 29 p001/p002/up1.java, line(s) 30 p002i/p003i/pk.java, line(s) 34 p003i/p004i/pk.java, line(s) 35 pi/a.java, line(s) 3 pi/b.java, line(s) 3 pi/c.java, line(s) 3 qi/a.java, line(s) 4 tj/i.java, line(s) 17 tj/m.java, line(s) 8 ve/f.java, line(s) 21 we/f.java, line(s) 19 zj/g.java, line(s) 11
中危 IP地址泄露
IP地址泄露 Files: ak/j.java, line(s) 8 ak/n.java, line(s) 10 com/overlook/android/fing/engine/util/e.java, line(s) 116 com/overlook/android/fing/ui/bandwidthanalysis/BandwidthAnalysisTestActivity.java, line(s) 266 com/overlook/android/fing/ui/wifi/WiFiPerformanceActivity.java, line(s) 143 com/overlook/android/fing/ui/wifi/g.java, line(s) 101 df/f.java, line(s) 15 mf/b.java, line(s) 17 org/snmp4j/i.java, line(s) 26,36 org/snmp4j/smi/IpAddress.java, line(s) 188 qf/c.java, line(s) 10
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: a2/l.java, line(s) 32 a2/p0.java, line(s) 72 com/overlook/android/fing/speedtest/NdtConfiguration.java, line(s) 7,8,18,9,11,12,13,14,15,16,10,19 i6/n.java, line(s) 59 k0/j0.java, line(s) 25 kf/y.java, line(s) 444
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: ak/q.java, line(s) 17 bc/i.java, line(s) 125 o9/e.java, line(s) 287 p7/l.java, line(s) 166
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: j7/m.java, line(s) 97 r7/l.java, line(s) 33
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: bin/mt/signature/KillerApplication.java, line(s) 76 cf/r.java, line(s) 389,390,393 com/overlook/android/fing/ui/network/k.java, line(s) 241 com/overlook/android/fing/ui/network/people/UserEditActivity.java, line(s) 127,186
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: v8/i.java, line(s) 4,23 v8/k.java, line(s) 4,34 v8/l.java, line(s) 4,34 v8/o.java, line(s) 4,23 v8/r.java, line(s) 5,6,7,121,290,320,406 v8/v.java, line(s) 4,5,74
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/overlook/android/fing/ui/misc/TypeformSurveyActivity.java, line(s) 82,80
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/theartofdev/edmodo/cropper/CropImageActivity.java, line(s) 184 com/theartofdev/edmodo/cropper/CropImageView.java, line(s) 595
中危 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/918308492864/namespaces/firebase:fetch?key=AIzaSyCv1uISvnn4UM7TEk8jQ2FSHk-xILJICZI ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"account_survey": "[{\"title\":\"Hello, %s. 👋\",\"question\":\"Let's adjust your experience according to your comfort with technology.\"},{\"title\":\"That's great! 👍\",\"question\":\"What IT role better reflects your advanced expertise?\"},{\"title\":\"Just one last step for an expert %s. 😎\",\"question\":\"Enter your company web domain, to spotlight your genuine skill.\",\"description\":\"This information is kept private won't be revealed by default.\"}]",
"adconsent_popup_enabled": "0",
"agoop_enabled": "0",
"agoop_sdk_enabled": "0",
"community_enabled": "1",
"content_feedback_url": "https://az5krgaymnz.typeform.com/to/TKHiVGq3",
"days_rate_prompt_after_first_usage": "1",
"days_rate_reminder": "21",
"days_rate_reminder_after_no_thanks": "180",
"days_rate_reminder_after_rate": "365",
"desktop_onboarding_hours_postpone": "12",
"desktop_onboarding_hours_timeout": "120",
"desktop_promo_UI": "{\"use\":false,\"title\":\"Tired of refreshing? Our free Fing Desktop does it for you\",\"body\":\"Fing now runs on Windows and macOS computer, so you can enjoy the sharpest network discovery, advanced connectivity health checks, speed tests and Internet outage notifications.\",\"action\":\"Download Fing Desktop\",\"banner_title\":\"Tired of refreshing? Try Fing Desktop!\",\"banner_body\":\"Automated scans, full network info with Fing Desktop, in sync with your Fing App.\"}",
"desktop_promo_hours_reminder": "120",
"desktop_promo_max_prompts": "3",
"desktop_promo_message": "Start monitoring this network 24/7",
"desktop_promo_min_discovery": "5",
"destkop_promo_home_screen_enabled": "1",
"domotz_pro_min_scans_in_7_days": "3",
"domotz_pro_promo_days_reminder": "3",
"domotz_pro_promo_enabled": "0",
"experiment_name": "",
"fingbox_price_visible": "0",
"fingbox_promo_enabled": "0",
"fingbox_shop_campaign": "sales",
"fingbox_shop_header": "",
"fingbox_shop_header_country_availability": "US,AU,UK,NZ,CA,AT,AU,BE,BG,CZ,CY,DK,DE,EE,EL,ES,FR,HR,IE,IT,LV,LT,LU,HU,MT,NL,PL,PT,RO,SI,SK,FI,SE",
"fingbox_shop_single_page": "1",
"help_bandwidth_analysis": "https://help.fing.com/hc/en-us/articles/4418457731474",
"help_digital_fence": "https://help.fing.com/hc/en-us/articles/4418450286098",
"help_krack_attack_detection": "https://help.fing.com/hc/en-us/articles/4418942668178",
"help_new_ticket": "https://help.fing.com/hc/en-us/requests/new",
"help_release_notes": "https://help.fing.com/hc/en-us/articles/5493417227410",
"help_vulnerability_test": "https://help.fing.com/hc/en-us/articles/4418456771602",
"help_wifi_speed": "https://help.fing.com/hc/en-us/articles/4418457956114",
"hours_account_banner_reminder": "48",
"hours_between_account_and_fingbox_banners": "720",
"hours_between_desktop_and_account_banners": "1",
"hours_fingbox_banner_reminder": "720",
"hours_product_offer_popup_reminder": "24",
"inapp_purchase_enabled": "1",
"number_of_scans_for_location_permissions_warning": "3",
"promo_premium_account_body": "",
"promo_premium_account_title": "",
"promo_premium_home_teaser": "",
"purchase_page_available_products": "all",
"purchase_page_default_product": "auto",
"scan_credit_reset_delay": "30",
"scan_credit_reset_policy": "WHEN_DAY_CHANGES",
"scan_limit_direct_purchase": "true",
"scan_limit_purchase_plan": "starter-1mo",
"scan_new_credits_at_reset": "3",
"speedtest_conn_timeout": "60000",
"speedtest_duration": "10000",
"speedtest_max_allowed_degrade_factor": "1.02",
"speedtest_multistream_enabled": "0",
"speedtest_multistream_port": "3007",
"speedtest_polling_period": "500",
"speedtest_setup_download_timeout": "15000",
"speedtest_setup_timeout": "15000",
"speedtest_setup_upload_timeout": "30000",
"speedtest_singlestream_port": "3001",
"unit_onboarding_new": "true",
"unit_onboarding_title": "",
"unit_onboarding_video": "false",
"usages_before_rate_prompt": "2"
},
"state": "UPDATE",
"templateVersion": "225"
}
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "com.google.android.geo.API_KEY" : "AIzaSyCO4vMCGFZWy4J2uTzSCGQMuj23GP2Q334" AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "ca-app-pub-6073632348778187~2696759102" "generic_password" : "Wachtwoord" "fboxtroubleshoot_bearer" : "Portador" "generic_username" : "Gebruikersnaam" "google_crash_reporting_api_key" : "AIzaSyCv1uISvnn4UM7TEk8jQ2FSHk-xILJICZI" "google_api_key" : "AIzaSyCv1uISvnn4UM7TEk8jQ2FSHk-xILJICZI" "google_app_id" : "1:918308492864:android:cc9c50e609abafd2" "servicescan_samba_password" : "Password" "servicescan_samba_password" : "Parola" "fingios_authentication_login" : "Aanmelden" "icon_key_lock" : "Cerradura" "generic_password" : "Parola" "servicescan_username_title" : "Benutzername" "fboxtroubleshoot_bearer" : "Bearer" "servicescan_samba_password" : "Wachtwoord" "servicescan_samba_username" : "Gebruikersnaam" "generic_password" : "Passwort" "fingios_authentication_login" : "Masuk" "fingios_authentication_login" : "Accedi" "fboxtroubleshoot_bearer" : "Dragernetwerk" "com.google.firebase.crashlytics.mapping_file_id" : "2a834ee42c3d4943b3d991571f831f79" "fboxtroubleshoot_bearer" : "Pembawa" "fboxtroubleshoot_bearer" : "Porteur" "servicescan_samba_username" : "Username" "fingios_authentication_login" : "Entrar" "fingios_authentication_login" : "Einloggen" "servicescan_samba_username" : "Benutzername" "icon_key_lock" : "Serratura" "generic_username" : "Username" "generic_netbiosuser" : "NetBIOS-gebruiker" "reviews_fing_user" : "Fing-Benutzer" "fboxsettings_localapi_apikey_title" : "API-sleutel" "app_maps_android_api_key" : "AIzaSyDa1onZ_a3SiW8aYOt3JKzHc3hhTNUotyw" "servicescan_username_title" : "Gebruikersnaam" "servicescan_samba_password" : "Passwort" "generic_username" : "Benutzername" "generic_password" : "Senha" "fboxtroubleshoot_bearer" : "Portante" "app_facebook_app_id" : "803256076474721" "reviews_fing_user" : "Fing-gebruiker" "firebase_database_url" : "https://fing-firebase.firebaseio.com" "servicescan_username_title" : "Username" "servicescan_samba_password" : "Senha" "generic_password" : "Password" 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 df6b721c8b4d3b6eb44c861d4415007e5a35fc95 n7PWQhGk+k8PWZrBV2W6ZvdmcqIeXK8hVUezbrXJ9HM4brd2EWkySQe98PXsNpd6uV87u2eH8Wf2z 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 470fa2b4ae81cd56ecbcda9735803434cec591fa nOU2x5rkgJ3Wc0L39Fh8JtB0pOxFn2NI0Jw2nl4ABhE3PcoAXgvh3hneXyqdLhqkOuU38PxwFbdop bKxCJRf2+J6gvv7C0fr4tYEBkjGR5dmbwzKykxOB8Fo= BHoKAJ0BAR2DLOvQkDvRcNLeeqgqHLCqKMR1JfyXapo= nMTM0MTQ4WjBuMQswCQYDVQQGEwJJVDEOMAwGA1UECBMFSXRhbHkxDTALBgNVBAcTBFJvbWUxETAP a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc cc2751449a350f668590264ed76692694a80308a nbG9vayBSJkQxFjAUBgNVBAMTDU92ZXJsb29rIFRlYW0wHhcNMTAxMjI0MTM0MTQ4WhcNMzUxMjE4 nIFRlYW0wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKlxwN5Deew2wRtYXwCq40FUNRcFzzbw nCBMFSXRhbHkxDTALBgNVBAcTBFJvbWUxETAPBgNVBAoTCE92ZXJsb29rMRUwEwYDVQQLDAxPdmVy c56fb7d591ba6704df047fd98f535372fea00211 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 nKoZIhvcNAQEFBQADgYEAOLs0Yw2WmvpJIggyPtZ8QOCed3bzWcMA8wFEEYDVWoc7v1HQzXkWoxTq nBgNVBAoTCE92ZXJsb29rMRUwEwYDVQQLDAxPdmVybG9vayBSJkQxFjAUBgNVBAMTDU92ZXJsb29r MIICUzCCAbygAwIBAgIETRSjHDANBgkqhkiG9w0BAQUFADBuMQswCQYDVQQGEwJJVDEOMAwGA1UE nWSkyOjTHHAuN2MqgqxasyOvc5UUtdWv5Z3QaOYFXuVYJDJQwMobrRrSXjCzWeXDZAgMBAAEwDQYJ C+CgTFGA66yt4jXPEIIrxijxRU684sjgn/WncvVJPbMrHBQ+f0eE2YJbl2lFh+z1GoVPWhNcQbF212Tdup4AeRX70kGPQJyuxeFb6WtJzqs= nknU0/v8DD3gTpDXBg1ZDkKRjgl53DySfAsmaCcI= 9b8f518b086098de3d77736f9458a3d2f6f95a37 7b0d3f48-a6df-48a9-80f7-0f5ca6868503 dR5Vx2mOx4GqCE6I6Mx84jGeMEe5c38m7jWIajevG8I=
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a1/p.java, line(s) 367,110,119,126,135 a4/d.java, line(s) 197 a7/g.java, line(s) 17,18 a7/h.java, line(s) 37,38 a8/a0.java, line(s) 69,80 a9/h.java, line(s) 22,21 a9/l.java, line(s) 71 ab/e.java, line(s) 96,124 ae/c.java, line(s) 113,213,217,222,227,54,76,110,117,119,164,176,190,201,89 af/c.java, line(s) 315,326,335,348 ag/c.java, line(s) 43,51,98,32,63 b2/b0.java, line(s) 288,319 b4/g0.java, line(s) 93 bb/a.java, line(s) 33 bh/c.java, line(s) 24 bh/i.java, line(s) 77 bin/mt/signature/KillerApplication.java, line(s) 115,125,160 c3/j.java, line(s) 195 cd/c.java, line(s) 37,49 cf/b.java, line(s) 103,25,78 cf/c.java, line(s) 70,72,81 cf/d.java, line(s) 49,105,174,183,193,207,217,226,235,246,256,266,277,288,302,317,332,344,356,372,382,395,411,471,479,485,499,509,520,537,555,570,583,596,606,616,626,636,651,660,675,689,159,465,401,162,534 cf/j.java, line(s) 27,61 cf/r.java, line(s) 139,149,166,331,777,887,1128,1156,1787,183,829,1133,1755,1795,774,845,871,904,226,417,437,503,562,626,631,640,678,681,701,710,786,790,803,813,824,833,1049,1184,1203,1207,1252,1278,1431,1441,1444,1449,1452,1457,1460,1465,1468,1475,1478,1484,1487,1493,1496,1502,1505,1513,1516,1519,1526,1529,1532,1539,1542,1545,1552,1555,1558,1567,1570,1576,1581,1587,1590,1596,1792,142,146,178,310,458,470,1150 cg/a.java, line(s) 30,42 cg/c.java, line(s) 14,49,24,34,37,51,60,21 com/contrarywind/view/WheelView.java, line(s) 327 com/overlook/android/fing/engine/FingService.java, line(s) 90,99,110,303,107 com/overlook/android/fing/engine/a.java, line(s) 47,54,63,65,69 com/overlook/android/fing/engine/services/agent/fingbox/digitalfence/c.java, line(s) 61,52,206 com/overlook/android/fing/engine/services/camera/b.java, line(s) 119,131 com/overlook/android/fing/engine/services/wifi/h.java, line(s) 181,196 com/overlook/android/fing/protobuf/la.java, line(s) 108 com/overlook/android/fing/speedtest/NdtClient.java, line(s) 69,23,19,21,77 com/overlook/android/fing/ui/account/AccountSigninActivity.java, line(s) 142,465,471 com/overlook/android/fing/ui/account/a.java, line(s) 32 com/overlook/android/fing/ui/account/b.java, line(s) 18,28 com/overlook/android/fing/ui/base/ServiceActivity.java, line(s) 248,252,255,662,853,79,474,504,527,850 com/overlook/android/fing/ui/base/e.java, line(s) 157,172,264,276 com/overlook/android/fing/ui/fingbox/FingboxSetupActivity.java, line(s) 43,200,894,210 com/overlook/android/fing/ui/fingbox/b.java, line(s) 50 com/overlook/android/fing/ui/fingbox/d.java, line(s) 15,24 com/overlook/android/fing/ui/internet/e.java, line(s) 138 com/overlook/android/fing/ui/internet/n.java, line(s) 95,102,138,83,91,113 com/overlook/android/fing/ui/internet/r.java, line(s) 266,281,111,114 com/overlook/android/fing/ui/internet/w.java, line(s) 42 com/overlook/android/fing/ui/internet/x.java, line(s) 375,226,81,84,112,175,371,367 com/overlook/android/fing/ui/internet/y.java, line(s) 36 com/overlook/android/fing/ui/main/MainActivity.java, line(s) 58,227 com/overlook/android/fing/ui/main/a0.java, line(s) 31,76 com/overlook/android/fing/ui/main/d.java, line(s) 41,56 com/overlook/android/fing/ui/main/y.java, line(s) 27 com/overlook/android/fing/ui/marketing/onboarding/base/OnboardingActivity.java, line(s) 47 com/overlook/android/fing/ui/misc/a.java, line(s) 22 com/overlook/android/fing/ui/misc/b.java, line(s) 53,64 com/overlook/android/fing/ui/misc/f.java, line(s) 102,160,114,146,132 com/overlook/android/fing/ui/mobiletools/speedtest/c.java, line(s) 323,164,555,137,138,309,115,399,599,606,641,658 com/overlook/android/fing/ui/network/DiscoveryActivity.java, line(s) 477 com/overlook/android/fing/ui/network/NetworkDetailsEditActivity.java, line(s) 83,138 com/overlook/android/fing/ui/network/d.java, line(s) 117 com/overlook/android/fing/ui/network/devices/DeviceRecognitionActivity.java, line(s) 943 com/overlook/android/fing/ui/network/devices/d.java, line(s) 39,47 com/overlook/android/fing/ui/network/i.java, line(s) 67,59 com/overlook/android/fing/ui/network/k.java, line(s) 320,554 com/overlook/android/fing/ui/network/people/UserDetailActivity.java, line(s) 182,159 com/overlook/android/fing/ui/network/people/k.java, line(s) 32 com/overlook/android/fing/ui/network/people/n.java, line(s) 105,109 com/overlook/android/fing/ui/notifications/FirebaseNotificationService.java, line(s) 87,125,55,104,77,93,110,44,46,48,64,69,75 com/overlook/android/fing/ui/service/FingAppService.java, line(s) 58,54 com/overlook/android/fing/ui/speedtest/SpeedtestActivity.java, line(s) 360 com/overlook/android/fing/ui/wifi/WiFiPerformanceTestActivity.java, line(s) 145 com/overlook/android/fing/vl/components/Editor.java, line(s) 232,235 com/overlook/android/fing/vl/components/FeedbackBar.java, line(s) 101 com/overlook/android/fing/vl/components/Header.java, line(s) 213,216 com/overlook/android/fing/vl/components/RichHeader.java, line(s) 153,156 com/overlook/android/fing/vl/components/SectionFooter.java, line(s) 119 com/overlook/android/fing/vl/components/SectionHeader.java, line(s) 136 com/overlook/android/fing/vl/components/SummaryDashboard.java, line(s) 54 com/overlook/android/fing/vl/components/SummaryEvent.java, line(s) 226,229 com/overlook/android/fing/vl/components/w.java, line(s) 273 com/theartofdev/edmodo/cropper/CropImageActivity.java, line(s) 43,160 com/theartofdev/edmodo/cropper/CropImageView.java, line(s) 604 com/theartofdev/edmodo/cropper/CropOverlayView.java, line(s) 175 com/theartofdev/edmodo/cropper/b.java, line(s) 125 d9/a.java, line(s) 68 d9/c.java, line(s) 32 db/h.java, line(s) 170 de/a.java, line(s) 20,26 de/c.java, line(s) 81 de/i.java, line(s) 197,276,70,120,134,157,250,280,179,183,168,201 df/k.java, line(s) 51,63,69,82,106,188,191 dg/b.java, line(s) 46,32,101,94,38 dg/c.java, line(s) 35,20,42,45,28,32 dg/e.java, line(s) 33,24,45,30 dg/f.java, line(s) 46,64,75,49,37 dg/i.java, line(s) 215,198 e1/e0.java, line(s) 219,227,235,249,260,269,456,437 e7/c.java, line(s) 36,37 e9/b.java, line(s) 18,17 e9/d.java, line(s) 17,14,14 e9/g.java, line(s) 105,87,126 ef/b.java, line(s) 306,317,326,98,103 f/g.java, line(s) 158,165 f/j.java, line(s) 162,368 fa/d.java, line(s) 29,45,43 fd/a0.java, line(s) 35 fd/b1.java, line(s) 24,42,30,40 fd/c0.java, line(s) 32 fd/h0.java, line(s) 55 fd/o.java, line(s) 18,24 fd/p0.java, line(s) 34,36 fd/t0.java, line(s) 50 fd/u0.java, line(s) 37,29 fd/w0.java, line(s) 56,70 fd/x0.java, line(s) 22,29 fd/y0.java, line(s) 77,91,94,83 fd/z0.java, line(s) 38,52,57,84,95,100,107,111,119,133,87,124 ff/b.java, line(s) 111,143,103,79 ff/c.java, line(s) 46,97,112,86 g6/f.java, line(s) 72 ga/f.java, line(s) 21,64,40 gd/c.java, line(s) 21,25,42,46 gf/a.java, line(s) 58,27,66,70 gf/b.java, line(s) 99,109,118,131 h6/d.java, line(s) 52,79,49,78 h6/e.java, line(s) 148,168,185,147,167,184 h9/e.java, line(s) 22 hb/c.java, line(s) 41,28,47,53,40,46,52,58,59,64,65 hd/f.java, line(s) 31 hd/k.java, line(s) 35 hf/d.java, line(s) 91,108,179,167,191,95 hf/e.java, line(s) 42,80,91,94,97,132,110,124,72,77,88 hf/f.java, line(s) 58,92,105,117,103,272,283,141,158,177,182,195,200,214,219,233,243,248 hf/g.java, line(s) 46,178,228,234,237,245,258,269,272,181,201,208,240,261,184,204,262 hh/c.java, line(s) 78,67,104,110 i7/c.java, line(s) 74,79,84 i7/g.java, line(s) 161,166,171 i7/j0.java, line(s) 304,307,312 i7/q.java, line(s) 99 i7/t.java, line(s) 231,412,418 i8/a.java, line(s) 224,656 i9/o.java, line(s) 95,98,101,104,107,110,118,121,124,127,165,170 i9/r.java, line(s) 27 i9/y.java, line(s) 23 i9/z.java, line(s) 36,41 ig/a.java, line(s) 17 ig/c.java, line(s) 26 ij/c.java, line(s) 98 j6/d.java, line(s) 71,70 j6/f.java, line(s) 52,51 j7/d.java, line(s) 19 j7/h.java, line(s) 25 j7/i.java, line(s) 199 j7/x.java, line(s) 172,188 jf/a.java, line(s) 73,84,93,103 jg/b.java, line(s) 25,51 jg/d.java, line(s) 66 jg/g.java, line(s) 29,65 jh/g.java, line(s) 30,26 jh/i.java, line(s) 36 jh/k.java, line(s) 51 jh/m.java, line(s) 40 jh/n.java, line(s) 62,29,68 jh/o.java, line(s) 34,26,18 jh/p.java, line(s) 173,177,227,561,569,588,679,85,106,148,199,212,375,390,600,635,74,128,140,196,250,264,324,398,662,669,675 jh/z.java, line(s) 93,99,109,200 k1/h.java, line(s) 139,140 k2/e.java, line(s) 88 k3/c.java, line(s) 39,59 k9/a.java, line(s) 44,52,33 ka/a.java, line(s) 32,70,85,84,43,64 kf/q.java, line(s) 132,134,671,895,997,1024,1044,1083,136,337,374,422,588,620,673,1001,1087,141,152,1156,1188,586,593,610,1009,1242,1251,1139,1171 l0/f.java, line(s) 51,102,333,53,68,107 l6/k.java, line(s) 55,102,56,103 l6/l.java, line(s) 55,89,155,166,54,65,68,78,88,91,124,127,133,154,165,44,66,125,134,79 l7/d.java, line(s) 310,81,83,88,96,101,108,112,117,121,126,130,133,138,140,145,148,153,155,158,179,216,281,292,297,301 l8/e.java, line(s) 48,26,54,60,47,53,59,65,66,71,72 lb/a.java, line(s) 95 lb/e.java, line(s) 170 lb/h.java, line(s) 36 lb/l.java, line(s) 51,63,68,71,75,121,130,149 lb/m.java, line(s) 17 lb/n.java, line(s) 23 m6/h.java, line(s) 26,41,54,65,27,55,42,66 m6/n.java, line(s) 46,31 m7/k.java, line(s) 46,56,79 m7/l.java, line(s) 85,138,150,165,187 mb/c.java, line(s) 56,63,77,55,62,67,76,68 mb/f.java, line(s) 163,170,294,73,162,169,293,308,309,74 mc/g.java, line(s) 26 mf/f.java, line(s) 122,134 n6/d.java, line(s) 27,26 n7/g.java, line(s) 419 n7/h.java, line(s) 92,116 n9/a.java, line(s) 47,67 na/a.java, line(s) 82,89,116,175,181,244,96,261 na/b.java, line(s) 33 nb/a.java, line(s) 35 nb/b.java, line(s) 41,45,38 nf/c.java, line(s) 56 nf/e.java, line(s) 71,94,106 nh/b.java, line(s) 139,145 o2/a.java, line(s) 140,143,144,145,149 o3/h.java, line(s) 28 o6/d.java, line(s) 44,43 o6/h.java, line(s) 40,39 o6/k0.java, line(s) 42,43 o6/l.java, line(s) 62,61 o6/o.java, line(s) 78,77 o9/e.java, line(s) 701,1438,698,1233,1277 o9/g.java, line(s) 55,62,92,101 of/a.java, line(s) 104,114,123,130 oh/d.java, line(s) 45,53,63,35,40,59,72 oh/f.java, line(s) 39,31,42 oh/j.java, line(s) 58,184,188,213,238,54,209,230 oh/k.java, line(s) 24,38,46 oh/n.java, line(s) 35 oh/r.java, line(s) 66,88,101,159,205,216,255,278,630,644,696,711 org/lsposed/hiddenapibypass/HiddenApiBypass.java, line(s) 81,320 p000/p001/up1.java, line(s) 377 p000if/a.java, line(s) 153 p001/p002/up1.java, line(s) 378 p002i/p003i/pk.java, line(s) 488 p003i/p004i/pk.java, line(s) 489 p3/d.java, line(s) 101,106,113,117,129,137 p7/c.java, line(s) 50 pf/e.java, line(s) 257,271,224 q/g.java, line(s) 50,72 q2/a.java, line(s) 386 q6/b.java, line(s) 65,66 q9/a.java, line(s) 179,185,180,186 qa/e.java, line(s) 39 qf/b.java, line(s) 80 qf/e.java, line(s) 122,142,151,164 qj/c.java, line(s) 48,85,85 r5/b4.java, line(s) 17,14 r5/o3.java, line(s) 80,83 r5/s1.java, line(s) 36,39 r5/t2.java, line(s) 60,54 r7/c.java, line(s) 184 r7/k.java, line(s) 65 r7/l.java, line(s) 68 r9/h.java, line(s) 25 re/v.java, line(s) 307,681,808,897,960,1038,138,209,384,689,728,760,779,815,838,869,905,920,934,946,974,1010,1053,1087,357,108,130,135,162,167,170,185,188,195,202,205,217,228,239,245,251,263,266,287,326,333,424,465,478,487,499,511,529,752,754,878,884,918,944,972,1008,1051,1085,1162,1175,1186,388 s9/c.java, line(s) 50,56,265,290,84,94,113,143,182,260,131,53,134,156,159,177 se/u.java, line(s) 855,78,190,293,649,662,678,773,809,846,878,898,937,994,1009,1021,1031,1043,1079,76,124,128,145,153,183,215,267,286,289,313,332,349,367,373,384,395,401,419,455,472,765,767,861,864,946,952,1019,1041,1077,1105,1145,1155 t8/c.java, line(s) 134,144,161,172,175,179,180,169 te/e.java, line(s) 132,125,170 u2/e.java, line(s) 52,62 u6/b.java, line(s) 54,71,77,82,95,55,72,78,83,103 u6/e.java, line(s) 22,23 u6/n.java, line(s) 54,55 u7/b.java, line(s) 55 uf/d.java, line(s) 138,126,139 v3/r.java, line(s) 47,53,59,65,71,77 v5/d.java, line(s) 14 vb/d.java, line(s) 36 vb/f.java, line(s) 45 vb/l.java, line(s) 66 ve/f.java, line(s) 223,80,171,201,266,405,421,70,93,105,386,60,251 w0/e.java, line(s) 25 w1/o.java, line(s) 35,44,47,50 w6/a0.java, line(s) 39,40 w6/c0.java, line(s) 51,58,52,59 w6/e.java, line(s) 14,13 w6/o.java, line(s) 66,67 w6/x.java, line(s) 27,28 w6/z.java, line(s) 51,31,50,32 we/f.java, line(s) 378,410,453 x2/d.java, line(s) 184 xf/c.java, line(s) 55 yb/f.java, line(s) 79,85,37,91,97,103 z6/g.java, line(s) 182,27,128,141 ze/b.java, line(s) 55,61,31,59,71 ze/d.java, line(s) 58,64,66,30,62
信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: i7/b.java, line(s) 15,15 i7/e0.java, line(s) 14,14 i7/i.java, line(s) 13,13 i7/j0.java, line(s) 153,153 p7/i.java, line(s) 97,97 v7/b.java, line(s) 83,83
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: eg/n.java, line(s) 5,104 rh/a.java, line(s) 4,31
信息 应用与Firebase数据库通信
该应用与位于 https://fing-firebase.firebaseio.com 的 Firebase 数据库进行通信
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: pj/e.java, line(s) 76,75,74 pj/h.java, line(s) 84,75,83,96,82,82 pj/m.java, line(s) 76,75,74,74 pj/n.java, line(s) 106,94,105,104,104
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: bc/i.java, line(s) 116,116,117 hb/d.java, line(s) 44 jb/n.java, line(s) 34
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (apps.apple.com) 通信。
{'ip': '58.220.70.19', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (firebase-settings.crashlytics.com) 通信。
{'ip': '220.181.174.162', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}