页面标题
页面副标题
移动应用安全检测报告
МойМак.by v1.8.5
55
安全评分
安全基线评分
55/100
低风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
2
高危
15
中危
3
信息
3
安全
隐私风险评估
5
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
2
中危安全漏洞
15
安全提示信息
3
已通过安全项
3
重点安全关注
5
高危安全漏洞 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个5隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Content Provider (io.appmetrica.analytics.internal.PreloadInfoContentProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (androidx.compose.ui.tooling.PreviewActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: by/ksbv/ksbvictory/analytics/AppMetric.java, line(s) 34,100 by/ksbv/ksbvictory/analytics/firebase/FirebaseManager.java, line(s) 50 by/ksbv/ksbvictory/analytics/kochava/KochavaManager.java, line(s) 9 by/ksbv/ksbvictory/api/models/auth/PasswordChangeErrorValue.java, line(s) 50 by/ksbv/ksbvictory/api/models/auth/PasswordResetParams.java, line(s) 66 by/ksbv/ksbvictory/api/models/auth/UserCreds.java, line(s) 66 by/ksbv/ksbvictory/api/models/auth/UserPhoneAndToken.java, line(s) 81 by/ksbv/ksbvictory/api/models/order/Order.java, line(s) 129 coil/decode/GifDecoder.java, line(s) 27,28,29,30 coil/memory/MemoryCache.java, line(s) 121 coil/memory/MemoryCacheService.java, line(s) 41 coil/request/Parameters.java, line(s) 151 com/begateway/mobilepayments/models/settings/PaymentSdkSettings.java, line(s) 176 io/appmetrica/analytics/impl/C0087c0.java, line(s) 16 io/appmetrica/analytics/impl/C0239c0.java, line(s) 16 io/appmetrica/analytics/impl/C0337m4.java, line(s) 58 io/appmetrica/analytics/impl/C0489m4.java, line(s) 61 io/appmetrica/analytics/impl/C0596x0.java, line(s) 40 io/appmetrica/analytics/impl/C0748x0.java, line(s) 41 io/appmetrica/analytics/impl/Mg.java, line(s) 178 io/noties/markwon/html/CssProperty.java, line(s) 30 io/noties/markwon/html/jsoup/nodes/DocumentType.java, line(s) 4,5
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: coil/decode/SourceImageSource.java, line(s) 132
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: io/appmetrica/analytics/coreutils/internal/db/DBUtils.java, line(s) 5,40 io/appmetrica/analytics/impl/C0194a5.java, line(s) 5,68,69 io/appmetrica/analytics/impl/L6.java, line(s) 7,100,107,158,272 io/appmetrica/analytics/impl/O6.java, line(s) 3,10,11,12,13 io/appmetrica/analytics/impl/P6.java, line(s) 3,10,11,12,13 io/appmetrica/analytics/impl/Q6.java, line(s) 3,10 io/appmetrica/analytics/impl/R6.java, line(s) 3,10 io/appmetrica/analytics/impl/S6.java, line(s) 3,10 io/appmetrica/analytics/impl/T6.java, line(s) 3,10 io/appmetrica/analytics/impl/U6.java, line(s) 3,13,14,19 io/appmetrica/analytics/impl/V6.java, line(s) 3,13,14,19 io/appmetrica/analytics/impl/Z4.java, line(s) 4,53,72,78
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/yalantis/ucrop/util/FileUtils.java, line(s) 52 ru/livetex/sdkui/utils/FileUtils.java, line(s) 41,43,51,58
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: io/appmetrica/analytics/impl/Fi.java, line(s) 7 io/appmetrica/analytics/impl/K7.java, line(s) 47
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: io/appmetrica/analytics/impl/M3.java, line(s) 47
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "com.google.android.geo.API_KEY" : "AIzaSyB4YTbpJZVgEJfGdj9WWl-LWs9CyJ0cHog" "com.google.firebase.crashlytics.mapping_file_id" : "00000000000000000000000000000000" "facebook_app_id" : "469070012214860" "facebook_client_token" : "3b30485f6dff35a0523d6118ec5fe4d5" "google_api_key" : "AIzaSyB4YTbpJZVgEJfGdj9WWl-LWs9CyJ0cHog" "google_app_id" : "1:558230581976:android:626bd843c976fcbb971dad" "google_crash_reporting_api_key" : "AIzaSyB4YTbpJZVgEJfGdj9WWl-LWs9CyJ0cHog" "reg_password_title" : "Welcome!" 30820268308201d102044a9c4610300d06092a864886f70d0101040500307a310b3009060355040613025553310b3009060355040813024341311230100603550407130950616c6f20416c746f31183016060355040a130f46616365626f6f6b204d6f62696c653111300f060355040b130846616365626f6f6b311d301b0603550403131446616365626f6f6b20436f72706f726174696f6e3020170d3039303833313231353231365a180f32303530303932353231353231365a307a310b3009060355040613025553310b3009060355040813024341311230100603550407130950616c6f20416c746f31183016060355040a130f46616365626f6f6b204d6f62696c653111300f060355040b130846616365626f6f6b311d301b0603550403131446616365626f6f6b20436f72706f726174696f6e30819f300d06092a864886f70d010101050003818d0030818902818100c207d51df8eb8c97d93ba0c8c1002c928fab00dc1b42fca5e66e99cc3023ed2d214d822bc59e8e35ddcf5f44c7ae8ade50d7e0c434f500e6c131f4a2834f987fc46406115de2018ebbb0d5a3c261bd97581ccfef76afc7135a6d59e8855ecd7eacc8f8737e794c60a761c536b72b11fac8e603f5da1a2d54aa103b8a13c0dbc10203010001300d06092a864886f70d0101040500038181005ee9be8bcbb250648d3b741290a82a1c9dc2e76a0af2f2228f1d9f9c4007529c446a70175c5a900d5141812866db46be6559e2141616483998211f4a673149fb2232a10d247663b26a9031e15f84bc1c74d141ff98a02d76f85b2c8ab2571b6469b232d8e768a7f7ca04f7abe4a775615916c07940656b58717457b42bd928a2 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 9b8f518b086098de3d77736f9458a3d2f6f95a37 cc2751449a350f668590264ed76692694a80308a 0e5e9c33-f8c3-4568-86c5-2e4f57523f72 20799a27-fa80-4b36-b2db-0f8141f24180 lcrp=EgZjaHJvbWUyBggAEEUYOdIBBzc5M2owajeoAgCwAgA 402f7b4a-2a86-47aa-b131-3b6bf95358f9 df6b721c8b4d3b6eb44c861d4415007e5a35fc95 3082024d308201b6a00302010202044f31d2cb300d06092a864886f70d0101050500306a310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d53616e204672616e636973636f31163014060355040a130d496e7374616772616d20496e63311630140603550403130d4b6576696e2053797374726f6d3020170d3132303230383031343133315a180f32313132303131353031343133315a306a310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d53616e204672616e636973636f31163014060355040a130d496e7374616772616d20496e63311630140603550403130d4b6576696e2053797374726f6d30819f300d06092a864886f70d010101050003818d003081890281810089ebcac015660b42a5c080bf694c52e29e9df83a4c94964b022ca38d2ba2157d8e4650955c787906ac344bdb8b7d202a92231403d48e9e2f0df3cb917cfa9b9741314c85052673d42ad00f2c251be4a6b012fb9d5b33131b0e5ca0b9193856dc311dc65dc45f97d2632e72bec2b4964adfd5d30675d5d372fbaf11359a7afb550203010001300d06092a864886f70d0101050500038181002aefd84526b570192967b679a685bcdc12cf40030589594d04d885cfa8a311372fb93f2c1c8ba636f061aeb87207f5a1ad26fe58747c30714f1e9b918ab2e090d5250307655eeab5fede1e6409316c5d29779c037b550f29bcad40fa70c947b616cc05daa5532c0ecc3ece773a71f37287a4ac32f2bd7feede847cbac5671969 2da400f1-bb89-42cc-9266-bee60cdd47de 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 c56fb7d591ba6704df047fd98f535372fea00211 a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: by/ksbv/ksbvictory/AppScreenKt.java, line(s) 280 by/ksbv/ksbvictory/KSBUncaughtExceptionHandler.java, line(s) 45,46,47,48,49 by/ksbv/ksbvictory/MainActivity.java, line(s) 245,258,228,198,240,248,259 by/ksbv/ksbvictory/MainViewModel$startup$1.java, line(s) 52 by/ksbv/ksbvictory/api/extensions/Validator.java, line(s) 54,69,83,91,104 by/ksbv/ksbvictory/api/interceptors/TokenAuthenticator.java, line(s) 95,100 by/ksbv/ksbvictory/api/interceptors/TokenInterceptor.java, line(s) 86 by/ksbv/ksbvictory/api/models/points/PointsLog.java, line(s) 83,83,83 by/ksbv/ksbvictory/data/repository/UserPreferencesRepository.java, line(s) 168 by/ksbv/ksbvictory/data/repository/auth/AuthRepository$hydrateFromSettings$1.java, line(s) 52 by/ksbv/ksbvictory/data/repository/auth/AuthRepository.java, line(s) 91,100,104,110 by/ksbv/ksbvictory/data/repository/user/ProfileRepository$deleteUser$2.java, line(s) 57 by/ksbv/ksbvictory/data/repository/user/ProfileRepository.java, line(s) 136,143,172,179,101,132,152 by/ksbv/ksbvictory/features/survey/SurveyCodeScreenKt.java, line(s) 31 by/ksbv/ksbvictory/features/survey/SurveyViewModel.java, line(s) 179,192 by/ksbv/ksbvictory/nav/NavigationViewModel$setNeedsOnboarding$1.java, line(s) 69 by/ksbv/ksbvictory/nav/NavigationViewModel.java, line(s) 77,83,48,91 by/ksbv/ksbvictory/screens/MainScreenKt$MainScreen$18.java, line(s) 49 by/ksbv/ksbvictory/screens/MainScreenKt$MainScreen$20.java, line(s) 53 by/ksbv/ksbvictory/screens/MainScreenKt.java, line(s) 1425,1436,1439,1443,1448,1452,1456,1458,1397,1540,1428,1433,1470 by/ksbv/ksbvictory/screens/auth/AuthViewModel.java, line(s) 363 by/ksbv/ksbvictory/screens/auth/ComposableSingletons$AuthContentKt.java, line(s) 76 by/ksbv/ksbvictory/screens/coupons/CouponsViewModel$getCouponById$1.java, line(s) 67 by/ksbv/ksbvictory/screens/coupons/CouponsViewModel$handleDeepLink$1.java, line(s) 80 by/ksbv/ksbvictory/screens/coupons/CouponsViewModel$toggleCouponsTimer$1.java, line(s) 54 by/ksbv/ksbvictory/screens/coupons/PointsListKt.java, line(s) 259 by/ksbv/ksbvictory/screens/coupons/PointsViewModel.java, line(s) 167 by/ksbv/ksbvictory/screens/home/components/HeroBannerKt.java, line(s) 150 by/ksbv/ksbvictory/screens/menu/MenuViewModel$handleDeepLink$1.java, line(s) 90,113 by/ksbv/ksbvictory/screens/menu/views/CategoryTabsKt$CategoryTabs$1.java, line(s) 47 by/ksbv/ksbvictory/screens/more/UserViewModel$fetchUserProfile$1.java, line(s) 60 by/ksbv/ksbvictory/screens/more/UserViewModel$updateUserProfile$1.java, line(s) 68 by/ksbv/ksbvictory/screens/order/OrderViewModel$asRoutes$1.java, line(s) 61 by/ksbv/ksbvictory/screens/order/OrderViewModel$checkOrder$2.java, line(s) 78 by/ksbv/ksbvictory/screens/order/OrderViewModel$createOrder$1.java, line(s) 103 by/ksbv/ksbvictory/screens/order/OrderViewModel$fetchCurrentOrder$1.java, line(s) 160 by/ksbv/ksbvictory/screens/order/OrderViewModel$getUpsales$1$1$1.java, line(s) 57 by/ksbv/ksbvictory/screens/order/OrderViewModel$updateOrder$1$1.java, line(s) 176 by/ksbv/ksbvictory/screens/order/OrderViewModel.java, line(s) 416,582 by/ksbv/ksbvictory/screens/order/cart/FoodCartDetailKt.java, line(s) 570 by/ksbv/ksbvictory/screens/order/map/DeliveryMapScreenKt$DeliveryMapScreen$1.java, line(s) 52 by/ksbv/ksbvictory/screens/order/map/DeliveryMapScreenKt$DeliveryMapScreen$2.java, line(s) 62 by/ksbv/ksbvictory/screens/order/menu/OrderCategoriesViewModel.java, line(s) 280 by/ksbv/ksbvictory/screens/order/payment/PaymentScreenKt$PaymentScreen$1.java, line(s) 79 by/ksbv/ksbvictory/screens/order/payment/PaymentScreenKt.java, line(s) 1232,1338 by/ksbv/ksbvictory/screens/restaurants/RestaurantsScreenKt$RestaurantsScreenContent$1.java, line(s) 65 by/ksbv/ksbvictory/screens/restaurants/RestaurantsViewModel$fetchRestaurants$1.java, line(s) 74,77 by/ksbv/ksbvictory/screens/restaurants/RestaurantsViewModel$handleDeepLink$1.java, line(s) 76 by/ksbv/ksbvictory/screens/restaurants/RestaurantsViewModel.java, line(s) 209 by/ksbv/ksbvictory/screens/webview/WebViewScreenKt$WebViewScreen$2$1$1.java, line(s) 111 by/ksbv/ksbvictory/services/NotificationService.java, line(s) 85,88,93,94,107,116,120 by/ksbv/ksbvictory/ui/components/ComposableSingletons$SkipButtonKt.java, line(s) 123 by/ksbv/ksbvictory/ui/components/HyperlinkTextKt.java, line(s) 99 by/ksbv/ksbvictory/utils/DateParser.java, line(s) 47,50 by/ksbv/ksbvictory/utils/IdFromJWTKt.java, line(s) 21,28 by/ksbv/ksbvictory/utils/PhoneNumberFormatterKt.java, line(s) 44 com/begateway/mobilepayments/payment/googlepay/GooglePayHelper.java, line(s) 95 com/begateway/mobilepayments/utils/CreditCardAdapter.java, line(s) 98 com/begateway/mobilepayments/utils/SaveCardSheetDialogFragment$handleButtonClick$2.java, line(s) 72 com/begateway/mobilepayments/utils/SaveCardSheetDialogFragment.java, line(s) 168,173 com/begateway/mobilepayments/utils/SaveCardTokenKt.java, line(s) 52,86 com/kochava/core/log/internal/Logger.java, line(s) 114 com/simonsickle/compose/barcodes/BarcodeKt$Barcode$1.java, line(s) 115 com/tiktok/util/TTLogger.java, line(s) 42,45,52,24,27,34 com/yalantis/ucrop/UCropActivity.java, line(s) 158 com/yalantis/ucrop/task/BitmapCropTask.java, line(s) 113 com/yalantis/ucrop/task/BitmapLoadTask.java, line(s) 129,158,203,87,90,135,144,151 com/yalantis/ucrop/util/BitmapLoadUtils.java, line(s) 103,51,82 com/yalantis/ucrop/util/EglUtils.java, line(s) 23 com/yalantis/ucrop/util/FileUtils.java, line(s) 60 com/yalantis/ucrop/util/ImageHeaderParser.java, line(s) 55,62,73,81,113,123,135,149,163,169,173,178,184,188,291,54,61,72,80,112,122,134,148,162,168,172,177,183,187 com/yalantis/ucrop/view/TransformImageView.java, line(s) 225,242,128,96 io/appmetrica/analytics/gpllibrary/internal/GplLibraryWrapper.java, line(s) 67,76,82 io/appmetrica/analytics/impl/C0251ie.java, line(s) 26 io/appmetrica/analytics/impl/C0285k0.java, line(s) 39 io/appmetrica/analytics/impl/C0358n1.java, line(s) 160 io/appmetrica/analytics/impl/C0403ie.java, line(s) 27 io/appmetrica/analytics/impl/C0437k0.java, line(s) 40 io/appmetrica/analytics/impl/C0447qi.java, line(s) 27,39,50,58 io/appmetrica/analytics/impl/C0500t0.java, line(s) 68 io/appmetrica/analytics/impl/C0510n1.java, line(s) 161 io/appmetrica/analytics/impl/C0599qi.java, line(s) 29,41,52,60 io/appmetrica/analytics/impl/C0644z0.java, line(s) 27 io/appmetrica/analytics/impl/C0652t0.java, line(s) 69 io/appmetrica/analytics/impl/C0796z0.java, line(s) 28 io/appmetrica/analytics/impl/Ce.java, line(s) 41,37,15,20,27,33 io/appmetrica/analytics/impl/Ei.java, line(s) 26 io/appmetrica/analytics/impl/Fe.java, line(s) 31,48,61,67,45,58 io/appmetrica/analytics/impl/Ih.java, line(s) 75 io/appmetrica/analytics/impl/M7.java, line(s) 63 io/appmetrica/analytics/impl/P3.java, line(s) 17 io/appmetrica/analytics/internal/PreloadInfoContentProvider.java, line(s) 43,35,38,51,76,104,111 io/noties/markwon/LinkResolverDef.java, line(s) 23 io/noties/markwon/PrecomputedTextSetterCompat.java, line(s) 36 org/koin/android/logger/AndroidLogger.java, line(s) 59,69,71,63,67 ru/livetex/sdk/logic/EntityMapper.java, line(s) 67 ru/livetex/sdk/logic/LiveTexMessagesHandler.java, line(s) 123,227,117,128,101 ru/livetex/sdk/network/NetworkManager.java, line(s) 120,153,273,277,315,324,333,370,259,267 ru/livetex/sdk/network/websocket/LiveTexWebsocketListener.java, line(s) 73,40,58,65 ru/livetex/sdkui/chat/AddFileDialog.java, line(s) 101 ru/livetex/sdkui/chat/ChatActivity.java, line(s) 189,260,401,603 ru/livetex/sdkui/chat/ChatViewModel.java, line(s) 89,98,107,116,125,134,168,217,256,303,326,342,364,447,509 ru/livetex/sdkui/chat/adapter/MessagesAdapter.java, line(s) 249 ru/livetex/sdkui/utils/picker/LivetexPicker.java, line(s) 40,43,50,53,60,63 ru/tinkoff/core/components/nfc/Tags.java, line(s) 243
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: com/begateway/mobilepayments/utils/SaveCardSheetDialogFragment.java, line(s) 193 com/begateway/mobilepayments/utils/SaveCardTokenKt.java, line(s) 48
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: ru/livetex/sdkui/chat/ChatActivity.java, line(s) 4,322
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: by/ksbv/ksbvictory/api/ApiClient.java, line(s) 43,43 com/begateway/mobilepayments/network/Rest.java, line(s) 77,77
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/kochava/tracker/datapoint/internal/DataPointCollectionState.java, line(s) 50,53,53,53,53,53,53 io/appmetrica/analytics/coreutils/internal/system/RootChecker.java, line(s) 20
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/558230581976/namespaces/firebase:fetch?key=AIzaSyB4YTbpJZVgEJfGdj9WWl-LWs9CyJ0cHog ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
重点安全关注 应用程序可能与位于OFAC制裁国家 (白俄罗斯) 的服务器 (img.ksbv.by) 通信。
{'ip': '185.179.83.226', 'country_short': 'BY', 'country_long': '白俄罗斯', 'region': '明斯卡亚誓言', 'city': '明斯克', 'latitude': '53.900074', 'longitude': '27.566729'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (白俄罗斯) 的服务器 (ksbv.by) 通信。
{'ip': '178.172.172.249', 'country_short': 'BY', 'country_long': '白俄罗斯', 'region': '明斯卡亚誓言', 'city': '明斯克', 'latitude': '53.900074', 'longitude': '27.566729'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (白俄罗斯) 的服务器 (mak.by) 通信。
{'ip': '178.172.172.249', 'country_short': 'BY', 'country_long': '白俄罗斯', 'region': '明斯卡亚誓言', 'city': '明斯克', 'latitude': '53.900074', 'longitude': '27.566729'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (白俄罗斯) 的服务器 (checkout.bepaid.by) 通信。
{'ip': '185.183.120.65', 'country_short': 'BY', 'country_long': '白俄罗斯', 'region': '明斯卡亚誓言', 'city': '明斯克', 'latitude': '53.900074', 'longitude': '27.566729'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (白俄罗斯) 的服务器 (app.ksbv.by) 通信。
{'ip': '178.172.160.73', 'country_short': 'BY', 'country_long': '白俄罗斯', 'region': '明斯卡亚誓言', 'city': '明斯克', 'latitude': '53.900074', 'longitude': '27.566729'}
综合安全基线评分总结
МойМак.by v1.8.5
Android APK
55
综合安全评分
中风险