安全分析报告: twinme v23.6

安全分数


安全分数 51/100

风险评级


等级

  1. A
  2. B
  3. C
  4. F

严重性分布 (%)


隐私风险

0

用户/设备跟踪器


调研结果

高危 1
中危 15
信息 2
安全 1
关注 0

高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 

应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
org/twinlife/twinlife/s.java, line(s) 50,61
v6/h4.java, line(s) 2523

中危 Activity (org.twinlife.twinme.ui.accountMigrationActivity.LocalAccountMigrationActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (org.twinlife.twinme.ui.shareActivity.ShareActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (org.twinlife.twinme.ui.SplashScreenActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Broadcast Receiver (org.twinlife.twinme.ui.BootReceiver) 未被保护。 

[android:exported=true]
发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Broadcast Receiver (androidx.media.session.MediaButtonReceiver) 未被保护。 

[android:exported=true]
发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。 

Permission: com.google.android.c2dm.permission.SEND [android:exported=true]
发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护, 但是应该检查权限的保护级别。 

Permission: android.permission.DUMP [android:exported=true]
发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 应用程序使用不安全的随机数生成器 

应用程序使用不安全的随机数生成器
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators

Files:
a6/d.java, line(s) 5
i5/a.java, line(s) 3
i5/b.java, line(s) 4
j5/a.java, line(s) 4
org/twinlife/twinlife/h.java, line(s) 20
org/twinlife/twinme/ui/callActivity/CallActivity.java, line(s) 39
s0/o1.java, line(s) 7
u6/j.java, line(s) 6
x0/j0.java, line(s) 4
y5/b.java, line(s) 10
z5/b.java, line(s) 4

中危 SHA-1是已知存在哈希冲突的弱哈希 

SHA-1是已知存在哈希冲突的弱哈希
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
a6/d.java, line(s) 31
d6/n.java, line(s) 329,403
org/twinlife/twinlife/h.java, line(s) 299

中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 

文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10

Files:
a6/d.java, line(s) 51
d6/a.java, line(s) 375
e7/l0.java, line(s) 318

中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件 

应用程序创建临时文件。敏感信息永远不应该被写进临时文件


Files:
com/theartofdev/edmodo/cropper/CropImageActivity.java, line(s) 60
com/theartofdev/edmodo/cropper/c.java, line(s) 118
h8/m.java, line(s) 165
j2/c.java, line(s) 117
org/twinlife/twinme/ui/conversationActivity/CameraActivity.java, line(s) 387,956,1089
org/twinlife/twinme/ui/conversationActivity/ConversationActivity.java, line(s) 1837,3972,4010,4064,4083

中危 IP地址泄露 

IP地址泄露


Files:
c6/q0.java, line(s) 5,5,5,5,5,5,5,5,5,5,5,5,5,5

中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 

应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2

Files:
e3/m0.java, line(s) 5,6,293
e3/t0.java, line(s) 4,5,134
net/sqlcipher/database/SQLiteDatabase.java, line(s) 1404,1423,367

中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 

应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage

Files:
f8/t.java, line(s) 37
org/twinlife/twinlife/h.java, line(s) 219
org/twinlife/twinme/ui/TwinmeApplicationImpl.java, line(s) 324
org/twinlife/twinme/ui/settingsActivity/MessagesSettingsActivity.java, line(s) 160

中危 此应用可能包含硬编码机密信息 

从应用程序中识别出以下机密确保这些不是机密或私人信息
"google_api_key" : "AIzaSyCpNkE3gat3wu_M-cHCMBCQWmWDhYQtcns"
D7E5E971-2813-4418-AD23-D9DE2E1D085F
26e3a3bd-7db0-4fc5-9857-bbdb2032960e
11161f66-68e9-4cb4-8c12-241f4e071af4
9e5cd508-6bbf-43b4-b49e-36dae0ecc98c
6c0442f5-b0bf-4b7e-9ae5-40ad720b1f71
4ffd7362-498d-4584-9d93-49d7514a6c32
7589801a-83ba-4ce2-af50-46994088053e
64c4f4dd-b7bc-4547-849d-84f5eba047d8
1f0ad01a-9d6e-4157-8d50-e8cc9ce583be
9e2f9bb9-b614-4674-b3a6-0474aefa961f
c06c8400-8e06-11e0-9cb6-0002a5d5c51b
44CE232D-4BA3-4295-8B27-7BD9981AD555
1E141E92-1DC7-4FCD-9CD8-9D14FCAD8596
77D31CDE-8EBF-4796-AADA-97276B1AD79F
49fc3005-af8e-43da-925a-00d40889dc98
946fb7cd-f8d2-46a8-a1d2-6d9f3aa0accd
72863c61-c0a9-437b-8b88-3b78354e54b8
D36D6D8A-2DFF-11ED-A261-0242AC120002
A5F47729-2FEE-4B38-AC91-3A67F3F9E1B6
e8028e21-e657-4240-b71a-21ea1367ebf2
3d791a6d-6ad0-438c-89cf-92a822a85846
0906f883-6adf-4d90-9252-9ab401fbe531
a080a7a6-59fe-4463-8ac4-61d897a2aa50
c8deaacf-8d08-4f3a-b0cf-385aff0ecc76
fdf1bba1-0c16-4b12-a59c-0f70cf4da1d9
87d33c5f-9b9b-49bf-a802-8bd24fb021a6
09e855f4-61d9-4acf-92ce-8f93c6951fb0
70ea071a-48f7-41e9-ace5-2c3616f8abf5
fde9aa2f-c0e3-437a-a1d1-0121e72e43bd
f2cb4a52-7928-42cb-8439-248388b9a4c7
ae2211fe-60ed-4518-ae90-e9dc5393f0d9
33c38ac6-e89d-4639-b116-90fc47a5f9f4
55e698ff-b429-425f-bcaa-0b21d4620621
30991309-e91f-4295-8a9c-995fcfaf042e
9e53e24a-acf3-4819-8539-2af37272254f
48e15279-8070-4c49-a71c-ce876cca579e
B57863E8-3336-11ED-A261-0242AC120002
cf8f2889-4ee2-4e50-a26a-5cbd475bb07a
c1ba9e82-43a7-413a-ab9f-b743859e7595
641bf1f6-ebbf-4501-9151-76abc1b9adad
76bdf639-65a3-41b9-9af9-87d622473d3f
BB834EE6-3927-42E1-BC46-5663B2AB47DB
05c90756-d56c-4e2f-92bf-36b2d3f31b76
62e7fe3c-720c-4247-853a-8fca4bcf0e24
ffc5b5d4-a5e7-471e-aef3-97fadfdbda94
3d4e8b77-bca3-477d-a949-5ec4f36e01a3
1ea153d1-35ce-4911-9602-6ba4aee25a57
1f3b4ea2-0863-4eec-885e-b9d17efd84b7
afa81c21-beb5-4829-a5d0-8816afda602f
50c7142b-bc18-4592-89fc-eaecf55ac38d
4fe07aed-f318-46e3-99d0-bb2953cef9ba
BD58A3FF-5EFE-491D-8FDC-21F61C87CE0C
6c2a932e-3dc6-47f2-b253-6975818d3a3c
9b9490f0-5620-4a38-8022-d215e45797ec
800fd629-83c4-4d42-8910-1b4256d19eb8
f80f7791-15a7-4944-b743-99a84eba6fba
e9341f60-0594-4877-b375-39bb3a836de4
16d83e7c-761a-4091-8946-59ef5f7903d3
f34ce0b8-8b1c-4384-b7a3-19fddcfd2789
DDD83ED6-3335-11ED-A261-0242AC120002
acd63138-bec7-402d-86d3-b82707d8b40c
20b764ab-7069-4c28-8cab-8c2926d7334a
f48fa894-a200-4aa8-a7d4-22ea21cfd008
989CB652-F1AE-4863-BA02-E3D024BCAD7A
77a5bf4e-8f4c-4772-b100-4344d44fadde
AD11179C-1510-4F1A-A4C2-0F29DC989997
314464E8-228B-4D0F-A1CF-43EEC8BCA45A
8961B734-1D70-407B-A02B-0F673FB2F8BC
7a9772c3-5f99-468d-87af-d67fdb181295
380ebc30-1aa9-4e66-bcd8-d0436b5724e8
71637589-5fb0-4ec0-b11a-e56accaa60a0
ca15db2f-beda-40a3-84d9-7c3fee25dc5d
35d11e72-84d7-4a3b-badd-9367ef8c9e43
fb21d934-f3b4-4432-a82f-0d5a1f17e685
7fad2e67-c6b9-4925-96ed-9af3bb83d19f
e6726692-8fe6-4d29-ae64-ba321d44a247
9eaa4ad1-3404-4bcc-875d-dc75c748e188
2dc1c0bc-f4a1-4904-ac55-680ce11e43f8
ae5192f5-f505-4211-84c5-76cb5bf9b147
eee63e5e-8af1-41e9-9a1b-79806a0056a2
ccc791c2-3a5c-4d83-ab06-48137a4ad262
43125f6e-aaf0-4985-a363-1aa1d813db46
2BA7FFAC-7992-4828-B2F3-D27A6F5D9AAB
3D8A1111-61F8-4B27-8229-43DE24A9709B
8359efba-fb7e-4378-a054-c4a9e2d37f8f
6e0db5e2-318a-4a78-8162-ad88c6ae4b07
8974ff91-a6c6-42d7-b2a2-fc11041892bd
dfb67bd7-2e6a-4fd0-b05d-b34b916ea6cf
fd30c970-a16c-4346-936d-d541aa239cb8
b70ac369-54c9-4f42-8217-59e6f52bb8fc
493e6d32-a023-455a-9952-c76162c319c9
a4bb8ccd-0b4b-43be-80ca-4714bedc2f79
81BA3B79-DFAE-4DBA-827A-471D17F64CFF
3AE62A72-6CFB-4F8E-BBFE-730A7AE3AFCA
412f43fa-bee9-4268-ac6f-98e99e457d03
837145fe-2656-41ec-9910-cda6f114ac9a
D3F0B2DC-14A8-4A1B-A231-F77894FA8155
5fdf06d0-513f-4858-b416-73721f2ce309
982ca04e-5b94-4382-acda-b710973b9a04
edf481e9-d584-4366-8c32-997cb33cf2c1
2ab7ff5b-3043-4cbb-bb12-dda405fcd285
5fd82b6b-5b7f-42c1-976e-f3addf8c5e16
7866f017-62b6-4c3f-8c55-711f48aae233
0B20EF35-A5D9-45F2-9B97-C6B3D15983FA
ed230b09-b9ff-4d9a-83c9-ddcc3ad686c6
2b0ff6f7-75bb-44a6-9fac-0a9b28fc84dd
ef7b3c03-33d5-49c2-8644-79ea2688403e
959957DA-B8EE-4506-8A5E-A5006023E13D
e53c8953-6345-4e77-bf4b-c1dc227d5d2f
3bfed52d-0173-4f0d-bfd9-f5d63454ca59
d9585220-4c8f-4a24-8e71-d7f81a4abe37
705be6f2-c157-4f75-8325-e0e70bd04312
3b5dc8a2-2679-43f2-badf-ec61c7eed9f0
cfde3269-ce0f-4a8e-976c-4a9e504ff515
f4e195c7-3f84-4e05-a268-b4e3a956a787
4B143BC6-1590-4889-B46A-2B54BCf5DBA8
c1124181-8360-49a0-8180-0f4802d1dc04
22a99e04-6485-4808-9f08-4e421e2e5241
0ac5f97d-0fa1-4e18-bd99-c13297086752
60e72a89-c1ef-49fa-86a8-0793e5e662e4
8efcb2a1-6607-4b06-964c-ec65ed459ffc
bb392ec0-8d4d-11e0-a896-0002a5d5c51b
9D8EB22F-14DE-4BC7-8C39-892F249724BE
34469234-0f9b-48ea-88b1-f353808b6492
7d9baa6c-635e-4bda-b31a-a416322e4eec
46C01729-E871-4208-8094-1EBD3E036FFF
2088C0ED-A8E7-421B-A687-D4FCFCA4F571
826A7CF6-11E3-42DD-BC53-22265FD82573
B9C54866-4FDC-4779-AB76-61547E1ADB2B
3b726b45-c3fc-4062-8ecd-0ddab2dd1537
a35089f8-326f-4f25-b160-e0f9f2c9795c
753da853-a54d-4cc5-b8b6-dec3855d8e08
1db860bd-f84c-48c0-b2dd-17fea1e683bd
3A019C39-D2FC-4D15-A808-0D32FDFEB15E
c74e79e6-5157-4fb4-bad8-2de545711fa0
E476F52F-C863-4463-BAB4-B89C875E601F
17a04202-d50a-4150-a490-de671e639dc4
EA25E83B-772E-456F-BF87-65745C80CCD1
a2065d6f-a7aa-43cd-9c0e-030ece70d234
4d23a645-233b-4d8f-a9aa-2b15b37e2ba3
266f3d93-1782-491c-b6cb-28cc23df4fdf
fae66d0a-ce05-423d-b5fa-6019b24ea924
1840c20d-b017-48a7-ac20-7c5a16211883
dc513717-c843-40e8-8b04-0d8016052935
1bdb2a25-33a7-4caf-af96-b90af26a478f
C9BACD10-5584-4CAA-9D9B-E51A300DDFD0
BF0A6327-FD04-4DFF-998E-72253CFD91E5
9ec1280e-a298-4c8b-b0fd-35383f7b5424
04E86861-71B6-40A0-9BAB-9AE58CC2E765
73D907A5-BDD2-44E4-8FA5-78E170A84421
50FEC907-1D63-4617-A099-D495971930EF
3b74a66c-db31-4c93-b0ac-f2c08ff3cf31
CA705D70-9029-4746-9719-274EA0F29F7C
e20d024-2dcb-4a60-9331-216849fc3065
E9819421-CD71-4C3D-AB6A-0783F0FF4532
34F465EA-A459-423A-A270-2612DC72DAB4
09557d03-3af7-4151-aa60-c6a4b992e18b
B3ED091A-4DB9-4C9B-9501-65F11811738B
8412B66C-19E6-4D86-ADBF-BFF0FDDA1C2D
df02d937-e375-4951-845f-1f9843aef1f8
8184d22a-980c-40a3-90c3-02ff4732e7b9
963f8d06-1a57-4c54-a6ce-0f1fec3064c6
81E0C7CF-4146-43E1-B2D6-BAAD324514A0
58F00122-5ED8-41CC-966A-572AA0B20B4A
5964dbf0-5620-4c78-963b-c6e08665fc33
0890ec66-0560-4b41-8e65-227119d0b008
f4593a1e07cc9cceffbed9c11dc5218356f7814d9b22949de745e629990c6c60
85F98FDE-5C4E-11ED-9B6A-0242AC120002
05617876-8419-4240-9945-08bf4106cb72
a8aa7e0d-c495-4565-89bb-0c5462b54dd0
6dc2169c-1ec8-4c4a-9842-ab26b8484813
22903c9e-545f-44f4-948b-908b3153cfc2
f7460e42-387c-41fe-97c3-18a5f2a97052
4383A4B4-F091-4EB5-93E7-4C7A01E6A31D
f04f5123-b42d-456b-ac5c-45af7b26e6a0
a17516a2-4bd2-4284-9535-726b6eb1a211
64bcd660-e13d-45c3-b953-d75a9a5bac25
4d06f636-6327-4c1d-b044-08227f4aa7cb
f7295462-019e-4bd5-b830-20f98f8a9735
B2977B13-1899-4A41-9244-365B40ADBBB9
5a5d0994-2ca3-4a62-9da3-9b7d5c4abdd4
DF59B7F3-D0D3-4A96-9B7A-1671B1627AEF
640C0511-8E7D-4710-AE0C-A237B5BE1C30
91780AB7-016A-463B-9901-434E52C200AE
1A3E0E6E-78FE-448B-A671-7C5B4BA6AC72
f95ac4b5-d20f-4e1f-8204-6d146dd5291e
A0589646-2B24-4D22-BE5B-6215482C8748
af9e04d2-88c5-4054-8707-ad5f06ce9fc4
177b0d15-2d19-4e89-8e16-701f7266ab48
d2447a5f-7aed-439a-808b-2858c5f1ba39
3a9ca7c4-6153-426d-b716-d81fd625293c
6825a073-b8f0-469e-b283-16fb4d3d0f80
b814c454-299b-48c0-aa40-19afa72ccef8
751761ce-2d1c-4af4-ba85-6c0764f21ed0
3FC4574E-79CD-4CD6-8FD4-AC541162C312
4fab57a3-6c24-4318-b71d-22b60807cbc5
a9a2a78b-b224-4aab-b61b-1a8ed17b80a7
3ec683a9-1856-420a-a849-d47c48dd9111
437466BB-B2AC-4A53-9376-BFE263C98220
f40eaf3b-69c2-4ad5-a4bf-41779b504956
86A86B53-0E2C-4BA2-AD74-DDFB3F6FBB2C
39b4838a-857c-4d03-9a63-c226fab2cd01
42705574-8e05-47fd-9742-ffd86a923cea
06EAC225-E7E0-4D07-8C6F-EF166006FE3C
fac9a8de-c608-4d8f-b0e0-6c390584c41a
8600F6A8-BFA6-4748-BCD4-3FA2B999A916
859eee5f-8fb4-44a2-acf2-e14d3c12c160
cc1de051-04c9-49c2-827d-2d8c8545ff41
e8a69b58-1014-4d3c-9357-8331c19c5f59
99286975-56dc-40d1-8df5-bce6b9e914f9
98dfb86e814a28433cbe7fe04e736f6397a32df2c9b0a08bd50a325187e0c770
5CDAfAE4-FFE8-4754-A178-4f8C5DC834E0
311945f8-24c5-451c-aee3-bcd154aca963
C3B015D9-01C9-40E8-8239-98084D4C2D3F
6548c8a9-3a68-45da-a26e-e82b1630c321
AEf8EfAE-40BC-11ED-B878-0242AC120002
a9451e46-dc00-4439-9e6b-01cbd0d37b1a
e74fea73-abc7-42ca-ad37-b636f6c4df2b
887BF747-7995-456E-AA72-34B7E7C53160
44f0c7d0-8d03-453d-8587-714ef92087ae
8a26fefe-6bd5-45e2-9098-3d736d8a1c4e
9CEE4256-D2B7-4DE3-A724-1F61BB1454C8
f373eaf0-79ef-4091-8179-de622afce358
52872aa7-73a9-47f2-b4ad-83bcb412dc4c
3d175317-f1f7-4cd1-abd8-2f538b342e41
c1315d7f-bf10-4cec-811b-84c44302e7bd
110cb974-1abc-4928-a6e6-dccdca0f3ab4
a70f964c-7147-4825-afe2-d14da222f181
3c1115d7-ed74-4445-b689-63e9c10eb50c
20C49211-2465-4553-865E-9D203F402857
fc0e491c-d91b-43c6-a25c-46d566c788b7
84449ECB-F09F-4C12-A936-038948C2D980
e8fb18fd-d221-4f25-8099-6f09745136a5
9239451b-0193-4703-b98e-a487115e433a
e7596131-6e4d-47f1-b8a0-c747d3ae70f9
FA50C4AC-C196-4F3F-BD68-3DE18D27F44E
76b7a7e2-cd6d-40da-b556-bcbf7eb56da4
274dd1fb-a983-4709-91b0-825152742e1e
342d4d82-d91f-437b-bcf2-a2051bd94ac1
1d1545d4-1912-492a-87db-60ffd68461ff
12f8b46b-89fa-4b15-b3a3-946bc3abbb65
4453dbf3-1b26-4c13-956c-4b83fc1d0c49
afa1a19e-2af9-409d-8502-4a77e29b1d91
fd545960-d9ac-4e3e-bddf-76f381f163a5
4b201b06-7952-43a4-8157-96b9aeffa667

信息 应用程序记录日志信息,不得记录敏感信息 

应用程序记录日志信息,不得记录敏感信息
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs

Files:
a3/a.java, line(s) 18,25,32,17,24,31,45,46,52,53
a6/d.java, line(s) 51
a7/b0.java, line(s) 453,162,385
a7/c.java, line(s) 99,84,226
a7/o.java, line(s) 121,233,251,262
b4/g.java, line(s) 301
c1/g.java, line(s) 112,118,124,130,144
c6/f.java, line(s) 59,124,165,207,243
c6/r.java, line(s) 43
com/theartofdev/edmodo/cropper/CropImageActivity.java, line(s) 31,185
com/theartofdev/edmodo/cropper/CropOverlayView.java, line(s) 230
com/theartofdev/edmodo/cropper/c.java, line(s) 127,566
d7/o.java, line(s) 362,272
e6/d0.java, line(s) 341,475,575,636
e6/h0.java, line(s) 222,225
f0/a.java, line(s) 29
f8/k.java, line(s) 205
f8/p.java, line(s) 340,440,444,468,578,662,783
f8/r.java, line(s) 131,142,174,202,208,230,74,100,267,309,316
f8/t.java, line(s) 170
g7/c0.java, line(s) 54
h6/d3.java, line(s) 114,148,174,200,226,252,279,297,316
h6/i.java, line(s) 199
h6/p3.java, line(s) 138,377,513,531,546,563,591,749,807,828,838,399,422,588,835
h6/v2.java, line(s) 3567,3578,845,864,867,4405
h6/w2.java, line(s) 2106,2436
h7/g9.java, line(s) 667
h7/i1.java, line(s) 176,209
h7/p6.java, line(s) 76,83,130,154
h8/m.java, line(s) 76,128,173,177,182,246,254,283,311,318,329,342,372,385,399,415,436,593,681,695,220,225,421,463,554,662,669,675,683
h8/o.java, line(s) 198,637,728,769,799,843,866,923,968,161,177,196,279,357,910,958
i6/d.java, line(s) 75,118,436
i6/n.java, line(s) 236
i7/c.java, line(s) 589
j2/a.java, line(s) 186,222,277,279,64,71,75,82,208,210,216,219,268,37,67,73,79,93,101,110,175,189
j2/c.java, line(s) 58,69,71,98,102,118,132,180,223,250,303,313,317,319,324,94,100,111,233,254,270,309
j6/c.java, line(s) 22
j6/f.java, line(s) 29
j6/j.java, line(s) 27
k/d.java, line(s) 211
k3/c.java, line(s) 52
l6/s.java, line(s) 47
n/f.java, line(s) 476
n0/q.java, line(s) 37,32,42,27
net/sqlcipher/database/SQLiteCompiledSql.java, line(s) 52,63,73,81
net/sqlcipher/database/SQLiteDatabase.java, line(s) 172,1128,1141,1506,1514
net/sqlcipher/database/SQLiteDebug.java, line(s) 7,8,9,10,11,12
net/sqlcipher/database/SQLiteOpenHelper.java, line(s) 125,144
net/sqlcipher/database/SQLiteProgram.java, line(s) 44,50
net/sqlcipher/database/SQLiteQuery.java, line(s) 117
net/sqlcipher/database/SQLiteQueryBuilder.java, line(s) 231,230
net/sqlcipher/k.java, line(s) 13,24,26,30,17
o2/b.java, line(s) 30
o6/d0.java, line(s) 1052
o6/n0.java, line(s) 482,167
org/twinlife/twinlife/h.java, line(s) 129,223,276,283,302,308,395,451,482,176,187,234,245
org/twinlife/twinlife/job/a.java, line(s) 515,144,926
org/twinlife/twinlife/s.java, line(s) 264,267,54,70,100,120,162,177,210,225
org/twinlife/twinme/calls/CallService.java, line(s) 480,2043,903,1805,2585,816
org/twinlife/twinme/calls/a.java, line(s) 387,562,583,598,613,1034
org/twinlife/twinme/export/ExportService.java, line(s) 222,429
org/twinlife/twinme/services/AccountMigrationService.java, line(s) 443
org/twinlife/twinme/ui/AbstractScannerActivity.java, line(s) 696,698,700,704,657,706,418
org/twinlife/twinme/ui/AddContactActivity.java, line(s) 174,257
org/twinlife/twinme/ui/BootReceiver.java, line(s) 16
org/twinlife/twinme/ui/FeedbackActivity.java, line(s) 57
org/twinlife/twinme/ui/FullscreenQRCodeActivity.java, line(s) 262,345
org/twinlife/twinme/ui/accountMigrationActivity/AccountMigrationActivity.java, line(s) 605,140
org/twinlife/twinme/ui/accountMigrationActivity/AccountMigrationScannerActivity.java, line(s) 123,85
org/twinlife/twinme/ui/baseItemActivity/m0.java, line(s) 191
org/twinlife/twinme/ui/baseItemActivity/o.java, line(s) 337
org/twinlife/twinme/ui/baseItemActivity/o3.java, line(s) 267
org/twinlife/twinme/ui/callActivity/CallActivity.java, line(s) 871
org/twinlife/twinme/ui/callActivity/g.java, line(s) 557
org/twinlife/twinme/ui/conversationActivity/CameraActivity.java, line(s) 1040,1068,1112,1129,1173,1197,1211,373,375,582,584,671,413,974
org/twinlife/twinme/ui/conversationActivity/ConversationActivity.java, line(s) 4664,1851
org/twinlife/twinme/ui/conversationActivity/VoiceRecorderMessageView.java, line(s) 164,409
org/twinlife/twinme/ui/conversationFilesActivity/ConversationFilesActivity.java, line(s) 537
org/twinlife/twinme/ui/exportActivity/ExportActivity.java, line(s) 249
org/twinlife/twinme/ui/mainActivity/MainActivity.java, line(s) 365
org/twinlife/twinme/ui/rooms/InvitationRoomActivity.java, line(s) 220,274
org/twinlife/twinme/utils/CircularImageView.java, line(s) 141
p2/m0.java, line(s) 28,62
p6/i.java, line(s) 59
p6/s.java, line(s) 294,391
q7/c.java, line(s) 147,224
s2/a.java, line(s) 7,13,8,14
v/f.java, line(s) 183
v6/h4.java, line(s) 2111,2540,997,1002
x2/k.java, line(s) 37,66,71,76,89,92,95,98,101
y/c.java, line(s) 147
y3/e.java, line(s) 179,212
y5/b.java, line(s) 248,252,304
y6/d.java, line(s) 272,254,260,283,287,291,100,183,227,231,235,239,250
y6/e.java, line(s) 88
y6/n.java, line(s) 218,260,309,358,364,393,425,429
z3/b.java, line(s) 91
z5/a.java, line(s) 143,175,184,185

信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 

此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard

Files:
f8/p.java, line(s) 4,800

安全 此应用程序没有隐私跟踪程序 

此应用程序不包括任何用户或设备跟踪器。在静态分析期间没有找到任何跟踪器。

安全评分: ( twinme 23.6)