安全分析报告:
安全分数
安全分数 40/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
1
用户/设备跟踪器
调研结果
高危
5
中危
13
信息
2
安全
1
关注
3
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危 已启用远程WebView调试
已启用远程WebView调试 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/hqzx/hqzxdetail/activity/WebActivity2.java, line(s) 109,12,13
高危 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
com/hqzx/hqzxdetail/utils/AESCrypt.java, line(s) 15,29
高危 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/hqzx/hqzxdetail/utils/SharePreferenceUtil.java, line(s) 20
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/hqzx/hqzxdetail/activity/CGDetailsActivity.java, line(s) 143,8,9
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 Broadcast Receiver (com.chiclaim.android.downloader.SystemDownloadReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/arialyy/aria/core/task/AbsTask.java, line(s) 16 com/hqzx/hqzxdetail/utils/SharePreferenceUtil.java, line(s) 7 org/jsoup/helper/W3CDom.java, line(s) 47 org/jsoup/nodes/Comment.java, line(s) 9 org/jsoup/nodes/DocumentType.java, line(s) 12,13,15
中危 IP地址泄露
IP地址泄露 Files: com/danikula/videocache/HttpProxyCacheServer.java, line(s) 29 com/hqzx/hqzxdetail/BuildConfig.java, line(s) 9 com/snail/antifake/deviceid/IpScanner.java, line(s) 111 fi/iki/elonen/NanoHTTPD.java, line(s) 495 org/minidns/DnsClient.java, line(s) 53
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: fi/iki/elonen/NanoHTTPD.java, line(s) 300,901,999
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/arialyy/aria/orm/DelegateFind.java, line(s) 4,203 com/arialyy/aria/orm/DelegateUpdate.java, line(s) 4,30 com/arialyy/aria/orm/DelegateWrapper.java, line(s) 4,55 com/arialyy/aria/orm/SqlHelper.java, line(s) 5,6,167 com/arialyy/aria/orm/SqlUtil.java, line(s) 5,66 com/chiclaim/android/downloader/DBManager.java, line(s) 4,5,37 com/danikula/videocache/sourcestorage/DatabaseSourceInfoStorage.java, line(s) 6,7,28
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/arialyy/aria/util/CommonUtil.java, line(s) 215,212,219 com/arialyy/aria/util/FileUtil.java, line(s) 43,811 com/danikula/videocache/StorageUtils.java, line(s) 15 com/draggable/library/extension/glide/GlideHelper.java, line(s) 171 com/hqzx/hqzxdetail/activity/DetailsActivity$delFile$1.java, line(s) 47 com/hqzx/hqzxdetail/activity/ShareActivity.java, line(s) 176 com/hqzx/hqzxdetail/dialog/DialogUpdateUtils.java, line(s) 320 com/hqzx/hqzxdetail/utils/DataCleanManager.java, line(s) 29 com/hqzx/hqzxdetail/utils/GetDeviceId.java, line(s) 134,135 com/hqzx/hqzxdetail/webview/ContentUriUtil.java, line(s) 18 com/lxj/xpopup/util/XPopupUtils.java, line(s) 328 com/maning/updatelibrary/utils/MNUtils.java, line(s) 10 com/zhouyou/http/cache/RxCache.java, line(s) 307 com/zhouyou/http/subsciber/DownloadSubscriber.java, line(s) 93
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/arialyy/aria/util/CommonUtil.java, line(s) 337,351,414,554 com/chiclaim/android/downloader/util/MD5.java, line(s) 45,59 com/danikula/videocache/ProxyCacheUtils.java, line(s) 70 com/draggable/library/extension/glide/MD5Utils.java, line(s) 29 com/hqzx/hqzxdetail/utils/GetDeviceId.java, line(s) 108 com/hqzx/hqzxdetail/utils/MessageDigetUtils.java, line(s) 38
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/hjq/permissions/PermissionFragment.java, line(s) 12 com/hqzx/hqzxdetail/adapter/ZhiBofragmentAdapter.java, line(s) 15 org/jsoup/helper/DataUtil.java, line(s) 15 org/minidns/AbstractDnsClient.java, line(s) 11 org/minidns/constants/DnsRootServer.java, line(s) 11 org/minidns/iterative/IterativeDnsClient.java, line(s) 14 org/minidns/util/CollectionsUtil.java, line(s) 4
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/hqzx/hqzxdetail/utils/MessageDigetUtils.java, line(s) 48 org/minidns/AbstractDnsClient.java, line(s) 94 org/repackage/a/a/a/a/c.java, line(s) 59
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/hqzx/hqzxdetail/activity/CGDetailsActivity.java, line(s) 269,270 com/hqzx/hqzxdetail/activity/WebActivity2.java, line(s) 225,222 com/hqzx/hqzxdetail/activity/WebViewActivity.java, line(s) 73,74 com/hqzx/hqzxdetail/activity/WebViewActivity222.java, line(s) 55,56 com/hqzx/hqzxdetail/activity/WebViewYsActivity.java, line(s) 70,71
中危 应用程序包含隐私跟踪程序
此应用程序有多个1隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 openinstall统计的=> "com.openinstall.APP_KEY" : "kni70m" 8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14 1628686155461064465348252249725010996177649738666492500572664444461532807739744536029771810659241049343994038053541290419968870563183856865780916376571550372513476957870843322273120879361960335192976656756972171258658400305760429696147778001233984421619267530978084631948434496468785021389956803104620471232008587410372348519229650742022804219634190734272506220018657920136902014393834092648785514548876370028925405557661759399901378816916683122474038734912535425670533237815676134840739565610963796427401855723026687073600445461090736240030247906095053875491225879656640052743394090544036297390104110989318819106653199917493 AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7 5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551 659eab6595b14f599d146582 B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF 3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F 4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5 6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/apkfuns/logutils/Logger.java, line(s) 271,280,274,268,277,283 com/arialyy/aria/core/Aria.java, line(s) 61 com/arialyy/aria/core/AriaConfig.java, line(s) 107,114,59,174 com/arialyy/aria/core/AriaManager.java, line(s) 229,200 com/arialyy/aria/core/WidgetLiftManager.java, line(s) 20,48,42 com/arialyy/aria/core/command/AbsGroupCmd.java, line(s) 41 com/arialyy/aria/core/command/AbsNormalCmd.java, line(s) 26,32,38,43 com/arialyy/aria/core/command/AddCmd.java, line(s) 20 com/arialyy/aria/core/command/CancelAllCmd.java, line(s) 74 com/arialyy/aria/core/command/HighestPriorityCmd.java, line(s) 19 com/arialyy/aria/core/command/ResumeAllCmd.java, line(s) 16 com/arialyy/aria/core/command/ResumeThread.java, line(s) 92,94,96 com/arialyy/aria/core/command/StartCmd.java, line(s) 50,27,48,70 com/arialyy/aria/core/command/StopCmd.java, line(s) 19 com/arialyy/aria/core/common/AbsNormalTarget.java, line(s) 42,82 com/arialyy/aria/core/common/FtpOption.java, line(s) 69,73,85,94,103,112,133,142,146,150,160,164 com/arialyy/aria/core/common/HttpOption.java, line(s) 38,63,67,79 com/arialyy/aria/core/common/RecordHandler.java, line(s) 82,95,149 com/arialyy/aria/core/common/RecordHelper.java, line(s) 127,72,76,79,85,89,92,98,119,130,41,112 com/arialyy/aria/core/common/SFtpOption.java, line(s) 32,36,47,56,65,74,83 com/arialyy/aria/core/common/controller/FeatureController.java, line(s) 111,115,121 com/arialyy/aria/core/common/controller/NormalController.java, line(s) 81,83 com/arialyy/aria/core/config/BaseConfig.java, line(s) 23 com/arialyy/aria/core/config/BaseTaskConfig.java, line(s) 67 com/arialyy/aria/core/config/DGroupConfig.java, line(s) 43 com/arialyy/aria/core/config/DownloadConfig.java, line(s) 49 com/arialyy/aria/core/config/UploadConfig.java, line(s) 25 com/arialyy/aria/core/config/XMLReader.java, line(s) 143,299,323 com/arialyy/aria/core/download/CheckDEntityUtil.java, line(s) 33,79,83,87,93,138,142,146,125,128,64,67,73 com/arialyy/aria/core/download/CheckDGEntityUtil.java, line(s) 70,39,44,48,52,96,108,116,168,179,185,188,191,212,64,99,152 com/arialyy/aria/core/download/CheckFtpDirEntityUtil.java, line(s) 31,35,40,59,69,73,83,87,93,51 com/arialyy/aria/core/download/DownloadEntity.java, line(s) 43 com/arialyy/aria/core/download/DownloadReceiver.java, line(s) 95,130,149,166,188 com/arialyy/aria/core/download/M3U8Entity.java, line(s) 103 com/arialyy/aria/core/download/m3u8/M3U8LiveOption.java, line(s) 19 com/arialyy/aria/core/download/m3u8/M3U8Option.java, line(s) 30,36 com/arialyy/aria/core/download/m3u8/M3U8VodOption.java, line(s) 21,30,39 com/arialyy/aria/core/download/target/DNormalConfigHandler.java, line(s) 54,45,49 com/arialyy/aria/core/download/target/GroupBuilderTarget.java, line(s) 31 com/arialyy/aria/core/download/target/GroupNormalTarget.java, line(s) 60 com/arialyy/aria/core/download/target/HttpGroupConfigHandler.java, line(s) 45,49 com/arialyy/aria/core/download/target/M3U8NormalTarget.java, line(s) 19,21 com/arialyy/aria/core/download/tcp/TcpDelegate.java, line(s) 16,25,34,43 com/arialyy/aria/core/event/EventMsgUtil.java, line(s) 79,83 com/arialyy/aria/core/group/AbsGroupLoader.java, line(s) 274,149,152 com/arialyy/aria/core/group/AbsGroupLoaderUtil.java, line(s) 81 com/arialyy/aria/core/group/AbsSubDLoadUtil.java, line(s) 114,128 com/arialyy/aria/core/group/SimpleSchedulers.java, line(s) 71,96,108,109,138,45,88,141,39 com/arialyy/aria/core/group/SimpleSubQueue.java, line(s) 57,61,74,80,130,150,155,90,95 com/arialyy/aria/core/inf/AbsReceiver.java, line(s) 57 com/arialyy/aria/core/inf/AbsTarget.java, line(s) 35 com/arialyy/aria/core/listener/BaseListener.java, line(s) 103,119 com/arialyy/aria/core/listener/DownloadGroupListener.java, line(s) 141 com/arialyy/aria/core/loader/AbsNormalLoader.java, line(s) 98,124,138,141,190,246,247,134,154,172,237 com/arialyy/aria/core/loader/AbsNormalLoaderUtil.java, line(s) 76 com/arialyy/aria/core/loader/GroupSubThreadStateManager.java, line(s) 60,219,222 com/arialyy/aria/core/loader/NormalTTBuilder.java, line(s) 92,113,126,73,116 com/arialyy/aria/core/loader/NormalThreadStateManager.java, line(s) 62,215,218 com/arialyy/aria/core/loader/SubLoader.java, line(s) 86,91,202,203,98,103,143,152,183 com/arialyy/aria/core/loader/UploadThreadStateManager.java, line(s) 62,200,203 com/arialyy/aria/core/manager/SubTaskManager.java, line(s) 33,38,44 com/arialyy/aria/core/manager/TaskWrapperManager.java, line(s) 58,78,92 com/arialyy/aria/core/manager/ThreadTaskManager.java, line(s) 73,112,142,147,187,192,227,239,243 com/arialyy/aria/core/queue/AbsTaskQueue.java, line(s) 277,285,292,303,313,191,220,80,93,97,151,197,214,217,230,238,248,261,308 com/arialyy/aria/core/queue/DGroupTaskQueue.java, line(s) 53 com/arialyy/aria/core/queue/DTaskQueue.java, line(s) 59,104 com/arialyy/aria/core/queue/UTaskQueue.java, line(s) 57 com/arialyy/aria/core/queue/pool/BaseCachePool.java, line(s) 48,34,66,87,98,38 com/arialyy/aria/core/queue/pool/BaseExecutePool.java, line(s) 72,30,34,102,123,134,81 com/arialyy/aria/core/queue/pool/DLoadExecutePool.java, line(s) 20,27,50 com/arialyy/aria/core/scheduler/FailureTaskHandler.java, line(s) 77 com/arialyy/aria/core/scheduler/TaskSchedulers.java, line(s) 223,226,230,236,239,84,110,113,116,135,315,413,369 com/arialyy/aria/core/task/AbsTask.java, line(s) 133,138,51,124,129,154,172,53 com/arialyy/aria/core/task/ThreadTask.java, line(s) 128,196,293,315,307,348,132,162,165,194,199,236,358,363,373,375,320,325,337,342 com/arialyy/aria/core/upload/CheckUEntityUtil.java, line(s) 28,41,45,53,59,66,70,74 com/arialyy/aria/core/upload/UploadReceiver.java, line(s) 138,159,178 com/arialyy/aria/core/upload/target/HttpNormalTarget.java, line(s) 31 com/arialyy/aria/http/ChunkedInputStream.java, line(s) 20,25,49,51 com/arialyy/aria/http/ConnectionHelp.java, line(s) 34,48,51 com/arialyy/aria/http/download/HttpDFileInfoTask.java, line(s) 71,159,226,291,301,309,345,295,371,237,282,288 com/arialyy/aria/http/download/HttpDGInfoTask.java, line(s) 38,84,157,44,138 com/arialyy/aria/http/download/HttpDTTBuilderAdapter.java, line(s) 26,46 com/arialyy/aria/http/download/HttpDThreadTaskAdapter.java, line(s) 56,59 com/arialyy/aria/http/upload/HttpULoader.java, line(s) 50 com/arialyy/aria/http/upload/HttpUThreadTaskAdapter.java, line(s) 156 com/arialyy/aria/m3u8/BaseM3U8Loader.java, line(s) 58 com/arialyy/aria/m3u8/M3U8InfoTask.java, line(s) 144,152,165,258,297,300,330,338 com/arialyy/aria/m3u8/M3U8ThreadTaskAdapter.java, line(s) 65,164 com/arialyy/aria/m3u8/live/LiveStateManager.java, line(s) 48,52,93,108 com/arialyy/aria/m3u8/live/M3U8LiveLoader.java, line(s) 144,230,146,210,68 com/arialyy/aria/m3u8/vod/M3U8VodLoader.java, line(s) 163,188,344,392,396,429,316,321,325,351,388,328,412,413,442 com/arialyy/aria/m3u8/vod/VodRecordHandler.java, line(s) 47 com/arialyy/aria/m3u8/vod/VodStateManager.java, line(s) 54,76,85,132,133,188,255 com/arialyy/aria/orm/DelegateFind.java, line(s) 217,437,513,517,38,46,50,58,62,76,322,354 com/arialyy/aria/orm/DelegateUpdate.java, line(s) 41,59,88,109 com/arialyy/aria/orm/SqlHelper.java, line(s) 144,196,232,323,386,389,154,159 com/arialyy/aria/orm/SqlUtil.java, line(s) 85,94,215 com/arialyy/aria/util/ALog.java, line(s) 46 com/arialyy/aria/util/AriaServiceLoader.java, line(s) 173 com/arialyy/aria/util/CheckUtil.java, line(s) 35,47,59,73,84,88,94,102,38,50,62 com/arialyy/aria/util/CommonUtil.java, line(s) 224,229,241,246,259,368,371,122,130,136,201,341,379,384,392,397,144,109,184 com/arialyy/aria/util/ComponentUtil.java, line(s) 107 com/arialyy/aria/util/DeleteDGRecord.java, line(s) 35,44,50 com/arialyy/aria/util/DeleteDRecord.java, line(s) 40,49,61 com/arialyy/aria/util/DeleteM3u8Record.java, line(s) 41,50,57 com/arialyy/aria/util/DeleteURecord.java, line(s) 38,47 com/arialyy/aria/util/FileUtil.java, line(s) 90,104,106,301,322,343,425,447,519,545,96,138,170,226,233,308,410 com/arialyy/aria/util/RecordUtil.java, line(s) 17,72,78 com/arialyy/aria/util/SSLContextUtil.java, line(s) 106 com/billy/android/loading/Gloading.java, line(s) 196 com/chiclaim/android/downloader/util/Logger.java, line(s) 19,24,14 com/danikula/videocache/Logger.java, line(s) 15,33,21,27 com/draggable/library/core/DraggableImageView.java, line(s) 561 com/draggable/library/core/DraggableZoomCore.java, line(s) 186,194,202,204,212,290,354,362,380,438 com/draggable/library/core/photoview/CustomGestureDetector.java, line(s) 125 com/draggable/library/core/photoview/PhotoViewAttacher.java, line(s) 128,509,510,587 com/draggable/library/extension/glide/GlideHelper.java, line(s) 85,202,213 com/hqzx/hqzxdetail/activity/MoveDetilsActivity.java, line(s) 507,516,519 com/hqzx/hqzxdetail/activity/WebViewActivity$initWebChromeClient$1.java, line(s) 34 com/hqzx/hqzxdetail/activity/WebViewActivity.java, line(s) 340,235 com/hqzx/hqzxdetail/activity/WebViewActivity222$initWebChromeClient$1.java, line(s) 34 com/hqzx/hqzxdetail/activity/WebViewActivity222.java, line(s) 225,116 com/hqzx/hqzxdetail/activity/WebViewYsActivity$initWebChromeClient$1.java, line(s) 34 com/hqzx/hqzxdetail/activity/WebViewYsActivity.java, line(s) 157,310,205 com/hqzx/hqzxdetail/adapter/cache/MVodOption.java, line(s) 28,29,41,42 com/hqzx/hqzxdetail/adapter/service/MyServer.java, line(s) 50,21,24,27,38 com/hqzx/hqzxdetail/app/App$resolveDnsTxt$1.java, line(s) 61 com/hqzx/hqzxdetail/dialog/DialogUpdateUtils.java, line(s) 326 com/hqzx/hqzxdetail/utils/MessageDigetUtilsKt.java, line(s) 12,15,17,20,22,25 com/hqzx/hqzxdetail/view/RenRenCallback.java, line(s) 68 com/hqzx/hqzxdetail/view/bannerViewPager/BannerViewPager.java, line(s) 147,152 com/hqzx/hqzxdetail/viewmodel/CGDetailsViewModel.java, line(s) 92 com/hqzx/hqzxdetail/viewmodel/MoveDetilsViewModel.java, line(s) 80 com/hqzx/hqzxdetail/viewmodel/MoveFragmentViewModel.java, line(s) 72 com/hqzx/hqzxdetail/webview/X5ProcessInitService.java, line(s) 21,28 com/jakewharton/disklrucache/DiskLruCache.java, line(s) 110 com/kk/taurus/playerbase/AVPlayer.java, line(s) 130,195,196,197,198,199,140,205 com/kk/taurus/playerbase/assist/OnAssistPlayEventHandler.java, line(s) 58 com/kk/taurus/playerbase/assist/OnVideoViewEventHandler.java, line(s) 58 com/kk/taurus/playerbase/assist/RelationAssist.java, line(s) 141,149 com/kk/taurus/playerbase/cache/PreloadManager.java, line(s) 67,83,46 com/kk/taurus/playerbase/config/AppContextAttach.java, line(s) 18 com/kk/taurus/playerbase/event/BundlePool.java, line(s) 25 com/kk/taurus/playerbase/extension/NetworkEventProducer.java, line(s) 31 com/kk/taurus/playerbase/log/DebugLog.java, line(s) 138,181 com/kk/taurus/playerbase/log/PLog.java, line(s) 10,22,16 com/kk/taurus/playerbase/player/SysMediaPlayer.java, line(s) 37,50,92,98,105,108,114,120,126,130,134,142,150,157,287,290,493,495 com/kk/taurus/playerbase/player/TimerCounterProxy.java, line(s) 44,47 com/kk/taurus/playerbase/receiver/BaseLevelCoverContainer.java, line(s) 29,34,39 com/kk/taurus/playerbase/receiver/BaseReceiver.java, line(s) 83 com/kk/taurus/playerbase/receiver/DefaultLevelCoverContainer.java, line(s) 41,46,50 com/kk/taurus/playerbase/record/PlayRecord.java, line(s) 30,53 com/kk/taurus/playerbase/render/RenderMeasure.java, line(s) 156 com/kk/taurus/playerbase/render/RenderSurfaceView.java, line(s) 84,90,125,133,141,58 com/kk/taurus/playerbase/render/RenderTextureView.java, line(s) 82,90,96,168,178,185,200,208,216 com/kk/taurus/playerbase/touch/BaseGestureCallbackHandler.java, line(s) 54 com/kk/taurus/playerbase/widget/BaseVideoView.java, line(s) 137,154,190,198,264,272,176,430 com/kk/taurus/playerbase/widget/SuperContainer.java, line(s) 201,234,209 com/leaf/library/StatusBarUtil.java, line(s) 106,122 com/lxj/xpermission/XPermission.java, line(s) 365 com/maning/updatelibrary/InstallUtils.java, line(s) 165,207 com/maning/updatelibrary/http/DownloadFileUtils.java, line(s) 139,178 com/snail/antifake/deviceid/IpScanner.java, line(s) 46,89,119 com/zhouyou/http/EasyHttp.java, line(s) 416,421,430,435 com/zhouyou/http/body/UploadProgressRequestBody.java, line(s) 41,80 com/zhouyou/http/cache/RxCache.java, line(s) 95,64 com/zhouyou/http/cache/converter/GsonDiskConverter.java, line(s) 37,42,47,52,56,75,79,83,87,90 com/zhouyou/http/cache/converter/SerializableDiskConverter.java, line(s) 25,30,43,49,82 com/zhouyou/http/cache/core/CacheCore.java, line(s) 17,31,37,49 com/zhouyou/http/cache/stategy/BaseStrategy.java, line(s) 47,51,57,59,86,92 com/zhouyou/http/cookie/PersistentCookieStore.java, line(s) 131,140,143 com/zhouyou/http/func/RetryExceptionFunc.java, line(s) 53 com/zhouyou/http/https/HttpsUtils.java, line(s) 71,81,83,85,87,102,104,106,108,110,112 com/zhouyou/http/interceptor/BaseDynamicInterceptor.java, line(s) 112 com/zhouyou/http/interceptor/BaseExpiredInterceptor.java, line(s) 34 com/zhouyou/http/interceptor/CacheInterceptor.java, line(s) 36 com/zhouyou/http/interceptor/CacheInterceptorOffline.java, line(s) 30 com/zhouyou/http/interceptor/HeadersInterceptor.java, line(s) 29 com/zhouyou/http/model/HttpHeaders.java, line(s) 123 com/zhouyou/http/request/BaseRequest.java, line(s) 320,325 com/zhouyou/http/subsciber/BaseSubscriber.java, line(s) 20,36,41,43,47,53 com/zhouyou/http/subsciber/DownloadSubscriber.java, line(s) 54,60,110,101,129,149,164,165 com/zhouyou/http/utils/HttpLog.java, line(s) 66,82,94,106,118,130,142,154,166,178,190,202,214,226,238 com/zhouyou/http/utils/HttpUtil.java, line(s) 32 com/zhouyou/http/utils/RxUtil.java, line(s) 23,28,42,47,61,66 fi/iki/elonen/util/ServerRunner.java, line(s) 15,18,24 me/drakeet/multitype/MultiTypeAdapter.java, line(s) 143 xyz/doikki/videoplayer/util/L.java, line(s) 15,21,27,33
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/hqzx/hqzxdetail/activity/ShareActivity.java, line(s) 5,137,138 com/hqzx/hqzxdetail/fragment/JiaFenFragment.java, line(s) 4,152,153
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/arialyy/aria/util/SSLContextUtil.java, line(s) 91,82,83,83 com/hqzx/hqzxdetail/app/App.java, line(s) 199,256 com/zhouyou/http/EasyHttp.java, line(s) 77,74 com/zhouyou/http/https/HttpsUtils.java, line(s) 79,161,41,77,77,159,159 com/zhouyou/http/request/BaseRequest.java, line(s) 192,397 fi/iki/elonen/NanoHTTPD.java, line(s) 1466,1464,1463,1463 org/minidns/dane/X509TrustManagerUtil.java, line(s) 20,19,16,18
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (yingshi.shop) 通信。
{'ip': '61.160.148.90', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (ulogs.umengcloud.com) 通信。
{'ip': '61.160.148.90', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '南京', 'latitude': '32.061668', 'longitude': '118.777992'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (aria.laoyuyu.me) 通信。
{'ip': '118.24.25.24', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}