安全分析报告:
安全分数
安全分数 45/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
2
用户/设备跟踪器
调研结果
高危
6
中危
27
信息
3
安全
2
关注
42
高危 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/nirvana/tools/core/UTSharedPreferencesHelper.java, line(s) 16,9 com/nirvana/tools/logger/utils/UTSharedPreferencesHelper.java, line(s) 31
高危 使用弱加密算法
使用弱加密算法 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/baidubce/auth/NTLMEngineImpl.java, line(s) 420,394,397,455,513 com/cyjh/ddy/a/a.java, line(s) 33,58 com/mci/play/util/EncryDES.java, line(s) 213,216 com/nirvana/tools/core/CryptUtil.java, line(s) 149 com/yd/yunapp/gameboxlib/utils/TapasTripleDesUtils.java, line(s) 18,44
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/cyjh/ddy/a/a.java, line(s) 33,58 com/yd/yunapp/gameboxlib/utils/TapasTripleDesUtils.java, line(s) 18,44 yunapp/gamebox/a.java, line(s) 10,17 yunapp/gamebox/j.java, line(s) 11,21
高危 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: org/xutils/BuildConfig.java, line(s) 3,5
高危 应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文
应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode Files: com/yd/yunapp/gameboxlib/utils/AESEncrypt.java, line(s) 28,39
高危 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: com/haima/hmcp/utils/HTTPSTrustManager.java, line(s) 36,8,9,10,11,12,13 org/xutils/x.java, line(s) 101,5,6
中危 应用程序数据存在被泄露的风险
未设置[android:allowBackup]标志 这个标志 [android:allowBackup]应该设置为false。默认情况下它被设置为true,允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Activity设置了TaskAffinity属性
(com.jarvan.fluwx.wxapi.FluwxWXEntryActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity设置了TaskAffinity属性
(com.chuanchuanyun.android.wxapi.WXEntryActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity (com.tencent.tauth.AuthActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Service (com.blankj.utilcode.util.MessengerUtils$ServerService) 未被保护。
存在一个intent-filter。 发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。
中危 Service (com.umeng.message.component.UmengIntentService) 未被保护。
存在一个intent-filter。 发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。
中危 Service (com.umeng.message.component.UmengMessageReceiverService) 未被保护。
存在一个intent-filter。 发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。
中危 Service (com.umeng.message.component.UmengMessageHandlerService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Activity设置了TaskAffinity属性
(com.umeng.message.notify.UPushMessageNotifyActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity设置了TaskAffinity属性
(com.umeng.message.UMessageNotifyActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity-Alias (com.umeng.message.UMessageNotifyActivity) 未被保护。
存在一个intent-filter。 发现 Activity-Alias与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity-Alias是显式导出的。
中危 Service (com.taobao.accs.ChannelService) 未被保护。
存在一个intent-filter。 发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。
中危 Service (com.taobao.accs.data.MsgDistributeService) 未被保护。
存在一个intent-filter。 发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。
中危 Service (org.android.agoo.accs.AgooService) 未被保护。
存在一个intent-filter。 发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。
中危 Broadcast Receiver (com.taobao.accs.EventReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.taobao.accs.ServiceReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.taobao.agoo.AgooCommondReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 IP地址泄露
IP地址泄露 Files: com/bytedance/dns/DnsCache.java, line(s) 21 com/bytedance/dns/b.java, line(s) 29,32,42,42,42,42,42,42,42,42 com/cyjh/ddy/base/util/NetworkUtils.java, line(s) 93 com/cyjh/ddy/media/media/webrtc/VideoStreamFirstMsg.java, line(s) 4 com/volcengine/common/config/AppSettingsPlatform.java, line(s) 28,28 com/volcengine/d/d.java, line(s) 183,218,200,226 com/volcengine/e/a.java, line(s) 44,44,42,42,42,42,42,44,44,44,44,42,42,42 com/volcengine/h/a.java, line(s) 35,35,35,35,35 com/volcengine/m/p.java, line(s) 169 com/yd/yunapp/gameboxlib/utils/AuthManager.java, line(s) 21 org/android/spdy/SpdyAgent.java, line(s) 346 org/android/spdy/SpdyRequest.java, line(s) 29,55,74,97,122,142,168,187,210,235
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/alicom/tools/networking/ParamsUtils.java, line(s) 54 com/baidubce/auth/NTLMEngineImpl.java, line(s) 430,1098 com/baidubce/util/HashUtils.java, line(s) 16 com/baidubce/util/MD5DigestCalculatingInputStream.java, line(s) 14,24 com/bytedance/downloader/core/q.java, line(s) 101,162 com/cyjh/ddy/base/util/FileUtils.java, line(s) 810 com/cyjh/ddy/base/util/p.java, line(s) 108 com/cyjh/ddy/base/utils/l.java, line(s) 14 com/haima/hmcp/utils/CryptoUtils.java, line(s) 216 com/haima/hmcp/utils/FileUtil.java, line(s) 17 com/mci/play/util/EncryDES.java, line(s) 211 com/nirvana/tools/core/AppUtils.java, line(s) 116 com/nirvana/tools/core/CryptUtil.java, line(s) 202 com/nirvana/tools/logger/uaid/UaidUtils.java, line(s) 53 com/nirvana/tools/logger/utils/LocalDeviceUtil.java, line(s) 19 com/yd/yunapp/gameboxlib/stat/TokenManager.java, line(s) 128 com/yd/yunapp/gameboxlib/utils/DigestEncodingUtils.java, line(s) 58,95 com/yd/yunapp/gameboxlib/utils/FileHelper.java, line(s) 64 org/xutils/common/util/MD5.java, line(s) 35,75 yunapp/gamebox/c.java, line(s) 9
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/haima/hmcp/countly/CountlyDbPolicy.java, line(s) 6,7,86 com/nirvana/tools/logger/cache/db/AbstractDatabase.java, line(s) 6,417 com/nirvana/tools/logger/cache/db/DBHelper.java, line(s) 4,5,23 org/xutils/db/DbManagerImpl.java, line(s) 4,5,544
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/bytedance/dns/DnsHttpCloud.java, line(s) 12 com/bytedance/http/a/g.java, line(s) 28 com/cyjh/ddy/net/bean/base/BaseHttpReq.java, line(s) 10 com/haima/hmcp/business/HmcpRequestManager.java, line(s) 138 com/haima/hmcp/rtc/widgets/IjkVideoView.java, line(s) 58 com/haima/hmcp/rtmp/widgets/IjkVideoView.java, line(s) 65 com/haima/hmcp/utils/ConnectivityCheck.java, line(s) 10 com/haima/hmcp/utils/CryptoUtils.java, line(s) 11 com/haima/hmcp/utils/DnsManager.java, line(s) 17 com/haima/hmcp/websocket/FrameProtocol.java, line(s) 6 com/haima/hmcp/websocket/Handshake.java, line(s) 9 com/hjq/permissions/PermissionFragment.java, line(s) 14 com/yd/yunapp/gameboxlib/impl/net/MarketingRequest.java, line(s) 26 org/android/spdy/SpdyBytePool.java, line(s) 3 org/webrtc/haima/HmRtcGlobalConfig.java, line(s) 11 org/webrtc/haima/audio/HmAudioManager.java, line(s) 5 org/webrtc/haima/camera/HmCameraManager.java, line(s) 10 yunapp/gamebox/h.java, line(s) 43
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/cyjh/ddy/base/util/CrashUtils.java, line(s) 44,46 com/cyjh/ddy/base/util/LogUtils.java, line(s) 664,665 com/cyjh/ddy/base/util/SDCardUtils.java, line(s) 20,24 com/cyjh/ddy/base/util/ak.java, line(s) 50,70,163 com/cyjh/ddy/base/util/i.java, line(s) 32 com/cyjh/ddy/base/util/y.java, line(s) 167,171,175,179,183,187,191,195,199,203,211,213,108,112,116,120,124,128,132,136,140,144,152,154 com/cyjh/ddy/thirdlib/lib_hwobs/b.java, line(s) 19 com/example/imagegallerysaver/ImageGallerySaverPlugin.java, line(s) 99 com/haima/hmcp/HmcpManager.java, line(s) 293 com/haima/hmcp/cloud/DownloadTask.java, line(s) 82,332,333,463 com/lxj/xpopup/util/XPopupUtils.java, line(s) 364,387 com/mci/play/log/SaveVideoFileInfo.java, line(s) 60,68 com/mr/flutter/plugin/filepicker/FilePickerDelegate.java, line(s) 216 com/mr/flutter/plugin/filepicker/FileUtils.java, line(s) 173 com/yd/yunapp/gameboxlib/DeviceControlImpl.java, line(s) 477 com/yd/yunapp/gameboxlib/utils/LogHelper.java, line(s) 52 org/hmwebrtc/log/WebrtcLoggableHelp.java, line(s) 228,255 org/hmwebrtc/utils/FiledStringParser.java, line(s) 24,33,52 org/hmwebrtc/utils/PathUtils.java, line(s) 115 org/webrtc/haima/PeerConnectionClient.java, line(s) 215 org/xutils/common/util/FileUtil.java, line(s) 38,50 yunapp/gamebox/g.java, line(s) 79,100 yunapp/gamebox/h.java, line(s) 174,176,223,472,581
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/alicom/tools/networking/NetConstant.java, line(s) 10,19 com/baidubce/BceClientConfiguration.java, line(s) 475 com/baidubce/services/bos/model/BosObject.java, line(s) 46 com/baidubce/services/bos/model/BosObjectSummary.java, line(s) 72 com/baidubce/services/sts/model/GetSessionTokenResponse.java, line(s) 45 com/chuanchuanyun/android/jsq_project/Config.java, line(s) 11 com/cyjh/ddy/net/bean/base/BaseResultWrapper.java, line(s) 20 com/haima/hmcp/Constants.java, line(s) 118,8,368,769 com/haima/hmcp/HmcpManager.java, line(s) 76 com/haima/hmcp/beans/CloudIdResult.java, line(s) 23 com/haima/hmcp/beans/CommonMeta.java, line(s) 8 com/haima/hmcp/beans/GetCloudServiceResult2.java, line(s) 19 com/haima/hmcp/business/HmcpRequestManager.java, line(s) 147 com/haima/hmcp/business/VolleyManager.java, line(s) 66 com/haima/hmcp/business/sensor/HmSensorManager.java, line(s) 42 com/haima/hmcp/countly/HttpCountly.java, line(s) 22,24,26,27,28,30,176 com/haima/hmcp/utils/DataUtils.java, line(s) 15 com/haima/hmcp/widgets/AbsIjkVideoView.java, line(s) 2842,2853 com/mci/play/so/HandlerNetworkRequest.java, line(s) 38 com/mci/play/util/EncryDES.java, line(s) 16 com/nirvana/tools/logger/UaidTracker.java, line(s) 33,34,35 com/nirvana/tools/logger/utils/UTSharedPreferencesHelper.java, line(s) 14,15 com/volcengine/androidcloud/common/pod/PodInfo.java, line(s) 373 com/volcengine/common/contant/InternalConstants.java, line(s) 4,5,7,6 com/volcengine/l/c.java, line(s) 70,100 com/yd/yunapp/gameboxlib/impl/net/ServerUrl.java, line(s) 67,71,11 com/yd/yunapp/gameboxlib/utils/AESEncrypt.java, line(s) 13 com/yd/yunapp/gameboxlib/utils/DxHttpClient.java, line(s) 331 org/android/spdy/SpdyProtocol.java, line(s) 43 org/webrtc/haima/HmAVDelayCloudConfig.java, line(s) 17 org/webrtc/haima/HmRtcSdkCloudCfg.java, line(s) 19 org/webrtc/haima/HmRtcSdkTurnCfg.java, line(s) 13,11 org/webrtc/haima/JankStatisticsTool.java, line(s) 20,21,23,24,22 org/xutils/common/util/KeyValue.java, line(s) 46
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/alicom/tools/networking/ParamsUtils.java, line(s) 84 com/baidubce/auth/NTLMEngineImpl.java, line(s) 74 com/haima/hmcp/utils/CryptoUtils.java, line(s) 32,48 com/yd/yunapp/gameboxlib/utils/SignCheck.java, line(s) 85,91 dev/fluttercommunity/plus/packageinfo/PackageInfoPlugin.java, line(s) 161 org/repackage/a/a/a/a/c.java, line(s) 60 yunapp/gamebox/d.java, line(s) 10
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/jarvan/fluwx/io/ImagesIOIml.java, line(s) 51
中危 应用程序包含隐私跟踪程序
此应用程序有多个2隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 友盟统计的=> "UMENG_MESSAGE_SECRET" : "93abb1d0cd317582b2bca5a79094f313" 友盟统计的=> "UMENG_CHANNEL" : "c360" 微信分享的=> "WX_APPID" : "wxd7810d2c5e8c1fe3" 友盟统计的=> "UMENG_APPKEY" : "61a73b8de014255fcb954dba" 凭证信息=> "DDY_SDK_APPKEY" : "496330BACD9BBCF0" 百度地图的=> "com.baidu.lbsapi.API_KEY" : "TwQtM8GYgVBTFQlIigN4nxT5frIPlK8M" "authsdk_app_name" : "PhoneNumberAuthSDK" "haima_hmcp_scene_open_api_release_instance" : "open_api_release_instance" "haima_hmcp_scene_token_expire" : "multi_token_expire" F46B117B-CBC7-4ac2-8F3C-43C1649DC760 2d6aa33c-9638-42ab-87fc-78ae6d8f923c D1889DD681CFE66E0D78EF1EADCB952AE2524E07660D859691637524C7E881207E43EDF7E17EB1EDF38941A8A2E4EB18CC4EC18BEEB92ED810654FD0F77177089BB0E058821217849D18071E90CD5300150DC89A019A3B67FA3E74692A206ADBC834A5615719927091C12068DB85BDB70BF55D1095CB5F9C3CD9C9B8ABBC5C49 e6b11d361691b3a0887b64c6da0c29b2d792e84f ngZlTTem7Pjdm1V9bJgQ6iQvFHsvT+vNgJ3wAIRd+iCMXm8y96yZhD2+SH5odBYS2 db36880a-a810-46eb-9c73-603f1e6ce686 181a04e37c06fe4984b3a0df9e08e595 0b2ce052-5930-42bc-a2d2-7e0e20aeeb35 26c0da7d-9fe5-4236-8936-f0229dc63dc4 MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5se07mkN71qsSJHjZ2Z0+Z+4LlLvf2sz7Md38VAa3EmAOvI7vZp3hbAxicL724ylcmisTPtZQhT/9C+25AELqy9PN9JmzKpwoVTUoJvxG4BoyT49+gGVl6s6zo1byNoHUzTfkmRfmC9MC53HvG8GwKP5xtcdptFjAIcgIR7oAWQIDAQAB 3096ba30c19b4f0884396dfc569b1a06 626dfc8e-7d53-4532-a85d-6ef09882a49d 014a06685f0JVDULT/MIGfMA0GCSqGSIb3DQEBAQUAA4G c9f705eb632342458498217e71f31ec1 f8072b317a936623251258810df09d4e nsjV57o+phSlqM0B5aPiMScxWJmCzFRX4NKcjt6KGP+3GpzmTyrpavnYQtHasperH bb392ec0-8d4d-11e0-a896-0002a5d5c51b 1c55f23ebf274e2c91a3ad89d2260138 SIVmFto6HKuR7DkjSsbGBfKVByHquZIahysShfVG c06c8400-8e06-11e0-9cb6-0002a5d5c51b MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6YCzxZS0FaWDOdtwgcHJ c4de589e-a409-46fe-bbee-60e0d3e5d7dd MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/YHP9utFGOhGk7Xf5L7jOgQz5 bce7815f8b285dceb1c1ee9e 3949729b-9a58-4ffc-b720-770f67212d1c MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLShWjAtxJv3g2VPIYOOAv4rnVDdLkdseKm7+KOkCBLV9SKY5oqksFaXcLZ+nRnjnczhze5eGKhevwliUyag6x96GyXI2WagKIoB7Uwl2byl0xB5bNvYzf+x/DKHTSoGJshU6shXWXcjGFq+mUiPhM3WGZoqdY+vvqOWD+tga8XQIDAQAB 9c0edb3f80d8d9adc71bb544b6dc87743340e829 n+APJWeeIsUEJHi0FSf3EmwAtNgcJwLYed8Lrem+2+qvFY8RRjH3w4jT/wl2HKGEY 90d650d9df1309de652aacbef8228710 c06602c398914b21b1ecdd920f67c0b0 TA81xHv7NrK5BuyWZeUcQIC9 n4aw0AoExz4atTkUlZJIf9eNLj7ogTlQGANNzE2R/uskFse2GsCqJKFTk4UraBkzf 337cb5ac648fd8e325c409636fc7dbc7 9628a2e0-9bda-4c0b-b2fd-902063900474
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a/a/a/b/d.java, line(s) 37,77,22,51,61,64 a/a/a/b/e.java, line(s) 52,60 a/a/a/b/f.java, line(s) 26,30 a/a/a/b/i.java, line(s) 86,123,176,180,313,332,422,426,456,506,535,587,635,637,645,652,655,711,732,755,767,838,855,880,903,74,81,104,126,140,147,151,155,159,166,170,183,189,281,337,341,350,385,391,408,424,440,443,472,477,492,498,531,558,565,572,649,673,682,686,690,694,698,702,722,788 a/a/a/b/k.java, line(s) 58,79 a/a/a/c/a.java, line(s) 76,84,96 a/a/a/e/a.java, line(s) 30 a/a/a/e/b.java, line(s) 33,45,50 a/a/a/g/a.java, line(s) 23 a/a/a/g/b.java, line(s) 52,78,97,114,147,199,207,249,91,155,223,237,274,286,294,321,137 a/a/a/h/d.java, line(s) 24 a/a/a/i/b/a.java, line(s) 45,72,100,30 a/a/a/i/b/c.java, line(s) 63,160,212,235,230 a/a/a/i/b/d.java, line(s) 115,128,192,195,55,65,73,80,97,104,109,163 a/a/a/i/c/f.java, line(s) 106,112,136,186 a/a/a/i/d/a.java, line(s) 152,160,173 a/a/a/i/d/b.java, line(s) 45,40,48 a/a/a/i/e/a.java, line(s) 62 a/a/a/i/e/b.java, line(s) 116,147,151,51,65,77,82,113 a/a/a/i/f/a.java, line(s) 26 a/a/a/i/f/b.java, line(s) 50,53,58,62 com/alicom/tools/networking/PopRequest.java, line(s) 80,127 com/alicom/tools/networking/Request.java, line(s) 78 com/alicom/tools/networking/StringUtil.java, line(s) 16 com/baidubce/auth/BceV1Signer.java, line(s) 82 com/baidubce/http/BceHttpClient.java, line(s) 102,134,147,161,165,178,182 com/baidubce/http/BceHttpResponse.java, line(s) 38,51 com/baidubce/http/DefaultRetryPolicy.java, line(s) 61,49,57,65,70,76 com/baidubce/services/bos/BosClient.java, line(s) 569,581,620,726,956,963,977,985,997,1028,1225,1264,1341,1409,1229,1268,1278,1389,1407,1411,595 com/baidubce/services/bos/BosObjectResponseHandler.java, line(s) 49,59 com/baidubce/util/BLog.java, line(s) 83,89,95,101,107,23,29,35,41,47,113,119,125,131,137,53,59,65,71,77 com/baidubce/util/HttpUtils.java, line(s) 137,138,141,148,149,152 com/baidubce/util/Mimetypes.java, line(s) 30,39,46,57,83,86,99,102,104,51,62 com/baseflow/permissionhandler/AppSettingsManager.java, line(s) 17 com/baseflow/permissionhandler/PermissionManager.java, line(s) 142,209,213,270,276,281,297 com/baseflow/permissionhandler/PermissionUtils.java, line(s) 571,575,580 com/baseflow/permissionhandler/ServiceManager.java, line(s) 27 com/bun/miitmdid/w.java, line(s) 38 com/chuanchuanyun/android/jsq_project/MyApplication.java, line(s) 20 com/contrarywind/view/WheelView.java, line(s) 337 com/cyjh/ddy/base/makeramen/roundedimageview/RoundedImageView.java, line(s) 267,304 com/cyjh/ddy/base/makeramen/roundedimageview/b.java, line(s) 117 com/cyjh/ddy/base/util/ApiUtils.java, line(s) 77,81 com/cyjh/ddy/base/util/AppUtils.java, line(s) 69,153,166 com/cyjh/ddy/base/util/BusUtils.java, line(s) 175,186,366,391,414,419,427 com/cyjh/ddy/base/util/CacheDiskUtils.java, line(s) 94 com/cyjh/ddy/base/util/ClickUtils.java, line(s) 240 com/cyjh/ddy/base/util/FileIOUtils.java, line(s) 69,205,213,273,281,345,638,708 com/cyjh/ddy/base/util/FragmentUtils.java, line(s) 453 com/cyjh/ddy/base/util/ImageUtils.java, line(s) 921 com/cyjh/ddy/base/util/KeyboardUtils.java, line(s) 120,192,226 com/cyjh/ddy/base/util/LogUtils.java, line(s) 537,592 com/cyjh/ddy/base/util/MessengerUtils.java, line(s) 141,51,83,148,160,178,181,191,231,38,55,61,75,92,202,155 com/cyjh/ddy/base/util/NetworkUtils.java, line(s) 132 com/cyjh/ddy/base/util/PermissionUtils.java, line(s) 181,200,335,354 com/cyjh/ddy/base/util/SpanUtils.java, line(s) 865,878 com/cyjh/ddy/base/util/ThreadUtils.java, line(s) 317,340,436,499,518,523,565,507 com/cyjh/ddy/base/util/ToastUtils.java, line(s) 328,370,375 com/cyjh/ddy/base/util/UiMessageUtils.java, line(s) 178,65,73,82,94,99,141 com/cyjh/ddy/base/util/Utils.java, line(s) 74 com/cyjh/ddy/base/util/UtilsActivityLifecycleImpl.java, line(s) 285,328,337,351,363 com/cyjh/ddy/base/util/a.java, line(s) 751,780,815,819 com/cyjh/ddy/base/util/aa.java, line(s) 46,48,59 com/cyjh/ddy/base/util/ak.java, line(s) 41,52,62,103,105,119,131,141,147,169,173,180,183 com/cyjh/ddy/base/util/ap.java, line(s) 217,227,308 com/cyjh/ddy/base/util/b.java, line(s) 110 com/cyjh/ddy/base/util/q.java, line(s) 43,71,78 com/cyjh/ddy/base/util/t.java, line(s) 139,150 com/cyjh/ddy/base/util/u.java, line(s) 110 com/cyjh/ddy/base/utils/CLog.java, line(s) 39,21,45,15,27,33 com/cyjh/ddy/base/utils/SdkKeyUtil.java, line(s) 34 com/cyjh/ddy/base/utils/h.java, line(s) 78,87,93,99,133 com/cyjh/ddy/base/utils/i.java, line(s) 89,94,99,111,131,243 com/cyjh/ddy/base/utils/q.java, line(s) 23,37 com/cyjh/ddy/base/utils/v.java, line(s) 30,34,47 com/cyjh/ddy/base/utils/w.java, line(s) 151,256 com/cyjh/ddy/media/bean/socket/BaseSocketRequest.java, line(s) 31 com/cyjh/ddy/media/media/ActionCode.java, line(s) 58,61 com/cyjh/ddy/media/media/CustomSurfaceView.java, line(s) 103,108,118,128 com/cyjh/ddy/media/media/CustomTextureView.java, line(s) 109,114,124,134 com/cyjh/ddy/media/media/HwyManager.java, line(s) 217,229,373,524,538,547,172,195,202,214,330,336,349,371,380,405,445,456 com/cyjh/ddy/media/media/a.java, line(s) 52,186,66,92,117,162,203 com/cyjh/ddy/media/media/qemu/a.java, line(s) 41,135,142 com/cyjh/ddy/media/media/qemu/b.java, line(s) 227,232,251,258,272,470,472,478,152,220,238,330,367,449,526 com/cyjh/ddy/media/media/qemu/c.java, line(s) 97,117,119,95,115 com/cyjh/ddy/media/media/qemu/d.java, line(s) 66,211,232,322,367,477,489,128,149,176,237,266,336 com/cyjh/ddy/media/media/qemu/e.java, line(s) 37,39,55 com/cyjh/ddy/media/media/webrtc/EchoWebRtcClient.java, line(s) 109,116,121,126,134,145,160,171,184,197,201,205,209,213,218,257,324,343,358,362,366,370,374,380,384,388 com/cyjh/ddy/media/media/webrtc/HwyMediaWebRTC.java, line(s) 360,362,368,111,143,162,167,198,270,306,341,417,430,439,390,397 com/cyjh/ddy/media/media/webrtc/a.java, line(s) 103,134,55,74,86,93,113,151 com/cyjh/ddy/media/oksocket/ControlSocket.java, line(s) 76,101,113,127,160,172,181,185,42,57,88,109,226 com/cyjh/ddy/media/oksocket/e.java, line(s) 36,63 com/cyjh/ddy/media/serverlogger/HwyServerLogger.java, line(s) 48,49,52 com/cyjh/ddy/media/service/MediaWrap.java, line(s) 44,89,223,237,257,64,122,139,148,226,285,302,311 com/cyjh/ddy/net/bean/base/BaseRequest.java, line(s) 59 com/cyjh/ddy/net/bean/base/BaseRequestInfo.java, line(s) 131 com/cyjh/ddy/net/helper/a.java, line(s) 40,70,85,111 com/cyjh/ddy/net/utils/OkHttpDns.java, line(s) 39 com/cyjh/ddy/thirdlib/lib_hwobs/HWYunManager.java, line(s) 136,239,243,281,355,407,477 com/cyjh/ddysdk/ddyobs/ObsRequestHelper.java, line(s) 45,49,59,72,76,86,99,103,113,126,130,140,153,157,167,194,198,208,243,247,257,39,66,93,120,147,188,237 com/cyjh/ddysdk/device/camera/DdyDeviceCameraHelper.java, line(s) 104,118,124,132,137,146,77,87,92,99,109,152,162,164,187,219,243,249 com/cyjh/ddysdk/device/camera/DdyDeviceCameraWebrtcHelper.java, line(s) 62,45,53,75,88,100 com/cyjh/ddysdk/device/camera/EchoWebRtcClient.java, line(s) 75,79,94,96,118,127,133,141,149,177,189,203,237,240,253,259,270,301,305,309,313,317,319,324,328,332,336,340,344,348,354,358,362 com/cyjh/ddysdk/device/camera/EchoWebSocketClient.java, line(s) 19,24,29,34 com/cyjh/ddysdk/device/camera/NV21EncoderH264.java, line(s) 85,125,130,149,164 com/cyjh/ddysdk/device/command/DeviceAppModule$20.java, line(s) 64,70,75,96,105 com/cyjh/ddysdk/device/command/DeviceAppModule$30.java, line(s) 64,69,76,95,100,107,114,121,142 com/cyjh/ddysdk/device/command/DeviceScreencapCmdModule.java, line(s) 48,24,30,35,58 com/cyjh/ddysdk/device/command/DeviceScreencapCmdPresenter.java, line(s) 65,41,48 com/cyjh/ddysdk/device/command/a.java, line(s) 85,134,176,218,260,311,361,403,1111,62,68,73,95,104,117,122,144,153,159,164,186,195,201,206,228,237,243,248,270,280,286,294,321,333,339,344,371,380,386,391,413,422,428,436,448,458,467,473,478,490,500,509,515,520,535,545,554,560,565,577,587,599,605,610,622,632,642,650,655,669,679,688,694,699,711,721,730,736,741,754,764,773,779,789,794,804,813,819,829,834,844,871,877,882,930,939,982,988,993,1022,1032,1041,1047,1052,1064,1074,1088,1094,1099,1121,1130,1138,1143,1157,1167,1176,1182,1187,1199,1209,1218,1224,1229,1241,1251,1260,1266,1271,1283,1293,1302,1308,1313,1325,1335,1344,1350,1366,1379,1390,1411,1418,1445,1451,1456,1468,1478,1506,1513,1518,1634,1644,1655,1663,1668,1696,1706,1715,1721,1726,1739,1749,1758,1764,1769,1782,1792,1801,1814,1819,1831,1841 com/cyjh/ddysdk/device/command/b.java, line(s) 39,51,77,145,212 com/cyjh/ddysdk/device/extendcommand/DdyDeviceExCommandHelper.java, line(s) 56,79,84,88,35,44,50,63,82,96 com/cyjh/ddysdk/device/media/DdyDeviceMediaHelper.java, line(s) 123,134,140,148,295,311,406,440,454,554,718,117,193,224,271,277,283,289,301,373,389,395,399,413,425,464,502,509,525,542,547 com/cyjh/ddysdk/device/room/DeviceRoomProxy.java, line(s) 61,97,135,140,271,284,297,311,323,334,345,356 com/cyjh/ddysdk/game/DdyGameHelper.java, line(s) 52,65,72,79,102,106,116,130,134,144,158,162,172,234,373,378,411,426,431,451,58,96,124,152,190,220,293,302,310,347 com/cyjh/ddysdk/game/utils/NetSpeedUtil.java, line(s) 84,89,92,94,103,105,110,126,137,157,169 com/cyjh/ddysdk/game/utils/NetSpeedUtil2.java, line(s) 52,59,64,89,118,141 com/cyjh/ddysdk/game/utils/a.java, line(s) 216,47,63,69,99,101,119,121,135,169,182,193,196,221,299,324,333,336,342 com/cyjh/ddysdk/order/DdyOrderHelper.java, line(s) 69,73,83,98,102,112,125,129,139,152,156,166,179,183,193,205,210,223,60,92 com/cyjh/ddysdk/order/DdyOrderSaveHelper.java, line(s) 37,42,55,69,73,83,97,101,111,31,63,91 com/cyjh/ddysdk/order/b.java, line(s) 36,61,94,101,149,181,201,212,30,143 com/cyjh/ddysdk/order/base/a/b.java, line(s) 49,71,85 com/cyjh/ddysdk/order/base/model/a.java, line(s) 189,207 com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java, line(s) 1972,1379,1479,1483,1560,1564,580,880,1653,1662,1691,1696,2373 com/davemorrissey/labs/subscaleview/decoder/SkiaPooledImageRegionDecoder.java, line(s) 381 com/example/imagegallerysaver/ImageGallerySaverPlugin.java, line(s) 164 com/haima/hmcp/business/VolleyManager.java, line(s) 140,145 com/haima/hmcp/business/WebSocketManager.java, line(s) 401 com/haima/hmcp/rtc/widgets/BaseRtcVideoView.java, line(s) 6226,1415 com/haima/hmcp/utils/HmIMEManager.java, line(s) 226 com/haima/hmcp/utils/LogUtils.java, line(s) 68,27,37,98,47,58,88,78 com/haima/hmcp/volley/AsyncNetwork.java, line(s) 49 com/haima/hmcp/volley/CacheDispatcher.java, line(s) 44,32 com/haima/hmcp/volley/NetworkDispatcher.java, line(s) 45,65 com/haima/hmcp/volley/Request.java, line(s) 156,161 com/haima/hmcp/volley/VolleyLog.java, line(s) 27,101,104,31,35,114,11,17,22,39,43 com/haima/hmcp/volley/WaitingRequestManager.java, line(s) 94,101,75,47,63 com/haima/hmcp/volley/toolbox/AsyncHttpStack.java, line(s) 77 com/haima/hmcp/volley/toolbox/DiskBasedCache.java, line(s) 77,92,101,163,169,185,202,224,342,112,213,233 com/haima/hmcp/volley/toolbox/HttpHeaderParser.java, line(s) 117,114 com/haima/hmcp/volley/toolbox/ImageRequest.java, line(s) 76 com/haima/hmcp/volley/toolbox/JsonRequest.java, line(s) 76 com/haima/hmcp/volley/toolbox/NetworkUtility.java, line(s) 37,123,67,80 com/haima/hmcp/widgets/HmcpHideEditText.java, line(s) 48,55 com/huawei/cloudphone/utils/CasDevRandomSeed.java, line(s) 30 com/jarvan/fluwx/handlers/FluwxRequestHandler.java, line(s) 87,108 com/jarvan/fluwx/handlers/WXAPiHandler.java, line(s) 143,150,157,164,171 com/jarvan/fluwx/io/ByteArrayToFileKt$saveToLocal$2.java, line(s) 72 com/jarvan/fluwx/io/WeChatNetworkFile$readByteArray$2.java, line(s) 60 com/jarvan/fluwx/utils/WXApiUtils.java, line(s) 46 com/jarvan/fluwx/wxapi/FluwxWXEntryActivity.java, line(s) 33 com/lxj/xpopup/util/XPermission.java, line(s) 358 com/lxj/xpopup/widget/SmartDivider.java, line(s) 27 com/mci/play/HandlerEvent.java, line(s) 46,59,78,91,107,117,122,126,140,144,156,165,169,187,201,214,221 com/mci/play/IVCGLLib.java, line(s) 43,63,64,84,85 com/mci/play/MCISdkView.java, line(s) 107,117,130,139,147 com/mci/play/MediaCodecAudioRenderer.java, line(s) 43,82,91,95,99,143,40,46,85,116,129,139 com/mci/play/MediaCodecRenderer.java, line(s) 181,230 com/mci/play/MediaCodecVideoRenderer.java, line(s) 59,46,49 com/mci/play/PlaySdkManager.java, line(s) 73,76,173,194,203,233,265,469,473,482,66 com/mci/play/SWDataSource.java, line(s) 117,121,289,297,350,371,506,540,549,661,740,804,813,861,345,381 com/mci/play/SWDisplay.java, line(s) 41,126,166,178,207 com/mci/play/SWPlayInfo.java, line(s) 121,184,302 com/mci/play/SWPlayerHardImpl.java, line(s) 112,200,317,119,128,153,171,230,272,336,391 com/mci/play/SWPlayerSoftImpl.java, line(s) 233,35,100,151,193,252,277 com/mci/play/SWRenderer1.java, line(s) 63,107 com/mci/play/SWRenderer2.java, line(s) 72,93,96,98,100,148,149,199,151,166,215,220 com/mci/play/SWRuntime.java, line(s) 83,94 com/mci/play/SWViewDisplay.java, line(s) 74,129,203,264,269 com/mci/play/ScreenHelper.java, line(s) 24,27,30 com/mci/play/Util.java, line(s) 172,32,33 com/mci/play/log/MCILog.java, line(s) 69,73,77 com/mci/play/log/SaveVideoFileInfo.java, line(s) 62 com/mci/play/so/HandlerNetworkRequest.java, line(s) 75,116,123,134,328,331,341,349,398,399,410,438,472,475,479,493,550 com/mr/flutter/plugin/filepicker/FilePickerDelegate.java, line(s) 95,113,118,141,217,233,155 com/mr/flutter/plugin/filepicker/FileUtils.java, line(s) 44,159,70,86,100,102,106,151,154,112,39 com/netcheck/LDNetDiagnoService/LDNetDiagnoService.java, line(s) 197 com/nirvana/tools/core/BaseDelegate.java, line(s) 20,12 com/nirvana/tools/core/MobileNetRequestManager.java, line(s) 133,46,73,101,127,136,157 com/nirvana/tools/core/NetworkUtils.java, line(s) 31,47,70 com/nirvana/tools/logger/UaidTracker.java, line(s) 111,155,175,202,182,187,274,82,125,140,191,195,279,288 com/nirvana/tools/logger/cache/db/AbstractDatabase.java, line(s) 37 com/nirvana/tools/logger/cache/db/DBHelper.java, line(s) 27,37 com/nirvana/tools/logger/utils/ConsoleLogUtils.java, line(s) 14,20,26,32,38 com/permissionx/guolindev/request/InvisibleFragment.java, line(s) 1483 com/volcengine/androidcloud/common/log/AcLogConfig.java, line(s) 39,74,91,98,105,112,126,133,143,147,159,89,96,103,110,123,131,140 com/volcengine/androidcloud/common/log/AcLogcatLogger.java, line(s) 10,15,20,25,30,35 com/volcengine/b/a.java, line(s) 36,56,86 com/volcengine/c/b.java, line(s) 38,40,42 com/volcengine/cloudcore/common/mode/Role.java, line(s) 24 com/volcengine/common/InitHelper.java, line(s) 54,58,70,80,107,125,128,138,163,172,87,180 com/volcengine/common/SDKContext.java, line(s) 313,324,334,118,214,400,385,371 com/volcengine/common/config/AppSettingsPlatform.java, line(s) 120 com/volcengine/common/config/SDKSwitchSettingImpl.java, line(s) 28,38 com/volcengine/common/multiprocess/ProcessStateContentProvider.java, line(s) 45,63,88 com/volcengine/common/plugin/PluginConfig.java, line(s) 173,55,100,110,120,148 com/volcengine/common/plugin/a.java, line(s) 70,58,87,94 com/volcengine/common/plugin/c.java, line(s) 82,65,103 com/volcengine/common/plugin/d.java, line(s) 87,223,380,253,293,369,427,481,178 com/volcengine/common/sdkmonitor/SDKMonitorImpl.java, line(s) 46 com/volcengine/e/a.java, line(s) 121,172,194,239,250,278,308,356,397,413,488,100,104,209,422,432,261 com/volcengine/h/a.java, line(s) 70,97,154,180,235,244,263,367,398,62,296,314,349 com/volcengine/h/c.java, line(s) 42,54 com/volcengine/h/f.java, line(s) 33,51 com/volcengine/i/e.java, line(s) 27,39 com/volcengine/j/a.java, line(s) 13 com/volcengine/j/c.java, line(s) 38 com/volcengine/j/d.java, line(s) 22,27 com/volcengine/l/a.java, line(s) 42 com/volcengine/l/c.java, line(s) 261,276,310,70,100,288,302 com/volcengine/m/a.java, line(s) 33,136,146 com/volcengine/m/h.java, line(s) 153 com/volcengine/m/l.java, line(s) 119,175,77,116,127,132,137,153,164,185,191,209,214 com/volcengine/m/p.java, line(s) 346,48,58,70,82,94,108,123,135,174,184,192,204,216,228,240,325,384,408 com/volcengine/m/r.java, line(s) 27,37 com/volcengine/m/s.java, line(s) 22,24,72,74,112,120 com/volcengine/phone/PhonePlayConfig.java, line(s) 354 com/volcengine/phone/VePhoneEngine.java, line(s) 81,87,106,145,167,172,533,539 com/xiasuhuei321/loadingdialog/view/LoadingDialog.java, line(s) 175,182 com/xuhao/didi/a/e/b.java, line(s) 17,23 com/yd/yunapp/gameboxlib/utils/AESEncrypt.java, line(s) 60 com/yd/yunapp/gameboxlib/utils/DigestEncodingUtils.java, line(s) 38,65,88,106,109 com/yd/yunapp/gameboxlib/utils/DxHttpClient.java, line(s) 113,169,203,264,141,159,121 com/yd/yunapp/gameboxlib/utils/FileHelper.java, line(s) 118,143,376,46,179,184,256,261,352 com/yd/yunapp/gameboxlib/utils/LogHelper.java, line(s) 31,36,40,76,142,60,69,160 com/yd/yunapp/gameboxlib/utils/NetworkUtils.java, line(s) 60,76,87,111,54,83,102,135,161,177,199 org/android/spdy/NetTimeGaurd.java, line(s) 32,42 org/android/spdy/ProtectedPointerTest.java, line(s) 14,21,39 org/android/spdy/spduLog.java, line(s) 12,54,26,19,33,40,47 org/greenrobot/eventbus/Logger.java, line(s) 32,37 org/hmwebrtc/AndroidVideoDecodeSwapBuffer.java, line(s) 81 org/hmwebrtc/AndroidVideoDecoder.java, line(s) 299,227 org/hmwebrtc/DirectSurfaceVideoDecoder.java, line(s) 167 org/hmwebrtc/HmAndroidCallbackDirectly.java, line(s) 22,29,40,47 org/hmwebrtc/audio/SimplePcmFile.java, line(s) 42,54,65,92,109,127 org/hmwebrtc/audio/WebRtcAudioTrack.java, line(s) 398 org/hmwebrtc/log/LogAdapter.java, line(s) 102,119,132,151,221,235 org/hmwebrtc/log/LogCatSink.java, line(s) 18,22,14,10,20 org/hmwebrtc/log/LogFileSink.java, line(s) 167,181 org/hmwebrtc/log/LogMemSink.java, line(s) 67,108,117,123,106,120 org/hmwebrtc/log/WebrtcLoggableHelp.java, line(s) 216,75,80,101,105,89,116 org/hmwebrtc/utils/SampleCounter.java, line(s) 46 org/hmwebrtc/utils/SimpleWorkThread.java, line(s) 31,48,58,77 org/hmwebrtc/utils/TimeDiff.java, line(s) 54 org/webrtc/haima/HmCameraWrapper.java, line(s) 201,206,98,131,165,176,211,216 org/webrtc/haima/HmDCCamera.java, line(s) 43,154 org/webrtc/haima/HmDCDevice.java, line(s) 74,220,222,264,275,85,89,94 org/webrtc/haima/HmDCLog.java, line(s) 29 org/webrtc/haima/HmDCSignal.java, line(s) 18,20 org/webrtc/haima/HmDataChannelManager.java, line(s) 142 org/webrtc/haima/HmInput.java, line(s) 143,181,147,162,95,105,166 org/webrtc/haima/HmRtcSdkTurnCfg.java, line(s) 28,32 org/webrtc/haima/JankStatisticsTool.java, line(s) 428,488,137,506,508,512,515 org/webrtc/haima/PeerConnectionClient.java, line(s) 213,226,232,236,249,337,341,418,432,438,449,522,632,650,739,758,810,879,892,894,898,963,970,973,979,982,989,992,1001,1004,1044,1094,1112,1164,1170,1570,1585,1632,1673,1679,1684,1689,1694,1828,1853,1865,1872,1905,1912,1949,1968,1979,1987,2012,2026,2031,2044,2045,2084,359,364,369,486,550,558,618,665,671,677,684,690,696,753,820,915,943,1016,1117,1135,1333,1471,1616,1662,1801,1883,1925,2090,371,638,642,645,703,708,713,718,1637,2063,2073,2094,415,503,515,660,1390 org/webrtc/haima/SocketIORTCClient.java, line(s) 175,52,93,136,163,222,227,235,263,293,328,335,342,354,366,373,387,417,423,428,446,517,543 org/webrtc/haima/camera/HmCameraManager.java, line(s) 370,397,424,433,437,441,496,500,502,510,538,552,555,560,574,549 org/webrtc/haima/camerarecorder/CameraRecorder.java, line(s) 96,215,237,180,41,50 org/webrtc/haima/camerarecorder/CameraThread.java, line(s) 56,63,70,117,125,137,151,158,201,209 org/webrtc/haima/camerarecorder/capture/EGLBase.java, line(s) 82,115,119,124,128,138,89,97,180 org/webrtc/haima/camerarecorder/capture/EncodeRenderHandler.java, line(s) 85,132,148,174,183,209,41,48,74,81 org/webrtc/haima/camerarecorder/capture/MediaEncoder.java, line(s) 96,107,132,163,233,136,146,156,181,113,122,206,197,226 org/webrtc/haima/camerarecorder/capture/MediaMuxerCaptureWrapper.java, line(s) 64,67,73 org/webrtc/haima/camerarecorder/capture/MediaVideoEncoder.java, line(s) 157,59,78,141,53,62,68,73,89,110,122,151,104 org/webrtc/haima/camerarecorder/egl/DefaultContextFactory.java, line(s) 30 org/webrtc/haima/camerarecorder/egl/EglUtil.java, line(s) 28 org/webrtc/haima/camerarecorder/egl/GlPreviewRenderer.java, line(s) 163 org/webrtc/haima/util/IntervalUtils.java, line(s) 91,92,93,94,95,96,72 org/xutils/common/util/LogUtil.java, line(s) 29,36,43,50,57,64,71,78,85,92,97,105,112,117 tv/haima/ijk/media/player/AndroidMediaPlayer.java, line(s) 378,383,389 tv/haima/ijk/media/player/IjkMediaPlayer.java, line(s) 338,365,388,390,394,674,1063,1067,939,960,949,954,999,1058,1070,1092,384,416,578,971,1089 tv/haima/ijk/media/player/MediaPlayerProxy.java, line(s) 314,319,325 tv/haima/ijk/media/player/egl/EglBase10Impl.java, line(s) 49 tv/haima/ijk/media/player/egl/EglBase14Impl.java, line(s) 32,59 tv/haima/ijk/media/player/egl/EglRenderer.java, line(s) 126,152,712,715,718,933,144,929,486,887,937 tv/haima/ijk/media/player/egl/GlShader.java, line(s) 99,24,45,118 tv/haima/ijk/media/player/egl/SurfaceTextureHelper.java, line(s) 100,159,240,53,267,280 tv/haima/ijk/media/player/egl/VideoFrameDrawer.java, line(s) 124 tv/haima/ijk/media/player/pragma/DebugLog.java, line(s) 50,54,58,14,18,22,26,30,34,62,66,70,38,42,46 yunapp/gamebox/h.java, line(s) 656,635,642
信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/cyjh/ddy/base/utils/b.java, line(s) 63,67,4
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/cyjh/ddy/base/utils/b.java, line(s) 4,16,30,47
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/alicom/tools/networking/AlicomHttpUtils.java, line(s) 281,275 com/bytedance/downloader/core/c.java, line(s) 554,556 com/bytedance/downloader/core/m.java, line(s) 724,726 com/bytedance/downloader/core/q.java, line(s) 59,58,57 com/bytedance/http/b/f.java, line(s) 65,64,63 com/haima/hmcp/business/VolleyManager.java, line(s) 660,650,651,651 com/volcengine/h/f.java, line(s) 43,30,41,41
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/cyjh/ddy/base/util/n.java, line(s) 217 com/cyjh/ddy/base/utils/e.java, line(s) 172
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (ess.ddyun.com) 通信。
{'ip': '119.3.10.58', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (saas-rel.haimawan.com) 通信。
{'ip': '123.125.99.30', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (lite-saas.cloud-control.top) 通信。
{'ip': '123.125.99.30', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (ulogs.umengcloud.com) 通信。
{'ip': '123.125.99.30', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '南京', 'latitude': '32.061668', 'longitude': '118.777992'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (gamedapi.ddyun.com) 通信。
{'ip': '117.27.139.140', 'country_short': 'CN', 'country_long': '中国', 'region': '福建', 'city': '福州', 'latitude': '26.061390', 'longitude': '119.306107'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (ccynice.bj.bcebos.com) 通信。
{'ip': '123.125.99.30', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (test.ifengwoo.com.obs.myhwclouds.com) 通信。
{'ip': '58.222.30.203', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (cdn.qiniu.ccynice.com) 通信。
{'ip': '122.228.207.51', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '温州', 'latitude': '27.999420', 'longitude': '120.666817'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (ccy.ccynice.com) 通信。
{'ip': '122.228.207.51', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '广州', 'latitude': '23.127361', 'longitude': '113.264572'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (saassdk.haimawan.com) 通信。
{'ip': '58.222.45.176', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (ms.zzx9.cn) 通信。
{'ip': '123.125.99.30', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (nisportal.10010.com) 通信。
{'ip': '123.125.99.30', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (m.ccynice.com) 通信。
{'ip': '122.228.207.51', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '广州', 'latitude': '23.127361', 'longitude': '113.264572'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (gameapp.ddyun.com) 通信。
{'ip': '117.27.139.140', 'country_short': 'CN', 'country_long': '中国', 'region': '福建', 'city': '福州', 'latitude': '26.061390', 'longitude': '119.306107'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (yybdapi.ddyun123.com) 通信。
{'ip': '124.71.13.61', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '广州', 'latitude': '23.127361', 'longitude': '113.264572'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (monsetting.toutiao.com) 通信。
{'ip': '120.232.169.172', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (gamedata.ddyun.com) 通信。
{'ip': '117.27.139.140', 'country_short': 'CN', 'country_long': '中国', 'region': '福建', 'city': '福州', 'latitude': '26.061390', 'longitude': '119.306107'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (test-api.ccynice.com) 通信。
{'ip': '139.9.2.230', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '广州', 'latitude': '23.127361', 'longitude': '113.264572'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (verify.cmpassport.com) 通信。
{'ip': '120.232.169.172', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '广州', 'latitude': '23.127361', 'longitude': '113.264572'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (countly.haimawan.com) 通信。
{'ip': '152.136.9.123', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (vegamemon.volces.com) 通信。
{'ip': '58.222.29.213', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (pv.sohu.com) 通信。
{'ip': '58.222.30.203', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (mobilegw.dl.alipaydev.com) 通信。
{'ip': '110.75.132.25', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (h5.m.taobao.com) 通信。
{'ip': '222.186.18.190', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '镇江', 'latitude': '32.209366', 'longitude': '119.434372'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (wap.cmpassport.com) 通信。
{'ip': '112.33.111.233', 'country_short': 'CN', 'country_long': '中国', 'region': '安徽', 'city': '合肥', 'latitude': '31.863815', 'longitude': '117.280830'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (id6.me) 通信。
{'ip': '42.123.77.138', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (eco.taobao.com) 通信。
{'ip': '59.82.121.179', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (yybdata.ddyun123.com) 通信。
{'ip': '124.71.13.61', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '广州', 'latitude': '23.127361', 'longitude': '113.264572'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (dplatform.armvm.com) 通信。
{'ip': '120.232.80.24', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '广州', 'latitude': '23.127361', 'longitude': '113.264572'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (e.189.cn) 通信。
{'ip': '42.123.76.65', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (yybess.ddyun123.com) 通信。
{'ip': '124.71.13.61', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '广州', 'latitude': '23.127361', 'longitude': '113.264572'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (mon.snssdk.com) 通信。
{'ip': '106.111.135.115', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '广州', 'latitude': '23.127361', 'longitude': '113.264572'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (vephonemon.volces.com) 通信。
{'ip': '221.230.244.90', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (msg.umengcloud.com) 通信。
{'ip': '111.63.206.4', 'country_short': 'CN', 'country_long': '中国', 'region': '河北', 'city': '衡水', 'latitude': '37.732220', 'longitude': '115.701157'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (opencloud.wostore.cn) 通信。
{'ip': '210.22.123.92', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.ccynice.com) 通信。
{'ip': '139.159.250.169', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '广州', 'latitude': '23.127361', 'longitude': '113.264572'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (suzhou.cloud-control.top) 通信。
{'ip': '106.12.63.4', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api-e189.21cn.com) 通信。
{'ip': '222.93.106.185', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (mobilegw.alipaydev.com) 通信。
{'ip': '110.75.132.131', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (lite-bcc-dev.cloud-control.top) 通信。
{'ip': '106.12.63.41', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.qiniu.com) 通信。
{'ip': '223.247.108.236', 'country_short': 'CN', 'country_long': '中国', 'region': '安徽', 'city': '蚌埠', 'latitude': '32.940971', 'longitude': '117.360832'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (tb.53kf.com) 通信。
{'ip': '61.130.25.238', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '金华', 'latitude': '30.013470', 'longitude': '120.288658'}