应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
FairMoney v9.103.1
48
安全评分
安全基线评分
48/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
4
高危
32
中危
4
信息
2
安全
隐私风险评估
7
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
4
中危安全漏洞
32
安全提示信息
4
已通过安全项
2
重点安全关注
1
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/clevertap/android/sdk/inapp/AbstractC0392f.java, line(s) 124,11,12 com/clevertap/android/sdk/inapp/AbstractC2360f.java, line(s) 129,12,13 com/clevertap/android/sdk/inapp/AbstractViewOnTouchListenerC0396j.java, line(s) 82,16,17 com/clevertap/android/sdk/inapp/AbstractViewOnTouchListenerC2364j.java, line(s) 84,17,18 com/fairmoney/authentication/phonechange/data/d.java, line(s) 71,5 com/freshchat/consumer/sdk/activity/ArticleDetailActivity.java, line(s) 408,19 com/freshchat/consumer/sdk/activity/BotFaqDetailsActivity.java, line(s) 121,12 com/freshchat/consumer/sdk/activity/FAQDetailsActivity.java, line(s) 136,11
高危安全漏洞 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: M0/n0.java, line(s) 60
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: O0/a.java, line(s) 34 Wf/j.java, line(s) 173,215
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个7隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Activity (com.fairmoney.home.HomeActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.fairmoney.deeplinks.DeepLinkActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (net.openid.appauth.RedirectUriReceiverActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (androidx.compose.ui.tooling.PreviewActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.clevertap.android.sdk.pushnotification.fcm.CTFirebaseMessagingReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (io.okhi.android_okcollect.activity.OkHeartActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (io.okhi.android_background_geofencing.receivers.DeviceRebootBroadcastReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.RECEIVE_BOOT_COMPLETED [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (io.customer.messagingpush.activity.NotificationClickReceiverActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (io.customer.messagingpush.CustomerIOCloudMessagingReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (androidx.test.core.app.InstrumentationActivityInvoker$BootstrapActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (androidx.test.core.app.InstrumentationActivityInvoker$EmptyActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (androidx.test.core.app.InstrumentationActivityInvoker$EmptyFloatingActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: Df/C1873a.java, line(s) 9 Df/C4606a.java, line(s) 11 Si/A.java, line(s) 8 Si/AbstractC6027a.java, line(s) 8 Si/C0587b.java, line(s) 3 Si/C6028b.java, line(s) 3 Sl/C0592b.java, line(s) 19 Sl/C6033b.java, line(s) 20 Ti/C6075a.java, line(s) 4 co/hyperverge/hvcamera/HVCamUtils.java, line(s) 14 co/hyperverge/hvcamera/magicfilter/utils/Camera2Utils.java, line(s) 15 co/hyperverge/hypersnapsdk/helpers/HVActiveLiveness.java, line(s) 20 co/hyperverge/hypersnapsdk/utils/Utils.java, line(s) 66 co/paystack/android/design/widget/PinPadView.java, line(s) 28 com/esotericsoftware/kryo/util/ObjectMap.java, line(s) 8 com/freshchat/consumer/sdk/service/c/aa.java, line(s) 8 com/freshchat/consumer/sdk/util/cc.java, line(s) 31 i1/d.java, line(s) 13 j$/util/concurrent/ThreadLocalRandom.java, line(s) 11 nd/c.java, line(s) 3 we/d.java, line(s) 12 xd/N3.java, line(s) 47
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: Bg/C0100d.java, line(s) 363,364,370,371 Bg/C1152d.java, line(s) 392,393,399,400 G4/b.java, line(s) 39 co/hyperverge/encoder/utils/extensions/DeviceExtsKt.java, line(s) 17 co/hyperverge/facedetection/Constants.java, line(s) 12,19 co/hyperverge/facedetection/Detectors/NDPDetector.java, line(s) 28 co/hyperverge/hypersnapsdk/utils/AppConstants.java, line(s) 56 co/hyperverge/hypersnapsdk/utils/DeviceExtensionsKt.java, line(s) 121,250 com/fairmoney/core/device/android/o.java, line(s) 27 com/fairmoney/flow/sharescreen/ShareBitmapKt$saveToDisk$2.java, line(s) 43,43 com/fairmoney/serverdrivenui/sharescreen/ShareBitmapKt$saveToDisk$2.java, line(s) 47,47 com/freshchat/consumer/sdk/util/as.java, line(s) 20 com/freshchat/consumer/sdk/util/cc.java, line(s) 154 io/seon/androidsdk/service/DeviceProbe.java, line(s) 53,334 m4/b.java, line(s) 35
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: E0/C4653c.java, line(s) 34 Ek/b.java, line(s) 261 Mi/b.java, line(s) 126 O0/a.java, line(s) 33 Sf/b.java, line(s) 377 com/freshchat/consumer/sdk/util/cc.java, line(s) 206 credoapp/module/logging/p005private/c.java, line(s) 25 credoapp/p000private/m0.java, line(s) 20 credoapp/p000private/v7.java, line(s) 167 credoapp/p008private/m0.java, line(s) 23 credoapp/p008private/v7.java, line(s) 175 tk/C0525f.java, line(s) 1011 xd/N3.java, line(s) 333
中危安全漏洞 IP地址泄露
IP地址泄露 Files: Bl/C0288a.java, line(s) 17,18,19,31,32,43,33,20,26,27,28,29,30,34,21,23,44,16,35,24,36,25,22,52,51,42,37,38,39,40,41 Bl/C2203a.java, line(s) 24,25,26,38,39,50,40,27,33,34,35,36,37,41,28,30,51,23,42,31,43,32,29,59,58,49,44,45,46,47,48 Dl/InterfaceC4647a.java, line(s) 75,87 Gl/C4818c.java, line(s) 71,66,71 Sk/a.java, line(s) 12,13 Tg/c.java, line(s) 63 Tg/j.java, line(s) 9 Xk/a.java, line(s) 17,34 cl/c.java, line(s) 18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,47,46,48,17,40,41,42,43,44,45 cl/i.java, line(s) 24,20,15,16,17,11,18,12,13,14,19,22,21,23,31 com/framgia/android/emulator/EmulatorDetector.java, line(s) 140,128 credoapp/p000private/n.java, line(s) 364 ll/c.java, line(s) 14 ll/d.java, line(s) 45,44,13 mk/a.java, line(s) 18 nk/a.java, line(s) 13,16 ok/a.java, line(s) 20 rk/a.java, line(s) 6,7 uk/a.java, line(s) 6,7,8,9,10,11 vk/a.java, line(s) 19,12,20,21,22,13,14,15,16,17,18,23 zk/a.java, line(s) 14
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: M0/C5559c.java, line(s) 50 M0/c.java, line(s) 45 O0/C0488d.java, line(s) 36 O0/C5670d.java, line(s) 39 O0/C5676j.java, line(s) 89 O0/j.java, line(s) 82 O0/p.java, line(s) 88 S/a.java, line(s) 22 co/hyperverge/hypersnapsdk/objects/HVDocConfig.java, line(s) 18 co/hyperverge/hypersnapsdk/objects/HyperSnapSDKConfig.java, line(s) 303 co/hyperverge/hypersnapsdk/service/security/HVSecurity.java, line(s) 44 co/hyperverge/hypersnapsdk/utils/AppConstants.java, line(s) 9 coil3/request/l.java, line(s) 59 com/coroutines/models/AvailableIdType.java, line(s) 132 com/fairmoney/bankstatement/upload/selectpdf/I.java, line(s) 66 com/fairmoney/bankstatement/upload/selectpdf/InterfaceC0751c.java, line(s) 144 com/fairmoney/bankstatement/upload/selectpdf/InterfaceC2534c.java, line(s) 150 com/fairmoney/domain/RouterResult.java, line(s) 518 com/fairmoney/kyc/address/navigation/domain/LocationPermissionPromptResult.java, line(s) 9 com/fairmoney/kyc/verifyidentity/GovernmentIdRequestMetadata.java, line(s) 68 com/fairmoney/offers/amount/LoanAmountBottomSheetFragment.java, line(s) 31,32 com/fairmoney/offers/period/LoanPeriodBottomSheetFragment.java, line(s) 25,26 com/smileidentity/models/AvailableIdType.java, line(s) 132 io/ktor/client/request/forms/e.java, line(s) 34 ng/com/fairmoney/fairmoney/activities/form/utils/RadioGroupUtils.java, line(s) 12 ng/com/fairmoney/fairmoney/viewmodels/ContactUsViewModel.java, line(s) 23
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: Mi/b.java, line(s) 134 Sl/C0592b.java, line(s) 113 Sl/C6033b.java, line(s) 121 ed/C4677a.java, line(s) 27 ge/a.java, line(s) 55 ie/C4901g.java, line(s) 41
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: Df/a.java, line(s) 8,8,8,8,8,8 co/hyperverge/hypersnapsdk/utils/RootChecker.java, line(s) 20,20,20,20,20 io/sentry/android/core/internal/util/RootChecker.java, line(s) 23,23,23,23,23
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/coroutines/networking/NetworkingUtilKt.java, line(s) 127 com/fairmoney/core/datagathering/SmsProviderImpl$getAsFile$1.java, line(s) 37 com/fairmoney/core/datagathering/SmsProviderImpl$getAsFileGzipCompressed$1.java, line(s) 39 com/fairmoney/core/device/android/o.java, line(s) 30 com/freshchat/consumer/sdk/util/as.java, line(s) 256 com/freshchat/consumer/sdk/util/co.java, line(s) 21 com/smileidentity/networking/NetworkingUtilKt.java, line(s) 130
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/clevertap/android/sdk/inapp/AbstractC0392f.java, line(s) 69,64 com/clevertap/android/sdk/inapp/AbstractC2360f.java, line(s) 74,69 com/clevertap/android/sdk/inapp/AbstractViewOnTouchListenerC0396j.java, line(s) 107,102 com/clevertap/android/sdk/inapp/AbstractViewOnTouchListenerC2364j.java, line(s) 111,106 com/okra/widget/activity/OkraWebActivity.java, line(s) 80,77 io/okhi/android_background_geofencing/activities/BackgroundGeofencingWebViewActivity.java, line(s) 112,108 io/okhi/android_okcollect/activity/OkHeartActivity.java, line(s) 386,379 mono/connect/kit/ConnectKitActivity.java, line(s) 96,69
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: io/customer/messaginginapp/gist/presentation/engine/EngineWebView.java, line(s) 175,174 mono/connect/kit/ConnectKitActivity.java, line(s) 75,69
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: Ee/h.java, line(s) 5,20 Kc/m.java, line(s) 6,26 Kc/o.java, line(s) 11,90 Kc/p.java, line(s) 9,10,142,168,281,307,458 Kc/r.java, line(s) 4,9,10,11,12,13 Kc/s.java, line(s) 4,9,10,11 Kc/t.java, line(s) 4,9 Kc/u.java, line(s) 4,9,10,11 Kc/v.java, line(s) 4,9,10,11,12,13 Kc/w.java, line(s) 4,5,49 com/freshchat/consumer/sdk/c/b.java, line(s) 6,7,8,32,41,89 com/freshchat/consumer/sdk/c/e.java, line(s) 6,229 com/freshchat/consumer/sdk/c/k.java, line(s) 6,146 com/freshchat/consumer/sdk/c/l.java, line(s) 6,123,171 com/freshchat/consumer/sdk/c/n.java, line(s) 6,64,137,417,805 com/freshchat/consumer/sdk/c/w.java, line(s) 5,6,117,125,293,399 q0/d.java, line(s) 7,8,9,99,100 xd/C0559g.java, line(s) 6,7,500,818,873 xd/C0572m.java, line(s) 4,5,16 xd/C6339g.java, line(s) 7,8,852,1750,2041,2114,2167,2209 xd/C6369m.java, line(s) 4,5,18
中危安全漏洞 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/243588642040/namespaces/firebase:fetch?key=AIzaSyBQHp7xZq5sO5dES3rqYjM1jXccOVSoYyw ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"AboutSectionUrls": "[ { \"country_code\": \"NG\", \"url_faq\": \"https://fairmoney.ng/faqs \", \"url_privacy_policy\": \"https://fairmoney.ng/privacy-policy \", \"url_terms\": \"https://fairmoney.ng/terms-of-use \" }, { \"country_code\": \"UG\", \"url_faq\": \"https://fairmoney.co.ug/faqs-ug\", \"url_privacy_policy\": \"https://fairmoney.co.ug/privacy-policy\", \"url_terms\": \"https://fairmoney.co.ug/terms-and-conditions\" }, { \"country_code\": \"ZM\", \"url_faq\": \"https://fairmoney.co.zm/faqs-zm\", \"url_privacy_policy\": \"https://fairmoney.co.zm/privacy-policy\", \"url_terms\": \"https://fairmoney.co.zm/terms-and-conditions\" } ]",
"AccountRecoveryEnabled": "false",
"AuthenticationTrackingEnabled": "false",
"AvailableCountries": "[\"NG\"]",
"AvailableVerificationGovtIdTypes": "[\"NIN\"]",
"BankGettingStartedScreenEnabled": "false",
"BankPaymentProcessingEnabled": "false",
"BankPaymentProcessingTime": "10",
"BiometricLoginEnabled": "false",
"BiometricLoginTrackingEnabled": "true",
"BvnSignupPermissionsEnabled": "true",
"CallMeButtonForOtpEnabled": "true",
"CardConnectionReasons": "[\"LOAN_DEBIT_AUTHORIZATION\",\"PAYMENT_WIDGET\",\"PROFILE_CARD_CONNECTION\",\"LOAN_TOP_SUMMARY\",\"PAYMENT_METHOD\"]",
"CardPaymentProcessingEnabled": "false",
"CardPaymentProcessingTime": "10",
"CardsPinChangeEnabled": "false",
"CashFreeSuccessLoadingTimeInSeconds": "10",
"ChargingForCardsTestEnabled": "false",
"ContactInformation": "[{\"country_name\":\"Nigeria\",\"contact_email\":\"help@fairmoney.io\",\"contact_phone_numbers\":[\"01 700 1276\",\"01 888 5577\"]},{\"country_name\":\"Uganda\",\"contact_email\":\"help.uganda@fairmoney.io\",\"contact_phone_numbers\":[\"205000310\"]},{\"country_name\":\"Zambia\",\"contact_email\":\"help.zambia@fairmoney.io\",\"contact_phone_numbers\":[\"211444707\",\"761167963\"]}]",
"ContactUploadCoolOffPeriodDuration": "7776000000",
"CustomerSupportOnWhatsappEnabled": "true",
"DevToolsApiHosts": "[\"api-staging.fm-tech.io\",\"pr-api-money-heist.fm-tech.io\",\"pr-api-money-heist-2.fm-tech.io\",\"api-elevate.fm-tech.io\",\"api-four-nineteen.fm-tech.io\",\"api-octo.fm-tech.io\",\"api-ponzi.fm-tech.io\",\"api-qa-mock.fm-tech.io\",\"api-robin-hood.fm-tech.io\",\"api-scientists.fm-tech.io\",\"api-theranos.fm-tech.io\",\"api-tulip.fm-tech.io\",\"api-voyager.fm-tech.io\",\"api-wizops.fm-tech.io\",\"api.fairmoney.io\",\"fairmoney.mockable.io\",\"pr-api-alpha-1.fm-tech.io\",\"pr-api-alpha-2.fm-tech.io\",\"pr-api-ponzi.fm-tech.io\",\"pr-api-ponzi-101.fm-tech.io\",\"pr-api-ponzi-mugshot.fm-tech.io\",\"pr-api-scientists.fm-tech.io\",\"pr-api-scientists-1.fm-tech.io\",\"pr-api-scientists-2.fm-tech.io\",\"pr-api-wizops.fm-tech.io\",\"pr-api-wizops-1.fm-tech.io\",\"pr-api-wizops-4.fm-tech.io\",\"pr-api-robin-hood.fm-tech.io\",\"pr-api-fyre.fm-tech.io\"]",
"DisburseLoanWithoutCardConnectEnabled": "false",
"EarlyRepaymentEnabled": "false",
"ExtensionLoanAgreementEnabled": "false",
"FairMoneyApiUrls": "[\"https://api.fairmoney.io\"]",
"FairmoneyApi": "https://api.fairmoney.io",
"FlagSecureEnabled": "false",
"FreshDeskEnabled": "true",
"GroundCoverApiKeyIV": "0c81b5a6b7e783a144d6734877d5e5f1",
"GroundCoverApiKeyKey": "75f75aaf884cfddb17439b7129e66ede73054ea2580b0efe7fd2838fd94768249e4264d38f22940b7b994f8d0009adce",
"HomeBottomNavigationItems": "[ { \"country_code\": \"NG\", \"bottom_navigation_items\": [ \"HOME\", \"LOAN\", \"SAVINGS\" ] }, { \"country_code\": \"UG\", \"bottom_navigation_items\": [ \"HOME\", \"LOAN\" ] }, { \"country_code\": \"ZM\", \"bottom_navigation_items\": [ \"HOME\", \"LOAN\" ] } ]",
"HouseholdIncomeDisclaimerType": "RED_BOLD",
"HttpClientRetryEnabledEndpoints": "[\"/app/v1/verifications\"]",
"HvAfricaEndpointEnabled": "false",
"IdentityVerificationAllowedDocuments": "{\"UG\":[\"IDENTITY_CARD\"],\"ZM\":[\"REGISTRATION_CERTIFICATE\"]}",
"InAppBankAccountCreationEnabled": "false",
"InAppBvnVerificationEnabled": "false",
"InAppHelpEnabled": "true",
"KfsTopUpEnabled": "false",
"Kyc3UpgradeEnabled": "false",
"KycBannerEnabled": "false",
"KycUpgradeEnabled": "false",
"KycUpgradeUrl": "https://docs.google.com/forms/d/e/1FAIpQLScZuskiPsnc9956Ef1fpY8qXjK0nbNg7cM9DQlfFi13KroP5w/viewform?usp=pp_url&entry.495554622={Phone.Number}",
"LoanAgreementEnabled": "false",
"LoanHomeEndpointEnabled": "false",
"LoanKeyFactStatementEnabled": "true",
"LoanOfferRedesignEnabled": "false",
"LoanOffersSelectTypeEnabled": "false",
"LoanTopupKeyFactStatementEnabled": "false",
"LoanTopupRedesignEnabled": "false",
"ManualSignupEnabled": "false",
"NetworkConfig": "{\"connection_header\":\"keep-alive\",\"protocols\":[\"HTTP_1_1\"]}",
"NewAddressStateBottomSheet": "false",
"NewCardDeliveryEnabled": "false",
"NewLateFeesEnabled": "true",
"NewLoanApplicationFunnelEnabled": "false",
"NewLoanProcessingEnabled": "true",
"NewPasswordResetFlowEnabled": "false",
"NewPermissionsScreenEnabled": "false",
"NibssBvnAuthConfig": "{\"authorizationEndpoint\":\"https://idsandbox.nibss-plc.com.ng/oxauth/restv1/authorize\",\"tokenEndpoint\":\"https://idsandbox.nibss-plc.com.ng/oxauth/restv1/token\",\"clientId\":\"f57b88a3-ea14-40ff-8f14-2e9c92313394\",\"redirectUrl\":\"https://fairmoney.io/signup/bvn/completed\",\"scopes\":[\"profile\",\"address\",\"contact_info\",\"email_address\",\"banking_data\",\"bvn\"]}",
"NibssBvnVerificationEnabled": "false",
"NonPersonalisedCardsEnabled": "false",
"OtpConfirmationScreenEnabled": "false",
"PhoneChangeDecisionTimeout": "10000",
"PhoneChangeSupportedCountries": "[\"NG\"]",
"PinAdditionalCtEventsEnabled": "true",
"ReferralCrossSellDelay": "3000",
"ReferralUrl": "https://fairmoney.io/referral?referral_code={CODE}",
"RepeatFlowEnabled": "false",
"ResetPinLogoutEnabled": "false",
"SavingsBackedLoansEnabled": "false",
"SavingsHomeInterestEarnedOnBalanceBarDefaultRange": "lifetime",
"SavingsNewUserDepositBannerEnabled": "true",
"SavingsNewUserFundBannerEnabled": "true",
"SelfieErrorTrackingEnabled": "false",
"SignupDeduplicationFlowEnabled": "false",
"SkipBvnFlowEnabled": "false",
"SmileIdTimeouts": "{\"connect_timeout\":60,\"read_timeout\":60,\"write_timeout\":120,\"call_timeout\":180}",
"SupportMessagingAppUri": "https://api.whatsapp.com/send?phone=2348101084635",
"TokenisationOtpAutoReadEnabled": "false",
"TopUpLoanAgreementEnabled": "false",
"TransactionDisputeReasons": "[{\"value\":\"TRANSACTION_NOT_RECOGNIZED\",\"message\":\"I did not make this transaction\",\"commentMode\":\"ADDITIONAL_COMMENTS\",\"blockCard\":true},{\"value\":\"NO_VALUE_FOR_TRANSACTION\",\"message\":\"I did not get value for this transaction\",\"commentMode\":\"ADDITIONAL_COMMENTS\",\"blockCard\":false},{\"value\":\"MISPLACED_CARD_TRANSACTION\",\"message\":\"This transaction was made when my card was misplaced\",\"commentMode\":\"ADDITIONAL_COMMENTS\",\"blockCard\":true},{\"value\":\"OTHER\",\"message\":\"Other\",\"commentMode\":\"COMPLAINT\",\"blockCard\":false}]",
"TransactionDisputesEnabled": "false",
"TransferDetailScreenSDUIEnabled": "true",
"WhatsAppOtpEnabled": "false",
"isLoanOfferPeriodicRepaymentEnabled": "true",
"isNewLoanExtensionDesignEnabled": "false",
"isNewLoanTermsOfUseEnabled": "false",
"savingsHomePerformanceEndpoint": "true",
"sessionRecordingEnabled": "true"
},
"state": "UPDATE",
"templateVersion": "1058"
}
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "co.paystack.android.PublicKey" : "@string/paystackPublicKey" 凭证信息=> "io.fabric.ApiKey" : "eb7e02aed39e81e41c9c02bda50a5dd1eb763569" 凭证信息=> "io.okhi.core.client_key" : "01J993A7ERJAJQWYNEJQGB6Z2Q" "com.google.firebase.crashlytics.mapping_file_id" : "bf4ba8c8e26c4a5b9dc686a1dc297dae" "firebase_database_url" : "https://fairmoney-cab4c.firebaseio.com" "freshchat_file_provider_authority" : "com.fairmoney.customersupport" "google_api_key" : "AIzaSyBQHp7xZq5sO5dES3rqYjM1jXccOVSoYyw" "google_app_id" : "1:243588642040:android:0c2d254aa4960d1f" "google_crash_reporting_api_key" : "AIzaSyBQHp7xZq5sO5dES3rqYjM1jXccOVSoYyw" "loan_key_fact_statement_file_name" : "loan_key_fact_statement.pdf" "loan_restructuring_key_fact_statement_file_name" : "loan_restructuring_key_fact_statement.pdf" "loan_topup_key_fact_statement_file_name" : "loan_topup_key_fact_statement.pdf" "paystackPublicKey" : "pk_live_b34139bae8c3d8cf4ef0f239808164b02faf5e09" 9363154c1f057d47c324cbc05f24e84d 90bd96d1c0b3dbe341cc5a33f373183a sha256/2lf+yz2SfxjGGBkRkVFjf7IPB+MpQvuorVHzyMKxvhw= 038b13a3abfd4cf6923328c373d1bd02afd87a046e7b4877b1f5f0e62d5a1bc4 nunWllU+GRih4MpCa8fbgnvF+5JODHj7BfahtFZsq25gq+uk9URlnQBTOIPP6hmZ8 n9DF5A7Yy7FLl98FUGNXLxtYdCwKBgQDN79svtMV4c3oTuM9XdlUEqS81q19qPKRx nmrYODfik3I5tVL8FmvzlRraLn4KoR9KdWw5QRyr3VuX4uBzHcTpg/yFjMya+i5d+ c4eeffa0cf7c08ad162b8252c5820fff 7f48ca4d-9664-4d10-a3f7-f568491c1d76 sha256/Ko8tivDrEjiY90yGasP6ZpBU4jwXvHqVvQI0GS3GNdA= nNyJi5oEQM9gH3xSkO+9TvGshrpGnvRNuQfDatzFVAoGAeMYmWmQZ3NJEPoiBRJvl 3dd775ae3819f4bf95e6303f3a5afc24 c94baeaf1714bee53d7d5f72c576cd11 12bbe55f-56bc-43e0-bc4b-20e9b060155c nHoMZTmP4L+eoNmDodeeV0wbjBacXHFOLPEC7+k4vX7iVVwvNtOQ2FE2NYNJ7VQtC a77fc740-473b-47c2-9728-feb98282a617 n39Urc8dq0NT8L6sgCddq9fDczl1lN5HV91GGKmc1wJvpgiHZR3jK9Fqn4JZKuTGJ 550e0-e29b-41d4-a716-4466540 ndFciGY7e+wKBgAqPlIInHFJnXDgWdmdCb/ahTAaMoTlAHXrbZnaUJT6NSCodKLA0 n7G19tcRCV8AjI9Fj5Kqb1HnClLsliPLyn4AqYhOPfbvq8wtIZVyFz21cUM2kiQgM 55494b2cc0654564a953cae5a88a68c95e7b5d062fbd4205ac252c8fb17b8a6e 5f80647e1f64f00885947862 73463f9d-70de-41f8-857a-58590bdd5903 namCxnUOQ+Y6eXzXdN1aMKXvzoFF8PoIfsuk7eEgt7YebmRr0c0A8GNYYCdWqFnPj bd8d4557-06b4-40b7-b96a-9bf4df6d39af MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDCZ6SbU0TE0MKM nNuETIXjmfpWyv5cYBkX5cncFyenFuKYbKufUUBaTPwojej1p2i9c8NA1AffsJ/WE 66de2d713d947d87c38ab9a1 nULwplmesZM54QPWKFwAtSJCwIuyjg9Nt3TEVGCFbX5BpHGjH52/jtaJVjUDQf0jK nQ3kNQk5IH4rEQsyg8X4IebRlX99Z0WsunIxx2+0Dv4LHsCy8iNrhy2PWifJPug/y a22ad06c913094485ce4f0fc63328604 470fa2b4ae81cd56ecbcda9735803434cec591fa a3ca7fe0be284753bce8e7abff585a7f b7ad3bc3-65cd-5dc9-80b8-5d8982f84ad7 n6mkZfpR6LKW9MovYqPR9ESuaLdHP3SuwFFYEDoxpPWSWNY6xaXKnscnhGAA57V/m nT0aASZbTIgzMa22HaAKSL5iIFpNr+ijOY5aAAXQ0oScNzpnhHOCOWoxgQKJhssxx 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 no8Y9OWqo7p/UBRVoWmqrI5s3BWOIBUFH18WsNwrDu2RxGrhDHFMiZd+lbuNHC+OL 6e761869-e134-4b59-bddb-f6e2f277452f nq6KZSun80AtQVuRSIib71HXsFf3N149tb0cKCcaxqkZkalTKQFLk9VmWNjLj1H2q 29aa1378ddb445f88b33188b9d26a92b 21cef71639181e52da8d135031a8b583 2de8383bf3072f04ae5bb28640ffc3f8 13c769e3-dee7-4c31-8964-cfdf8f7df82b 978bd1c3-4260-518e-be84-b10b7bd93b1a 0f8d1123502132bc85a37bebcd9c1b74 m241FaceShapedProgressIndicatorMU3DRkM nIUnQOAPJAgMBAAECggEALckRKI/c82mjWDiYm9PXUJnhkd6zrDHWCyDdTVy3lRye 7031fc7e-189c-409d-83b3-c3f65bf0d24a
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: Ad/C0304a.java, line(s) 34 Ad/C1651a.java, line(s) 36 Ad/a.java, line(s) 90,94 Af/C1653a.java, line(s) 30 B0/p.java, line(s) 56,57 B0/q.java, line(s) 180,195,214,215,226,235,182,184,216,236 B0/t.java, line(s) 108,155,195,109,156,196 B0/w.java, line(s) 19 B0/y.java, line(s) 60,67,61,68 Bd/a.java, line(s) 110,216 Be/j.java, line(s) 41 Be/n.java, line(s) 73 Be/t.java, line(s) 34,44 Bk/d.java, line(s) 173 Dc/s.java, line(s) 22 Dd/C4603a.java, line(s) 81,100 Dd/c.java, line(s) 10,11 Df/C1873a.java, line(s) 60,62,79 Df/C4606a.java, line(s) 67,69,86 Df/e.java, line(s) 26,64,89,102,112 Dg/AbstractC4608a.java, line(s) 83 Dg/a.java, line(s) 82 Ee/C0341d.java, line(s) 31,37,48,40,45 Ee/C0346i.java, line(s) 31 Ee/C4681d.java, line(s) 33,39,50,42,47 Ee/C4682e.java, line(s) 19 Ee/C4686i.java, line(s) 31 Ef/c.java, line(s) 150,176,53,58,135,178 F0/i.java, line(s) 49,102 Fe/d.java, line(s) 25,46 Fe/e.java, line(s) 44 Fe/f.java, line(s) 30,41 Fe/g.java, line(s) 9,14 G6/e.java, line(s) 103 Gf/a.java, line(s) 155 J0/a.java, line(s) 31 J0/j.java, line(s) 48 K0/C0474a.java, line(s) 290 Kc/n.java, line(s) 114,130 Kc/p.java, line(s) 183 Ld/g.java, line(s) 30,36,37 Ld/n.java, line(s) 38 Me/C5593a.java, line(s) 71 Nj/C5660b.java, line(s) 23,41 Nj/b.java, line(s) 22,40 O0/C0491g.java, line(s) 139 O0/C5673g.java, line(s) 147 Oe/C0483c.java, line(s) 64 Oe/C5704c.java, line(s) 64,104 Oe/c$a.java, line(s) 28 Of/C5705a.java, line(s) 38,40 Of/a.java, line(s) 36,38 Of/h.java, line(s) 12 Qe/a.java, line(s) 70,78 Qf/m.java, line(s) 43,69 Qf/r.java, line(s) 44 Rf/d.java, line(s) 27 Tc/a.java, line(s) 107 Te/C6067d.java, line(s) 19 Tf/C6071c.java, line(s) 144 U0/C0518b.java, line(s) 74 U0/C6099b.java, line(s) 82 Uc/A.java, line(s) 137,140 Uc/AbstractC1535a.java, line(s) 139,142 Uc/C0272d.java, line(s) 15 Uc/C1536b.java, line(s) 117,132,178 Uc/C1538d.java, line(s) 18 Uc/f.java, line(s) 21 Uc/j.java, line(s) 14,17 Uc/p.java, line(s) 62,54 Uc/u.java, line(s) 38,73,87,107,129,158,184,44 Uc/v.java, line(s) 26 Uc/w.java, line(s) 14 Uc/x.java, line(s) 24 Uc/z.java, line(s) 63 V0/C6172c.java, line(s) 55,63,89 V0/g.java, line(s) 30 V0/m.java, line(s) 22,25 V0/q.java, line(s) 50,53,51,54 V0/u.java, line(s) 56,60,64,68,72,77,81,94,106,95 V0/z.java, line(s) 74,81,86 Vc/C1543e.java, line(s) 272,454 Vc/V.java, line(s) 34,43 Vc/a0.java, line(s) 27,36 Wf/j.java, line(s) 144,145 Wf/n.java, line(s) 156 Wl/f.java, line(s) 36 Xc/AbstractC1570b.java, line(s) 221,325,331,337,346 Xc/C0296s.java, line(s) 146,151 Xc/H.java, line(s) 32 Xc/P.java, line(s) 28 Xc/T.java, line(s) 43,58 Xc/Y.java, line(s) 41,46 Ze/l.java, line(s) 61 ce/e.java, line(s) 46,50,56,59,81 ce/n.java, line(s) 66 cm/a.java, line(s) 62,81 co/hyperverge/hvcamera/GLTextureView.java, line(s) 159,173,980,670,938 co/hyperverge/hvcamera/HVCamHost.java, line(s) 22,35 co/hyperverge/hvcamera/HVCamUtils.java, line(s) 23,31,49,62,87,99,112,121,135,146,161,166,177,187,197,57 co/hyperverge/hvcamera/TimingUtil.java, line(s) 23,29,34,39,47 co/hyperverge/hvcamera/magicfilter/camera/CameraEngine.java, line(s) 26,35,40,45,54,59,68,73,78,87,92,97,106,157,166,177,186,191,198,204,213,218,223,232,237,246,255,264,272 co/hyperverge/hvcamera/magicfilter/camera/CameraEngine1.java, line(s) 86,103,123,143,155,169,217,228,253,260,265,307,329,345,377,393,417,495,528,537,555,576,596,601,644,649,663,668,678,700,713,718,725,732,749,760,764,776,814,279,297,407,426,462,488,503,808 co/hyperverge/hvcamera/magicfilter/camera/CameraEngine2.java, line(s) 136,236,342,360,395,408,438,449,461,464,477,500,548,553,644,764,767,773,775,777,811,820,913,954,962,968,996,1048,1115,307,627,632,654,672,681,690,693,1025,1030,1089,1097,729 co/hyperverge/hvcamera/magicfilter/camera/a.java, line(s) 8 co/hyperverge/hvcamera/magicfilter/filter/base/MagicCameraInputFilter.java, line(s) 31,47,74,99,134,139,145 co/hyperverge/hvcamera/magicfilter/filter/base/gpuimage/GPUImageFilter.java, line(s) 43,58,65,70,75,80,85,90,95,106,141,156,160,178,188,200,210,220,239,250,260,289,49 co/hyperverge/hvcamera/magicfilter/filter/helper/MagicFilterType.java, line(s) 13,18 co/hyperverge/hvcamera/magicfilter/utils/AutoFocusHelper.java, line(s) 25,40,51,66,74,79,101,120,129,137,162,194 co/hyperverge/hvcamera/magicfilter/utils/BitmapUtil.java, line(s) 15 co/hyperverge/hvcamera/magicfilter/utils/Camera2Utils.java, line(s) 23,41,54,82,96,106,49 co/hyperverge/hvcamera/magicfilter/utils/Exif.java, line(s) 11,72,87,93,32,46,83 co/hyperverge/hvcamera/magicfilter/utils/OpenGLUtils.java, line(s) 24,36,50,54,59,62,64,66,68,70,73,83,101,120,145,150,168,173,191,193,44,74,92,113,209 co/hyperverge/hvcamera/magicfilter/utils/Quaternion.java, line(s) 18,23,36,45,50 co/hyperverge/hvcamera/magicfilter/utils/Rotation.java, line(s) 38,58 co/hyperverge/hvcamera/magicfilter/utils/SaveTask.java, line(s) 34,51,71,43 co/hyperverge/hvcamera/magicfilter/utils/SaveTask2.java, line(s) 32,75,109,119,69,94,97 co/hyperverge/hvcamera/magicfilter/utils/TextureRotationUtil.java, line(s) 43,48 co/hyperverge/hvcamera/sensor/AccelerometerEngine.java, line(s) 86,167,174,180,186 co/hyperverge/hvcamera/sensor/SensorEngine.java, line(s) 30,39,61,72,78,85,102,107,112,114,118,124,126,130,136,139,143,147,152,156,161,165 com/caverock/androidsvg/CSSParser.java, line(s) 850 com/caverock/androidsvg/b.java, line(s) 398,631,697 com/esotericsoftware/kryo/Kryo.java, line(s) 628,926,1223 com/esotericsoftware/minlog/Log.java, line(s) 66 com/fairmoney/authentication/signup/ui/navigation/e.java, line(s) 92 com/fairmoney/core/network/b.java, line(s) 95 com/fairmoney/core/sms/android/h.java, line(s) 30,34,36,40 com/freshchat/consumer/sdk/util/ae.java, line(s) 118,136,155,196 com/freshchat/consumer/sdk/util/cf.java, line(s) 463,837,917,941,948,961,963 com/freshchat/consumer/sdk/util/cj.java, line(s) 96 com/freshchat/consumer/sdk/util/co.java, line(s) 80,99 com/snappydb/internal/KeyIteratorImpl.java, line(s) 70 com/tom_roush/pdfbox/io/a.java, line(s) 14 com/tom_roush/pdfbox/pdfparser/XrefTrailerResolver.java, line(s) 36,46,63,93 com/tom_roush/pdfbox/pdfparser/b.java, line(s) 179,389 ed/n.java, line(s) 20 ed/o.java, line(s) 59,66,96,105 es/voghdev/pdfviewpager/library/subscaleview/SubsamplingScaleImageView.java, line(s) 617,623,634,644 fk/d.java, line(s) 60 g0/C0451c.java, line(s) 22,32 g0/C4765c.java, line(s) 23,33 ge/a.java, line(s) 48,59 ge/d.java, line(s) 31,41 gk/C0336a.java, line(s) 16 gk/C4814a.java, line(s) 17 he/c.java, line(s) 9 ie/C0370j.java, line(s) 31 ie/C4904j.java, line(s) 32 ie/C4905k.java, line(s) 34 ie/C4912s.java, line(s) 28 ie/C4915v.java, line(s) 27 ie/CallableC1890w.java, line(s) 27,38 ie/CallableC4913t.java, line(s) 53,60 ie/CallableC4916w.java, line(s) 28,39 ie/G.java, line(s) 24 ie/H.java, line(s) 74,96,91 ie/L.java, line(s) 31,38,42,44,45 ie/O.java, line(s) 21,26,30 ie/RunnableC4919z.java, line(s) 36,31 ie/S.java, line(s) 26 ie/T.java, line(s) 50,57 ie/V.java, line(s) 25 ie/Z.java, line(s) 32,27 ie/r.java, line(s) 20 io/sentry/android/core/AndroidLogger.java, line(s) 85,90 io/sentry/android/core/SentryLogcatAdapter.java, line(s) 15,63,20,68,25,73,30,78,35,40,83,88,93,98 io/sentry/android/replay/ReplayIntegration.java, line(s) 143 io/sentry/android/replay/WindowManagerSpy.java, line(s) 20 io/sentry/cache/l.java, line(s) 140,141 je/d.java, line(s) 37,69 je/g.java, line(s) 138,162,55,68,99,143,190,227,260 je/l.java, line(s) 21 kd/b.java, line(s) 51 l0/d.java, line(s) 178,204 lf/C1912c.java, line(s) 21 lf/C5546c.java, line(s) 21 n0/C0481b.java, line(s) 93 n0/C5615b.java, line(s) 104,132,159 ne/e.java, line(s) 115 ne/f.java, line(s) 56,68 ng/com/fairmoney/fairmoney/network/GenericCallback.java, line(s) 36 o6/o.java, line(s) 45 p0/g.java, line(s) 87,150 p0/h.java, line(s) 46,84,88,95,109,142,146,150,168,179,183,169 pe/C0504d.java, line(s) 43,45,57,78 pk/d.java, line(s) 31 q0/C5870c.java, line(s) 32,42,70,76,45,77 q0/c.java, line(s) 26,36,64,70,39,71 r0/ExecutorServiceC0497a.java, line(s) 65 r0/ExecutorServiceC5934a.java, line(s) 74 s0/C5990c.java, line(s) 18 s0/C5991d.java, line(s) 60 s0/d.java, line(s) 58 s0/g.java, line(s) 101 s0/y.java, line(s) 39 wh/e.java, line(s) 53 xd/C6380o0.java, line(s) 181 z0/C0543a.java, line(s) 108,117,123,130 z0/C0544d.java, line(s) 18,19 z0/C6514a.java, line(s) 118,127,133,140 z0/j.java, line(s) 46,47
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: b1/g.java, line(s) 4,77 com/freshchat/consumer/sdk/activity/aj.java, line(s) 4,32
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: io/customer/sdk/data/store/h.java, line(s) 32
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://fairmoney-cab4c.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: Bg/w1.java, line(s) 43,42,123,41,41 P5/C5796a.java, line(s) 28,27,25,25 P5/C5797b.java, line(s) 15,14,12,12 U/C0516b.java, line(s) 27,27 U/C6097b.java, line(s) 29,29 co/hyperverge/hypersnapsdk/data/remote/ApiClient.java, line(s) 50,60,75,85,95,125,50,60,75,85,95,125 co/paystack/android/ui/AddressVerificationActivity.java, line(s) 189,64 com/coroutines/SmileID.java, line(s) 409,409 com/fairmoney/core/network/e.java, line(s) 25,25 com/smileidentity/SmileID.java, line(s) 409,409 g1/f.java, line(s) 68,67,68,66,60,60 io/customer/messaginginapp/gist/data/listeners/Queue.java, line(s) 129,129 ng/com/fairmoney/fairmoney/network/RetrofitSession.java, line(s) 102,102 o6/h.java, line(s) 35,35 ok/C0552d.java, line(s) 61,60,59 ok/C5769d.java, line(s) 67,66,65 ok/h.java, line(s) 57,56,55,55 ok/i.java, line(s) 147,135,146,145,145 v6/C6184a.java, line(s) 15,14,12,12 x/C0540a.java, line(s) 25,24,26,23,23 x/C6272a.java, line(s) 26,25,27,24,24
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: co/hyperverge/hypersnapsdk/utils/RootChecker.java, line(s) 70,19,19,19,19,19,19 credoapp/p008private/p0.java, line(s) 53 io/sentry/android/core/internal/util/RootChecker.java, line(s) 65,23,23,23,23,23,23,68 kd/c.java, line(s) 59
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (app-measurement.com) 通信。
{'ip': '180.163.150.161', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
综合安全基线评分总结
FairMoney v9.103.1
Android APK
48
综合安全评分
中风险