应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Caller Name Announcer v1.740
45
安全评分
安全基线评分
45/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
8
高危
49
中危
4
信息
2
安全
隐私风险评估
9
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
8
中危安全漏洞
49
安全提示信息
4
已通过安全项
2
重点安全关注
1
高危安全漏洞 域配置不安全地配置为允许明文流量到达范围内的这些域。
Scope: 127.0.0.1
高危安全漏洞 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: com/qualityinfo/internal/ih.java, line(s) 682,680
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/applovin/impl/adview/b.java, line(s) 691,14 com/applovin/impl/sdk/f/q.java, line(s) 104,4 com/qualityinfo/internal/ih.java, line(s) 121,20,21
高危安全漏洞 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: com/qualityinfo/internal/hc.java, line(s) 14,4 com/qualityinfo/internal/hf.java, line(s) 10,11,12,13,14,3 com/qualityinfo/internal/v3.java, line(s) 12,3
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/applovin/impl/adview/d.java, line(s) 134,10,11 net/consentmanager/sdk/consentlayer/ui/placeholder/CMPPlaceholder.java, line(s) 74,8,9
高危安全漏洞 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/calldorado/c1o/sdk/framework/TUn6.java, line(s) 415 com/qualityinfo/internal/w.java, line(s) 51,224
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/opensignal/n9.java, line(s) 81,91
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个9隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 Broadcast Receiver (flash.caller.announcer.alert.block.places.notification.BlockAllNotificationReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (flash.caller.announcer.alert.block.CallEvent) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (flash.caller.announcer.alert.block.AutoStart) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (flash.caller.announcer.alert.block.OnUpgradeReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (flash.caller.announcer.alert.block.helper.CCPABroadCastReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (flash.caller.announcer.alert.block.FirebaseEventBroadcastReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (flash.caller.announcer.alert.block.helper.DAUAlarmReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.calldorado.blocking.services.UpgradeForegroundService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.calldorado.blocking.receivers.BlockingPhoneStateReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.calldorado.sdk.receivers.PhoneStateReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.calldorado.sdk.receivers.CDFQWCBReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.calldorado.sdk.receivers.UpgradeForegroundService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.calldorado.sdk.ui.ui.wic.WicActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.calldorado.sdk.ui.CallerIDActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.calldorado.sdk.ui.CallerIDActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.calldorado.sdk.ui.ui.settings.SettingsActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Broadcast Receiver (com.calldorado.optin.receivers.CcpaTestReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.optin.OverlayGuideActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.optin.CcpaActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.optin.CpraLimitDataActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.optin.OptinActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.optin.OptinDialogActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.ads.adsapi.ui.AdsDebugActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.calldorado.base.logging.CDFQWCBReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.cellrebel.sdk.utils.PhoneStateReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.cuebiq.cuebiqsdk.service.FlushService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.opensignal.sdk.data.receiver.DataCollectorReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (androidx.compose.ui.tooling.PreviewActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (androidx.test.core.app.InstrumentationActivityInvoker$BootstrapActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (androidx.test.core.app.InstrumentationActivityInvoker$EmptyActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (androidx.test.core.app.InstrumentationActivityInvoker$EmptyFloatingActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.google.android.play.core.assetpacks.AssetPackExtractionService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 高优先级 Intent(997) - {1} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 高优先级 Intent(998) - {1} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/applovin/mediation/adapters/ByteDanceMediationAdapter.java, line(s) 589 com/applovin/mediation/adapters/FacebookMediationAdapter.java, line(s) 587 com/applovin/mediation/adapters/GoogleAdManagerMediationAdapter.java, line(s) 679 com/applovin/mediation/adapters/GoogleMediationAdapter.java, line(s) 708 com/calldorado/c1o/sdk/framework/TUc4.java, line(s) 139 com/calldorado/c1o/sdk/framework/TUc7.java, line(s) 66 com/calldorado/c1o/sdk/framework/TUj3.java, line(s) 372 com/calldorado/c1o/sdk/framework/TUpp.java, line(s) 507 com/calldorado/c1o/sdk/framework/TUw2.java, line(s) 749 com/calldorado/sdk/d.java, line(s) 273,275,274 com/calldorado/sdk/thirdparties/DAUReportWorker.java, line(s) 181 com/cellrebel/sdk/utils/q0.java, line(s) 231 com/opensignal/p2.java, line(s) 32 com/opensignal/x0.java, line(s) 45 com/qualityinfo/IC.java, line(s) 326,242,326 com/qualityinfo/internal/CT.java, line(s) 350 flash/caller/announcer/alert/block/BuildConfig.java, line(s) 13 flash/caller/announcer/alert/block/helper/ThirdParties.java, line(s) 187 org/koin/core/d.java, line(s) 256,258,257 org/koin/core/thirdparties/DAUReportWorker.java, line(s) 154
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/apm/insight/e/b/a.java, line(s) 4,38 com/apm/insight/e/b/b.java, line(s) 4,44,45,38 com/bykv/vk/openvk/component/video/a/b/b/d.java, line(s) 4,5,14,20,21,23,25 com/calldorado/c1o/sdk/framework/TUa6.java, line(s) 5,167 com/calldorado/c1o/sdk/framework/TUc6.java, line(s) 6,171,212,243,294,369,437,466 com/calldorado/c1o/sdk/framework/TUd.java, line(s) 3,370 com/calldorado/c1o/sdk/framework/TUe5.java, line(s) 7,103,141,159,177,195,274,286 com/calldorado/c1o/sdk/framework/TUj4.java, line(s) 4,123 com/calldorado/c1o/sdk/framework/TUwTU.java, line(s) 5,331,366,399 com/opensignal/kh.java, line(s) 4,5,23,24,32 com/qualityinfo/internal/c2.java, line(s) 8,9,197,212,217 com/qualityinfo/internal/qb.java, line(s) 12,13,494,783,835,860,874,1006 net/sqlcipher/database/SQLiteDatabase.java, line(s) 1346,1365,351,381,803,810,1068,1330,1450,1586,1609,1760
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/apm/insight/h.java, line(s) 8 com/applovin/exoplayer2/h/z.java, line(s) 4 com/applovin/impl/a/m.java, line(s) 17 com/calldorado/c1o/sdk/framework/TUc9.java, line(s) 21 com/calldorado/c1o/sdk/framework/TUj3.java, line(s) 21 com/calldorado/c1o/sdk/framework/TUkk.java, line(s) 52 com/calldorado/c1o/sdk/framework/TUp9.java, line(s) 8 com/calldorado/c1o/sdk/framework/TUq2.java, line(s) 11 com/calldorado/c1o/sdk/framework/TUw2.java, line(s) 15 com/calldorado/c1o/sdk/framework/TUx9.java, line(s) 10 com/calldorado/sdk/ui/ui/aftercall/cards/reminder/ReminderBroadcastReceiver.java, line(s) 15 com/opensignal/b2.java, line(s) 5 com/opensignal/bi.java, line(s) 19 com/opensignal/ce.java, line(s) 17 com/opensignal/l9.java, line(s) 9 com/opensignal/pk.java, line(s) 13 com/opensignal/po.java, line(s) 193 com/opensignal/uq.java, line(s) 10 com/opensignal/wp.java, line(s) 5 com/opensignal/xi.java, line(s) 3 com/opensignal/yf.java, line(s) 9 com/qualityinfo/IS.java, line(s) 13 com/qualityinfo/internal/CT.java, line(s) 16 com/qualityinfo/internal/i3.java, line(s) 16 com/qualityinfo/internal/i4.java, line(s) 4 com/qualityinfo/internal/we.java, line(s) 8 com/qualityinfo/internal/xc.java, line(s) 6 com/qualityinfo/internal/y.java, line(s) 31 com/qualityinfo/internal/z2.java, line(s) 6 net/consentmanager/sdk/common/utils/ConsentUrlBuilder.java, line(s) 9 org/koin/core/ui/ui/aftercall/cards/reminder/ReminderBroadcastReceiver.java, line(s) 13
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/cellrebel/sdk/youtube/player/e.java, line(s) 160,156 com/qualityinfo/internal/dg.java, line(s) 560,570 com/qualityinfo/internal/ih.java, line(s) 805,814 net/consentmanager/sdk/consentlayer/ui/consentLayer/CmpConsentLayerActivity.java, line(s) 94,90 net/consentmanager/sdk/consentlayer/ui/customLayout/CmpWebView.java, line(s) 92,70
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/applovin/impl/sdk/n.java, line(s) 439 com/applovin/mediation/ads/MaxAdView.java, line(s) 121,111 com/applovin/mediation/ads/MaxAppOpenAd.java, line(s) 58,48 com/applovin/mediation/ads/MaxInterstitialAd.java, line(s) 69,59 com/applovin/mediation/ads/MaxRewardedAd.java, line(s) 87,77 com/applovin/mediation/ads/MaxRewardedInterstitialAd.java, line(s) 64,54 com/applovin/mediation/nativeAds/MaxNativeAdLoader.java, line(s) 65,60 com/applovin/sdk/AppLovinSdk.java, line(s) 172 com/applovin/sdk/AppLovinWebViewActivity.java, line(s) 20 com/bykv/vk/openvk/component/video/a/b/i.java, line(s) 115 com/calldorado/ads/dfp/c.java, line(s) 102 com/calldorado/ads/dfp/e.java, line(s) 82 com/calldorado/app/MyCustomView.java, line(s) 29,31 com/calldorado/app/MyExpandedCustomView.java, line(s) 31 com/calldorado/base/models/CalldoradoAdsError.java, line(s) 111 com/calldorado/c1o/sdk/framework/TUx4.java, line(s) 85 com/calldorado/sdk/network/search/CDOSearchNetworkModel.java, line(s) 41 com/calldorado/sdk/ui/ui/aftercall/HomeWatcher.java, line(s) 32,26 com/cellrebel/sdk/database/g.java, line(s) 342 com/cellrebel/sdk/networking/beans/request/AuthRequestModel.java, line(s) 216,216 com/cuebiq/cuebiqsdk/Contextual.java, line(s) 713 com/cuebiq/cuebiqsdk/api/generic/HttpHeader.java, line(s) 153 com/cuebiq/cuebiqsdk/models/rawmodels/AppSettingsRawV1.java, line(s) 86 com/cuebiq/cuebiqsdk/models/settings/AppSettings.java, line(s) 64 com/cuebiq/cuebiqsdk/usecase/init/migration/DirtyMigration.java, line(s) 29 com/kochava/tracker/attribution/InstallAttribution.java, line(s) 19,22,13,16 com/kochava/tracker/attribution/internal/InstallAttributionResponse.java, line(s) 21,24,15,18 com/kochava/tracker/deeplinks/Deeplink.java, line(s) 17 com/kochava/tracker/deeplinks/internal/InstantAppDeeplink.java, line(s) 13,19,16 com/kochava/tracker/huaweireferrer/internal/HuaweiReferrer.java, line(s) 13,16,25,22,28,19 com/kochava/tracker/init/Init.java, line(s) 15,12 com/kochava/tracker/init/internal/InitResponse.java, line(s) 10,22,13,16,19,25,28,31,34,37,40,43,46 com/kochava/tracker/init/internal/InitResponseAttribution.java, line(s) 5,8 com/kochava/tracker/init/internal/InitResponseConfig.java, line(s) 8,5 com/kochava/tracker/init/internal/InitResponseDeeplinks.java, line(s) 5,11,8 com/kochava/tracker/init/internal/InitResponseGeneral.java, line(s) 13,16,7,10 com/kochava/tracker/init/internal/InitResponseHuaweiReferrer.java, line(s) 5,8,11,14 com/kochava/tracker/init/internal/InitResponseInstall.java, line(s) 5,8 com/kochava/tracker/init/internal/InitResponseInstallReferrer.java, line(s) 5,8,11,14 com/kochava/tracker/init/internal/InitResponseInstantApps.java, line(s) 8,5 com/kochava/tracker/init/internal/InitResponseInternalLogging.java, line(s) 5 com/kochava/tracker/init/internal/InitResponseNetworking.java, line(s) 17,11,8,14 com/kochava/tracker/init/internal/InitResponseNetworkingUrls.java, line(s) 47,50,17,23,11,14,26,32,35,38,41,44,29,20 com/kochava/tracker/init/internal/InitResponsePrivacy.java, line(s) 13,16,19,22,25,10 com/kochava/tracker/init/internal/InitResponsePrivacyIntelligentIntelligentConsent.java, line(s) 8,5 com/kochava/tracker/init/internal/InitResponsePushNotifications.java, line(s) 5,8 com/kochava/tracker/init/internal/InitResponseSessions.java, line(s) 5,8,11 com/kochava/tracker/install/internal/LastInstall.java, line(s) 22,34,16,13,25,31,19,28 com/kochava/tracker/installreferrer/internal/InstallReferrer.java, line(s) 13,16,37,28,25,40,22,34,31,19 com/kochava/tracker/payload/internal/Payload.java, line(s) 38,26,23,44,32,20,35,29,41 com/kochava/tracker/payload/internal/PayloadMetadata.java, line(s) 14,11,17,8,5,23,26,20 com/kochava/tracker/payload/internal/url/RotationUrl.java, line(s) 14,17 com/kochava/tracker/payload/internal/url/RotationUrlVariation.java, line(s) 9,12 com/kochava/tracker/privacy/internal/PrivacyProfile.java, line(s) 16,22,19 com/qualityinfo/internal/nc.java, line(s) 9,8 f/c.java, line(s) 110 flash/caller/announcer/alert/block/BuildConfig.java, line(s) 10,6 flash/caller/announcer/alert/block/Constants.java, line(s) 11 flash/caller/announcer/alert/block/HomeFragment.java, line(s) 55,54 flash/caller/announcer/alert/block/ServiceTrackerKt.java, line(s) 9 flash/caller/announcer/alert/block/ads/AdConfig.java, line(s) 68 flash/caller/announcer/alert/block/ads/AdKey.java, line(s) 62 flash/caller/announcer/alert/block/billing/BuyAdFreeHelper.java, line(s) 28 flash/caller/announcer/alert/block/billing/BuyAdFreePreferenceHelper.java, line(s) 9 flash/caller/announcer/alert/block/helper/CuebiqInitClass.java, line(s) 13,14 flash/caller/announcer/alert/block/places/domain/model/body/AutoCompleteQuery.java, line(s) 75 flash/caller/announcer/alert/block/places/domain/model/body/SearchPlacesQuery.java, line(s) 75 flash/caller/announcer/alert/block/places/sp/SharedPreferenceHelper.java, line(s) 14 flash/caller/announcer/alert/block/places/util/RemoteConfigHelper.java, line(s) 13 net/consentmanager/sdk/consentlayer/model/CmpConsent.java, line(s) 544 org/koin/core/network/search/CDOSearchNetworkModel.java, line(s) 42 org/koin/core/ui/ui/aftercall/HomeWatcher.java, line(s) 34,28
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/apm/insight/entity/d.java, line(s) 21 com/apm/insight/l/w.java, line(s) 53,64,95 com/apm/insight/nativecrash/b.java, line(s) 447 com/qualityinfo/internal/j2.java, line(s) 498,542
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/applovin/impl/sdk/utils/StringUtils.java, line(s) 31 com/applovin/impl/sdk/utils/n.java, line(s) 159
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/apm/insight/l/v.java, line(s) 136 com/bykv/vk/openvk/component/video/api/f/b.java, line(s) 18 com/calldorado/ads/dfp/h.java, line(s) 56 com/cellrebel/sdk/utils/q0.java, line(s) 175
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/calldorado/c1o/sdk/framework/TUsTU.java, line(s) 210,210,210,210,210 com/cellrebel/sdk/utils/v.java, line(s) 21,21,21,23,21,23,21,21
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: ms/bd/o/Pgl/pblg.java, line(s) 29
中危安全漏洞 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/825649563188/namespaces/firebase:fetch?key=AIzaSyAkg_ZF1SI4Viq_A8RHNPj92ygs3afNM-k ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"OPTIN_TO_USE": "1",
"USE_MAVLINK_ADS": "false",
"USE_NEW_ADS_FOR_CALLER": "2",
"ad_placeholder_variation": "0",
"ads_sdk_config": "{\"preloadAmount\":1,\"failThreshold\":3,\"backFillDelay\":{\"backFillDelay\":1000,\"initialBackFillDelay\":4000},\"applovinNativeConfig\":{\"adUnit\":\"3b082c95d53c6a72\"},\"gamConfig\":{\"adUnit\":\"/181874094/flash.caller.announcer.alert.block_inapp_final_adssdk\"}}",
"ads_sdk_config_av": "{\"preloadAmount\":1,\"failThreshold\":3,\"backFillDelay\":{\"backFillDelay\":1000,\"initialBackFillDelay\":4000},\"applovinNativeConfig\":{\"adUnit\":\"e9c528a27b213db9\"},\"gamConfig\":{\"adUnit\":\"/181874094/com.ztnstudio.notepad_inapp_native_avads_gz_banner\"}}",
"ads_sdk_config_bv": "{ \"preloadAmount\": 1, \"failThreshold\": 3, \"backFillDelay\": { \"backFillDelay\": 1000, \"initialBackFillDelay\": 4000 }, \"applovinNativeConfig\": { \"adUnit\": \"059586d0c1b55299\" }, \"gamConfig\": { \"adUnit\": \"/181874094/com.ztnstudio.notepad_inapp_native_avads_gz_icon\" } }",
"ads_sdk_config_cv": "{ \"preloadAmount\": 1, \"failThreshold\": 3, \"backFillDelay\": { \"backFillDelay\": 1000, \"initialBackFillDelay\": 4000 }, \"applovinNativeConfig\": { \"adUnit\": \"ef5aed0709e4c52a\" }, \"gamConfig\": { \"adUnit\": \"/181874094/com.ztnstudio.notepad_inapp_native_avads_gz_control\" } }",
"aea_ads_sdk_8_1_7": "{\"preloadAmount\":1,\"failThreshold\":3,\"backfillDelay\":1000,\"initialBackfillDelay\":4000,\"applovinNativeAdUnit\":\"33821c30c48549b4\",\"gamAdUnit\":\"/181874094/info.myapp.allemailaccess_inapp_final_AdsSDK\",\"applovinSdkKey\":\"v9NXTSNp02Na7oJxSSPXhei9s36dqobC_MC6Z514hnxhh9ZHvvnThDsFt2S2FNBzzPqKER8xCqMJyoGUf4PONJ\",\"startMuted\":true,\"adMobNativeAdUnit\":\"ca-app-pub-7756523234329066/8168846080\",\"preloadingEnabled\":true,\"primaryProvider\":\"applovin\",\"secondaryProvider\":\"gam\",\"sequentialLoading\":false}",
"app_validation": "{ \"enabled\": \"false\", \"key\": \"\", \"validation_percent\": 0 }",
"appsflyer_enabled": "true",
"back_button_behavior": "0",
"cellrebel_enable": "true",
"cmp_enabled": "false",
"cmp_enabled_fab": "true",
"cmp_hide_for_banked_users": "true",
"cmp_show_after_optin": "false",
"config_in_app_adkey": "",
"consent_days_interval": "2",
"cu_conditions": "",
"cu_enabled": "true",
"cu_terms_id": "11",
"enable_5g_detection": "false",
"enable_dnd_cards": "false",
"fab_buy_ad_free_enable": "1",
"firebase_notification_interval_hours": "1000000000",
"firebase_optin_overlay_a11_strategy": "0",
"firebase_optin_transition_animation": "2",
"firebase_overlay_tutorial_delay_ms": "700",
"firebase_reoptin_interval_hours": "0",
"firebase_screens_order": "welcome,location,overlay,notification,chinese",
"firebase_screens_order_q": "welcome,overlay,notification,location,chinese",
"firebase_should_send_notification": "false",
"flash_ads_module_config": "{\"preloadAmount\":1,\"backFillDelay\":{\"backFillDelay\":1000,\"initialBackFillDelay\":4000},\"applovinNativeConfig\":{\"adUnit\":\"9e51655ba1ab86f4\"},\"gamConfig\":{\"adUnit\":\"/181874094/flashalerts.flashlight.calls.messages_inapp_final_test\"}}",
"flash_alert_maps_api_key": "AIzaSyBG8RFi7rNfLJZ3zI23ENzAy3gaLaP0SYQ",
"gamez_op_url": "{ \"isActive\": true, \"url\": \"https://8945.play.gamezop.com/\" }",
"google_placesapi_enable": "true",
"in_app_ads_config": "{\"Type\":\"1\",\"AdTypePrio\":\"1\", \"AdProviderPriority\":\"1\", \"rendererType\":1,\"MopubNativeAdUintID\":\"11a17b188668469fb0412708c3d16813\",\"MopubBannerAdUintID\":\"b195f8dd8ded45fe847ad89ed1d016da\",\"GoogleMediationNativeAdUintID\":\"\",\"AppLovinAdUnitID\":\"\"}",
"in_app_appopen_ads": "",
"in_app_rating_controller": "false",
"inapp_update": "",
"interstitials_on_startup_enabled": "false",
"legal_urls": "{\"pp\":\"https://legal.appvestor.com/privacy-policy-for-flash-caller-announcer-alert-block/ \",\"eula\":\"https://legal.appvestor.com/end-user-license-agreement\"}",
"m2_enable_data": "false",
"m2_enable_sdk": "false",
"maps_api_key": "AIzaSyBG8RFi7rNfLJZ3zI23ENzAy3gaLaP0SYQ",
"only_use_main_process": "false",
"ookla_conditions": "",
"ookla_enable": "false",
"optin_overlay_forced": "0",
"optin_variation": "A",
"os_conditions": "eula",
"os_enable": "true",
"os_terms_id": "11",
"outlogic_conditions": "",
"outlogic_enable": "true",
"overlay_reoptin_variation": "1",
"places_api_mode": "2",
"qonversion_enabled": "true",
"recording_flow": "baseline",
"reoptin_days": "0,1,3",
"reoptin_experiment": "",
"reoptin_hours_interval": "9-11",
"screen_recording": "false",
"sr_ads_sdk_test": "{\"splashLoadTime\":7000,\"splashShowTime\":2000,\"preloadAmount\":1,\"failThreshhold\":2,\"initialBackfillDelay\":4000,\"backfillDelay\":1000,\"applovinNativeAdUnit\":\"fa34cfeab45d502d\",\"aoaAdUnit\":\"ca-app-pub-7756523234329066/7863686060\",\"adMobSplashBannerAdUnit\":\"ca-app-pub-7756523234329066/7907918093\",\"applovinSdkKey\":\"v9NXTSNp02Na7oJxSSPXhei9s36dqobC_MC6Z514hnxhh9ZHvvnThDsFt2S2FNBzzPqKER8xCqMJyoGUf4PONJ\",\"interAplAdUnit\":\"83d261c0965e8f44\",\"interGamAdUnit\":\"/181874094/screen.recorder.capture.video.record_interstitial_final\",\"interPreloading\":false,\"startMuted\":true}",
"test_test": "bums",
"us_legislation": "[{\"state\":\"California\",\"privacy_act\":\"California Consumer Privacy Act\",\"privacy_act_short\":\"CCPA\",\"meta_state_code\":1000},{\"state\":\"Colorado\",\"privacy_act\":\"Colorado Privacy Act\",\"privacy_act_short\":\"CPA\",\"meta_state_code\":1001},{\"state\":\"Connecticut\",\"privacy_act\":\"Connecticut Data Privacy Act\",\"privacy_act_short\":\"CTDPA\",\"meta_state_code\":1002},{\"state\":\"Virginia\",\"privacy_act\":\"Virginia Consumer Data Protection Act\",\"privacy_act_short\":\"VCDPA\"},{\"state\":\"Utah\",\"privacy_act\":\"Utah Consumer Privacy Act\",\"privacy_act_short\":\"UCPA\"},{\"state\":\"Texas\",\"privacy_act\":\"Texas Personal Privacy and Security Act\",\"privacy_act_short\":\"TDPSA\",\"meta_state_code\":1005},{\"state\":\"Oregon\",\"privacy_act\":\"Oregon Consumer Privacy Act\",\"privacy_act_short\":\"OCPA\",\"meta_state_code\":1004},{\"state\":\"Montana\",\"privacy_act\":\"Montana Consumer Data Privacy Act\",\"privacy_act_short\":\"MCPA\",\"meta_state_code\":1006},{\"state\":\"Iowa\",\"privacy_act\":\"Iowa Data Privacy Law\",\"privacy_act_short\":\"IDP\"},{\"state\":\"Delaware\",\"privacy_act\":\"Delaware Personal Data Privacy Act\",\"privacy_act_short\":\"DPDA\",\"meta_state_code\":1007},{\"state\":\"Nebraska\",\"privacy_act\":\"Nebraska Data Privacy Act\",\"privacy_act_short\":\"NDPA\",\"meta_state_code\":1008},{\"state\":\"New Hampshire\",\"privacy_act\":\"New Hampshire Privacy Act\",\"privacy_act_short\":\"NHPA\",\"meta_state_code\":1009},{\"state\":\"New Jersey\",\"privacy_act\":\"New Jersey Data Privacy Law\",\"privacy_act_short\":\"NJDPL\",\"meta_state_code\":1010}]",
"xmode_enabled": "false",
"ztn_ads_module_config": "{\"preloadAmount\":1,\"backFillDelay\":{\"backFillDelay\":1000,\"initialBackFillDelay\":4000},\"applovinNativeConfig\":{\"adUnit\":\"ae483601fad6236a\"},\"gamConfig\":{\"adUnit\":\"/181874094/com.ztnstudio.notepad_inapp_final_AMP\"}}",
"ztn_map_key": "AIzaSyBG8RFi7rNfLJZ3zI23ENzAy3gaLaP0SYQ"
},
"state": "UPDATE",
"templateVersion": "2190"
}
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "com.cuebiq.sdk.AppKey" : "@string/cuebiq_app_key" 凭证信息=> "com.calldorado.TenjinAPIKey" : "7G22XZQ9WYGFKJR3SMJK569CXMYGHGKF" 凭证信息=> "com.calldorado.appKey" : "3aef8b8f-9b50-4dcb-a049-385581d5144d" 凭证信息=> "com.google.android.geo.API_KEY" : "AIzaSyBG8RFi7rNfLJZ3zI23ENzAy3gaLaP0SYQ" AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "ca-app-pub-7756523234329066~1654009823" AppLovin广告SDK的=> "applovin.sdk.key" : "v9NXTSNp02Na7oJxSSPXhei9s36dqobC_MC6Z514hnxhh9ZHvvnThDsFt2S2FNBzzPqKER8xCqMJyoGUf4PONJ" "private_number" : "Privatnummer" "google_api_key" : "AIzaSyAkg_ZF1SI4Viq_A8RHNPj92ygs3afNM-k" "firebase_database_url" : "https://android-apps-696ef.firebaseio.com" "library_android_database_sqlcipher_authorWebsite" : "https://www.zetetic.net/sqlcipher/" "google_app_id" : "1:825649563188:android:28ddc359d95d48e8" "cuebiq_app_key" : "aCALdora" "facebook_app_id" : "341627569912128" "com.google.firebase.crashlytics.mapping_file_id" : "fad7b73938074728a895b1ca082c4ce7" "google_crash_reporting_api_key" : "AIzaSyAkg_ZF1SI4Viq_A8RHNPj92ygs3afNM-k" "db_key" : "9FUiOzJkIkTKmJS" MIIFfDCCBGSgAwIBAgIQA+ewJnlsYySNGTbfeYOZfjANBgkqhkiG9w0BAQsFADBl nZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29t 70a8d2515ed776abe2001f19fef387e2 nL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3VyZWRJRENBLWczLmNy dfa0d2d8b7feca192af4176e999c6167 00c73c1e618dfe78b26154921bd94ec9 292d4fe048c59db37d19c110e8973e5a 5b2c50e6516c8a7a95f01dfc491c76fe nc2lnbmluZzIwMjFAdHV0ZWxhdGVjaG5vbG9naWVzLmNvbTAOBgNVHQ8BAf8EBAMC nL0RpZ2lDZXJ0U0hBMkFzc3VyZWRJRENBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEA nc9o7TcmDbBNvoC+hfdMBI1c+g0GDGOtKUlX8rbuo1600NsECibudb2OkpyybGQ8J ncmlhMSAwHgYDVQQKExdUdXRlbGEgVGVjaG5vbG9naWVzIEx0ZDEMMAoGA1UECxMD nYIZIAYb9bAQBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5j nJrAHRL+KVL93Jo4TUGMwDAYDVR0TAQH/BAIwADA0BgNVHREELTArgSl0dXRlbGEr j70UUkwW+JEfWjpZJRWun8WQxLBoXVAR67p+D5zddDDJnK7qE0RlUbiJ079tWcKEqN39xeKw9Zmq+k8svN97Og== 1ed67dfe2a68bab4e67a655c03aa27e7 nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 de1584edbaab0e5f030310e7544bcfab n+sp1vRPqWqrYTsTZyJt6Yc7ZPgla9sVjXyCn8P6viFJToFxASyJk3yLp0gIsamlJ nBhMCQ0ExGTAXBgNVBAgTEEJyaXRpc2ggQ29sdW1iaWExETAPBgNVBAcTCFZpY3Rv n0eVpxwjvXzsP+UrIcQiDWI9p80fLE1fw2CDUNvUMAQxq/SXoK65kzRqf6BO6zBY4 Y29tLnR1dGVsYXRlY2hub2xvZ2llcy5MYXN0X1NES19GYWlsX1RpbWU= bcdfc7b5d05128f177d1a9e21be4a5ed nY29tL0RpZ2lDZXJ0U0hBMkFzc3VyZWRJRENBLWczLmNybDA9oDugOYY3aHR0cDov e1861a26345351cf5b7cc46075e2ee0a B3EEABB8EE11C2BE770B684D95219ECB n07U6wC3Szi2L+jF4dxW7nlYBZSxO6FT2NeJ1+fcyVU8sHPByuHNoXihuEnZz9etl 4oYMlRu4LWSquHXs71RIO5QxcN5uDIYYVWbHSa5P2VEp0ocs9p n/ppm6yvxicb2ERjVcdTeWU6u0j0Es5aPFGtpindq3tapxcMp0a63uYNbX1amMa+A a6f32595e8dc686f68dd94b670e24220 nAQUAA4IBDwAwggEKAoIBAQDYTLHAYO6mvmTqcod0uhJw5qsKBgLgQ6M2r8Wa3UnK d71feb304c4c34515dda2a98b8d2e879 nb20vQ1BTMIGIBgNVHR8EgYAwfjA9oDugOYY3aHR0cDovL2NybDMuZGlnaWNlcnQu nS8j+4Wh+2eY80RP7+IgwBetEwBZ6t6pH33ydn2EQ6l+dexhKIfcO4E9ZcW7LaMZP nbDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2lj nT3BzMRswGQYDVQQDExJUdXRlbGEgU2lnbmluZzIwMjEwggEiMA0GCSqGSIb3DQEB 53fd39ae6238a7f2d3963eae04bb9427 AIzaSyBG8RFi7rNfLJZ3zI23ENzAy3gaLaP0SYQ 34951435d79d7a0df1e639160e95bc3b nTiHPdurSH0stzxrgyTGpIhljpZUcrZVq12zVA3Gc/oYcXGWwEmou8G2xRNLwrWTJ nd3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBTSEEyIEFzc3VyZWQg 30820268308201d102044a9c4610300d06092a864886f70d0101040500307a310b3009060355040613025553310b3009060355040813024341311230100603550407130950616c6f20416c746f31183016060355040a130f46616365626f6f6b204d6f62696c653111300f060355040b130846616365626f6f6b311d301b0603550403131446616365626f6f6b20436f72706f726174696f6e3020170d3039303833313231353231365a180f32303530303932353231353231365a307a310b3009060355040613025553310b3009060355040813024341311230100603550407130950616c6f20416c746f31183016060355040a130f46616365626f6f6b204d6f62696c653111300f060355040b130846616365626f6f6b311d301b0603550403131446616365626f6f6b20436f72706f726174696f6e30819f300d06092a864886f70d010101050003818d0030818902818100c207d51df8eb8c97d93ba0c8c1002c928fab00dc1b42fca5e66e99cc3023ed2d214d822bc59e8e35ddcf5f44c7ae8ade50d7e0c434f500e6c131f4a2834f987fc46406115de2018ebbb0d5a3c261bd97581ccfef76afc7135a6d59e8855ecd7eacc8f8737e794c60a761c536b72b11fac8e603f5da1a2d54aa103b8a13c0dbc10203010001300d06092a864886f70d0101040500038181005ee9be8bcbb250648d3b741290a82a1c9dc2e76a0af2f2228f1d9f9c4007529c446a70175c5a900d5141812866db46be6559e2141616483998211f4a673149fb2232a10d247663b26a9031e15f84bc1c74d141ff98a02d76f85b2c8ab2571b6469b232d8e768a7f7ca04f7abe4a775615916c07940656b58717457b42bd928a2
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/a/a/a/a/e/c.java, line(s) 18,11 com/aigestudio/wheelpicker/WheelPicker.java, line(s) 517,522,531,651 com/apm/insight/b/j.java, line(s) 54 com/apm/insight/h/a.java, line(s) 72 com/apm/insight/k/k.java, line(s) 120 com/apm/insight/l/q.java, line(s) 14,38,44,50,8,32,20,26 com/applovin/exoplayer2/l/q.java, line(s) 56,35,23,29 com/applovin/impl/adview/activity/b/f.java, line(s) 472 com/applovin/impl/sdk/b/f.java, line(s) 93,99,105 com/applovin/impl/sdk/f.java, line(s) 88,90 com/applovin/impl/sdk/nativeAd/AppLovinMediaView.java, line(s) 162 com/applovin/impl/sdk/w.java, line(s) 33,49,97,71,75,37,53,41,85 com/bykv/vk/openvk/component/video/a/b/d.java, line(s) 126,298,304,104,193,209,226,273,317,443,453,480,490,169,324,346,352,358 com/bykv/vk/openvk/component/video/a/b/e.java, line(s) 64,72 com/bykv/vk/openvk/component/video/a/b/f.java, line(s) 103,161,173,226 com/bykv/vk/openvk/component/video/a/b/g.java, line(s) 121,137,144,178,182,242,250,255,268,276,332,365,401,97,131,294,409,266,307 com/bykv/vk/openvk/component/video/a/c/a.java, line(s) 293,299,306,313,319,327,337,344,150,185,263,368,384 com/bykv/vk/openvk/component/video/api/f/c.java, line(s) 48,69,31,61,54,77,91,97 com/calldorado/base/logging/a.java, line(s) 98,116,104,134,92,128,110,122 com/calldorado/base/providers/applovin/d.java, line(s) 316 com/calldorado/c1o/sdk/framework/AnaSDKService.java, line(s) 67,121,163,210,284,276 com/calldorado/c1o/sdk/framework/SDKStandard.java, line(s) 394,752,481,742,759,206,607 com/calldorado/c1o/sdk/framework/TUh1.java, line(s) 94 com/calldorado/c1o/sdk/framework/TUj0.java, line(s) 493,505 com/calldorado/c1o/sdk/framework/TUk8.java, line(s) 316 com/calldorado/c1o/sdk/framework/TUl8.java, line(s) 129,134,141,145,161,171 com/calldorado/doralytics/sdk/DoraSDK.java, line(s) 21,26,31,36,41,46,51 com/calldorado/inappupdate/InAppUpdateActivity.java, line(s) 189,200 com/calldorado/inappupdate/InAppUpdateConfig.java, line(s) 46 com/calldorado/inappupdate/UpgradeReceiver.java, line(s) 18 com/calldorado/inappupdate/c.java, line(s) 26 com/calldorado/inappupdate/f.java, line(s) 95,103,113,122,160,167,173,179,198,210,211,221,222,262,275,280 com/calldorado/inappupdate/notification/NotificationWorker.java, line(s) 122,146,148,152,69 com/calldorado/inappupdate/notification/b.java, line(s) 81 com/calldorado/inappupdate/notification/c.java, line(s) 63 com/calldorado/optin/CcpaActivity.java, line(s) 146 com/calldorado/optin/CpraLimitDataActivity.java, line(s) 127 com/calldorado/optin/OptinActivity.java, line(s) 37,47,71,82,86,109,152,156,193,203,206,214,222,228,238,250,254,259,275,328,340,373,375,380,384,408,140 com/calldorado/optin/OptinDialogActivity.java, line(s) 24,35,57,76 com/calldorado/optin/OptinNotificationBroadcast.java, line(s) 11 com/calldorado/optin/OverlayGuideActivity.java, line(s) 66 com/calldorado/optin/ReoptinNotificationReceiver.java, line(s) 13 com/calldorado/optin/a.java, line(s) 128,138,142,180,191,211 com/calldorado/optin/i.java, line(s) 75,109 com/calldorado/optin/lists/ThirdPartyList.java, line(s) 22,97 com/calldorado/optin/m.java, line(s) 57,81,92,107,111,124,204,341,350,496,546,558,40 com/calldorado/optin/model/GlobalParcelable.java, line(s) 100,103,179,27,75,156,176,203 com/calldorado/optin/pages/a0.java, line(s) 56,69 com/calldorado/optin/pages/b.java, line(s) 71,97,139,162 com/calldorado/optin/pages/d.java, line(s) 126 com/calldorado/optin/pages/e.java, line(s) 15 com/calldorado/optin/pages/i.java, line(s) 79 com/calldorado/optin/pages/l.java, line(s) 44,89,121,150,181,183,205,212,224,243,252 com/calldorado/optin/pages/m.java, line(s) 18,23 com/calldorado/optin/pages/o.java, line(s) 51,69,82,93,98,217,246,249,263,269 com/calldorado/optin/pages/z.java, line(s) 190,197,228,266,287,288,289,298,302,307,314,359,372,392,397,443,511,518,521,528,534,541,560,565,572,588,593,600,615 com/calldorado/optin/progressbar/StateProgressBar.java, line(s) 208,817,825,828 com/calldorado/optin/progressbar/utils/a.java, line(s) 35 com/calldorado/optin/receivers/OptinUpgradeReceiver.java, line(s) 15,18 com/calldorado/optin/x.java, line(s) 72,74 com/calldorado/optin/z.java, line(s) 79,95,114,116,316,318,321,346,299 com/calldorado/sdk/logging/a.java, line(s) 106,124,112,142,100,136,118,130 com/calldorado/sdk/ui/ui/aftercall/i.java, line(s) 733,742,744 com/calldorado/sdk/util/c.java, line(s) 42,89 com/cellrebel/sdk/networking/c.java, line(s) 103 com/cellrebel/sdk/ping/b.java, line(s) 84 com/cellrebel/sdk/utils/ForegroundObserver.java, line(s) 112,115,154,161,166,170,174 com/cellrebel/sdk/utils/i.java, line(s) 12,16 com/cellrebel/sdk/utils/k.java, line(s) 97,193,231,238 com/cellrebel/sdk/workers/ForegroundWorker.java, line(s) 26,53,65,88 com/cellrebel/sdk/workers/TrackingManager.java, line(s) 102,197,200,206,209,218,228,253,269,303,309,316,354,389,403,442,448,459,472,477 com/cellrebel/sdk/youtube/player/e.java, line(s) 199 com/cuebiq/cuebiqsdk/utils/logger/SDKLoggerKt.java, line(s) 44,83,57,70,104,117,130,143 com/iab/omid/library/applovin/utils/d.java, line(s) 18,11 com/kochava/core/log/internal/c.java, line(s) 59 com/qualityinfo/ConnectivityJobService.java, line(s) 59,66 com/qualityinfo/ConnectivityService.java, line(s) 86,125 com/qualityinfo/InsightCore.java, line(s) 856,864,876 com/qualityinfo/InsightJobService.java, line(s) 51 com/qualityinfo/InsightService.java, line(s) 40,59 com/qualityinfo/InsightStarter.java, line(s) 25 com/qualityinfo/internal/BT.java, line(s) 669,142,650 com/qualityinfo/internal/b.java, line(s) 48,61,67 com/qualityinfo/internal/b0.java, line(s) 26,64 com/qualityinfo/internal/bb.java, line(s) 65 com/qualityinfo/internal/c.java, line(s) 29,41,54 com/qualityinfo/internal/c2.java, line(s) 64,90,137,142,147,157,190,200,270,280,314 com/qualityinfo/internal/dg.java, line(s) 256,284 com/qualityinfo/internal/e.java, line(s) 212,229,252,261,286 com/qualityinfo/internal/ee.java, line(s) 302 com/qualityinfo/internal/ef.java, line(s) 19,41,81 com/qualityinfo/internal/f.java, line(s) 30,33 com/qualityinfo/internal/f9.java, line(s) 206 com/qualityinfo/internal/g5.java, line(s) 257,350,233,253,344,399 com/qualityinfo/internal/g9.java, line(s) 23,33,50,68,81,92 com/qualityinfo/internal/j2.java, line(s) 544,103,319,359 com/qualityinfo/internal/k1.java, line(s) 84 com/qualityinfo/internal/le.java, line(s) 112 com/qualityinfo/internal/lg.java, line(s) 336 com/qualityinfo/internal/m0.java, line(s) 228 com/qualityinfo/internal/m1.java, line(s) 90 com/qualityinfo/internal/m4.java, line(s) 76,89 com/qualityinfo/internal/n.java, line(s) 295,303,540,560,129 com/qualityinfo/internal/oa.java, line(s) 25,41 com/qualityinfo/internal/of.java, line(s) 147,157,167,176,184,241,314,390 com/qualityinfo/internal/p2.java, line(s) 101 com/qualityinfo/internal/p8.java, line(s) 165,1447,1454,1503,1645,150,1240,1253,1273,1652,1668,1721,2056,2087 com/qualityinfo/internal/qa.java, line(s) 20,32,53 com/qualityinfo/internal/qb.java, line(s) 334,363,391,421,453,481,511,586,611,641,660,670,938,997,1186,1230,1398,1436,1534,1561,1593,1636,1674,1710,1781 com/qualityinfo/internal/qe.java, line(s) 146,157,183 com/qualityinfo/internal/r5.java, line(s) 20,41 com/qualityinfo/internal/ra.java, line(s) 28,36,47,69,74,82,89,101,110 com/qualityinfo/internal/t6.java, line(s) 80 com/qualityinfo/internal/td.java, line(s) 40 com/qualityinfo/internal/tf.java, line(s) 554 com/qualityinfo/internal/u6.java, line(s) 113,138 com/qualityinfo/internal/ub.java, line(s) 147 com/qualityinfo/internal/v.java, line(s) 82,104,147,139 com/qualityinfo/internal/w.java, line(s) 80,97,129 com/qualityinfo/internal/w8.java, line(s) 210,110,198 com/qualityinfo/internal/x1.java, line(s) 71 com/qualityinfo/internal/xd.java, line(s) 126,50 com/qualityinfo/internal/xf.java, line(s) 515,745,758,779,787,800,808,854,862,939,970,1043,1023 com/qualityinfo/internal/y.java, line(s) 1347,1357,1367,1401,1503 com/tenjin/android/TenjinReferrerReceiver.java, line(s) 15,19 com/umlaut/crowd/service/ConnectivityWorker.java, line(s) 80,44 flash/caller/announcer/alert/block/AdaptadorBlackListUser.java, line(s) 59,145,149,160,163 flash/caller/announcer/alert/block/AnnouncerOn.java, line(s) 90,201 flash/caller/announcer/alert/block/AutoStart.java, line(s) 20,22,23,27,30,34 flash/caller/announcer/alert/block/BlackListReceiver.java, line(s) 39,41,44,47,64,80,84,96,102,112,114,117,123,126,128,132,143,150,160,164,174,179,182,184,188,195,202,207,210,214,221,228,235,238,242,249,256,90,93,119,136,166,191,217,245 flash/caller/announcer/alert/block/BlockedFragment.java, line(s) 550,821,825,829,934,795,798,866,480,780,881,1007 flash/caller/announcer/alert/block/CallDetectService.java, line(s) 28 flash/caller/announcer/alert/block/CallEvent.java, line(s) 21,22,61,73,76,39,54 flash/caller/announcer/alert/block/CallHelper.java, line(s) 75,91,119,290,299,304,309,315,326,351,368,122,283,390,316,331,321,349 flash/caller/announcer/alert/block/CallLogListAdapter.java, line(s) 165,174,179,187,289,320,324,346,353,369 flash/caller/announcer/alert/block/CustomLinearLayoutManager.java, line(s) 18 flash/caller/announcer/alert/block/ExitReasons.java, line(s) 26 flash/caller/announcer/alert/block/FirebaseEventBroadcastReceiver.java, line(s) 26 flash/caller/announcer/alert/block/FlashAlertOnOff.java, line(s) 90,201,205 flash/caller/announcer/alert/block/HomeFragment$loadAd$2.java, line(s) 44,50 flash/caller/announcer/alert/block/HomeFragment.java, line(s) 266,341,662,686,311 flash/caller/announcer/alert/block/IncomingSms.java, line(s) 30,32,34,39,44,51,54,71,76,81,88,91,99,106,121,126,135,138,144,157,164,170,191,33,46,78,123,159,187 flash/caller/announcer/alert/block/MainScreen.java, line(s) 83,138,157,261,277,333,337,401,412 flash/caller/announcer/alert/block/OnUpgradeReceiver.java, line(s) 35,42,45,57,89,94,97,99,108 flash/caller/announcer/alert/block/SMSReceiver.java, line(s) 32,85 flash/caller/announcer/alert/block/SettingsFragment.java, line(s) 1029,299,611 flash/caller/announcer/alert/block/SharedPreference.java, line(s) 40,76,79 flash/caller/announcer/alert/block/Util.java, line(s) 47,32,35,40,43 flash/caller/announcer/alert/block/UtilsKt.java, line(s) 86,97,103,109,182,193,202,209,217,236,117,127,130,227 flash/caller/announcer/alert/block/VolumeContentResolver.java, line(s) 42 flash/caller/announcer/alert/block/ads/AdManagerNativeLoader.java, line(s) 142 flash/caller/announcer/alert/block/ads/AdMobNativeLoader.java, line(s) 81,86 flash/caller/announcer/alert/block/app_session_logs/SessionLogs.java, line(s) 42,47 flash/caller/announcer/alert/block/billing/BuyAdFreeHelper$buyAdFree$startFlow$1.java, line(s) 29,35,48 flash/caller/announcer/alert/block/billing/BuyAdFreeHelper$isPurchased$queryPurchase$1.java, line(s) 38 flash/caller/announcer/alert/block/billing/BuyAdFreeHelper.java, line(s) 44,48,78,85,88,119 flash/caller/announcer/alert/block/extensions/UtilsKt.java, line(s) 9 flash/caller/announcer/alert/block/helper/CuebiqInitClass.java, line(s) 38,39,40,63,64,65 flash/caller/announcer/alert/block/helper/DAUAlarmManagerHelper.java, line(s) 43,47,54,60,65 flash/caller/announcer/alert/block/helper/DAUAlarmReceiver.java, line(s) 17 flash/caller/announcer/alert/block/helper/SetupAppFirebaseRemoteConfig.java, line(s) 39 flash/caller/announcer/alert/block/helper/ThirdParties$deleteOutlogicData$1.java, line(s) 133,137 flash/caller/announcer/alert/block/helper/ThirdParties$startOutlogicTracking$1.java, line(s) 62,65 flash/caller/announcer/alert/block/helper/ThirdParties$startOutlogicTracking$2.java, line(s) 41 flash/caller/announcer/alert/block/helper/ThirdParties.java, line(s) 67,69,76,87,90,112,134,136,144,151,153,159,161,165,167,173,175,178,181,187,189 flash/caller/announcer/alert/block/places/SingleLiveEvent.java, line(s) 19 flash/caller/announcer/alert/block/places/geofence/GeofenceBroadcastReceiver.java, line(s) 77,79,85,72 flash/caller/announcer/alert/block/places/geofence/GeofenceHelper.java, line(s) 25,29 flash/caller/announcer/alert/block/places/screens/place/PlacesFragment.java, line(s) 461 flash/caller/announcer/alert/block/places/screens/place/PlacesViewModel$special$$inlined$CoroutineExceptionHandler$1.java, line(s) 20 flash/caller/announcer/alert/block/places/screens/place/adapter/PlacesAdapterViewModel$special$$inlined$CoroutineExceptionHandler$1.java, line(s) 22 flash/caller/announcer/alert/block/places/util/GeoCoderHelper.java, line(s) 49 me/zhanghai/android/materialprogressbar/MaterialProgressBar.java, line(s) 67,75 net/consentmanager/sdk/CMPConsentTool.java, line(s) 118,123,159,372,400,466,509,525,541,557,667,685,702,744,323 net/consentmanager/sdk/common/callbacks/CmpCallbackWrapper.java, line(s) 14,20,26,38 net/consentmanager/sdk/common/callbacks/a.java, line(s) 10,14,19,15 net/consentmanager/sdk/common/callbacks/b.java, line(s) 10,15,19 net/consentmanager/sdk/common/callbacks/c.java, line(s) 8 net/consentmanager/sdk/consentlayer/service/CmpConsentService.java, line(s) 306 net/consentmanager/sdk/consentlayer/service/CmpNoCallbackService.java, line(s) 11,16,21 net/consentmanager/sdk/consentlayer/ui/consentLayer/CmpConsentLayerActivity$initWebViewConfig$1.java, line(s) 21,29,36 net/consentmanager/sdk/consentlayer/ui/consentLayer/CmpConsentLayerActivity.java, line(s) 56,106,118,146 net/consentmanager/sdk/consentlayer/ui/customLayout/CmpLayerFragment.java, line(s) 91 net/consentmanager/sdk/consentlayer/ui/customLayout/CmpWebView.java, line(s) 93 net/consentmanager/sdk/consentlayer/ui/placeholder/C0059CmpPlaceholder.java, line(s) 41,45,119 net/consentmanager/sdk/consentlayer/ui/placeholder/C1773CmpPlaceholder.java, line(s) 41,45,119 net/consentmanager/sdk/consentlayer/ui/placeholder/CMPPlaceholder.java, line(s) 34,38,88 net/sqlcipher/AbstractCursor.java, line(s) 139 net/sqlcipher/BulkCursorToCursorAdaptor.java, line(s) 44,62,98,109,153,172,197,36,74,183 net/sqlcipher/DatabaseUtils.java, line(s) 116,154,595,606 net/sqlcipher/DefaultDatabaseErrorHandler.java, line(s) 14,24,26,30,18 net/sqlcipher/database/SQLiteCompiledSql.java, line(s) 50,61,71,79 net/sqlcipher/database/SQLiteContentHelper.java, line(s) 25 net/sqlcipher/database/SQLiteDatabase.java, line(s) 178,1085,1096,1462,1470 net/sqlcipher/database/SQLiteDebug.java, line(s) 8,9,10,11,12,13 net/sqlcipher/database/SQLiteOpenHelper.java, line(s) 117,136 net/sqlcipher/database/SQLiteProgram.java, line(s) 45,51 net/sqlcipher/database/SQLiteQuery.java, line(s) 115 net/sqlcipher/database/SQLiteQueryBuilder.java, line(s) 222,221 net/sqlcipher/database/SqliteWrapper.java, line(s) 29,39,53,63,73 org/koin/android/logger/a.java, line(s) 31,37,39,35 org/koin/core/logging/a.java, line(s) 98,116,104,134,92,128,110,122 org/koin/core/ui/ui/aftercall/i.java, line(s) 666,675,677 org/koin/core/util/c.java, line(s) 31
安全提示信息 此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密
此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密 Files: net/sqlcipher/database/SupportHelper.java, line(s) 12,1
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/calldorado/optin/OverlayGuideActivity.java, line(s) 4,55
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://android-apps-696ef.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/apm/insight/nativecrash/b.java, line(s) 294,294,294,294,294 com/calldorado/c1o/sdk/framework/TUsTU.java, line(s) 339,339,339,339,339,339 com/cellrebel/sdk/utils/v.java, line(s) 257 com/kochava/tracker/datapoint/internal/k.java, line(s) 143,146,146,146,146,146,146 com/qualityinfo/internal/j2.java, line(s) 641,641,641,641,641,641
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/calldorado/c1o/sdk/framework/TUs4.java, line(s) 89,87,89,85,86,86 com/cellrebel/sdk/networking/e.java, line(s) 13,12,11,11
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (exoplayer.dev) 通信。
{'ip': '221.228.32.13', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '无锡', 'latitude': '31.569349', 'longitude': '120.288788'}
综合安全基线评分总结
Caller Name Announcer v1.740
Android APK
45
综合安全评分
中风险